{ "analysis_details": { "creation_time": "2017-10-25 17:16 (UTC+2)", "execution_successful": true, "number_of_processes": 62, "reputation_enabled": true, "termination_reason": "timeout", "type": "analysis_details", "version": 2, "vm_analysis_duration_time": null }, "artifacts": { "files": [ { "filename": "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ifzkkpwij.exe", "hashes": [ { "md5_hash": "fbbdc39af1139aebba4da004475e8839", "sha1_hash": "de5c8d858e6e41da715dca1c019df0bfb92d32c0", "sha256_hash": "630325cac09ac3fab908f903e3b00d0dadd5fdaa0875ed8496fcbb97a558d0da", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ifzkkpwij.exe", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Windows\\infpub.dat", "hashes": [ { "md5_hash": "1d724f95c61f1055f0d02c2154bbccd3", "sha1_hash": "79116fe99f2b421c52ef64097f0f39b815b20907", "sha256_hash": "579fd8a0385482fb4c789561a30b09f25671e86422f40ef5cca2036b28f99648", "type": "file_hash", "version": 1 }, { "md5_hash": "c4f26ed277b51ef45fa180be597d96e8", "sha1_hash": "e9efc622924fb965d4a14bdb6223834d9a9007e7", "sha256_hash": "14d82a676b63ab046ae94fa5e41f9f69a65dc7946826cb3d74cea6c030c2f958", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\windows\\infpub.dat", "operations": [ "access", "write", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Windows\\cscc.dat", "hashes": [ { "md5_hash": "edb72f4a46c39452d1a5414f7d26454a", "sha1_hash": "08f94684e83a27f2414f439975b7f8a6d61fc056", "sha256_hash": "0b2f863f4119dc88a22cc97c0a136c88a0127cb026751303b045f7322a8972f6", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\windows\\cscc.dat", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Windows\\dispci.exe", "hashes": [ { "md5_hash": "b14d8faf7f0cbcfad051cefe5f39645f", "sha1_hash": "afeee8b4acff87bc469a6f0364a81ae5d60a2add", "sha256_hash": "8ebc97e05c8e1073bda2efb6f4d00ad7e789260afa2c276f0c72740b838a0a93", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\windows\\dispci.exe", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Windows\\41D0.tmp", "hashes": [ { "md5_hash": "d41d8cd98f00b204e9800998ecf8427e", "sha1_hash": "da39a3ee5e6b4b0d3255bfef95601890afd80709", "sha256_hash": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", "type": "file_hash", "version": 1 }, { "md5_hash": "347ac3b6b791054de3e5720a7144a977", "sha1_hash": "413eba3973a15c1a6429d9f170f3e8287f98c21c", "sha256_hash": "301b905eb98d8d6bb559c04bbda26628a942b2c4107c07a02e8f753bdcfe347c", "type": "file_hash", "version": 1 }, { "md5_hash": "c7ca77d847f1802502ef3b9228d388e4", "sha1_hash": "80ab09116d877b924dfec5b6e8eb6d3dde35869e", "sha256_hash": "fdef2f6da8c5e8002fa5822e8e4fea278fba66c22df9e13b61c8a95c2f9d585f", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\windows\\41d0.tmp", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\BOOTSECT.BAK", "hashes": [], "norm_filename": "c:\\bootsect.bak", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelLR.cab", "hashes": [ { "md5_hash": "87cf3392dfc386ebd494fa4e72b747fc", "sha1_hash": "f940f7e3770462a4809bad3e995ae46d522190ef", "sha256_hash": "fa125a9e042003f5443f6c8ac5eb108cd7a5483eab39e1b3b5c059d60215d9e7", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\msocache\\all users\\{90140000-0016-0409-1000-0000000ff1ce}-c\\excellr.cab", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelMUI.xml", "hashes": [ { "md5_hash": "a20a768a81afee200bf6db18a3056541", "sha1_hash": "3592d4d77e481c9b7eaa614deeb36e72a994218e", "sha256_hash": "448403a1b7ca253b91174d36a3881cc183d2ffeaaa3eed0496d802539538c114", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\msocache\\all users\\{90140000-0016-0409-1000-0000000ff1ce}-c\\excelmui.xml", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\Setup.xml", "hashes": [ { "md5_hash": "a5cfdf621750a94cbc0f0719a533eaf4", "sha1_hash": "6e282e3fb7afc487422d73271a729e7e4718a328", "sha256_hash": "dfe114759d655205b57f759e89f6da508d36aa1a4a84cee2fc6d743ef2655d40", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\msocache\\all users\\{90140000-0016-0409-1000-0000000ff1ce}-c\\setup.xml", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PowerPointMUI.xml", "hashes": [ { "md5_hash": "380dcda4098e62f1f5664921cf6cdd6c", "sha1_hash": "0c64f4559ed2f12cf42ee1ff2dd14d806e16ce87", "sha256_hash": "12744847431c8b2fc23c7e47dc6ec275419958ebdbcb39af589eda58dce9ead3", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\msocache\\all users\\{90140000-0018-0409-1000-0000000ff1ce}-c\\powerpointmui.xml", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PptLR.cab", "hashes": [ { "md5_hash": "43425a50ee06e30dd272c3ff17bb0427", "sha1_hash": "230a74cfbf7ae520dd726174711e0d3533f60fff", "sha256_hash": "752cc8c341f4e4d0a6036607a12df396047a4e9f3a461be21dadea54f5de67a3", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\msocache\\all users\\{90140000-0018-0409-1000-0000000ff1ce}-c\\pptlr.cab", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\Setup.xml", "hashes": [ { "md5_hash": "be16f68fd043d935ad963ea4c3d736bc", "sha1_hash": "3693091b6827d78dd9414a6f485abb53b8edfbca", "sha256_hash": "e21fac606118ecf75d5a4d1966574895104dd3024f7122339edbabb634cf5d13", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\msocache\\all users\\{90140000-0018-0409-1000-0000000ff1ce}-c\\setup.xml", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PublisherMUI.xml", "hashes": [ { "md5_hash": "cf6fa18c52894350bea091528fc31218", "sha1_hash": "7057c7772d2b3290ddea402ff765e67901afaa63", "sha256_hash": "8f2a61e71446971c5f5010abf0d324222993e7f79e0b3a3a8d6719eb9f3f2546", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\msocache\\all users\\{90140000-0019-0409-1000-0000000ff1ce}-c\\publishermui.xml", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PubLR.cab", "hashes": [ { "md5_hash": "85a68488be13ebc093b067ea1475ccf4", "sha1_hash": "3fc88da1570badea2c61a9517e06e1a41e51035b", "sha256_hash": "7cda2a6ea0faca19b16802165b3a6add583fe06141ee843e5b8c10f89a9106bb", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\msocache\\all users\\{90140000-0019-0409-1000-0000000ff1ce}-c\\publr.cab", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\Setup.xml", "hashes": [ { "md5_hash": "146cee28b00dbf679ed697b6f33d6fc0", "sha1_hash": "4b22431fa5e445f6f630e7f8a6b668125c4d3ec3", "sha256_hash": "a32fc1e86edbf4a24426684c8700693b511c649ddd36e25090018e00f37e7300", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\msocache\\all users\\{90140000-0019-0409-1000-0000000ff1ce}-c\\setup.xml", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlkLR.cab", "hashes": [ { "md5_hash": "ea9b20690debbe698df7bcdee8af861e", "sha1_hash": "383953c3903f3def7f4a8dfc961b632bc747f58a", "sha256_hash": "7a63a991eeae97834d4ee1911ccded08b7f9f47167bb73717551bedd1f3b3071", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\msocache\\all users\\{90140000-001a-0409-1000-0000000ff1ce}-c\\outlklr.cab", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlookMUI.xml", "hashes": [ { "md5_hash": "3db069e923ed265020abbe0aeeb20516", "sha1_hash": "dde8ecfc4f9d094feb2e9b831193fcc4cddb98da", "sha256_hash": "73c778eb6570c7c49aa0c5fc4b3b246f6bc335819cacd7f68716be0384068d9a", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\msocache\\all users\\{90140000-001a-0409-1000-0000000ff1ce}-c\\outlookmui.xml", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\Setup.xml", "hashes": [ { "md5_hash": "4bde0423f361b421519b65c28bde6cc2", "sha1_hash": "4e05353ba59608761c42ab503768718fd4ea9d0e", "sha256_hash": "87f2dc684dbabea1b50206f66acef5d1164deb93327b6cb03201e9f0b4e4735a", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\msocache\\all users\\{90140000-001a-0409-1000-0000000ff1ce}-c\\setup.xml", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\Setup.xml", "hashes": [ { "md5_hash": "2c56ebeae266b0945b278f8cb01732c8", "sha1_hash": "b29ffe456e5fb9ed0f8e90effbf30fc96862b153", "sha256_hash": "ffe497bab3fb4bd8401b6ded8d9f23d3bd07ac5d3ee0489ffa4f06254a053264", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\msocache\\all users\\{90140000-001b-0409-1000-0000000ff1ce}-c\\setup.xml", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\WordLR.cab", "hashes": [ { "md5_hash": "8ab2632c2d433efc3b75df58f9d73dae", "sha1_hash": "2d627a56bd4283688e4c69c4b418010b0c7d1820", "sha256_hash": "0a0c05a8af443700679eef4db9d19a12a22e19342bc56351be4738eb7f17f3d9", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\msocache\\all users\\{90140000-001b-0409-1000-0000000ff1ce}-c\\wordlr.cab", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\WordMUI.xml", "hashes": [ { "md5_hash": "5b5f9cedbc03caf54b38039ff2b1487b", "sha1_hash": "fea2f54353593e4d88887393b651fdbb3ba79324", "sha256_hash": "425d33325b790e9ad234441f1a2adc245d397f19f07bbf53c6b53282c443cb8a", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\msocache\\all users\\{90140000-001b-0409-1000-0000000ff1ce}-c\\wordmui.xml", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\Proof.cab", "hashes": [ { "md5_hash": "b7ed442d187f7892bc057b6004e83599", "sha1_hash": "cf0239dd6407ffb1bfaff75c154e5b6ff261be74", "sha256_hash": "e50f152da6840a55a0f185499b2381bac2668aa38a61d70ac191cc8f456025e0", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.en\\proof.cab", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\Proof.xml", "hashes": [ { "md5_hash": "15153c4f2a05f30d0283700f557c85d2", "sha1_hash": "49e02205a4b52d394ff129472c75f31f24be11bd", "sha256_hash": "5135fa2425ba2cdff867dc297ca432bcaef9bf0c3755c1304e4a661767f36607", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.en\\proof.xml", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\Proof.cab", "hashes": [ { "md5_hash": "01522cc818e3cb5c1f88f0af6b71d2a9", "sha1_hash": "89ab8491fb830a0e1f96fa654820c80e3853e31a", "sha256_hash": "72245180f2d45a7ff7fad89fda1cd0bf4aea2bc5f1467c58b56ecb83c86c146f", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.es\\proof.cab", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\Proof.xml", "hashes": [ { "md5_hash": "3b30045ad6c97ff866342decbf09ab28", "sha1_hash": "4bba2d45d8bca9bc168ca55f74d02c80eaaf6828", "sha256_hash": "a44f1691b44e6bd338b74ddaad4a6be3ec62789882a1cf42a53d6a97ba611c09", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.es\\proof.xml", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\Proof.cab", "hashes": [ { "md5_hash": "0335234c7c545ba002aeb3df922f7686", "sha1_hash": "04a74035ae437f4fc5aaad4eb15931f65853e82b", "sha256_hash": "669e004f14ac15858414dffdc0d4002a2fc54621f1b1ce33ae0c72ff26edd29a", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.fr\\proof.cab", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\Proof.xml", "hashes": [ { "md5_hash": "d4ea0313aa839edf612c9ee1b33b92c5", "sha1_hash": "54de0ac01c3d5567499e29454eedaa473ed79d93", "sha256_hash": "882b5924b55e8ee500f7aff61a11abea43771ea12cc474a714ccfb8255ab2343", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.fr\\proof.xml", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proofing.xml", "hashes": [ { "md5_hash": "f570a344598fb3126736a6ed636f069d", "sha1_hash": "8333909319182a2e880bb757ec6498650fa81889", "sha256_hash": "1fd1b9d62a4c31ce9bbccc238b5c2968b64a6124a8c6fe1934ea7820326e0614", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proofing.xml", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Setup.xml", "hashes": [ { "md5_hash": "aad695e82a73aba6565adf1251f3bb6b", "sha1_hash": "0d863f3a8d023547553c16663170df3dc63c2a79", "sha256_hash": "fa6379ddcc35d29cd142c0a68bc6fb0289ced7fcea8bd8328a544e7d3d5472c4", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\setup.xml", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\Office32MUI.xml", "hashes": [ { "md5_hash": "5c46b16a535150be984a13005a582bb1", "sha1_hash": "ea8a7e2020fe6c3fb672596a0d13c548e6660dae", "sha256_hash": "f2f29f4820305a8e6f1d233b87212df1f9deb506b6050090b4a5cca29f7872d9", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\msocache\\all users\\{90140000-0043-0409-1000-0000000ff1ce}-c\\office32mui.xml", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\OWOW32LR.cab", "hashes": [ { "md5_hash": "53dff27d197fac5fec615fd204378274", "sha1_hash": "724edbe96e984e05486c8f051f3f3cd7b4f50252", "sha256_hash": "034a8515267cffff2909d9d2c241aa7b63d1f1b9298f5c97b928830fc4003e4c", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\msocache\\all users\\{90140000-0043-0409-1000-0000000ff1ce}-c\\owow32lr.cab", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\Setup.xml", "hashes": [ { "md5_hash": "938647548a6e4b74ea13e78465570a88", "sha1_hash": "72117b74130db120ea4631d81f05ba317719856f", "sha256_hash": "bc8e71a789537b982077972a1d3cf2d5cf548e2c0d584e262198198d53398f23", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\msocache\\all users\\{90140000-0043-0409-1000-0000000ff1ce}-c\\setup.xml", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\InfLR.cab", "hashes": [ { "md5_hash": "b1942518b15f0af4b81329b96a4cd97b", "sha1_hash": "cd1bcdf2dcea0c11a73203fb61387fb5b20a33ec", "sha256_hash": "eea2e87a37f7f432cb7761a90407d1ec10abb4311e59d8361e55a214cc97e546", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\msocache\\all users\\{90140000-0044-0409-1000-0000000ff1ce}-c\\inflr.cab", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\InfoPathMUI.xml", "hashes": [ { "md5_hash": "180f8b1fde6c589a1c9e529a8dedfb42", "sha1_hash": "885f800cd0d0904b4dac55a6c9b840ac34ca1b09", "sha256_hash": "614c51f1e9a2760f1f308724e5520d61749aaf8e3e282244bad26a4031e1aa47", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\msocache\\all users\\{90140000-0044-0409-1000-0000000ff1ce}-c\\infopathmui.xml", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\Setup.xml", "hashes": [ { "md5_hash": "fe2c346594a0317e1cd552fbb55709fa", "sha1_hash": "e2afd9514e47e3708d68d5d7e0cb22cf348cde99", "sha256_hash": "18d690cf2acfd0f7b7cfcd994563e5ed40e2e1fae7466a8a6b8a372205c62195", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\msocache\\all users\\{90140000-0044-0409-1000-0000000ff1ce}-c\\setup.xml", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\Setup.xml", "hashes": [ { "md5_hash": "f11d38f5e08ff6023b55931f8836aee0", "sha1_hash": "728d5d4529be7a2e640df048a134f345c46b20d4", "sha256_hash": "88745aa40fb3f942c8df5b10a58eb80f95f8fdac2afb828962b8de98949dd55c", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\msocache\\all users\\{90140000-0054-0409-1000-0000000ff1ce}-c\\setup.xml", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\VisioLR.cab", "hashes": [ { "md5_hash": "8a0831714fbd219ad2cc0411a7666ae3", "sha1_hash": "3aa7f94dc84e5db74d8a202deb652c5811f18a2d", "sha256_hash": "c5ba50319cf18e9e9c71ca4c724a6ea66676c9138efe8cd2b2ce59c920c7c8f7", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\msocache\\all users\\{90140000-0054-0409-1000-0000000ff1ce}-c\\visiolr.cab", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\VisioMUI.xml", "hashes": [], "norm_filename": "c:\\msocache\\all users\\{90140000-0054-0409-1000-0000000ff1ce}-c\\visiomui.xml", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\OneNoteMUI.xml", "hashes": [], "norm_filename": "c:\\msocache\\all users\\{90140000-00a1-0409-1000-0000000ff1ce}-c\\onenotemui.xml", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\OnoteLR.cab", "hashes": [], "norm_filename": "c:\\msocache\\all users\\{90140000-00a1-0409-1000-0000000ff1ce}-c\\onotelr.cab", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\Setup.xml", "hashes": [], "norm_filename": "c:\\msocache\\all users\\{90140000-00a1-0409-1000-0000000ff1ce}-c\\setup.xml", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\ProjectMUI.xml", "hashes": [], "norm_filename": "c:\\msocache\\all users\\{90140000-00b4-0409-1000-0000000ff1ce}-c\\projectmui.xml", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\ProjLR.cab", "hashes": [], "norm_filename": "c:\\msocache\\all users\\{90140000-00b4-0409-1000-0000000ff1ce}-c\\projlr.cab", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\Setup.xml", "hashes": [], "norm_filename": "c:\\msocache\\all users\\{90140000-00b4-0409-1000-0000000ff1ce}-c\\setup.xml", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\GrooveLR.cab", "hashes": [], "norm_filename": "c:\\msocache\\all users\\{90140000-00ba-0409-1000-0000000ff1ce}-c\\groovelr.cab", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\GrooveMUI.xml", "hashes": [], "norm_filename": "c:\\msocache\\all users\\{90140000-00ba-0409-1000-0000000ff1ce}-c\\groovemui.xml", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\Setup.xml", "hashes": [], "norm_filename": "c:\\msocache\\all users\\{90140000-00ba-0409-1000-0000000ff1ce}-c\\setup.xml", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\branding.xml", "hashes": [], "norm_filename": "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\branding.xml", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeLR.cab", "hashes": [], "norm_filename": "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\officelr.cab", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUI.xml", "hashes": [], "norm_filename": "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\officemui.xml", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUISet.xml", "hashes": [], "norm_filename": "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\officemuiset.xml", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\Setup.xml", "hashes": [], "norm_filename": "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\setup.xml", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\AccessMUI.xml", "hashes": [], "norm_filename": "c:\\msocache\\all users\\{90140000-0117-0409-1000-0000000ff1ce}-c\\access.en-us\\accessmui.xml", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\AccLR.cab", "hashes": [], "norm_filename": "c:\\msocache\\all users\\{90140000-0117-0409-1000-0000000ff1ce}-c\\access.en-us\\acclr.cab", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "STD_OUTPUT_HANDLE", "hashes": [], "norm_filename": "std_output_handle", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "STD_INPUT_HANDLE", "hashes": [], "norm_filename": "std_input_handle", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\desktop", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "STD_ERROR_HANDLE", "hashes": [], "norm_filename": "std_error_handle", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\.\\pipe\\{2FDFCF81-BD74-41C3-9115-F628925CC568}", "hashes": [], "norm_filename": "\\device\\namedpipe\\{2fdfcf81-bd74-41c3-9115-f628925cc568}", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Windows\\system32", "hashes": [], "norm_filename": "c:\\windows\\system32", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\.\\PhysicalDrive0", "hashes": [], "norm_filename": "\\device\\harddisk0\\dr0", "operations": [ "write", "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\.\\dcrypt", "hashes": [], "norm_filename": "\\device\\dcrypt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\.\\GLOBALROOT\\ArcName\\multi(0)disk(0)rdisk(0)partition(1)", "hashes": [], "norm_filename": "c:", "operations": [ "access" ], "type": "file_artifact", "version": 1 } ], "ips": [ { "ip_address": "192.168.0.0", "type": "ip_address_artifact", "version": 1 }, { "ip_address": "192.168.0.1", "type": "ip_address_artifact", "version": 1 }, { "ip_address": "192.168.0.2", "type": "ip_address_artifact", "version": 1 }, { "ip_address": "192.168.0.3", "type": "ip_address_artifact", "version": 1 } ], "mutexes": [ { "mutex_name": "9A1966663AD6FDE5", "operations": [ "access" ], "type": "mutex_artifact", "version": 1 } ], "registry": [ { "operations": [ "access", "read", "write" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Class\\{71A27CDD-812A-11D0-BEC7-08002BE2092F}", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read", "write" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Class\\{4D36E965-E325-11CE-BFC1-08002BE10318}", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read", "write" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\CrashControl", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\System", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Command Processor", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Command Processor", "type": "registry_artifact", "version": 1 } ], "type": "artifacts", "urls": [], "version": 1 }, "extracted_files": [ { "archive_path": "extracted_files/79116fe99f2b421c52ef64097f0f39b815b20907", "file_type": "created_file", "id": "file_2", "md5_hash": "1d724f95c61f1055f0d02c2154bbccd3", "norm_filename": "c:\\windows\\infpub.dat", "sha1_hash": "79116fe99f2b421c52ef64097f0f39b815b20907", "sha256_hash": "579fd8a0385482fb4c789561a30b09f25671e86422f40ef5cca2036b28f99648", "size": 410760, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/e9efc622924fb965d4a14bdb6223834d9a9007e7", "file_type": "created_file", "id": "file_3", "md5_hash": "c4f26ed277b51ef45fa180be597d96e8", "norm_filename": "c:\\windows\\infpub.dat", "sha1_hash": "e9efc622924fb965d4a14bdb6223834d9a9007e7", "sha256_hash": "14d82a676b63ab046ae94fa5e41f9f69a65dc7946826cb3d74cea6c030c2f958", "size": 410760, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/08f94684e83a27f2414f439975b7f8a6d61fc056", "file_type": "created_file", "id": "file_4", "md5_hash": "edb72f4a46c39452d1a5414f7d26454a", "norm_filename": "c:\\windows\\cscc.dat", "sha1_hash": "08f94684e83a27f2414f439975b7f8a6d61fc056", "sha256_hash": "0b2f863f4119dc88a22cc97c0a136c88a0127cb026751303b045f7322a8972f6", "size": 210632, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/afeee8b4acff87bc469a6f0364a81ae5d60a2add", "file_type": "created_file", "id": "file_5", "md5_hash": "b14d8faf7f0cbcfad051cefe5f39645f", "norm_filename": "c:\\windows\\dispci.exe", "sha1_hash": "afeee8b4acff87bc469a6f0364a81ae5d60a2add", "sha256_hash": "8ebc97e05c8e1073bda2efb6f4d00ad7e789260afa2c276f0c72740b838a0a93", "size": 142848, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/da39a3ee5e6b4b0d3255bfef95601890afd80709", "file_type": "created_file", "id": "file_6", "md5_hash": "d41d8cd98f00b204e9800998ecf8427e", "norm_filename": "c:\\windows\\41d0.tmp", "sha1_hash": "da39a3ee5e6b4b0d3255bfef95601890afd80709", "sha256_hash": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", "size": 0, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/da39a3ee5e6b4b0d3255bfef95601890afd80709", "file_type": "created_file", "id": "file_40", "md5_hash": "d41d8cd98f00b204e9800998ecf8427e", "norm_filename": "c:\\windows\\system32\\wbem\\repository\\writable.tst", "sha1_hash": "da39a3ee5e6b4b0d3255bfef95601890afd80709", "sha256_hash": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", "size": 0, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/413eba3973a15c1a6429d9f170f3e8287f98c21c", "file_type": "created_file", "id": "file_7", "md5_hash": "347ac3b6b791054de3e5720a7144a977", "norm_filename": "c:\\windows\\41d0.tmp", "sha1_hash": "413eba3973a15c1a6429d9f170f3e8287f98c21c", "sha256_hash": "301b905eb98d8d6bb559c04bbda26628a942b2c4107c07a02e8f753bdcfe347c", "size": 62328, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/80ab09116d877b924dfec5b6e8eb6d3dde35869e", "file_type": "created_file", "id": "file_8", "md5_hash": "c7ca77d847f1802502ef3b9228d388e4", "norm_filename": "c:\\windows\\41d0.tmp", "sha1_hash": "80ab09116d877b924dfec5b6e8eb6d3dde35869e", "sha256_hash": "fdef2f6da8c5e8002fa5822e8e4fea278fba66c22df9e13b61c8a95c2f9d585f", "size": 62328, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/f940f7e3770462a4809bad3e995ae46d522190ef", "file_type": "modified_file", "id": "file_9", "md5_hash": "87cf3392dfc386ebd494fa4e72b747fc", "norm_filename": "c:\\msocache\\all users\\{90140000-0016-0409-1000-0000000ff1ce}-c\\excellr.cab", "sha1_hash": "f940f7e3770462a4809bad3e995ae46d522190ef", "sha256_hash": "fa125a9e042003f5443f6c8ac5eb108cd7a5483eab39e1b3b5c059d60215d9e7", "size": 10485760, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/3592d4d77e481c9b7eaa614deeb36e72a994218e", "file_type": "modified_file", "id": "file_10", "md5_hash": "a20a768a81afee200bf6db18a3056541", "norm_filename": "c:\\msocache\\all users\\{90140000-0016-0409-1000-0000000ff1ce}-c\\excelmui.xml", "sha1_hash": "3592d4d77e481c9b7eaa614deeb36e72a994218e", "sha256_hash": "448403a1b7ca253b91174d36a3881cc183d2ffeaaa3eed0496d802539538c114", "size": 1602, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/6e282e3fb7afc487422d73271a729e7e4718a328", "file_type": "modified_file", "id": "file_11", "md5_hash": "a5cfdf621750a94cbc0f0719a533eaf4", "norm_filename": "c:\\msocache\\all users\\{90140000-0016-0409-1000-0000000ff1ce}-c\\setup.xml", "sha1_hash": "6e282e3fb7afc487422d73271a729e7e4718a328", "sha256_hash": "dfe114759d655205b57f759e89f6da508d36aa1a4a84cee2fc6d743ef2655d40", "size": 2338, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/0c64f4559ed2f12cf42ee1ff2dd14d806e16ce87", "file_type": "modified_file", "id": "file_12", "md5_hash": "380dcda4098e62f1f5664921cf6cdd6c", "norm_filename": "c:\\msocache\\all users\\{90140000-0018-0409-1000-0000000ff1ce}-c\\powerpointmui.xml", "sha1_hash": "0c64f4559ed2f12cf42ee1ff2dd14d806e16ce87", "sha256_hash": "12744847431c8b2fc23c7e47dc6ec275419958ebdbcb39af589eda58dce9ead3", "size": 1490, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/230a74cfbf7ae520dd726174711e0d3533f60fff", "file_type": "modified_file", "id": "file_13", "md5_hash": "43425a50ee06e30dd272c3ff17bb0427", "norm_filename": "c:\\msocache\\all users\\{90140000-0018-0409-1000-0000000ff1ce}-c\\pptlr.cab", "sha1_hash": "230a74cfbf7ae520dd726174711e0d3533f60fff", "sha256_hash": "752cc8c341f4e4d0a6036607a12df396047a4e9f3a461be21dadea54f5de67a3", "size": 10485760, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/3693091b6827d78dd9414a6f485abb53b8edfbca", "file_type": "modified_file", "id": "file_14", "md5_hash": "be16f68fd043d935ad963ea4c3d736bc", "norm_filename": "c:\\msocache\\all users\\{90140000-0018-0409-1000-0000000ff1ce}-c\\setup.xml", "sha1_hash": "3693091b6827d78dd9414a6f485abb53b8edfbca", "sha256_hash": "e21fac606118ecf75d5a4d1966574895104dd3024f7122339edbabb634cf5d13", "size": 1922, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/7057c7772d2b3290ddea402ff765e67901afaa63", "file_type": "modified_file", "id": "file_15", "md5_hash": "cf6fa18c52894350bea091528fc31218", "norm_filename": "c:\\msocache\\all users\\{90140000-0019-0409-1000-0000000ff1ce}-c\\publishermui.xml", "sha1_hash": "7057c7772d2b3290ddea402ff765e67901afaa63", "sha256_hash": "8f2a61e71446971c5f5010abf0d324222993e7f79e0b3a3a8d6719eb9f3f2546", "size": 1490, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/3fc88da1570badea2c61a9517e06e1a41e51035b", "file_type": "modified_file", "id": "file_16", "md5_hash": "85a68488be13ebc093b067ea1475ccf4", "norm_filename": "c:\\msocache\\all users\\{90140000-0019-0409-1000-0000000ff1ce}-c\\publr.cab", "sha1_hash": "3fc88da1570badea2c61a9517e06e1a41e51035b", "sha256_hash": "7cda2a6ea0faca19b16802165b3a6add583fe06141ee843e5b8c10f89a9106bb", "size": 9958434, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/4b22431fa5e445f6f630e7f8a6b668125c4d3ec3", "file_type": "modified_file", "id": "file_17", "md5_hash": "146cee28b00dbf679ed697b6f33d6fc0", "norm_filename": "c:\\msocache\\all users\\{90140000-0019-0409-1000-0000000ff1ce}-c\\setup.xml", "sha1_hash": "4b22431fa5e445f6f630e7f8a6b668125c4d3ec3", "sha256_hash": "a32fc1e86edbf4a24426684c8700693b511c649ddd36e25090018e00f37e7300", "size": 1650, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/383953c3903f3def7f4a8dfc961b632bc747f58a", "file_type": "modified_file", "id": "file_18", "md5_hash": "ea9b20690debbe698df7bcdee8af861e", "norm_filename": "c:\\msocache\\all users\\{90140000-001a-0409-1000-0000000ff1ce}-c\\outlklr.cab", "sha1_hash": "383953c3903f3def7f4a8dfc961b632bc747f58a", "sha256_hash": "7a63a991eeae97834d4ee1911ccded08b7f9f47167bb73717551bedd1f3b3071", "size": 10485760, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/dde8ecfc4f9d094feb2e9b831193fcc4cddb98da", "file_type": "modified_file", "id": "file_19", "md5_hash": "3db069e923ed265020abbe0aeeb20516", "norm_filename": "c:\\msocache\\all users\\{90140000-001a-0409-1000-0000000ff1ce}-c\\outlookmui.xml", "sha1_hash": "dde8ecfc4f9d094feb2e9b831193fcc4cddb98da", "sha256_hash": "73c778eb6570c7c49aa0c5fc4b3b246f6bc335819cacd7f68716be0384068d9a", "size": 3234, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/4e05353ba59608761c42ab503768718fd4ea9d0e", "file_type": "modified_file", "id": "file_20", "md5_hash": "4bde0423f361b421519b65c28bde6cc2", "norm_filename": "c:\\msocache\\all users\\{90140000-001a-0409-1000-0000000ff1ce}-c\\setup.xml", "sha1_hash": "4e05353ba59608761c42ab503768718fd4ea9d0e", "sha256_hash": "87f2dc684dbabea1b50206f66acef5d1164deb93327b6cb03201e9f0b4e4735a", "size": 4242, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/b29ffe456e5fb9ed0f8e90effbf30fc96862b153", "file_type": "modified_file", "id": "file_21", "md5_hash": "2c56ebeae266b0945b278f8cb01732c8", "norm_filename": "c:\\msocache\\all users\\{90140000-001b-0409-1000-0000000ff1ce}-c\\setup.xml", "sha1_hash": "b29ffe456e5fb9ed0f8e90effbf30fc96862b153", "sha256_hash": "ffe497bab3fb4bd8401b6ded8d9f23d3bd07ac5d3ee0489ffa4f06254a053264", "size": 2466, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/2d627a56bd4283688e4c69c4b418010b0c7d1820", "file_type": "modified_file", "id": "file_22", "md5_hash": "8ab2632c2d433efc3b75df58f9d73dae", "norm_filename": "c:\\msocache\\all users\\{90140000-001b-0409-1000-0000000ff1ce}-c\\wordlr.cab", "sha1_hash": "2d627a56bd4283688e4c69c4b418010b0c7d1820", "sha256_hash": "0a0c05a8af443700679eef4db9d19a12a22e19342bc56351be4738eb7f17f3d9", "size": 10485760, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fea2f54353593e4d88887393b651fdbb3ba79324", "file_type": "modified_file", "id": "file_23", "md5_hash": "5b5f9cedbc03caf54b38039ff2b1487b", "norm_filename": "c:\\msocache\\all users\\{90140000-001b-0409-1000-0000000ff1ce}-c\\wordmui.xml", "sha1_hash": "fea2f54353593e4d88887393b651fdbb3ba79324", "sha256_hash": "425d33325b790e9ad234441f1a2adc245d397f19f07bbf53c6b53282c443cb8a", "size": 1842, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/cf0239dd6407ffb1bfaff75c154e5b6ff261be74", "file_type": "modified_file", "id": "file_24", "md5_hash": "b7ed442d187f7892bc057b6004e83599", "norm_filename": "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.en\\proof.cab", "sha1_hash": "cf0239dd6407ffb1bfaff75c154e5b6ff261be74", "sha256_hash": "e50f152da6840a55a0f185499b2381bac2668aa38a61d70ac191cc8f456025e0", "size": 10485760, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/49e02205a4b52d394ff129472c75f31f24be11bd", "file_type": "modified_file", "id": "file_25", "md5_hash": "15153c4f2a05f30d0283700f557c85d2", "norm_filename": "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.en\\proof.xml", "sha1_hash": "49e02205a4b52d394ff129472c75f31f24be11bd", "sha256_hash": "5135fa2425ba2cdff867dc297ca432bcaef9bf0c3755c1304e4a661767f36607", "size": 1394, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/89ab8491fb830a0e1f96fa654820c80e3853e31a", "file_type": "modified_file", "id": "file_26", "md5_hash": "01522cc818e3cb5c1f88f0af6b71d2a9", "norm_filename": "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.es\\proof.cab", "sha1_hash": "89ab8491fb830a0e1f96fa654820c80e3853e31a", "sha256_hash": "72245180f2d45a7ff7fad89fda1cd0bf4aea2bc5f1467c58b56ecb83c86c146f", "size": 10485760, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/4bba2d45d8bca9bc168ca55f74d02c80eaaf6828", "file_type": "modified_file", "id": "file_27", "md5_hash": "3b30045ad6c97ff866342decbf09ab28", "norm_filename": "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.es\\proof.xml", "sha1_hash": "4bba2d45d8bca9bc168ca55f74d02c80eaaf6828", "sha256_hash": "a44f1691b44e6bd338b74ddaad4a6be3ec62789882a1cf42a53d6a97ba611c09", "size": 1506, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/04a74035ae437f4fc5aaad4eb15931f65853e82b", "file_type": "modified_file", "id": "file_28", "md5_hash": "0335234c7c545ba002aeb3df922f7686", "norm_filename": "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.fr\\proof.cab", "sha1_hash": "04a74035ae437f4fc5aaad4eb15931f65853e82b", "sha256_hash": "669e004f14ac15858414dffdc0d4002a2fc54621f1b1ce33ae0c72ff26edd29a", "size": 10485760, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/54de0ac01c3d5567499e29454eedaa473ed79d93", "file_type": "modified_file", "id": "file_29", "md5_hash": "d4ea0313aa839edf612c9ee1b33b92c5", "norm_filename": "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.fr\\proof.xml", "sha1_hash": "54de0ac01c3d5567499e29454eedaa473ed79d93", "sha256_hash": "882b5924b55e8ee500f7aff61a11abea43771ea12cc474a714ccfb8255ab2343", "size": 1506, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/8333909319182a2e880bb757ec6498650fa81889", "file_type": "modified_file", "id": "file_30", "md5_hash": "f570a344598fb3126736a6ed636f069d", "norm_filename": "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proofing.xml", "sha1_hash": "8333909319182a2e880bb757ec6498650fa81889", "sha256_hash": "1fd1b9d62a4c31ce9bbccc238b5c2968b64a6124a8c6fe1934ea7820326e0614", "size": 850, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/0d863f3a8d023547553c16663170df3dc63c2a79", "file_type": "modified_file", "id": "file_31", "md5_hash": "aad695e82a73aba6565adf1251f3bb6b", "norm_filename": "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\setup.xml", "sha1_hash": "0d863f3a8d023547553c16663170df3dc63c2a79", "sha256_hash": "fa6379ddcc35d29cd142c0a68bc6fb0289ced7fcea8bd8328a544e7d3d5472c4", "size": 5922, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/ea8a7e2020fe6c3fb672596a0d13c548e6660dae", "file_type": "modified_file", "id": "file_32", "md5_hash": "5c46b16a535150be984a13005a582bb1", "norm_filename": "c:\\msocache\\all users\\{90140000-0043-0409-1000-0000000ff1ce}-c\\office32mui.xml", "sha1_hash": "ea8a7e2020fe6c3fb672596a0d13c548e6660dae", "sha256_hash": "f2f29f4820305a8e6f1d233b87212df1f9deb506b6050090b4a5cca29f7872d9", "size": 1426, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/724edbe96e984e05486c8f051f3f3cd7b4f50252", "file_type": "modified_file", "id": "file_33", "md5_hash": "53dff27d197fac5fec615fd204378274", "norm_filename": "c:\\msocache\\all users\\{90140000-0043-0409-1000-0000000ff1ce}-c\\owow32lr.cab", "sha1_hash": "724edbe96e984e05486c8f051f3f3cd7b4f50252", "sha256_hash": "034a8515267cffff2909d9d2c241aa7b63d1f1b9298f5c97b928830fc4003e4c", "size": 2928994, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/72117b74130db120ea4631d81f05ba317719856f", "file_type": "modified_file", "id": "file_34", "md5_hash": "938647548a6e4b74ea13e78465570a88", "norm_filename": "c:\\msocache\\all users\\{90140000-0043-0409-1000-0000000ff1ce}-c\\setup.xml", "sha1_hash": "72117b74130db120ea4631d81f05ba317719856f", "sha256_hash": "bc8e71a789537b982077972a1d3cf2d5cf548e2c0d584e262198198d53398f23", "size": 2402, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/cd1bcdf2dcea0c11a73203fb61387fb5b20a33ec", "file_type": "modified_file", "id": "file_35", "md5_hash": "b1942518b15f0af4b81329b96a4cd97b", "norm_filename": "c:\\msocache\\all users\\{90140000-0044-0409-1000-0000000ff1ce}-c\\inflr.cab", "sha1_hash": "cd1bcdf2dcea0c11a73203fb61387fb5b20a33ec", "sha256_hash": "eea2e87a37f7f432cb7761a90407d1ec10abb4311e59d8361e55a214cc97e546", "size": 10485760, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/885f800cd0d0904b4dac55a6c9b840ac34ca1b09", "file_type": "modified_file", "id": "file_36", "md5_hash": "180f8b1fde6c589a1c9e529a8dedfb42", "norm_filename": "c:\\msocache\\all users\\{90140000-0044-0409-1000-0000000ff1ce}-c\\infopathmui.xml", "sha1_hash": "885f800cd0d0904b4dac55a6c9b840ac34ca1b09", "sha256_hash": "614c51f1e9a2760f1f308724e5520d61749aaf8e3e282244bad26a4031e1aa47", "size": 1266, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/e2afd9514e47e3708d68d5d7e0cb22cf348cde99", "file_type": "modified_file", "id": "file_37", "md5_hash": "fe2c346594a0317e1cd552fbb55709fa", "norm_filename": "c:\\msocache\\all users\\{90140000-0044-0409-1000-0000000ff1ce}-c\\setup.xml", "sha1_hash": "e2afd9514e47e3708d68d5d7e0cb22cf348cde99", "sha256_hash": "18d690cf2acfd0f7b7cfcd994563e5ed40e2e1fae7466a8a6b8a372205c62195", "size": 1890, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/728d5d4529be7a2e640df048a134f345c46b20d4", "file_type": "modified_file", "id": "file_38", "md5_hash": "f11d38f5e08ff6023b55931f8836aee0", "norm_filename": "c:\\msocache\\all users\\{90140000-0054-0409-1000-0000000ff1ce}-c\\setup.xml", "sha1_hash": "728d5d4529be7a2e640df048a134f345c46b20d4", "sha256_hash": "88745aa40fb3f942c8df5b10a58eb80f95f8fdac2afb828962b8de98949dd55c", "size": 6290, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/3aa7f94dc84e5db74d8a202deb652c5811f18a2d", "file_type": "modified_file", "id": "file_39", "md5_hash": "8a0831714fbd219ad2cc0411a7666ae3", "norm_filename": "c:\\msocache\\all users\\{90140000-0054-0409-1000-0000000ff1ce}-c\\visiolr.cab", "sha1_hash": "3aa7f94dc84e5db74d8a202deb652c5811f18a2d", "sha256_hash": "c5ba50319cf18e9e9c71ca4c724a6ea66676c9138efe8cd2b2ce59c920c7c8f7", "size": 6737708, "type": "extracted_file", "version": 1 } ], "process_dumps": [ { "archive_path": "process_dumps/process_00000001-region_00000001-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "filename": "process_00000001-region_00000001-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "id": "proc_dump_41", "md5_hash": "adf273fea1472eba2ba78619cb9e232c", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "64643accbfb6f25e001417064da84727da5e46cb", "sha256_hash": "b760fecb6e88511fb17de4191f3162f445af751c0a45e16c07eeeccbd0f808a3", "size": 131072, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000002-addr_0x0000000000030000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000001-region_00000002-addr_0x0000000000030000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_42", "md5_hash": "8fd7cb3049a6a7c5fcc7967834aede15", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "97251830198a3396e499b184dcbbac5424145e32", "sha256_hash": "6e4606193966a52d42d2f2a1db35cf960342cf3f359d0c3d5cbee12a6338a089", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000006-addr_0x0000000000190000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000001-region_00000006-addr_0x0000000000190000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_43", "md5_hash": "fa4c952c3a35359bec73220ff5f728b9", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "3f14610565f9e852813e5548af9a930459614d08", "sha256_hash": "1fa157396b190537f65f669ec5c6a2fdf291e486929e21925d95348633a42046", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000007-addr_0x0000000000280000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000001-region_00000007-addr_0x0000000000280000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_44", "md5_hash": "4b68bd56e7ad6b5784bd9db478515822", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "13c485ff1d78fb8dcb259f85f41eb254184efe57", "sha256_hash": "f68d3b344b9a6b1878b1412295a89c2162f2237549ed42480aa521ed6a7e5615", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000008-addr_0x0000000000ff0000-size_0x0000000000012000-perm_rwx.bin", "filename": "process_00000001-region_00000008-addr_0x0000000000ff0000-size_0x0000000000012000-perm_rwx.bin", "id": "proc_dump_45", "md5_hash": "93386ba3dbcfeb657432c4b86766c08a", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "d3ea09a9a8d8ca8d730158e71a2a1bf5498c0d49", "sha256_hash": "62d5991e5f42b70f64524b1f4f97215aae0fc1ce7feffad7036f3fea778d4d31", "size": 56832, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000012-addr_0x000000007efdb000-size_0x0000000000003000-perm_rw.bin", "filename": "process_00000001-region_00000012-addr_0x000000007efdb000-size_0x0000000000003000-perm_rw.bin", "id": "proc_dump_46", "md5_hash": "daf69abbf028901ceb2ca39f90f32a92", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "20e0530b3282a0e3ea2907b3eaa3a84b62145286", "sha256_hash": "ecf507a3a311664b78d41205aa3a3422ddfd979eb97e0e0130c49748cbb086b0", "size": 12288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000013-addr_0x000000007efde000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000001-region_00000013-addr_0x000000007efde000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_47", "md5_hash": "31ba3eeb3922f8f19019b12ffa613d55", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "30f4b9a31b1714fe959752007ff5928f9b6ea7ed", "sha256_hash": "610eba16f8b5e20c17cef061a1f7552a1641bf760f4dad6c40f1677e71ed9bb4", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000014-addr_0x000000007efdf000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000001-region_00000014-addr_0x000000007efdf000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_48", "md5_hash": "aa6a0a6ac5576702a984caa5a39c54ba", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "dc53da9cef1bfd74fc00f0f360c870fb12bda589", "sha256_hash": "4480b1c94e498f76a44c39fea0f154b6ee9cf904276810815ecb04f213b95002", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000016-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "filename": "process_00000001-region_00000016-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "id": "proc_dump_49", "md5_hash": "7d2d114db75f7197c0e89a6adb1a7b56", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "d28325c233b7f6a9a4ddc79698b6ff1530308b02", "sha256_hash": "e5005437446e02ef2df88c8152f54f19ba182439bd315b55979c3a8903b8fbff", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000150-addr_0x0000000000490000-size_0x0000000000080000-perm_rw.bin", "filename": "process_00000001-region_00000150-addr_0x0000000000490000-size_0x0000000000080000-perm_rw.bin", "id": "proc_dump_50", "md5_hash": "232ffb2b94c6d57801af1ffacde8eb2c", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "92fe14a847c3dcb3225f26e649f60d2ac192932a", "sha256_hash": "3ddf0d4740755aefa714d84d322e4293114085128d6b62c8ca84b8e30009faa6", "size": 524288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000154-addr_0x0000000000620000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000001-region_00000154-addr_0x0000000000620000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_51", "md5_hash": "7364176566f88b8574d3db36be9cff75", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "671bce0ca9e38b2a672e787617d50eb81698cb8e", "sha256_hash": "64dd08c65ba9821adc5a12b4206ccf964e407952dc0b02519971b5f01942eb31", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000157-addr_0x0000000076b70000-size_0x00000000000fa000-perm_rwx.bin", "filename": "process_00000001-region_00000157-addr_0x0000000076b70000-size_0x00000000000fa000-perm_rwx.bin", "id": "proc_dump_52", "md5_hash": "6eeea0bcbc21bd1c0d7f0d6ae3488f7b", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "fad191d56abe255a03a7b4b3b641fcfa8a4f81fe", "sha256_hash": "938a68694e4495227ebc925be61a20adb5c6c82d7dd57cc67a2717e2f9f2bf70", "size": 1024000, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000158-addr_0x0000000076c70000-size_0x000000000011f000-perm_rwx.bin", "filename": "process_00000001-region_00000158-addr_0x0000000076c70000-size_0x000000000011f000-perm_rwx.bin", "id": "proc_dump_53", "md5_hash": "caf76e9dd8864dfb7d729847f3595e80", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "71745f0f20bf18b3813fbb1a30eed8d41dc1d51d", "sha256_hash": "f113bc4b90aa0447b7992c2783d7c3b16d63f0e65e2c54c6e93ba833e8e0c667", "size": 1175552, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000176-addr_0x0000000000840000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000001-region_00000176-addr_0x0000000000840000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_54", "md5_hash": "d3d5ea67c9ce3f854b606ddd103d749b", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "05ea7c04b19b7d93af3777cd95007b04de9077e7", "sha256_hash": "dc35a9f8e49524a436ce97bc35a868f13730b90accd891b5640590f141457042", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000180-addr_0x0000000000030000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000001-region_00000180-addr_0x0000000000030000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_55", "md5_hash": "663e0c81aa5e0a3ff2a43da751ac3ea6", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "e73f43d3b9108b46aa594a997edc25f4aa778b3a", "sha256_hash": "83341888a1a94ed307472f9945ea15735d3580b3043db1b990ac64f5eda31432", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000181-addr_0x00000000000e0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000001-region_00000181-addr_0x00000000000e0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_56", "md5_hash": "620f0b67a91f7f74151bc5be745b7110", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "1ceaf73df40e531df3bfb26b4fb7cd95fb7bff1d", "sha256_hash": "ad7facb2586fc6e966c004d7d1d16b024f5805ff7cb47c7a85dabd8b48892ca7", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000184-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "filename": "process_00000002-region_00000184-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "id": "proc_dump_57", "md5_hash": "697b3b4b8b55458d1dc5c5109505cb78", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "a980fe4d8fe11a3b1aa18534f846dfd732c64934", "sha256_hash": "1982191a7d96320357e5ebfdf02e669a5082f062957394f60a8e3c97f8bade0a", "size": 131072, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000185-addr_0x0000000000030000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000002-region_00000185-addr_0x0000000000030000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_58", "md5_hash": "7a6911030933a1e43adb3d937728b432", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "555eefbeb499d8bcd079b74c1b23db91a9d20b81", "sha256_hash": "349ad74d42d09973380daca4f142f0d9983a1f3c2639a1d111bf5a58365a9945", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000251-addr_0x0000000074950000-size_0x0000000000068000-perm_rwx.bin", "filename": "process_00000002-region_00000251-addr_0x0000000074950000-size_0x0000000000068000-perm_rwx.bin", "id": "proc_dump_59", "md5_hash": "5b46709510baa29ce8004e6fdc091b86", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "a5ee665c64f61bff35be7a27c73105fef6bd993e", "sha256_hash": "e9194d9d24a9fe20ef2159789c73c90d89f171e1ce4cce67d6575b22b03dce5a", "size": 425984, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000260-addr_0x00000000001a0000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000002-region_00000260-addr_0x00000000001a0000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_60", "md5_hash": "74695df5465563ae135adeefc41c5405", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "4885d4db7f81799c6a863acdb1625879a3161023", "sha256_hash": "7030232bb9df7b9e7973db9592a695f396b55d30729dc51fe9ad5a84ab1116f3", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000266-addr_0x00000000000a0000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000002-region_00000266-addr_0x00000000000a0000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_61", "md5_hash": "0a3c0c7146d3ce636946a20dc55f2759", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "2aebc817344d44dc7ba4d7161e961c64a6343ccc", "sha256_hash": "34991b95032be71f6f5f2a5fb067f0209781ee043fdc81fc35930723d7f6161b", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000336-addr_0x00000000023c0000-size_0x00000000001c0000-perm_rw.bin", "filename": "process_00000002-region_00000336-addr_0x00000000023c0000-size_0x00000000001c0000-perm_rw.bin", "id": "proc_dump_62", "md5_hash": "d0225785d96d91624cf4cae8194d19cc", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "c5e08bc70235fd970fe93c705b750d0c581b094e", "sha256_hash": "4e87207cef8c23aaab329546364b5abdb6753efaca6c6a434cf944a2c9dc419a", "size": 1835008, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000349-addr_0x00000000023c0000-size_0x0000000000160000-perm_rw.bin", "filename": "process_00000002-region_00000349-addr_0x00000000023c0000-size_0x0000000000160000-perm_rw.bin", "id": "proc_dump_63", "md5_hash": "6137dd4d25736229153eed1eccc9a2a4", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "0637733e340d09eb8ab0f7ea642643c6795d047c", "sha256_hash": "15c39f3dc57e89550f016d8d8e7d2a3b2ca00a26c55d6260f32ab331169ff0b4", "size": 1441792, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000351-addr_0x00000000000a0000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000002-region_00000351-addr_0x00000000000a0000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_64", "md5_hash": "da8438ffb57b3847544709b993879e30", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "bfd6b8cc19a36758476c86063b38729898ebd391", "sha256_hash": "1c122764593511285aa0271ca0e1e4b5d5816ed750f2bf343be9aec2e6f0d196", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000657-addr_0x0000000002870000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000002-region_00000657-addr_0x0000000002870000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_137", "md5_hash": "13fd4271f4f698709ba068837ef67dd0", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "a117645e040c91515683853fab419e9d534668f0", "sha256_hash": "483993011149f198c1f65f7ba1e6d3746edd4c6ce089640f07c0b3082f87ba18", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000658-addr_0x00000000028b0000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000002-region_00000658-addr_0x00000000028b0000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_138", "md5_hash": "cb2dcecf53a89528d5aa83ffb8a1ec2b", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "2736b651611b97c73a67001be29cd75fae59c6b0", "sha256_hash": "e75d8f1a86c14a759c69aaabd6c6f2aaf538a091405261f5d76ce6dddeafaf49", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000659-addr_0x0000000002a80000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000002-region_00000659-addr_0x0000000002a80000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_139", "md5_hash": "abd753ca9b69723a7714840a6f31e5a5", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "b95d022611cc4df85d6ec080d4289671dda065ba", "sha256_hash": "eebd37d2a47f5e268422f29cb74c131c6a40cfbd93bd8f4ede276a677fd72683", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000660-addr_0x0000000002ad0000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000002-region_00000660-addr_0x0000000002ad0000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_140", "md5_hash": "cb7e9c1067e209ddcb35916d01d02114", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "ad82488a7d198c1540504acd6bb2225690c24039", "sha256_hash": "652562105d4a5f3582dbbdfffb1fc0330b258a8b764284c0467e5cf1c0a744f1", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000661-addr_0x000000007efa4000-size_0x0000000000003000-perm_rw.bin", "filename": "process_00000002-region_00000661-addr_0x000000007efa4000-size_0x0000000000003000-perm_rw.bin", "id": "proc_dump_141", "md5_hash": "bc8cc1bf601d252f1440a6496271e86d", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "a7efed72211dff8cf0c674cd70da17a8579d1d15", "sha256_hash": "0b87c3ca989547d81a08a2a0f8fd8c6d26f27c3a070b3f34d4ee23f0c410e1d5", "size": 12288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000662-addr_0x000000007efa7000-size_0x0000000000003000-perm_rw.bin", "filename": "process_00000002-region_00000662-addr_0x000000007efa7000-size_0x0000000000003000-perm_rw.bin", "id": "proc_dump_142", "md5_hash": "d85813a0a243884f93cdd18f8b0a907f", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "40209c0ee50186b49cf6404aa001b0bedc019c30", "sha256_hash": "68841bbd459676f3df40449bcba734fced123ab50ed0abfc0acd65f0f11719f4", "size": 12288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000838-addr_0x0000000000db0000-size_0x00000000000b0000-perm_rw.bin", "filename": "process_00000002-region_00000838-addr_0x0000000000db0000-size_0x00000000000b0000-perm_rw.bin", "id": "proc_dump_191", "md5_hash": "63e90f70700e1640426f351176646116", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "6810c338b6591109e76470ce61e634d4c97f503e", "sha256_hash": "9d9630caf0f60c4ceea78774c62d25e87b03af5effdde858029b61a09d48210a", "size": 720896, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000867-addr_0x00000000000a0000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000002-region_00000867-addr_0x00000000000a0000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_192", "md5_hash": "a5dd2a7b10315811919674dabf4fb778", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "a702f7d85d6fc3eada151eed4ee1785e05526faf", "sha256_hash": "cb1555f50a9b63cec90cca454ade602b4c01e5fab2d831c04cb05378498ca916", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000869-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000002-region_00000869-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_193", "md5_hash": "f4746885704b3e6a314c2ab7023d0cfb", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "cfa32ad097ce582aa8588bef3b30e0f291e1a599", "sha256_hash": "883e7872ad8b4d2fe428f61fd584050644d5c3b5b7da2c504e57e88f82818ccf", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000870-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000002-region_00000870-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_194", "md5_hash": "834d342b206915e37e4edf0ac1a1a4c5", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "1117dc9d0db20795742b904295bc74074d4ef5a9", "sha256_hash": "a4244e0a450accbf260d48292caaf380f23fec59f5de14c8dfbd364a923e054a", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000872-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000002-region_00000872-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_195", "md5_hash": "8e378f2f2847dd7ffaa13a3a11828d74", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "977c92cf2ee61f47fbf8c3c573395419a8c5dc23", "sha256_hash": "e0b654774bf60afd1ddea45dacdb50b9cca7ae75234ce4bb71e1f9a1ebb781f2", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000873-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000002-region_00000873-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_196", "md5_hash": "eb151493a580c2da651f44306205af31", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "e2eb5a89f4e068bacd1f6a96c0351a3ae323bbb8", "sha256_hash": "99d095fa4b1786ed3d611d89e4a4b7e40718dccd8818bf2344ea325d1d305277", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000875-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000002-region_00000875-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_197", "md5_hash": "e2d4209cfe4c5b3f958de0da9c913404", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "212ec2baeb69cf3c69a73da08912b15394ee614a", "sha256_hash": "c4f3b58249432598867707eab42952b8c10c6b99397826068d920e6596c50f0d", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000876-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000002-region_00000876-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_198", "md5_hash": "14df6d93d49ae2b94999739034e875ec", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "c5c441f9ba58a65131f872c6201261a4b4a309cd", "sha256_hash": "557671f205f52f1ede6b4436fa5dfbc2c3271a3cb7bfaee9f31ac03c5a20a65e", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000879-addr_0x00000000000a0000-size_0x000000000000b000-perm_rw.bin", "filename": "process_00000002-region_00000879-addr_0x00000000000a0000-size_0x000000000000b000-perm_rw.bin", "id": "proc_dump_199", "md5_hash": "d7b94722534796ee649ebe449d31968e", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "170a402b4a46de8f0f48da3ff75ee2a8178a0a25", "sha256_hash": "1ab6b9d6aecb2b498dfc5f2d72373a99754c47588ec0cff4f80f1849aa8bc4aa", "size": 45056, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000881-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000002-region_00000881-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_200", "md5_hash": "9551a2e62086ca0b6f1a6385f53df476", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "1f3fc17880602b17354f0636ece4cc8e81d46922", "sha256_hash": "ccd7735c3930880a16a73a74f358176b205f1df6313e2e5c5f521118efa832fa", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000882-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000002-region_00000882-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_201", "md5_hash": "d1206bd8e7742338b32eb28ce31690ad", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "7f37b45c1a1d26735de92b0a5bb38ca4baf9ac5e", "sha256_hash": "f55a27e093e6fb40d9542b649f82ba5462ff7ce4c7ea47e3b52e2b03b2ed976d", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000884-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000002-region_00000884-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_202", "md5_hash": "4c0a4e47b22b39f14f0a42ebdfa5ecdb", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "e1462cd4683961461c591ea4c447620d5d0d2965", "sha256_hash": "972926c141da4fa8b295059e286224ae6879478c6ac1d6d7c006af6986ba7a20", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000885-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000002-region_00000885-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_203", "md5_hash": "ca2f1ef7c822d8a4accf5064e379c3df", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "0480b8dab4882f09787d60594ced528a39198325", "sha256_hash": "18e4e93f0fab5aae20145a1c0e79357e1353420145aae0fe9dbd6f6e440f7ceb", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000887-addr_0x0000000003240000-size_0x0000000000980000-perm_rw.bin", "filename": "process_00000002-region_00000887-addr_0x0000000003240000-size_0x0000000000980000-perm_rw.bin", "id": "proc_dump_204", "md5_hash": "8d0190184d15daf6fd8366e7b6f2244c", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "e55a2dcaf7c000d902f886efaf4c9413bff189a5", "sha256_hash": "f2a684fe367f2ada758ac5e04dd53187e36222c6f8dc2c33e54fd401f3dcc67a", "size": 9961472, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000888-addr_0x00000000000a0000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000002-region_00000888-addr_0x00000000000a0000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_205", "md5_hash": "6778852ac7b5bbaae8021d453e708b4d", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "7ab4d34351ce74079b55e6d572e2427ffde024fa", "sha256_hash": "0718181ac24d47741f0e83650f3440abbbd3673f828226eaee4397550854bb6f", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000890-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000002-region_00000890-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_206", "md5_hash": "35764a6786623510347ce577e1d70b92", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "e8d41f0762369eb6d90aaf8a78911628772bdb76", "sha256_hash": "94e6653e13418623cb190c0e42fbe941400a8c3ca9e1eaa3e2dd0f8b9468e057", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000891-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000002-region_00000891-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_207", "md5_hash": "14dc9d0a4bca06ae6a9e17f39890c6bc", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "fd7b6aefb6a8ea31fb0e7e45dd9d65490709d468", "sha256_hash": "bcb1b9bce0d9767aa94c607db1aac7b1b5f21f2703a465e48060bffec167663f", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000894-addr_0x00000000000a0000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000002-region_00000894-addr_0x00000000000a0000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_208", "md5_hash": "5f32dbce9db17fb587952625751a4863", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "4b69c55812e625d33b1671f6b5b9f5c6cd678c0f", "sha256_hash": "1adfdb9795d4eae5d38d4345bba04a1b3a095fe5975ce90fd6994f072517f98f", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000896-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000002-region_00000896-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_209", "md5_hash": "c6a553eaaff8b5d95d3404b2022a17f3", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "90853f14127c59c62a52d2d2d982564de35ff2b2", "sha256_hash": "6ce58294310af320a16595b9dede50a91ddfcde62ad109051f0b39e46e418f08", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000897-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000002-region_00000897-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_210", "md5_hash": "177ab157d4494ad01d927e198291b32a", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "8607c7854d7f30a6894f5e6cbf9754a4bd31d976", "sha256_hash": "5c42cf551759aaf0b80d4386691079feffa419d1b643af5f89fb66374f0f6e51", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000899-addr_0x00000000000a0000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000002-region_00000899-addr_0x00000000000a0000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_211", "md5_hash": "14fe8b9e484c71db7b1ffda7683dc70a", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "b514b2c15b57d08046b6eacfd4830e1a5c0e69d1", "sha256_hash": "63c214d40c6e5f8108e13ff91db3481baede21ca2e0c524dca95c0342aa8ab8d", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000900-addr_0x00000000000a0000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000002-region_00000900-addr_0x00000000000a0000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_212", "md5_hash": "f4164af21652ae00b3143ae17b89c3eb", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "fed7eae7d52cf3bb1cb4259f1507ee9c315e56a1", "sha256_hash": "f634217a8bd242ca54aa31477da813add4157a1ee1625991d56ab739d653a1a9", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000902-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000002-region_00000902-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_213", "md5_hash": "96e66830296a56660ef0cc9f64e063d1", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "21b3b84382666d2bcf1f4e6dc93a9dd1d70b3768", "sha256_hash": "e93b3c36e262e1af058f69a743546d32f77a721f2080524f86d6b19dccaed25b", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000903-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000002-region_00000903-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_214", "md5_hash": "96f2ac8e3a3f46479524f57207936597", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "4a6df0820b6768224a2cccd6493f4c8d1db5e74c", "sha256_hash": "7f3bad8a6b26ebab1a09a06d2feffebc08837e07a4826716ef69bed86bdd2793", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000972-addr_0x00000000000a0000-size_0x0000000000007000-perm_rw.bin", "filename": "process_00000002-region_00000972-addr_0x00000000000a0000-size_0x0000000000007000-perm_rw.bin", "id": "proc_dump_215", "md5_hash": "6389dbdeea0fce88f33f30d8187b77b2", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "290b5d125e83151b9d3508d23b29714a911d8a87", "sha256_hash": "eec5b8b2558624a04120102bb23f63317e6223012b0c114c9c4f84eb7f2fb188", "size": 28672, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000974-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000002-region_00000974-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_216", "md5_hash": "0b6ab1a7c7ca908f182b2609a019f1a1", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "4deb7d28d416ef2d60ad9e14eb3625f3ee41d412", "sha256_hash": "d5d382ac929aed95b57c264dd03f0de76d422ec931b4e7c56d7f7c7f2f2aaaa6", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000975-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000002-region_00000975-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_217", "md5_hash": "9b35883f0f1844dc838c64f6556c8f78", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "1f32b10e25934602e94e57c4004cc87d0d7e1246", "sha256_hash": "0a1b4b9f881a990db95cee703834c3c3fce9f93cf90876d5b6f53c99876b1474", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000978-addr_0x00000000000a0000-size_0x0000000000004000-perm_rw.bin", "filename": "process_00000002-region_00000978-addr_0x00000000000a0000-size_0x0000000000004000-perm_rw.bin", "id": "proc_dump_218", "md5_hash": "6898d05568cf56d1eeea6110c69a92dd", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "b8d53fdf914073afa17709363e693563340eedd0", "sha256_hash": "731db4f81d3bb554f88be5644ec70b1e0fc7b8c00975321e97bb63a0569f0f66", "size": 16384, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000980-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000002-region_00000980-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_219", "md5_hash": "12fef13355e4eca9e9a5efe4afa630f1", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "55542bab8c1fbeae492de373b283f971a3132615", "sha256_hash": "d336fe1d1d4878b546b50392ee206b44bec9f6811b527bb708a62cdc7c503fe1", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000981-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000002-region_00000981-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_220", "md5_hash": "bafd2f6a3179e1cb966e832383e43796", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "66050bf159fe338d8a71dde1e04e36c9c5b72627", "sha256_hash": "8f4fcea1928bc840bcd615982036b030122be03ec7a8eddd07bb4ea216a5e46b", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000984-addr_0x00000000000a0000-size_0x0000000000003000-perm_rw.bin", "filename": "process_00000002-region_00000984-addr_0x00000000000a0000-size_0x0000000000003000-perm_rw.bin", "id": "proc_dump_221", "md5_hash": "ab45fb7f91e45e83a3878b60a9cde06f", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "44cd98dfbd864c39f1a50b18da1da12023fb2704", "sha256_hash": "2e177ff0cd193a00f8246ef675f6132668f1f6a6039ad18c3b60891f4b79876b", "size": 12288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000986-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000002-region_00000986-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_222", "md5_hash": "7a2f696dd6de6d682b940320cc8a5889", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "6c12072a2b60261fed2a9bd1b72df40c99643c70", "sha256_hash": "c1fa32b46a8e04268ab82a3feffc8570b244cc13e31535bc96017eb406f1389a", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000987-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000002-region_00000987-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_223", "md5_hash": "083ef73c72406ba5aca96c174a2371e4", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "8b97e889dc19a85014b86a7d60300f63a9feb72e", "sha256_hash": "036dfc97f0713d50b55dddcbd7685fa6f7f6a01d211a4e65d54fc385e2ad4832", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000990-addr_0x00000000000a0000-size_0x0000000000007000-perm_rw.bin", "filename": "process_00000002-region_00000990-addr_0x00000000000a0000-size_0x0000000000007000-perm_rw.bin", "id": "proc_dump_224", "md5_hash": "fb53bcd449f5c69243df8ac71fa8b104", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "bf569c355ca2b9bb3f59d0e7e9e610bb885875f3", "sha256_hash": "c0e4e123e48833c64663cc1ddeb3c77d8362fc897f16f9bcfef107b8960b01f5", "size": 28672, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000992-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000002-region_00000992-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_225", "md5_hash": "7f44ad79d3a1ff618214dd647e146e84", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "fd6e116233fb4a813613899302cb30d2a43e3e42", "sha256_hash": "4fc5a1089ec109bff14efb560e2476649b61a96df217eb9ddf48b53281bbdce9", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000993-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000002-region_00000993-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_226", "md5_hash": "28c9961204edaa76674d6c8d94ba6ce6", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "323ecbb78d4f1c34fc8ddbb70c2ce3abae6e2db3", "sha256_hash": "7e8e808ddd1c180317ebf6fed49104294187cebd213ffc3a6a9b69a47fa5c3b8", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000995-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000002-region_00000995-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_227", "md5_hash": "6aaf43f9be1200a28a46f48dbc0cf17f", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "d8d0b82a703a7f37d3a0b87191a057d8b9d5b350", "sha256_hash": "99ce47353490febaca0b59d16623ed0caa426357f0421746c28baf7660a4f377", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000996-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000002-region_00000996-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_228", "md5_hash": "e0dbae2e2609e962bf6f0fad08b855c2", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "f3638ed332d0af2bce20ea91762a243f5fafa543", "sha256_hash": "34a744d0ecff1e01c56c75c016dc1646806b40d8b57bd7f6870ffadf2bd79694", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000998-addr_0x00000000000a0000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000002-region_00000998-addr_0x00000000000a0000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_229", "md5_hash": "c718f11f3ccdfae869b02fb80725ced5", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "81267098c2bfb65bca746bb05d967cd7d50ac41c", "sha256_hash": "0373a8484a4fd61b024a6fddda4431b4234a30591a908198e32b0dd5fcf51e02", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000999-addr_0x00000000000a0000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000002-region_00000999-addr_0x00000000000a0000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_230", "md5_hash": "8a237afa297c73dbbb3b618d0851d2a4", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "8a4c6220161d7485307a7d64a7c1583268cb9dbf", "sha256_hash": "aa9df854f887565ecf2396c06d17e8114d02fd05a2336c07cf623b5e121662d6", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00001001-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000002-region_00001001-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_231", "md5_hash": "d75af9d3a6709ce1188ea12982a168d6", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "affac44f4763ab4db3073d71694fe20fcea7f06c", "sha256_hash": "1a4c5ce19537f174f4c81472b1eea8660cfd04aa880d0e244c2814fb4fc26046", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00001002-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000002-region_00001002-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_232", "md5_hash": "605a47486682d812ef20cd7ee6ff5dcf", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "ccdbcd63275c50154bcc24284f3c468877516709", "sha256_hash": "16cd43eb06541f3a64670ef43646ef3561a903fa6d5968720725d13b61675ef5", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00001004-addr_0x0000000003240000-size_0x00000000002cc000-perm_rw.bin", "filename": "process_00000002-region_00001004-addr_0x0000000003240000-size_0x00000000002cc000-perm_rw.bin", "id": "proc_dump_233", "md5_hash": "f6e7824e9cdfa836f7c408705e74e983", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "80e06c301bfab05ea76282fde5c265f529eb2e41", "sha256_hash": "70928b4cb7988ebe6bb88f1d5205f573cd5e91e3efb7f3ecbafb6d6d987ef1e3", "size": 2932736, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00001005-addr_0x00000000000a0000-size_0x000000000000c000-perm_rw.bin", "filename": "process_00000002-region_00001005-addr_0x00000000000a0000-size_0x000000000000c000-perm_rw.bin", "id": "proc_dump_234", "md5_hash": "e530d659b82116722019a32780e19376", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "76f33ce040533e0211d3fca8a445a5bee98beed4", "sha256_hash": "6478dc7eabe8971b30dd263afd72dc735e7f3fa3794409726707756384a56979", "size": 49152, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00001007-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000002-region_00001007-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_235", "md5_hash": "70169ac5acbacb301f780f7721dc5938", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "5ee5fbec6b52330e5688c42de24019e06499c530", "sha256_hash": "d108c424154c154a7dabeaf4d8c19460f510dac0af1220a20f0e6dafd846a161", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00001008-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000002-region_00001008-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_236", "md5_hash": "ffba9f19b4dab92dd579b898789f0ddb", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "c8ccdb41f3b6198080e92e7b60cd117fea5cee32", "sha256_hash": "3cc856000de976940c66c584e34bce477fed91a150178273f9cd8b3fc69a74ed", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00001011-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000002-region_00001011-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_237", "md5_hash": "a0254931086145e4e1b57a38729e7150", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "d44cbe60c62a4d512c6c505d6460df6bfbd95818", "sha256_hash": "11523e192e37fee3ed7717d5e849d2c1c66f8a2b6ca00664780583ee33e7ba66", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00001013-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000002-region_00001013-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_238", "md5_hash": "ef2f844926721445a8514398a8436493", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "74451cb327861b9d87f9a233512913236a63ebb2", "sha256_hash": "7b0638b34e5440b9ef1a187e0f9771be450b7773a03c0a55b0746983fced7242", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00001014-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000002-region_00001014-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_239", "md5_hash": "987fe5f4731243ebe5aaa59f1c4b1bdd", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "9e2f3b65a201f96f45e25fadb644d9b6f7aaf0c6", "sha256_hash": "5e2f46976f60de7b5f0bff67918bf3a40b2c9f8be679ac9ffa843650af1b856b", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00001016-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000002-region_00001016-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_240", "md5_hash": "1b6b24df4b1cda18276a8cdd39079ecf", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "1c6bc432a8ce1a4c9406d55b5449b3c2772aabc6", "sha256_hash": "0a262b47c6905a8998f0c13589bf5c5648fbe712c6c9c935c9031c5d39533033", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00001017-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000002-region_00001017-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_241", "md5_hash": "4c7334c4c97e7b4bb0ea6f1e96aa7849", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "fac53be50968075130cdf82d9d80db0c12094660", "sha256_hash": "2ad2c93b157af5004f7322bfcfd2704823b95e6bf9f312f6c923092024e9d73e", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00001019-addr_0x00000000000a0000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000002-region_00001019-addr_0x00000000000a0000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_242", "md5_hash": "a04ed66840437bcd6e7178bfdcfedb34", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "26a484bf8f75837bac8b7c6484d25c287c23a98d", "sha256_hash": "22c52c63d03ca4ba04b51eb8eff4d2bf725a4eec7567e82cc84e48bf33ab1857", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00001020-addr_0x00000000000a0000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000002-region_00001020-addr_0x00000000000a0000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_243", "md5_hash": "4ebbf880d766146a13f1f1a160c592d8", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "afb50b021ae1269701e0437b7d5eeb22ceca16c4", "sha256_hash": "577f1a0c96915459cbe785a998b2a81ae3b45b2efcee2cb838bf482cebccfd30", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00001023-addr_0x00000000000a0000-size_0x0000000000009000-perm_rw.bin", "filename": "process_00000002-region_00001023-addr_0x00000000000a0000-size_0x0000000000009000-perm_rw.bin", "id": "proc_dump_244", "md5_hash": "a9567acc76757a37d6c7f03cd2f97a45", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "887f1f17971a31f200d31b923b8d4722da3046ac", "sha256_hash": "a6ca9e56c960d768c859c3b8fe6c429276240937bfca9bbfa703f99b9a73a06c", "size": 36864, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00001025-addr_0x00000000000a0000-size_0x0000000000003000-perm_rw.bin", "filename": "process_00000002-region_00001025-addr_0x00000000000a0000-size_0x0000000000003000-perm_rw.bin", "id": "proc_dump_245", "md5_hash": "586558fdc9e543176fe69d03c6129873", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "c9742a5941ecb51c8947a6f2ca3a1a50fdf8e13a", "sha256_hash": "ac5b41ccc90860ba654540067c93e361d73f781837e87c81540e7e7aa12f9562", "size": 12288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00001026-addr_0x00000000000a0000-size_0x0000000000003000-perm_rw.bin", "filename": "process_00000002-region_00001026-addr_0x00000000000a0000-size_0x0000000000003000-perm_rw.bin", "id": "proc_dump_246", "md5_hash": "705b37d27f5640d50a0aa38e24c1f246", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "d2d785c2bbe1a5a849598b2c36249852a65d1eac", "sha256_hash": "3ca14573817791a0ce8758657efbe3df76a0534d595c1849c85897585cdc9db1", "size": 12288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00001028-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000002-region_00001028-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_247", "md5_hash": "6faf2ccb941f58e40c0689241a628c61", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "d6fb0052346006ecd01c87010cb5dbce67298562", "sha256_hash": "0887ad48c68464aab794285ede5e349365e4b9d489074820076c41c54030dcff", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00001029-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000002-region_00001029-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_248", "md5_hash": "5b28bbcfeb2f8411c55696b1b1c0d726", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "b7adc34e9e2f0eee207d0ef2ccd8d14356847ada", "sha256_hash": "c6053ef8c94c1ec093874982ec5b1c3ce47c30f83c42d3b70526d037ece46a6c", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00001032-addr_0x00000000000a0000-size_0x0000000000006000-perm_rw.bin", "filename": "process_00000002-region_00001032-addr_0x00000000000a0000-size_0x0000000000006000-perm_rw.bin", "id": "proc_dump_249", "md5_hash": "456df5eb6849e7c8907acc3e3f4890f2", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "99eb18a5ddbe1ac2403f4e423e7ad96bc4a3e7a8", "sha256_hash": "1a3f31e04b1fcb606f8aebe4d0e02c1608f4770b6eff88267e7b6c895eb6c8c2", "size": 24576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00001034-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000002-region_00001034-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_250", "md5_hash": "0b92531a5e9abcc4d76554b6b527aa47", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "cf45dd47d6a92745175351fc3f3c08a9481a51df", "sha256_hash": "530286025823b4716682fc4df5770dc6388fb0299ecb7d0d455d83de1e234e95", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00001035-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000002-region_00001035-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_251", "md5_hash": "922cee96def31c827367783714b8d88f", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "e68ec8e445773d18337da79e299305f908c0f3ba", "sha256_hash": "19522a9aeda5ec797f14279eb0fb5b722d90ae79791db0953a2741d3a02fdedf", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00001037-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000002-region_00001037-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_252", "md5_hash": "4d8be4c3a0cd279a0c62bfb103f4bcd9", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "e4b6b55eced8095b50c6b681a0f00f0e208fb7ba", "sha256_hash": "f8b2f78e83eaf77982954babf400176e9d8665b51386a45f142fa45c619d1edf", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00001038-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000002-region_00001038-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_253", "md5_hash": "b0c31082e0666b42dc87cdbb5ad85050", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "d6ae94c8d98153263c10cc909d63ed3221cf506b", "sha256_hash": "a8f38420bb2edc3cdd88e31f550ef9ea5331daa4f28268cf850cfa6a156fb7f3", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00001040-addr_0x0000000003240000-size_0x00000000007e2000-perm_rw.bin", "filename": "process_00000002-region_00001040-addr_0x0000000003240000-size_0x00000000007e2000-perm_rw.bin", "id": "proc_dump_254", "md5_hash": "9a30646a5e60ba2a91ac0164157d853d", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "50b705824ee0ff37b434c7d846f6dc18ac17a3bf", "sha256_hash": "2a24c394690abf9a2222a2018aeeefa8d6d22bd12e16e1fc90379397388a59de", "size": 8265728, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00001041-addr_0x00000000000a0000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000002-region_00001041-addr_0x00000000000a0000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_255", "md5_hash": "faad7062d4dfdd0f06de8aef4e3a23f5", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "da6606a163b8f9e84dc98be2ba89bd9297b47489", "sha256_hash": "d36a23c63640f9ab3cdeb210d311f82f69bf902125a3724e936e4769ea6ec151", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00001043-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000002-region_00001043-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_256", "md5_hash": "8a048f25d619847de4a383371a29690a", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "4ac98ee31cd519ef94c7115853774e4a4d7401ee", "sha256_hash": "afe8324b1929b8314a3ac4eb7af93f05f181c364dd35ac8e7f1faaa1e3ea98ce", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00001044-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000002-region_00001044-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_257", "md5_hash": "947e47bb88014b99c97d5312b947364a", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "c12dfbe6c93e59a944abbbb7354821ddcda7f596", "sha256_hash": "a03ef70ce2da5d4a39c6fe864782882438d204e9975a15e6efe622aafb8f1e83", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00001046-addr_0x0000000003240000-size_0x00000000003e8000-perm_rw.bin", "filename": "process_00000002-region_00001046-addr_0x0000000003240000-size_0x00000000003e8000-perm_rw.bin", "id": "proc_dump_258", "md5_hash": "1d8abe59a039e263f372b00fe9d677a5", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "2eefe3da3bcf70a54437e17edc0bd805fbbeae59", "sha256_hash": "e61d2b8cc0da329452a095dc69112424f6f84f88135c39b82dc83642b73c3217", "size": 4096000, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00001047-addr_0x00000000000a0000-size_0x0000000000008000-perm_rw.bin", "filename": "process_00000002-region_00001047-addr_0x00000000000a0000-size_0x0000000000008000-perm_rw.bin", "id": "proc_dump_259", "md5_hash": "39dd4f9128372588cc24de7ac98922fc", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "e63b2c09d1fbea4a66a34f205044797c250245ca", "sha256_hash": "98077a011f1cb54340a0429fd803688460d7793def5837319613db8b405576e8", "size": 32768, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00001049-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000002-region_00001049-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_260", "md5_hash": "6db14e1e63d86ee207c5d565bf61e1b0", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "715000042cececf4b22fb977af3cadf8f2d44605", "sha256_hash": "a6a5ecace78c9992dffedbe8304a15a7426d4082c6f5e6026a0545c2a589b773", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00001050-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000002-region_00001050-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_261", "md5_hash": "aa173c5e726d55c1a5ddcba895c2aaaa", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "622ddb4c2c817f59ed21e9c698bb43f34c02a370", "sha256_hash": "798355c833304654fca19308155bd69210260833b74a4768de2687209baefee8", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00001052-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000002-region_00001052-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_262", "md5_hash": "8ba43e373b652e561fabe5c1f100780d", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "d30f6c99cebfaf7d92540af3d43e0c97d1a548c6", "sha256_hash": "641862b71864621cc959489cffe45a5ba1908602cdd4bfa76a8ad62918efcbae", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00001053-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000002-region_00001053-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_263", "md5_hash": "5760f18549edf159d168ea930171804d", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "a61496e8ac6b2a55b15aac3b851ed289828d5c71", "sha256_hash": "af8986eb43031fd318d01009a0aaadff1a8aeb279b9ebe16cc7ec15961c2e703", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00001055-addr_0x0000000002850000-size_0x0000000000092000-perm_rw.bin", "filename": "process_00000002-region_00001055-addr_0x0000000002850000-size_0x0000000000092000-perm_rw.bin", "id": "proc_dump_264", "md5_hash": "60319d761222a0485fefff203f9a6800", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "2b8b2a273be58ef88566c3ce20ef5ddfeb7d20ac", "sha256_hash": "fe60d7cba5811d92bf978f86718b6724cbb8caffc10642d419d03f271b1279ec", "size": 598016, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00001056-addr_0x00000000000a0000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000002-region_00001056-addr_0x00000000000a0000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_265", "md5_hash": "450f3bdc36dcf8d9f4468a7fdbe597f2", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "91d20bc9f8bda2baa8a203e704c5d056e5d8c42f", "sha256_hash": "32ebb449cc9a0da6572b1b414f59acceb018582d92835376e9077078e22b5e28", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00001080-addr_0x00000000000a0000-size_0x000000000000a000-perm_rw.bin", "filename": "process_00000002-region_00001080-addr_0x00000000000a0000-size_0x000000000000a000-perm_rw.bin", "id": "proc_dump_273", "md5_hash": "2fde84b95058a5459ac75fbdad4847b1", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "929c77488f213c3d79de8b7c66eef5c0518de1e0", "sha256_hash": "92ae3552d6aa0cbef025c966aae5ce741755ab83bf230f36f9d4ad79a1f57ed6", "size": 40960, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00001082-addr_0x00000000000a0000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000002-region_00001082-addr_0x00000000000a0000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_274", "md5_hash": "42fd3df9c9b189c9f8b5be71da1810f6", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "e7ecb24cbb03560214d566d1d974ad8125ed5c2d", "sha256_hash": "1982f9a61295b225b415561510f27d20fddd4d8641fe9717163174c5e8268f72", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00001115-addr_0x00000000000a0000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000002-region_00001115-addr_0x00000000000a0000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_279", "md5_hash": "40dacfd4d6b58539ec3d9feb23c70ee7", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "dc57812b0a0efe83dd1d9a0fe06ea37971c84e56", "sha256_hash": "569167520c05d7c642db178453f564241f92439bfd71f200ddd995bb9573afd8", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00001135-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000002-region_00001135-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_288", "md5_hash": "b1eaaeb6698254bde365424abed99212", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "d654f041fbf52ba97229ec9ef4023bfba7852785", "sha256_hash": "672598d56a4d192db8ebb393eacef9ab7bca1a27037cd63fad7faae80017326a", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00001165-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000002-region_00001165-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_294", "md5_hash": "74f6a3dc734c9852b8d7c8e1a68df5ca", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "1761af74f33828988888e1609088e228aa1aad89", "sha256_hash": "9fbe81591fdbb9e1dad4070b19ab276250665a9c1e3652f9f1f6c0339b4d3d1a", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00001180-addr_0x00000000000a0000-size_0x0000000000003000-perm_rw.bin", "filename": "process_00000002-region_00001180-addr_0x00000000000a0000-size_0x0000000000003000-perm_rw.bin", "id": "proc_dump_297", "md5_hash": "550970349b6f3c03b361255a4ec6b673", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "3b96a5fe69b834e6b1b98b2811a08dd7a1c7542c", "sha256_hash": "69f3af0cf2b962077b259a7d0a8975eacf89af6c1f54310fb44e6dd0f1d024f3", "size": 12288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00001181-addr_0x00000000000a0000-size_0x0000000000003000-perm_rw.bin", "filename": "process_00000002-region_00001181-addr_0x00000000000a0000-size_0x0000000000003000-perm_rw.bin", "id": "proc_dump_298", "md5_hash": "b812af86536df3fb1d80a3ca8196e4b9", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "30d0d5a1cfbe62ea8537e43f85dc35d5464674c5", "sha256_hash": "be484841904a303d62faa36c438d931dcbfbbcdd0df1290c9790a6fc5be57e9e", "size": 12288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00001242-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000002-region_00001242-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_314", "md5_hash": "b1f2b3bb2c6263ae928961095741dad2", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "9c9ea9adbefdb48d907bb3ab8c96ee13812503e1", "sha256_hash": "12129c4faac4145e0f6e5c781803475882186fa54cea11d5150a960c7fc9fe11", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00001243-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000002-region_00001243-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_315", "md5_hash": "2072ac590a224e7db88fcbcc0b6f6b7c", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "1131073e6b807ec3512a5cb64772c0dcbba00c03", "sha256_hash": "10576e595b2bca38ab3f9f1553290916e32f9930a461deea358dbafa5005ba87", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000400-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "filename": "process_00000003-region_00000400-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "id": "proc_dump_65", "md5_hash": "17ab7dab95b6377445866c90e61a8a84", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "e3bf1470a1d43539cc4b597ed29bc9a26d940e5b", "sha256_hash": "21717cee093e0f321a6c6daf274228b4075175822b4e3b66a738ec485605b647", "size": 131072, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000401-addr_0x0000000000030000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000003-region_00000401-addr_0x0000000000030000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_66", "md5_hash": "b28eac81cdc93490f48088bbeaa0c340", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "577c935c8307be5cf687dddfaa50be6c9178a3b4", "sha256_hash": "b44c17c72d4b5b4aa8598567f4690213ec7462245435d30e895aff82fb2fc1dc", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000405-addr_0x00000000000b0000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000003-region_00000405-addr_0x00000000000b0000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_67", "md5_hash": "e4638077dc2266c6086bd4337cf5d98a", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "45a0ed56910950676d691eb3b153404cfcf66cfa", "sha256_hash": "aeb7e2f8257d391ecfda6712f3d23aadaa76e86f0631910cfb1ca519ff9a2ecd", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000406-addr_0x00000000001b0000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000003-region_00000406-addr_0x00000000001b0000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_68", "md5_hash": "600a0e35ad3c597951f32906a64d5b48", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "984eb3f9ccfe3554e76782cd6ccc9d0e5b37076a", "sha256_hash": "de22705427b522fa5b37d27ed6ce1023826658600dde06523b980e2faf7fd6a4", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000411-addr_0x000000007efdb000-size_0x0000000000003000-perm_rw.bin", "filename": "process_00000003-region_00000411-addr_0x000000007efdb000-size_0x0000000000003000-perm_rw.bin", "id": "proc_dump_69", "md5_hash": "3504d6bef1d01bceb4d14696b81640fd", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "af610958d9d63952d26e9f0d7a1c1060b3daf367", "sha256_hash": "79da60a4bbda32233851e9b020a59ab44b351d704a8a18ba63b641e8d15d47d4", "size": 12288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000412-addr_0x000000007efde000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000003-region_00000412-addr_0x000000007efde000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_70", "md5_hash": "842f25393bd9acbe8a2c98785de10460", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "7893b63cf9caafc776079db93dc14b6f1066e707", "sha256_hash": "7aad9f870cf2d5746d30254d98a3b7376938284b03bbae8e214911baa768f4e1", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000413-addr_0x000000007efdf000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000003-region_00000413-addr_0x000000007efdf000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_71", "md5_hash": "5bc6ee9f43d81a2988681aafc56c726c", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "6f73e581c2208d5cc5127a1ff50d4a871faf93d7", "sha256_hash": "75405b3b53992848b5edf950e14f5cd65c027ef6dfd769fa70c4e36a9f27ea05", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000415-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "filename": "process_00000003-region_00000415-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "id": "proc_dump_72", "md5_hash": "1158853e130a988b5cb33ba4521be686", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "5cb6c8c9849aaee88b8cc4c885f552fbaff7654d", "sha256_hash": "2714583436d4b231d378838072893934ebd3756d70de176df5515cdf6b2429d2", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000417-addr_0x0000000000320000-size_0x0000000000080000-perm_rw.bin", "filename": "process_00000003-region_00000417-addr_0x0000000000320000-size_0x0000000000080000-perm_rw.bin", "id": "proc_dump_73", "md5_hash": "c8a3e43427e6eaa09c6ce0e2b3cf5140", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "9e2bbb89f6a2c01583ecf62d13d22ca0dbcfa940", "sha256_hash": "a28aa1d599de96220903116767e277108c7bf787af0ca74ec1d72337d73a82b2", "size": 524288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000424-addr_0x00000000002a0000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000003-region_00000424-addr_0x00000000002a0000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_74", "md5_hash": "5ef37f109fc4d665226b0115398ea716", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "b770897c39581735ab46851ceeb1eef38238d1c2", "sha256_hash": "ddb10e0a8025974797b5997e56b8e6cb3eb2537e3105652b54b0bc4238dbf9ea", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000425-addr_0x00000000004d0000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000003-region_00000425-addr_0x00000000004d0000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_75", "md5_hash": "726610c007a37c35c2f6bea6f3185f47", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "515310649bb7bda33e6d2e53f05aeb6ecca49cd0", "sha256_hash": "490d362dc5b8acef2d1f0be85204f94b3c1e4b0966c346407df9f8b67eee911d", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000439-addr_0x0000000076b70000-size_0x00000000000fa000-perm_rwx.bin", "filename": "process_00000003-region_00000439-addr_0x0000000076b70000-size_0x00000000000fa000-perm_rwx.bin", "id": "proc_dump_76", "md5_hash": "6eeea0bcbc21bd1c0d7f0d6ae3488f7b", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "fad191d56abe255a03a7b4b3b641fcfa8a4f81fe", "sha256_hash": "938a68694e4495227ebc925be61a20adb5c6c82d7dd57cc67a2717e2f9f2bf70", "size": 1024000, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000440-addr_0x0000000076c70000-size_0x000000000011f000-perm_rwx.bin", "filename": "process_00000003-region_00000440-addr_0x0000000076c70000-size_0x000000000011f000-perm_rwx.bin", "id": "proc_dump_77", "md5_hash": "caf76e9dd8864dfb7d729847f3595e80", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "71745f0f20bf18b3813fbb1a30eed8d41dc1d51d", "sha256_hash": "f113bc4b90aa0447b7992c2783d7c3b16d63f0e65e2c54c6e93ba833e8e0c667", "size": 1175552, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000448-addr_0x0000000000080000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000003-region_00000448-addr_0x0000000000080000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_78", "md5_hash": "663e0c81aa5e0a3ff2a43da751ac3ea6", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "e73f43d3b9108b46aa594a997edc25f4aa778b3a", "sha256_hash": "83341888a1a94ed307472f9945ea15735d3580b3043db1b990ac64f5eda31432", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000449-addr_0x0000000000090000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000003-region_00000449-addr_0x0000000000090000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_79", "md5_hash": "620f0b67a91f7f74151bc5be745b7110", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "1ceaf73df40e531df3bfb26b4fb7cd95fb7bff1d", "sha256_hash": "ad7facb2586fc6e966c004d7d1d16b024f5805ff7cb47c7a85dabd8b48892ca7", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000454-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "filename": "process_00000004-region_00000454-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "id": "proc_dump_80", "md5_hash": "9246540c5efd856a482c663155a68f42", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "1597813389b4c93f60b4ee190e582a4b600e05cc", "sha256_hash": "e2b406e064ee3e6990b91d2646b8c73c3e107527a9a4688a31775205270426d7", "size": 131072, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000455-addr_0x0000000000030000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000004-region_00000455-addr_0x0000000000030000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_81", "md5_hash": "2672db5430da269722d35a2693b9e1e6", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "c2e86fc27d76d5e177b4467dfc10a76fcf85d8ba", "sha256_hash": "6f0f0475a27243e08e94152c413f5a9d4684b840912f8a8e7ffbb26b3d11d257", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000459-addr_0x00000000000d0000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000004-region_00000459-addr_0x00000000000d0000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_82", "md5_hash": "383916a2f8f9dc018c260e4b11155742", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "a0722be709b4c950611c7218d629a5a67ca81474", "sha256_hash": "cbcfd5a81208a6fe9bec2d58e1de03fcbd3a5f2f239e2d714f2712b4107dc49f", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000461-addr_0x00000000002e0000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000004-region_00000461-addr_0x00000000002e0000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_83", "md5_hash": "1dde773a5ae1f1046f020376dd036b03", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "024d5b1ca73facec00537184e0feeaa96793081d", "sha256_hash": "a5fa5b1630669274de479cccfe851bb5093e182451d77724b17d59956681c9ef", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000465-addr_0x000000007efdb000-size_0x0000000000003000-perm_rw.bin", "filename": "process_00000004-region_00000465-addr_0x000000007efdb000-size_0x0000000000003000-perm_rw.bin", "id": "proc_dump_84", "md5_hash": "68987db8f6ffe80b95ecd1ecbafbab0e", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "71ca024d3bf1e5ac621bfd2371c5278efc557d86", "sha256_hash": "fea4779f9cb692ca9967e8852f0178eaf88661dc009eef69bd8012f41b35f8ba", "size": 12288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000466-addr_0x000000007efde000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000004-region_00000466-addr_0x000000007efde000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_85", "md5_hash": "6544ad7f1a553d859f85e87485fe77c8", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "6c5af691fcac6a8dd4a69509c54a5b6ef3f52857", "sha256_hash": "3a7be123723f773b5c7a2483fb279199a8482af7ca08267ce0fbb99ccdaa8430", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000467-addr_0x000000007efdf000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000004-region_00000467-addr_0x000000007efdf000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_86", "md5_hash": "d2d9fc146cb19e2ea0ffbda37b17d579", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "8ecff8892a46c73076c3599e0cf70c718533a1ac", "sha256_hash": "abdf3f4071ee783cfb5b04dd5bdc417580a510c6ec1085531221062d0ba231ea", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000469-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "filename": "process_00000004-region_00000469-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "id": "proc_dump_87", "md5_hash": "f15f13f7cc7756b2e13c7611ecb388b0", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "76eae895968b4f58c5044b24daf4d08e4f0b5904", "sha256_hash": "b1142ef26f7efcee0bdd841916a2f8af87f270e8b68d5d4d9f5f2c5c21dab6f9", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000471-addr_0x0000000000160000-size_0x0000000000080000-perm_rw.bin", "filename": "process_00000004-region_00000471-addr_0x0000000000160000-size_0x0000000000080000-perm_rw.bin", "id": "proc_dump_88", "md5_hash": "f8ffa6924d6460fd4497b13e6e29ac5c", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "3b67b96bbd5f48176fb1af3f409c329c85d053ef", "sha256_hash": "2597b62491f7fb1e9bf23d9ec9e3e3a1c8026c533b6ebdab7cffb07d1521ba1e", "size": 524288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000478-addr_0x0000000000370000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000004-region_00000478-addr_0x0000000000370000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_89", "md5_hash": "24b621803445205f7c5bd5a386a7aca6", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "330436fc85a96082a97aed621dfa6b3bcc360c6e", "sha256_hash": "57b011f77be5715709517a6c6cec7fedfd03ed8b9a589feff72e5a76c2550cf5", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000479-addr_0x0000000000600000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000004-region_00000479-addr_0x0000000000600000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_90", "md5_hash": "e7a566469d12867114bca9d43c740b56", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "b93ecc427b163e3d3c0ab10e5ef547611d329977", "sha256_hash": "c75dd3a77149084b124edf979196c993c59d1e84f4a7fa1675b63a249a9bcb89", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000496-addr_0x0000000076b70000-size_0x00000000000fa000-perm_rwx.bin", "filename": "process_00000004-region_00000496-addr_0x0000000076b70000-size_0x00000000000fa000-perm_rwx.bin", "id": "proc_dump_91", "md5_hash": "6eeea0bcbc21bd1c0d7f0d6ae3488f7b", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "fad191d56abe255a03a7b4b3b641fcfa8a4f81fe", "sha256_hash": "938a68694e4495227ebc925be61a20adb5c6c82d7dd57cc67a2717e2f9f2bf70", "size": 1024000, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000497-addr_0x0000000076c70000-size_0x000000000011f000-perm_rwx.bin", "filename": "process_00000004-region_00000497-addr_0x0000000076c70000-size_0x000000000011f000-perm_rwx.bin", "id": "proc_dump_92", "md5_hash": "caf76e9dd8864dfb7d729847f3595e80", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "71745f0f20bf18b3813fbb1a30eed8d41dc1d51d", "sha256_hash": "f113bc4b90aa0447b7992c2783d7c3b16d63f0e65e2c54c6e93ba833e8e0c667", "size": 1175552, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000506-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000004-region_00000506-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_93", "md5_hash": "ef03a2ffbf89d164b25e131f420e6343", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "bba36481837a41940e3fb1e8701854f27ee8ac91", "sha256_hash": "d0f5a08a845b0c81b0dc9e769b3ba6ae4be6f355b2f334f30f9f606d5991c1ce", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000507-addr_0x00000000000b0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000004-region_00000507-addr_0x00000000000b0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_94", "md5_hash": "baa095d0f424ded37169dccfabe2a48b", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "13de5554742b8bdbbac3f1dd140af759f9f055a4", "sha256_hash": "556d13cdbbe748d7480e2434b1f1d58ff20c3c4211c0491da0abbd118c4e58cc", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000512-addr_0x0000000001e80000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000004-region_00000512-addr_0x0000000001e80000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_95", "md5_hash": "ccb79962f6578551a994eb40085842a0", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "47eb26a71665f18c506f9d4271b137c6da0f1371", "sha256_hash": "1dc2abb408795a87241ce28f7153d232a7308c059d5b65c834bbc972d349af85", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000513-addr_0x0000000001f60000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000004-region_00000513-addr_0x0000000001f60000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_96", "md5_hash": "e345ae63cdaae68b77a1c05fd187023c", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "942973b5039e9cbf7885c725cacd6536e4c8727a", "sha256_hash": "b7190caa6c3b7577fd2a09614578c70f78552c07fcfc137840a5024e1b3d783f", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000514-addr_0x000000007efd8000-size_0x0000000000003000-perm_rw.bin", "filename": "process_00000004-region_00000514-addr_0x000000007efd8000-size_0x0000000000003000-perm_rw.bin", "id": "proc_dump_97", "md5_hash": "d1c3072e84e33deba682beae9f044556", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "1d30535691199fa4e53650f8eec705cb339121ce", "sha256_hash": "a7ab5d68d8f473522d5d708f02ad5d72000dcafe882d9447850036891c8be0ec", "size": 12288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000516-addr_0x0000000001fa0000-size_0x0000000000120000-perm_rw.bin", "filename": "process_00000004-region_00000516-addr_0x0000000001fa0000-size_0x0000000000120000-perm_rw.bin", "id": "proc_dump_98", "md5_hash": "7250d0cf5fdcd0bded4dad2982c3d665", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "28538cf2ed3a0e9842e97ecffea07099ef7f0aef", "sha256_hash": "9a58ac27dcc2ec1008e55df7c9f146766f08c13edc384a05c60c4f38b415bb64", "size": 1179648, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000518-addr_0x0000000002080000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000004-region_00000518-addr_0x0000000002080000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_99", "md5_hash": "8550bd0944e2c1364d9f1c222ba2133b", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "9d19e64cae90ba821d140542644c0f0cfb1bbad3", "sha256_hash": "4fb0170caf5551e1eb9118cebcf367754684dfa47212f94f87f693097318d4a3", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000524-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "filename": "process_00000005-region_00000524-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "id": "proc_dump_100", "md5_hash": "a2c7340b8c61f5cbf27e633919c5875d", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "3a5b71b937ad2fe8a90e46633b0959c1fbfaa47b", "sha256_hash": "2981e157611c1224b96274248d79a0fea50827eddb4aaa7f0b9abafb7bdc2f35", "size": 131072, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000525-addr_0x0000000000030000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000005-region_00000525-addr_0x0000000000030000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_101", "md5_hash": "efe1a1356bcfad98e7f904739db84e70", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "d8ab02f4263a672b18c4a0ac612085d0b7c1e877", "sha256_hash": "b5a7a9863581e35714f731563399ba8151136e07621d5e730fddede2b7dde748", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000527-addr_0x0000000000050000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000005-region_00000527-addr_0x0000000000050000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_102", "md5_hash": "139e73d0d2a577666bea48f5e64d168d", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "c7bab13562fc8445d365c302b9c1d94997e987df", "sha256_hash": "e60336b629e8a75c83612f6e6e1f9e432fe518a37038b778136377a9ee8893bb", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000530-addr_0x0000000000230000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000005-region_00000530-addr_0x0000000000230000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_103", "md5_hash": "74f44566cc0c9bb0aa16162556883313", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "9984cf2c77a65b579cbccbdbc85baa1a1ea3cf65", "sha256_hash": "9ea418c9b3028a979790d693d28d43827572f427ffceb35dbfef2fdab965a2c8", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000535-addr_0x000000007efdb000-size_0x0000000000003000-perm_rw.bin", "filename": "process_00000005-region_00000535-addr_0x000000007efdb000-size_0x0000000000003000-perm_rw.bin", "id": "proc_dump_104", "md5_hash": "25c7dd29617824f824b6a04fab9aae3e", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "9e058b7ad36d373471abdf83f4d7f065be1ca094", "sha256_hash": "ccccf8c4e3567dc84c7b0ab62423e002fc3a4f5fa1d6776a4bf7eb3bcb84e06b", "size": 12288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000536-addr_0x000000007efde000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000005-region_00000536-addr_0x000000007efde000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_105", "md5_hash": "9b2a0edac927b5219b399966d4961372", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "060a2ba7bc337419796074806844a98c72d250ac", "sha256_hash": "2cd706cb4fb9a230f512dc2b063c898b9fa0a31f67b94ef61096becf62f06ec0", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000537-addr_0x000000007efdf000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000005-region_00000537-addr_0x000000007efdf000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_106", "md5_hash": "2b524886070e4fd90c47947c9ac63623", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "b2b5d3181e907cdc15c41da1d054b5abd72e370e", "sha256_hash": "39a870a85ad7e0f26faf927a68f88d98b667cd5a28736b3c3ac698036f725b89", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000539-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "filename": "process_00000005-region_00000539-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "id": "proc_dump_107", "md5_hash": "700fc022df89a82f54e5e92def535d12", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "1af18cb9840d032419846a10809cd4c3ab343bb3", "sha256_hash": "a20b52dde50f2667a80335071aa05ff3954e5030d44105feea625252ece65d0d", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000541-addr_0x0000000000100000-size_0x0000000000080000-perm_rw.bin", "filename": "process_00000005-region_00000541-addr_0x0000000000100000-size_0x0000000000080000-perm_rw.bin", "id": "proc_dump_108", "md5_hash": "cb1c8567028def7b802184ba31a7fdc8", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "52ebf43776d0b13889334a3d31d9a63253ed470e", "sha256_hash": "09f84183053f899e35edd7fcbd3fdacd5f34e3490066b38add24c3d53fecf35d", "size": 524288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000548-addr_0x0000000000380000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000005-region_00000548-addr_0x0000000000380000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_109", "md5_hash": "580a7597415a5747914c4f57a59ea5f5", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "775d39077d8ad142d180edb38ec683eaa8e63b4e", "sha256_hash": "e2b68418c16993909c47c7507d4b6c748b2bf96e44329d05e2ccb19ec1bda16a", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000549-addr_0x0000000000640000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000005-region_00000549-addr_0x0000000000640000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_110", "md5_hash": "0ad50e2a4db7671830facf3a4e170605", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "62c858d7808f759acbcde55fc9f30041f52e3474", "sha256_hash": "47187a44f04632de35adbc79c6d0ff1ef354d0820e87c4a73b63ded48bb808a5", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000563-addr_0x0000000076b70000-size_0x00000000000fa000-perm_rwx.bin", "filename": "process_00000005-region_00000563-addr_0x0000000076b70000-size_0x00000000000fa000-perm_rwx.bin", "id": "proc_dump_111", "md5_hash": "6eeea0bcbc21bd1c0d7f0d6ae3488f7b", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "fad191d56abe255a03a7b4b3b641fcfa8a4f81fe", "sha256_hash": "938a68694e4495227ebc925be61a20adb5c6c82d7dd57cc67a2717e2f9f2bf70", "size": 1024000, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000564-addr_0x0000000076c70000-size_0x000000000011f000-perm_rwx.bin", "filename": "process_00000005-region_00000564-addr_0x0000000076c70000-size_0x000000000011f000-perm_rwx.bin", "id": "proc_dump_112", "md5_hash": "caf76e9dd8864dfb7d729847f3595e80", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "71745f0f20bf18b3813fbb1a30eed8d41dc1d51d", "sha256_hash": "f113bc4b90aa0447b7992c2783d7c3b16d63f0e65e2c54c6e93ba833e8e0c667", "size": 1175552, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000572-addr_0x00000000000c0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000005-region_00000572-addr_0x00000000000c0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_113", "md5_hash": "663e0c81aa5e0a3ff2a43da751ac3ea6", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "e73f43d3b9108b46aa594a997edc25f4aa778b3a", "sha256_hash": "83341888a1a94ed307472f9945ea15735d3580b3043db1b990ac64f5eda31432", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000573-addr_0x00000000000d0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000005-region_00000573-addr_0x00000000000d0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_114", "md5_hash": "620f0b67a91f7f74151bc5be745b7110", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "1ceaf73df40e531df3bfb26b4fb7cd95fb7bff1d", "sha256_hash": "ad7facb2586fc6e966c004d7d1d16b024f5805ff7cb47c7a85dabd8b48892ca7", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00000581-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "filename": "process_00000006-region_00000581-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "id": "proc_dump_115", "md5_hash": "eaed6a16afebe1835799959a70cb7dd0", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "9ecb61e26bb345735b7429749f50ee62bdeca511", "sha256_hash": "06fb877b58f5713df6c96b9ce4407a88b729f33b236fb4e8eb536d3bd9bc85df", "size": 131072, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00000582-addr_0x0000000000030000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000006-region_00000582-addr_0x0000000000030000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_116", "md5_hash": "25511c767a9cfebe9844f5dc75348eaf", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "d1d8cba5c11367f80a0e51c1f6d8ebf918ff84ff", "sha256_hash": "e9b1169ae5eb6beb98f865625f44fc271adfe905dbe5875aa60e0baee3530f1b", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00000586-addr_0x00000000001d0000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000006-region_00000586-addr_0x00000000001d0000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_117", "md5_hash": "31f1a6484b0e9bccf98c9e7f8d3d094b", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "81408428c6c8bc38a44f970ba76ddf90584cb8ea", "sha256_hash": "0fc1cf5e8a1d2d68bfb6a709b0347368bdf08c5c00615b3aba63d706f06b0c42", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00000587-addr_0x0000000000300000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000006-region_00000587-addr_0x0000000000300000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_118", "md5_hash": "8d910e4bf62388493893389b777800f7", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "90657687136999b2050cba9838d6c725aa01053e", "sha256_hash": "784ec25f9e04200a1ed5d528fa4958c3705faf6ceb752b9147ea5e6a37613c62", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00000592-addr_0x000000007efdb000-size_0x0000000000003000-perm_rw.bin", "filename": "process_00000006-region_00000592-addr_0x000000007efdb000-size_0x0000000000003000-perm_rw.bin", "id": "proc_dump_119", "md5_hash": "f244df1878854edb4badb1ab4dec1945", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "4dc0ba8c23a42cf17a965e4f7831ae413e1afe28", "sha256_hash": "f05ed5816af808deefb09b6c9deb9073bca4ef3a6f89d2ff1215c74353e4e034", "size": 12288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00000593-addr_0x000000007efde000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000006-region_00000593-addr_0x000000007efde000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_120", "md5_hash": "9720d4b5f811c5a196c3251e446d117f", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "6a81e99b6902f574c083581236a39c60ffcf2844", "sha256_hash": "050765bd220b17a3a050456df9aedca73d816bf8d8b3bb0d7c015c86ed1b0c6a", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00000594-addr_0x000000007efdf000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000006-region_00000594-addr_0x000000007efdf000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_121", "md5_hash": "c57ead72c282f913c567b6c5eb92181a", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "1f70ded335af4a69cc290bb448c16f26772c4b9e", "sha256_hash": "7b5e930abd8ea9821b858b3165c8f98e0b96b3231fd7752a9249ab93bc771f23", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00000596-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "filename": "process_00000006-region_00000596-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "id": "proc_dump_122", "md5_hash": "0c66ffcc81a131536a19f4321411b08f", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "178ff12a37035295006235e23fd65d5cf949c0ed", "sha256_hash": "19f24297e38b04ad0cbcefc62c4939a020268d9e8f4f5fa85fce8ad79882c72e", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00000598-addr_0x00000000000b0000-size_0x0000000000080000-perm_rw.bin", "filename": "process_00000006-region_00000598-addr_0x00000000000b0000-size_0x0000000000080000-perm_rw.bin", "id": "proc_dump_123", "md5_hash": "9a68f126251cb5fbd6ca8a190d993033", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "5aee6a1f13c99c0684350a6c8c38819a394acf03", "sha256_hash": "f05450d9348e09c50944827de5be3bb9576e437158f0e788718975ef5b1bb5d7", "size": 524288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00000694-addr_0x00000000002f0000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000006-region_00000694-addr_0x00000000002f0000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_153", "md5_hash": "cd656090b7055f708a9ed6d233d938f3", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "c442e455b12143599bb758420520139be743a644", "sha256_hash": "eafbc774630c96b0517faa061b8855b1ac176ca809a9929eb35b77611b75bf84", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00000695-addr_0x0000000000440000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000006-region_00000695-addr_0x0000000000440000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_154", "md5_hash": "fbc1c92e73b522b82457e72ce1f1c2ef", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "ee56147eb105c17cd4ec95b8832e01779f0c3c8f", "sha256_hash": "9fa32772a996b1eabe896ad490312a93d3198bb74a52a7427486f023d01e466e", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00000709-addr_0x0000000076b70000-size_0x00000000000fa000-perm_rwx.bin", "filename": "process_00000006-region_00000709-addr_0x0000000076b70000-size_0x00000000000fa000-perm_rwx.bin", "id": "proc_dump_155", "md5_hash": "6eeea0bcbc21bd1c0d7f0d6ae3488f7b", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "fad191d56abe255a03a7b4b3b641fcfa8a4f81fe", "sha256_hash": "938a68694e4495227ebc925be61a20adb5c6c82d7dd57cc67a2717e2f9f2bf70", "size": 1024000, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00000710-addr_0x0000000076c70000-size_0x000000000011f000-perm_rwx.bin", "filename": "process_00000006-region_00000710-addr_0x0000000076c70000-size_0x000000000011f000-perm_rwx.bin", "id": "proc_dump_156", "md5_hash": "caf76e9dd8864dfb7d729847f3595e80", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "71745f0f20bf18b3813fbb1a30eed8d41dc1d51d", "sha256_hash": "f113bc4b90aa0447b7992c2783d7c3b16d63f0e65e2c54c6e93ba833e8e0c667", "size": 1175552, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00000718-addr_0x0000000000080000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000006-region_00000718-addr_0x0000000000080000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_157", "md5_hash": "663e0c81aa5e0a3ff2a43da751ac3ea6", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "e73f43d3b9108b46aa594a997edc25f4aa778b3a", "sha256_hash": "83341888a1a94ed307472f9945ea15735d3580b3043db1b990ac64f5eda31432", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00000719-addr_0x0000000000090000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000006-region_00000719-addr_0x0000000000090000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_158", "md5_hash": "620f0b67a91f7f74151bc5be745b7110", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "1ceaf73df40e531df3bfb26b4fb7cd95fb7bff1d", "sha256_hash": "ad7facb2586fc6e966c004d7d1d16b024f5805ff7cb47c7a85dabd8b48892ca7", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00000611-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "filename": "process_00000007-region_00000611-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "id": "proc_dump_124", "md5_hash": "054eae648ac6c5c1bcb0bd15cb976bd8", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "f58e781f90342c22141cb2ac14b83acda7d20d68", "sha256_hash": "c0d5c9dc9e1ff347392b2d1f708cecd6e41b7bf10b0079e5bff2a9a3dc893b8b", "size": 131072, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00000612-addr_0x0000000000030000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000007-region_00000612-addr_0x0000000000030000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_125", "md5_hash": "bb459a174c13961489f043353fb419b1", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "fca7def084dabfa2fb080a0f2f1570872d0b4bb7", "sha256_hash": "36aebab938895303d831a1c3f4f534197ac1d709dcac5e9eebf6353c8442ca60", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00000616-addr_0x0000000000070000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000007-region_00000616-addr_0x0000000000070000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_126", "md5_hash": "080c74e2d07463b9148d005fd579f296", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "792935baa5ffc848f35492947b574f5f36588878", "sha256_hash": "761188849730ac4c4095a15a10fca47de3e3e9c331e4c17e2428782ab2b9d204", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00000617-addr_0x0000000000130000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000007-region_00000617-addr_0x0000000000130000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_127", "md5_hash": "676514f7071428e90df6bde266821bca", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "39917b91bd82acaf7cfc183e2c691a0921f5b5f7", "sha256_hash": "f5a892a12b9da973667ed6620bdb7a89aa9cd1af6ced72c48555dc02c2c46ba9", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00000622-addr_0x000000007efdb000-size_0x0000000000003000-perm_rw.bin", "filename": "process_00000007-region_00000622-addr_0x000000007efdb000-size_0x0000000000003000-perm_rw.bin", "id": "proc_dump_128", "md5_hash": "d476a3cac5b535cfa0d63751129845ee", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "311802ee08ff305635c600e281d971dcbabdfab5", "sha256_hash": "ab045976fe4d09b31f1db981329c61c1eec86e76d1feb8d1b9ac0ac815b7eb88", "size": 12288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00000623-addr_0x000000007efde000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000007-region_00000623-addr_0x000000007efde000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_129", "md5_hash": "f1303602c8a9c5c07791fbcd1b0d6ebf", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "7eceec3feee66a0bc1d4f08b841de16257b86371", "sha256_hash": "123e34f058092563752d1792308c7ce62067a089bf41cb234a437d5ef23a51c9", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00000624-addr_0x000000007efdf000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000007-region_00000624-addr_0x000000007efdf000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_130", "md5_hash": "e001e1495b730a0f6330bb531fd94635", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "f1e1531a235d758e269278b3386dc2cc9cc1fd40", "sha256_hash": "66becc493cb0c2e3513f5be55c4e3283b63c050d4e2d627abc81c483243bc697", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00000626-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "filename": "process_00000007-region_00000626-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "id": "proc_dump_131", "md5_hash": "2fd8cc9242ece4773f9d8555e87f24f5", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "5b4c063ce9763d43e834a14b05cdbaf21ec6e314", "sha256_hash": "39caa2944a79e68ec4c0c3abae200102a49788589669b54854cd3601f861f149", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00000628-addr_0x0000000000290000-size_0x0000000000080000-perm_rw.bin", "filename": "process_00000007-region_00000628-addr_0x0000000000290000-size_0x0000000000080000-perm_rw.bin", "id": "proc_dump_132", "md5_hash": "0ab572e43742fcd0570922b85f520648", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "005ce09701af87ffb7fee1dd8b821c65fb6ac84a", "sha256_hash": "8c184b79b5de1a0f0cf8d6cbf556b6a0674cc7289d9e52cec225cc1b6c216044", "size": 524288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00000635-addr_0x00000000001c0000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000007-region_00000635-addr_0x00000000001c0000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_133", "md5_hash": "47b27becdd949beee505481685ac96bf", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "f8108e08dd318eda76f6d41b028ca6826b24515f", "sha256_hash": "370f96df145c0c657c8f2d3fa23974675292f89cf50cb93fc92610253f5c8b82", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00000636-addr_0x00000000005a0000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000007-region_00000636-addr_0x00000000005a0000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_134", "md5_hash": "ff0638a2f98e19862af8daeadfd4d780", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "6075ce509a45f6399a9dd9a9521a0fa8ca24850b", "sha256_hash": "47de80378121901f026a3a26968246045407fcef011cc9c4547e2b5eb1025d07", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00000653-addr_0x0000000076b70000-size_0x00000000000fa000-perm_rwx.bin", "filename": "process_00000007-region_00000653-addr_0x0000000076b70000-size_0x00000000000fa000-perm_rwx.bin", "id": "proc_dump_135", "md5_hash": "6eeea0bcbc21bd1c0d7f0d6ae3488f7b", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "fad191d56abe255a03a7b4b3b641fcfa8a4f81fe", "sha256_hash": "938a68694e4495227ebc925be61a20adb5c6c82d7dd57cc67a2717e2f9f2bf70", "size": 1024000, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00000654-addr_0x0000000076c70000-size_0x000000000011f000-perm_rwx.bin", "filename": "process_00000007-region_00000654-addr_0x0000000076c70000-size_0x000000000011f000-perm_rwx.bin", "id": "proc_dump_136", "md5_hash": "caf76e9dd8864dfb7d729847f3595e80", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "71745f0f20bf18b3813fbb1a30eed8d41dc1d51d", "sha256_hash": "f113bc4b90aa0447b7992c2783d7c3b16d63f0e65e2c54c6e93ba833e8e0c667", "size": 1175552, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00000685-addr_0x0000000000190000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000007-region_00000685-addr_0x0000000000190000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_151", "md5_hash": "ef03a2ffbf89d164b25e131f420e6343", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "bba36481837a41940e3fb1e8701854f27ee8ac91", "sha256_hash": "d0f5a08a845b0c81b0dc9e769b3ba6ae4be6f355b2f334f30f9f606d5991c1ce", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00000686-addr_0x00000000001a0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000007-region_00000686-addr_0x00000000001a0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_152", "md5_hash": "baa095d0f424ded37169dccfabe2a48b", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "13de5554742b8bdbbac3f1dd140af759f9f055a4", "sha256_hash": "556d13cdbbe748d7480e2434b1f1d58ff20c3c4211c0491da0abbd118c4e58cc", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00000724-addr_0x0000000002090000-size_0x00000000001d0000-perm_rw.bin", "filename": "process_00000007-region_00000724-addr_0x0000000002090000-size_0x00000000001d0000-perm_rw.bin", "id": "proc_dump_159", "md5_hash": "5a6140844676ab662405d5ced5e845f1", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "18889a747a4c310d5e51204ee8f11b200df8c6fb", "sha256_hash": "37cdbeab1479b1f906254e366688443de2045771339f7253a9b4df7ecd5cea0f", "size": 1900544, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00000814-addr_0x0000000000560000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000007-region_00000814-addr_0x0000000000560000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_181", "md5_hash": "ca84d8b8d7bd6743d5fb5dd78cc94cdf", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "257d484b459040a6e497fb1b4e90676bb4a94924", "sha256_hash": "d845e26e6270af5acbc80616e8e03dda20a593ee6013339de8d1a2ccc857b7cc", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00000815-addr_0x00000000020e0000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000007-region_00000815-addr_0x00000000020e0000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_182", "md5_hash": "35fe7a4246de4c9eb48105298ed3e7fd", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "e40ffa9048e74905ee4faab66e0fdbd41826fa94", "sha256_hash": "298317b5f366d713bb45d587c5f5d52aec04afa22fa562349fc06ebd5ca80fa1", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00000816-addr_0x0000000002220000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000007-region_00000816-addr_0x0000000002220000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_183", "md5_hash": "1623431cf2a4fc782387da91e0f65ab8", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "1ebdea330133d77ad7ecef558a4cde53f89f822e", "sha256_hash": "313e2efadb32f3299f041d2be4656d5e8b123718a4b06ad3f5252d4cadf582dc", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00000817-addr_0x000000007efd8000-size_0x0000000000003000-perm_rw.bin", "filename": "process_00000007-region_00000817-addr_0x000000007efd8000-size_0x0000000000003000-perm_rw.bin", "id": "proc_dump_184", "md5_hash": "579c829c124728088b00a1e90bf83fe3", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "ef5a528a81f649f7394da487cf871af13ece7794", "sha256_hash": "69e06a9d3ec27269226108fa9f9a0be6b1599e63c450996399cee15271394ac4", "size": 12288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00000664-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "filename": "process_00000008-region_00000664-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "id": "proc_dump_143", "md5_hash": "eefd736695ee101d40c8c591d7331677", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "5dd0b04ed72a6e1465856e3a4de47b27be519a33", "sha256_hash": "63f647762860fe5e11eb5560d0cc1d19a8ab6f0d55331602098298dc697202c6", "size": 131072, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00000666-addr_0x0000000000190000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000008-region_00000666-addr_0x0000000000190000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_144", "md5_hash": "1eb03bc84ce1b88f51ff63c3565f5637", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "5567f4cd780b3f88cedcf211cba6f42c0acc5c0b", "sha256_hash": "64bd37654c669ef3f8c9afa3448e16602c051991ff924b763d03ec1d9f6dc4f0", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00000669-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "filename": "process_00000008-region_00000669-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "id": "proc_dump_145", "md5_hash": "bf354c423ee1b76a45c4cc36c08f90d3", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "04a1bfa2fb7b4487cb9790fe5899bcc9c3434ed5", "sha256_hash": "9c721933e52cec41ab5595b6cd6266ddfa2ea926f883fd127cf93dd9bedeab09", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00000670-addr_0x000000007fff2000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000008-region_00000670-addr_0x000000007fff2000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_146", "md5_hash": "7776f83b74064cd96517b6d63207b674", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "fdb0094979581b21860cbc03d545c3ace659e97b", "sha256_hash": "b242179fd6a6dcd519dc06c5f367b0564ba8caa48b363a0c29900647b066eb46", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00000671-addr_0x000000013f340000-size_0x0000000000013000-perm_rwx.bin", "filename": "process_00000008-region_00000671-addr_0x000000013f340000-size_0x0000000000013000-perm_rwx.bin", "id": "proc_dump_147", "md5_hash": "5a3acf313b38f96ebfa01e0e063c6a3e", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "5f983fc2a5c7f0397c9e58caa02a139322425011", "sha256_hash": "e1336e0ea0723bcfe75d356e0d9ff247e1610362e0e7a6bef6fba3204e30df55", "size": 56320, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00000674-addr_0x000007fffffdc000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000008-region_00000674-addr_0x000007fffffdc000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_148", "md5_hash": "45a9e2761be90412662097b97a9d7a42", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "3db23d2db93a421d8ad37f262cab5b5c66f73232", "sha256_hash": "95ff89789af3e12f76f1ef799b62cec20e4cdbb6445c5aabd78087fc22c7afd0", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00000675-addr_0x000007fffffde000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000008-region_00000675-addr_0x000007fffffde000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_149", "md5_hash": "2d73bc263c048a4304a55af0d4c005a0", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "9248eb2c13bd5f6655c39c1c12a169145c1618cb", "sha256_hash": "7b0d2956bbd7e6a8b032001ada776c9fb755b8ddc1d0a96dc4f3848abd6230ad", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00000676-addr_0x0000000000080000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000008-region_00000676-addr_0x0000000000080000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_150", "md5_hash": "ace8fbbc4199574cc3e8de7a4a0e5c91", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "0bb4d877f73130229e4bb08063c195d1ead8f61c", "sha256_hash": "ba914f046699d7dd8478e8ee1afb5361b6de7aae3744c623d4571568ed80ab94", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00000788-addr_0x0000000000300000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000008-region_00000788-addr_0x0000000000300000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_173", "md5_hash": "dcbb823a867116cc817dc050101e9ca4", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "8a248965fc4240e40d784a83cafeb7e01348cbe7", "sha256_hash": "2cf2118e6c31bf48e6ecaff52bb8e690db8a8a5c13f687c9ad908c2fa263f552", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00000789-addr_0x0000000000470000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000008-region_00000789-addr_0x0000000000470000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_174", "md5_hash": "8ed51a06d6363e32eaa91464a3562ba5", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "5208444d41cf135336071852237311b9facf1b03", "sha256_hash": "fb1d63ea44d54aa92fbaf5a1d94b19472d33c9849e6cd7d5e06dc5f51eee597d", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00000805-addr_0x0000000000040000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000008-region_00000805-addr_0x0000000000040000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_177", "md5_hash": "663e0c81aa5e0a3ff2a43da751ac3ea6", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "e73f43d3b9108b46aa594a997edc25f4aa778b3a", "sha256_hash": "83341888a1a94ed307472f9945ea15735d3580b3043db1b990ac64f5eda31432", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00000806-addr_0x0000000000050000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000008-region_00000806-addr_0x0000000000050000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_178", "md5_hash": "620f0b67a91f7f74151bc5be745b7110", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "1ceaf73df40e531df3bfb26b4fb7cd95fb7bff1d", "sha256_hash": "ad7facb2586fc6e966c004d7d1d16b024f5805ff7cb47c7a85dabd8b48892ca7", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00000809-addr_0x0000000001cc0000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000008-region_00000809-addr_0x0000000001cc0000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_179", "md5_hash": "ed1e61b68f8a904bfeb093e122d4546b", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "a642c2ee5abf3bedc2d5a8657e2229d47435c03f", "sha256_hash": "7ea10bb8f55d7b701fc79ba620db7acc7483436c5a061d811dbeb5a5f8889f5e", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00000822-addr_0x0000000001cd0000-size_0x0000000000168000-perm_rw.bin", "filename": "process_00000008-region_00000822-addr_0x0000000001cd0000-size_0x0000000000168000-perm_rw.bin", "id": "proc_dump_185", "md5_hash": "67c8b2e46c8e30146814da619fa84d22", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "54192a99bda931f2a8623fccb3a1c238444e8097", "sha256_hash": "b14093f2dff474db1ed7fdea10239385471e0396ff708e0656a4fdd2e79ca0ba", "size": 1474560, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000009-region_00000742-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "filename": "process_00000009-region_00000742-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "id": "proc_dump_160", "md5_hash": "50b5cd8a723cdf2c99a316a9c458def7", "ref_process": { "ref_id": "proc_9", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "c71c1965bf142a8463c921cd8145c7cbd84b8121", "sha256_hash": "6d29bde7d1ac4f8737abd5eb1c59c94606da2041221987e97ff8b8b84847a9dd", "size": 131072, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000009-region_00000743-addr_0x0000000000030000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000009-region_00000743-addr_0x0000000000030000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_161", "md5_hash": "2f2af10a2d86c647962c0fbe3e265d54", "ref_process": { "ref_id": "proc_9", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "7cffb74014119e044af4018e7b6b6bf0b2822902", "sha256_hash": "1db5f4bf59e1f0fdefd6f8da4a58deca4ba5a3b8325aff2106af53cd460f67b8", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000009-region_00000747-addr_0x0000000000070000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000009-region_00000747-addr_0x0000000000070000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_162", "md5_hash": "154fb9dc3785c3b45bdc4dfd034b1c91", "ref_process": { "ref_id": "proc_9", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "dfad5a93b54a9f67ce49cbd2fcedd3b58b717027", "sha256_hash": "a3527d2eab4175b428c0e5b2267237eb014a60032e4f30fcc1733ec97873b661", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000009-region_00000748-addr_0x0000000000110000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000009-region_00000748-addr_0x0000000000110000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_163", "md5_hash": "ed0adbe01042eea639169dd7adab7931", "ref_process": { "ref_id": "proc_9", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "e0c6aa65203171e6945c824651956b2c1545dce6", "sha256_hash": "d3b2491eb419ff62ace155f6bc1037569d88543a8ff0cc21cc7dcbd950f382ad", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000009-region_00000753-addr_0x000000007efdb000-size_0x0000000000003000-perm_rw.bin", "filename": "process_00000009-region_00000753-addr_0x000000007efdb000-size_0x0000000000003000-perm_rw.bin", "id": "proc_dump_164", "md5_hash": "924a185f266abc8f8cfa0de94b517b97", "ref_process": { "ref_id": "proc_9", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "a38f9288912b08f5807999e2a6c2de60d73175a7", "sha256_hash": "b7cf373552553802158bdfb884183585b22ebfb7fe6434e9011b1fee1bd7bb51", "size": 12288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000009-region_00000754-addr_0x000000007efde000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000009-region_00000754-addr_0x000000007efde000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_165", "md5_hash": "4aaf3913ebe22e3f800470f865d71864", "ref_process": { "ref_id": "proc_9", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "79b690a5b22e6ddc18ea7afab4040d586ab6fe16", "sha256_hash": "112694dfc1535b30cee9593801be3b0ef8ca3d8602038f35f94ccecada93d588", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000009-region_00000755-addr_0x000000007efdf000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000009-region_00000755-addr_0x000000007efdf000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_166", "md5_hash": "85763c6760571b99b80a042dce4f0a87", "ref_process": { "ref_id": "proc_9", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "2f427905a4ed5774a6779c88cf8427d4c2ee1fb7", "sha256_hash": "8033398dbdc1e8b853f28d6ccad49756fd8781eb544b349b7daaafea1acfa62f", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000009-region_00000757-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "filename": "process_00000009-region_00000757-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "id": "proc_dump_167", "md5_hash": "e69b4fb846dade40aadb1114ec39a2eb", "ref_process": { "ref_id": "proc_9", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "f9df30418202e31423a27eced37baf1a5e1f10ec", "sha256_hash": "2aa84cb2f19df03feb9e8fd6153c65c875faa1e6e36c8584f33306f4e43a83d8", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000009-region_00000759-addr_0x00000000002f0000-size_0x0000000000080000-perm_rw.bin", "filename": "process_00000009-region_00000759-addr_0x00000000002f0000-size_0x0000000000080000-perm_rw.bin", "id": "proc_dump_168", "md5_hash": "ede6ed28cdd98b0fd368f54bf1eaa937", "ref_process": { "ref_id": "proc_9", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "db2e5b674d44376748e865f877870d862f2d44bb", "sha256_hash": "92d98088b6b7b6ae632753f70b4cef9f6535e0126e8c8ac28d50a18c1927b58b", "size": 524288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000009-region_00000766-addr_0x0000000000620000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000009-region_00000766-addr_0x0000000000620000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_169", "md5_hash": "0a3c84cd1fe9f45f88aa1f47f1d4945b", "ref_process": { "ref_id": "proc_9", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "178819f9b8371ece76a297e89c76dcb4a119eedd", "sha256_hash": "311998a71f7d0bed6da2cbef964bedf4b63a2326e2b873edd3998600e8a24696", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000009-region_00000767-addr_0x00000000008c0000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000009-region_00000767-addr_0x00000000008c0000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_170", "md5_hash": "a3130f0689dbaf147f18714c05aab7b1", "ref_process": { "ref_id": "proc_9", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "0dd612e4ab4626eccb38fd5553246bdceb6cb2e6", "sha256_hash": "83261a8e46804b541f71693970d338cca012046bdda6220cda4bc6edbac03187", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000009-region_00000784-addr_0x0000000076b70000-size_0x00000000000fa000-perm_rwx.bin", "filename": "process_00000009-region_00000784-addr_0x0000000076b70000-size_0x00000000000fa000-perm_rwx.bin", "id": "proc_dump_171", "md5_hash": "6eeea0bcbc21bd1c0d7f0d6ae3488f7b", "ref_process": { "ref_id": "proc_9", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "fad191d56abe255a03a7b4b3b641fcfa8a4f81fe", "sha256_hash": "938a68694e4495227ebc925be61a20adb5c6c82d7dd57cc67a2717e2f9f2bf70", "size": 1024000, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000009-region_00000785-addr_0x0000000076c70000-size_0x000000000011f000-perm_rwx.bin", "filename": "process_00000009-region_00000785-addr_0x0000000076c70000-size_0x000000000011f000-perm_rwx.bin", "id": "proc_dump_172", "md5_hash": "caf76e9dd8864dfb7d729847f3595e80", "ref_process": { "ref_id": "proc_9", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "71745f0f20bf18b3813fbb1a30eed8d41dc1d51d", "sha256_hash": "f113bc4b90aa0447b7992c2783d7c3b16d63f0e65e2c54c6e93ba833e8e0c667", "size": 1175552, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000009-region_00000799-addr_0x00000000000e0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000009-region_00000799-addr_0x00000000000e0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_175", "md5_hash": "ef03a2ffbf89d164b25e131f420e6343", "ref_process": { "ref_id": "proc_9", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "bba36481837a41940e3fb1e8701854f27ee8ac91", "sha256_hash": "d0f5a08a845b0c81b0dc9e769b3ba6ae4be6f355b2f334f30f9f606d5991c1ce", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000009-region_00000800-addr_0x00000000000f0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000009-region_00000800-addr_0x00000000000f0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_176", "md5_hash": "baa095d0f424ded37169dccfabe2a48b", "ref_process": { "ref_id": "proc_9", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "13de5554742b8bdbbac3f1dd140af759f9f055a4", "sha256_hash": "556d13cdbbe748d7480e2434b1f1d58ff20c3c4211c0491da0abbd118c4e58cc", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000009-region_00000813-addr_0x00000000001c0000-size_0x0000000000080000-perm_rw.bin", "filename": "process_00000009-region_00000813-addr_0x00000000001c0000-size_0x0000000000080000-perm_rw.bin", "id": "proc_dump_180", "md5_hash": "86358825013934d9dfa1976d342f7491", "ref_process": { "ref_id": "proc_9", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "504175e736ccc203683d128322f43f5a83e578b8", "sha256_hash": "9f7fac118cfd4aee55a69cd916ddb47232ec7dad9cad35d622c7fd96ae573c62", "size": 524288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000009-region_00000825-addr_0x0000000000290000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000009-region_00000825-addr_0x0000000000290000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_186", "md5_hash": "31346763730a230fe887bb1e54d14a8e", "ref_process": { "ref_id": "proc_9", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "4035e1c67f4f595645ba5c0b089503d36903babb", "sha256_hash": "8e6a05cb5b77f8ff0eb706cc77a84975d1cc57c43b4c37c6404d8dcbdb21a3dc", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000009-region_00000826-addr_0x0000000002150000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000009-region_00000826-addr_0x0000000002150000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_187", "md5_hash": "66d8c69a34cb755bbaa62979967abee7", "ref_process": { "ref_id": "proc_9", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "df3058c4e34a1130fae49c5888b8c4e14b201a5a", "sha256_hash": "26ad5ee95f30930e47c6812c8b5adf33d5efc056023c361dbf2b059364bf8b93", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000009-region_00000827-addr_0x000000007efd8000-size_0x0000000000003000-perm_rw.bin", "filename": "process_00000009-region_00000827-addr_0x000000007efd8000-size_0x0000000000003000-perm_rw.bin", "id": "proc_dump_188", "md5_hash": "96bec6040a4d9391b7ccaab13931393c", "ref_process": { "ref_id": "proc_9", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "b026e18129e4c9e4ff78bb4485a66323d1f0b4f6", "sha256_hash": "7a3b4a462f84c2b204a0c30274348581746a72437045df4530e9c6f35181b63d", "size": 12288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000009-region_00000831-addr_0x0000000000200000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000009-region_00000831-addr_0x0000000000200000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_189", "md5_hash": "c2f88fa764194da2fbaa0caf7e1fc42c", "ref_process": { "ref_id": "proc_9", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "0bf4d467243de1845a2f52bb4fc1b5a3e6dd6f74", "sha256_hash": "5cdb5bc8b0fff85e1e1cc4ea97f61608109cb3846207b33528a7b6355723c16f", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000012-region_00001059-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "filename": "process_00000012-region_00001059-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "id": "proc_dump_266", "md5_hash": "512deaae9170839c2311496f907e3b0e", "ref_process": { "ref_id": "proc_12", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "21839fb220ccc27f8b456df53e0ab236ccf3b979", "sha256_hash": "2e67684efc20c2b7ec2672409bd2556d9713f4af90e5b914a09476167ef56fa2", "size": 131072, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000012-region_00001060-addr_0x0000000000030000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000012-region_00001060-addr_0x0000000000030000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_267", "md5_hash": "b5c4430fc843edcd38ee2e5aebaf0574", "ref_process": { "ref_id": "proc_12", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "f0b92264d0a59303f174e6ec49f9170b666280ce", "sha256_hash": "ffdd574ea574ef981bf7e93ff5dd28eb9df5fc3def5dcbd4e4c4c7a5d3dcc423", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000012-region_00001070-addr_0x000000007efdb000-size_0x0000000000003000-perm_rw.bin", "filename": "process_00000012-region_00001070-addr_0x000000007efdb000-size_0x0000000000003000-perm_rw.bin", "id": "proc_dump_268", "md5_hash": "2c4444708d6b8fb8276a5affce4bf016", "ref_process": { "ref_id": "proc_12", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "613143eb5e50bdd7646731f340bd6000bbbc72d7", "sha256_hash": "562403325bde19d45bb260342ea59d7dbd602feb447b167fe74c3cd0e6caaa19", "size": 12288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000012-region_00001071-addr_0x000000007efde000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000012-region_00001071-addr_0x000000007efde000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_269", "md5_hash": "ef7d824ee27606be23d9ea61a65ae9ae", "ref_process": { "ref_id": "proc_12", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "e768e81d69f6a411d989c6988442156086d9e215", "sha256_hash": "f4d865c3b2eaa8d1ebcab7bd25075639e474d71bd359c6d50bf1e65729693839", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000012-region_00001072-addr_0x000000007efdf000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000012-region_00001072-addr_0x000000007efdf000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_270", "md5_hash": "b41f0ea30eb9c3a7ec280bdb6702d092", "ref_process": { "ref_id": "proc_12", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "04f0924cda3bd9dcd4754b8d6baad11a04bbe8fd", "sha256_hash": "44980f85e58808c1230f0aeadf80ad038fdec75e670c57a85025ca14e34dfb3a", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000012-region_00001074-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "filename": "process_00000012-region_00001074-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "id": "proc_dump_271", "md5_hash": "80f14c848e149e57cf96345ad567c768", "ref_process": { "ref_id": "proc_12", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "48e7135cbb988caa7716b35dbd883023336adafd", "sha256_hash": "ff908fb6f995ecdc94cb23076e79117570c225b455f27b9b6487d742278bd431", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000012-region_00001076-addr_0x00000000005e0000-size_0x0000000000080000-perm_rw.bin", "filename": "process_00000012-region_00001076-addr_0x00000000005e0000-size_0x0000000000080000-perm_rw.bin", "id": "proc_dump_272", "md5_hash": "97e6e705c8ae51d91dd983667e07d65b", "ref_process": { "ref_id": "proc_12", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "3cc2c19d3c683c25a542d322d4e925bfad047ebc", "sha256_hash": "390656cd491afeb7f21196f294e804449cad12b85fc67560d9323bed7a6ae8eb", "size": 24576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000012-region_00001086-addr_0x00000000005b0000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000012-region_00001086-addr_0x00000000005b0000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_275", "md5_hash": "66d2216c95ffc5750c701aaaccf89aec", "ref_process": { "ref_id": "proc_12", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "aac401f0671ff246da364a8bc6204ba54d647c7c", "sha256_hash": "334a456fe472682eec75b9eb876b39de4cbc3a6864c9aff54ee4193d15623e36", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000012-region_00001087-addr_0x0000000000820000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000012-region_00001087-addr_0x0000000000820000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_276", "md5_hash": "b11eec8ae47e2b5e99186c50ca3c7d80", "ref_process": { "ref_id": "proc_12", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "14caa736098a68ebf3074f112a6924935c60815e", "sha256_hash": "9d288b7d2697b743b0ba26ee9a561aa3105acdfb7c25fb2c6f0b6821310a1068", "size": 114688, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000012-region_00001110-addr_0x00000000000f0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000012-region_00001110-addr_0x00000000000f0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_277", "md5_hash": "663e0c81aa5e0a3ff2a43da751ac3ea6", "ref_process": { "ref_id": "proc_12", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "e73f43d3b9108b46aa594a997edc25f4aa778b3a", "sha256_hash": "83341888a1a94ed307472f9945ea15735d3580b3043db1b990ac64f5eda31432", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000012-region_00001111-addr_0x0000000000100000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000012-region_00001111-addr_0x0000000000100000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_278", "md5_hash": "620f0b67a91f7f74151bc5be745b7110", "ref_process": { "ref_id": "proc_12", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "1ceaf73df40e531df3bfb26b4fb7cd95fb7bff1d", "sha256_hash": "ad7facb2586fc6e966c004d7d1d16b024f5805ff7cb47c7a85dabd8b48892ca7", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000013-region_00001118-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "filename": "process_00000013-region_00001118-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "id": "proc_dump_280", "md5_hash": "5b604fb21043599869547aca015e2ce2", "ref_process": { "ref_id": "proc_13", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "ea9e3d60a25253b197c4ffc3397719c30c3ce719", "sha256_hash": "54b4654c5897f6802532b3bce8cb508d848e80d10e14c582fcd58a666c550187", "size": 131072, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000013-region_00001119-addr_0x0000000000030000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000013-region_00001119-addr_0x0000000000030000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_281", "md5_hash": "7d3e933f47858cb361c620fe7656f8a5", "ref_process": { "ref_id": "proc_13", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "c6885e298c25229ba1dcf1106ee404a5a13b0ef0", "sha256_hash": "d3c2aefb9e444d28164b228af66c8401838d8e6db2b1d40f93bb9dbc61e8ad8d", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000013-region_00001123-addr_0x0000000000170000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000013-region_00001123-addr_0x0000000000170000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_282", "md5_hash": "b090c1b2d7d36b559c31603ae126a83b", "ref_process": { "ref_id": "proc_13", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "3cb022aca85cd4b8d59b31e3bb9ce0946e42e23d", "sha256_hash": "39c7d5c718e93987939ee61c221687bb38856fe951d10ca1db6d1c7a76bf282b", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000013-region_00001124-addr_0x00000000001f0000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000013-region_00001124-addr_0x00000000001f0000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_283", "md5_hash": "3122a08e85496c3f1cceaaeb5054bf8d", "ref_process": { "ref_id": "proc_13", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "6aa5a0110b426b32534e4f6394292b4124d75235", "sha256_hash": "2ee0d7db8c44559ea23998ddbba01d59c61583879dbef1d8eeec4d699800eded", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000013-region_00001129-addr_0x000000007efdb000-size_0x0000000000003000-perm_rw.bin", "filename": "process_00000013-region_00001129-addr_0x000000007efdb000-size_0x0000000000003000-perm_rw.bin", "id": "proc_dump_284", "md5_hash": "7c89b8df8b50b3a1f13b81ee556326ae", "ref_process": { "ref_id": "proc_13", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "cf9e5731fb33b0fb5e579066314d4231dd1ff353", "sha256_hash": "34cb5de12e352de296dc25fd07c3628d07786e940ab995bc9b7df9af09fb493c", "size": 12288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000013-region_00001130-addr_0x000000007efde000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000013-region_00001130-addr_0x000000007efde000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_285", "md5_hash": "fd93e4622a6f05fa2daa37b9e7e66be2", "ref_process": { "ref_id": "proc_13", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "0d01bd8193d2580f2d9bbd3bb211e5b85ccc9b35", "sha256_hash": "45ac7142c374840aa5901e39b827bdf9b416e0bd27d81930cc565dad2f5aff16", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000013-region_00001131-addr_0x000000007efdf000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000013-region_00001131-addr_0x000000007efdf000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_286", "md5_hash": "8a6f68cfb1d91979c3f90e5acfe2848a", "ref_process": { "ref_id": "proc_13", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "eaad5260c3732a774dfbbf4a72b7ab1c6bbb0d09", "sha256_hash": "6aae28d5dfedfca55acc74e4648179c07e38fa223cf0a5d004239e113b5d5a83", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000013-region_00001133-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "filename": "process_00000013-region_00001133-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "id": "proc_dump_287", "md5_hash": "3d05b3a2a7b8d3179c2de44f1590de4e", "ref_process": { "ref_id": "proc_13", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "7e152ffff3f2597b4ec732c58c1d94217368d2ef", "sha256_hash": "cd89abfc5a068748a2a0ab1f2cf0f670bee88527a7629d08fca4ac9a5d1bf83e", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000013-region_00001136-addr_0x0000000000320000-size_0x0000000000080000-perm_rw.bin", "filename": "process_00000013-region_00001136-addr_0x0000000000320000-size_0x0000000000080000-perm_rw.bin", "id": "proc_dump_289", "md5_hash": "3a1be0766fa33a5d54dc0bbfc58e0177", "ref_process": { "ref_id": "proc_13", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "b2f5d08a318cb3fd1b948a60ce48569a1f4ef1de", "sha256_hash": "f355ebe21f9aa1a5a170e17783d7f022a5aea174d4294e4912d595d900f4c0b5", "size": 524288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000013-region_00001143-addr_0x0000000000490000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000013-region_00001143-addr_0x0000000000490000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_290", "md5_hash": "cdab80e38625aaa952e601579ef9b507", "ref_process": { "ref_id": "proc_13", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "787f6b4cdcc62889b5979cfe0be17789c1a09ce5", "sha256_hash": "de468fe7a48d663093388b2f20fc19b851c9b1c36ad510ecb37b7176101364f2", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000013-region_00001144-addr_0x0000000000680000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000013-region_00001144-addr_0x0000000000680000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_291", "md5_hash": "90a3b0d697bc1612328dfa32cf964d82", "ref_process": { "ref_id": "proc_13", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "46a7f44ec64d7326b21362a9e3e4a6feb9f59241", "sha256_hash": "bdd7d02693506840b1f5d1886a0cfa9d8bf4e2ffb07fe38a8436130830fb319c", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000013-region_00001161-addr_0x0000000076b70000-size_0x00000000000fa000-perm_rwx.bin", "filename": "process_00000013-region_00001161-addr_0x0000000076b70000-size_0x00000000000fa000-perm_rwx.bin", "id": "proc_dump_292", "md5_hash": "6eeea0bcbc21bd1c0d7f0d6ae3488f7b", "ref_process": { "ref_id": "proc_13", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "fad191d56abe255a03a7b4b3b641fcfa8a4f81fe", "sha256_hash": "938a68694e4495227ebc925be61a20adb5c6c82d7dd57cc67a2717e2f9f2bf70", "size": 1024000, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000013-region_00001162-addr_0x0000000076c70000-size_0x000000000011f000-perm_rwx.bin", "filename": "process_00000013-region_00001162-addr_0x0000000076c70000-size_0x000000000011f000-perm_rwx.bin", "id": "proc_dump_293", "md5_hash": "caf76e9dd8864dfb7d729847f3595e80", "ref_process": { "ref_id": "proc_13", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "71745f0f20bf18b3813fbb1a30eed8d41dc1d51d", "sha256_hash": "f113bc4b90aa0447b7992c2783d7c3b16d63f0e65e2c54c6e93ba833e8e0c667", "size": 1175552, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000013-region_00001172-addr_0x0000000000100000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000013-region_00001172-addr_0x0000000000100000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_295", "md5_hash": "663e0c81aa5e0a3ff2a43da751ac3ea6", "ref_process": { "ref_id": "proc_13", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "e73f43d3b9108b46aa594a997edc25f4aa778b3a", "sha256_hash": "83341888a1a94ed307472f9945ea15735d3580b3043db1b990ac64f5eda31432", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000013-region_00001173-addr_0x0000000000110000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000013-region_00001173-addr_0x0000000000110000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_296", "md5_hash": "620f0b67a91f7f74151bc5be745b7110", "ref_process": { "ref_id": "proc_13", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "1ceaf73df40e531df3bfb26b4fb7cd95fb7bff1d", "sha256_hash": "ad7facb2586fc6e966c004d7d1d16b024f5805ff7cb47c7a85dabd8b48892ca7", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000014-region_00001182-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "filename": "process_00000014-region_00001182-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "id": "proc_dump_299", "md5_hash": "922e0d31cc976e8671f04d466c4a92ef", "ref_process": { "ref_id": "proc_14", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "cd3640ab153568eb0c2d125fee2a405ce2c8c006", "sha256_hash": "71834784709fb9fafa0853d1f9cbafaaffa17fd3b8f444b6a25dff24ba38cf13", "size": 131072, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000014-region_00001183-addr_0x0000000000030000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000014-region_00001183-addr_0x0000000000030000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_300", "md5_hash": "019c7bb7489b3826e2926ca5f832a81a", "ref_process": { "ref_id": "proc_14", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "6fe6b3025dfe9c14f1bed4d3d68970c6fff4d1f9", "sha256_hash": "fc2ed52b5fb6b198451e4ff9500a32c76f82ae3b0426768d10d24334eda4251c", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000014-region_00001187-addr_0x00000000000f0000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000014-region_00001187-addr_0x00000000000f0000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_301", "md5_hash": "7efa464cfcd5fb8c9a512c9da21f2118", "ref_process": { "ref_id": "proc_14", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "3c66d9a60727ce8aced2263e6b33e1834a2546e6", "sha256_hash": "c902ea912e792e162fa4ffcc4fbdc967c80a996f12d7b6e376586cdfcd6b4cc2", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000014-region_00001188-addr_0x0000000000180000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000014-region_00001188-addr_0x0000000000180000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_302", "md5_hash": "33bad8bca7b322c256eee4103aa0f7b1", "ref_process": { "ref_id": "proc_14", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "412680288b1175e356dd3b900dcf81b887f42abc", "sha256_hash": "c556c3285d004557804289c5fed91ca74d00726dbe2b7727c49961f5e1bf12b8", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000014-region_00001193-addr_0x000000007efdb000-size_0x0000000000003000-perm_rw.bin", "filename": "process_00000014-region_00001193-addr_0x000000007efdb000-size_0x0000000000003000-perm_rw.bin", "id": "proc_dump_303", "md5_hash": "308301b4fb4bef8a83f38abb050c6cc6", "ref_process": { "ref_id": "proc_14", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "2748700f36d1a8a3ef2da9f6c90ed1b988eab564", "sha256_hash": "bf76aa94886573a7b24efdceb8531ac47755902fa8b88a906e34f478303d9e3c", "size": 12288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000014-region_00001194-addr_0x000000007efde000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000014-region_00001194-addr_0x000000007efde000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_304", "md5_hash": "a35b63b320424ad292da5d85f9dd5b89", "ref_process": { "ref_id": "proc_14", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "32fcc5962582c42d5c028a6ed3e7236977f0b604", "sha256_hash": "0413d9a7490c83767574d405d7eaaff51804630d5814990ff720e21149beee87", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000014-region_00001195-addr_0x000000007efdf000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000014-region_00001195-addr_0x000000007efdf000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_305", "md5_hash": "bc191e12fbb9b90c3d731bf264b4f96c", "ref_process": { "ref_id": "proc_14", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "620e7ff9b7b1b8b800af3fc52419f247324ef8f4", "sha256_hash": "57efcfd4a7ff7f8cee023e354573911a095ad5c8986411fa3825d37e56ce7f49", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000014-region_00001197-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "filename": "process_00000014-region_00001197-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "id": "proc_dump_306", "md5_hash": "bb268b1583813c60072a3524804a1095", "ref_process": { "ref_id": "proc_14", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "6c6942564e809dd36421d747898c5fb2e1d48d8b", "sha256_hash": "7f24d3695aeda57c82a48e210452ad41b0920ed39ee8bade030ae8b16f618165", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000014-region_00001199-addr_0x00000000003b0000-size_0x0000000000080000-perm_rw.bin", "filename": "process_00000014-region_00001199-addr_0x00000000003b0000-size_0x0000000000080000-perm_rw.bin", "id": "proc_dump_307", "md5_hash": "ebf3282e26767cfbc6f8929c740f9020", "ref_process": { "ref_id": "proc_14", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "11e24c78c247d93b1f063a97a3e90d555fde9994", "sha256_hash": "3fd0c7a6cb2f9f097713c949b525d4b1137118c9b6e2699fdb2ce7ce2d7ca6be", "size": 524288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000014-region_00001206-addr_0x00000000002b0000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000014-region_00001206-addr_0x00000000002b0000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_308", "md5_hash": "1e78dd3c2e9a46a51ea05a33e017fa6d", "ref_process": { "ref_id": "proc_14", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "3be9b381cfe3c61e8bd855cbead67f4df694bc4f", "sha256_hash": "a1e7c3c53b93747c63520d0899c22642f7aaf0c80547c0bafd537b51ae311229", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000014-region_00001207-addr_0x0000000000620000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000014-region_00001207-addr_0x0000000000620000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_309", "md5_hash": "fbf1429c17cd889298176a55cda0bcfe", "ref_process": { "ref_id": "proc_14", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "6da7ccd47fd18c31a7f9f9eea2b544d3d57f8eb1", "sha256_hash": "dcf688748435ee9efd9fc7aa9c92be525e5f59861df74d4fa4e49d5c9aeeb240", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000014-region_00001224-addr_0x0000000076b70000-size_0x00000000000fa000-perm_rwx.bin", "filename": "process_00000014-region_00001224-addr_0x0000000076b70000-size_0x00000000000fa000-perm_rwx.bin", "id": "proc_dump_310", "md5_hash": "6eeea0bcbc21bd1c0d7f0d6ae3488f7b", "ref_process": { "ref_id": "proc_14", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "fad191d56abe255a03a7b4b3b641fcfa8a4f81fe", "sha256_hash": "938a68694e4495227ebc925be61a20adb5c6c82d7dd57cc67a2717e2f9f2bf70", "size": 1024000, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000014-region_00001225-addr_0x0000000076c70000-size_0x000000000011f000-perm_rwx.bin", "filename": "process_00000014-region_00001225-addr_0x0000000076c70000-size_0x000000000011f000-perm_rwx.bin", "id": "proc_dump_311", "md5_hash": "caf76e9dd8864dfb7d729847f3595e80", "ref_process": { "ref_id": "proc_14", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "71745f0f20bf18b3813fbb1a30eed8d41dc1d51d", "sha256_hash": "f113bc4b90aa0447b7992c2783d7c3b16d63f0e65e2c54c6e93ba833e8e0c667", "size": 1175552, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000014-region_00001234-addr_0x0000000000140000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000014-region_00001234-addr_0x0000000000140000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_312", "md5_hash": "663e0c81aa5e0a3ff2a43da751ac3ea6", "ref_process": { "ref_id": "proc_14", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "e73f43d3b9108b46aa594a997edc25f4aa778b3a", "sha256_hash": "83341888a1a94ed307472f9945ea15735d3580b3043db1b990ac64f5eda31432", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000014-region_00001235-addr_0x0000000000150000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000014-region_00001235-addr_0x0000000000150000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_313", "md5_hash": "620f0b67a91f7f74151bc5be745b7110", "ref_process": { "ref_id": "proc_14", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "1ceaf73df40e531df3bfb26b4fb7cd95fb7bff1d", "sha256_hash": "ad7facb2586fc6e966c004d7d1d16b024f5805ff7cb47c7a85dabd8b48892ca7", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000015-region_00001246-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "filename": "process_00000015-region_00001246-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "id": "proc_dump_316", "md5_hash": "ecc3ebd39cef672570efc49b1cb1cace", "ref_process": { "ref_id": "proc_15", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "9e286a5ab726a8c2889460e1907f2471f2b7eace", "sha256_hash": "5590c0e88afef13eeb08db9d19776c6d8ce761eb75f759d2b6320112a73331e7", "size": 131072, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000015-region_00001247-addr_0x0000000000030000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000015-region_00001247-addr_0x0000000000030000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_317", "md5_hash": "9139760caa174f0bf0fac88ad85e6e4d", "ref_process": { "ref_id": "proc_15", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "689a088774976802a54ac72b861c65c0cdade671", "sha256_hash": "60d2308bf4c1f4da978a56aed6dc1039da40f6429fc067c41558dc12456d9081", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000015-region_00001251-addr_0x0000000000070000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000015-region_00001251-addr_0x0000000000070000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_318", "md5_hash": "fa8558a7d7a3d35ce062c12c060725ec", "ref_process": { "ref_id": "proc_15", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "7d72ce3c709bb879cd320c2f60de4dacb90f33d2", "sha256_hash": "9721d2670b461bf9f10d08cdeecf5663304a1a0411cbc00822ce556601e0defd", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000015-region_00001252-addr_0x0000000000230000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000015-region_00001252-addr_0x0000000000230000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_319", "md5_hash": "936f3ebaf6adf3bb94d2c50b82e196d9", "ref_process": { "ref_id": "proc_15", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "359a9475d931015a02e92e876819f1b6fd550911", "sha256_hash": "9450cd7f30912752bd2218ac5e20723b805315638fda9c2c8090a1621a698ecb", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000015-region_00001257-addr_0x000000007efdb000-size_0x0000000000003000-perm_rw.bin", "filename": "process_00000015-region_00001257-addr_0x000000007efdb000-size_0x0000000000003000-perm_rw.bin", "id": "proc_dump_320", "md5_hash": "a1612fe4bd71967c6963f5e723f534ba", "ref_process": { "ref_id": "proc_15", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "5933423e9374bb633a8a9d779147596995c19848", "sha256_hash": "6309b5091a30db5182a72b9bdc5a33103db1d5eaff282af45f77b2ff8c6a6626", "size": 12288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000015-region_00001258-addr_0x000000007efde000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000015-region_00001258-addr_0x000000007efde000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_321", "md5_hash": "9dfd2ef3f669d8f0ba7edbdb1f53ea74", "ref_process": { "ref_id": "proc_15", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "865fac26f89d6ae3a6c2da461a00690d1e3379b2", "sha256_hash": "411c4285a9b2ea06df0a2e6021f4416657b9b8badab42ad2a9f0ee505cde1713", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000015-region_00001259-addr_0x000000007efdf000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000015-region_00001259-addr_0x000000007efdf000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_322", "md5_hash": "85d8e78ff7f09d1296db6ebc01b145a6", "ref_process": { "ref_id": "proc_15", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "8569fa5c4e454feadd275e4e54444fed44d66bf3", "sha256_hash": "2d99c6aeb000ecbe58c1619d85415a655b6e3356689a842f8218517bef762f12", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000015-region_00001261-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "filename": "process_00000015-region_00001261-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "id": "proc_dump_323", "md5_hash": "dfc56dae7d9dfe6e255bf1676a6d5003", "ref_process": { "ref_id": "proc_15", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "c939c56e5f200b71ede16f1b8811d5886fba8dd8", "sha256_hash": "f3625fb531b6fb1ea6aa339ef1e3ffa5cafd632fa9d59832ce4f3be310244715", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000015-region_00001263-addr_0x0000000000140000-size_0x0000000000080000-perm_rw.bin", "filename": "process_00000015-region_00001263-addr_0x0000000000140000-size_0x0000000000080000-perm_rw.bin", "id": "proc_dump_324", "md5_hash": "4d515277eb004072a993a711c9ac1e18", "ref_process": { "ref_id": "proc_15", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "e17c2a060a9ced0083b64120a734a776d3848ce3", "sha256_hash": "249d2195dc057867840ab4189efc522382309d085527a03289962e1a062fefb8", "size": 524288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000015-region_00001270-addr_0x00000000001e0000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000015-region_00001270-addr_0x00000000001e0000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_325", "md5_hash": "5985a8c7c0f38a3b26caa64e24a0efc9", "ref_process": { "ref_id": "proc_15", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "a449e80843d47e061f8ab415ae093ce03b6a8722", "sha256_hash": "311314b578d7d33cf683cdb0023d4706d5005423e9b7ea978e6f3fd7acf76ea5", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000015-region_00001271-addr_0x0000000000400000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000015-region_00001271-addr_0x0000000000400000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_326", "md5_hash": "3d2ffcea9af8deca2e41b85f20edf9da", "ref_process": { "ref_id": "proc_15", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "14ddebfe9188aecdbda76603e7bec78474b846f8", "sha256_hash": "87f40ed878b09edd09447494f782bd861fac27e1ef84edffc500fc4dfcff6d51", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000015-region_00001288-addr_0x0000000076b70000-size_0x00000000000fa000-perm_rwx.bin", "filename": "process_00000015-region_00001288-addr_0x0000000076b70000-size_0x00000000000fa000-perm_rwx.bin", "id": "proc_dump_327", "md5_hash": "6eeea0bcbc21bd1c0d7f0d6ae3488f7b", "ref_process": { "ref_id": "proc_15", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "fad191d56abe255a03a7b4b3b641fcfa8a4f81fe", "sha256_hash": "938a68694e4495227ebc925be61a20adb5c6c82d7dd57cc67a2717e2f9f2bf70", "size": 1024000, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000015-region_00001289-addr_0x0000000076c70000-size_0x000000000011f000-perm_rwx.bin", "filename": "process_00000015-region_00001289-addr_0x0000000076c70000-size_0x000000000011f000-perm_rwx.bin", "id": "proc_dump_328", "md5_hash": "caf76e9dd8864dfb7d729847f3595e80", "ref_process": { "ref_id": "proc_15", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "71745f0f20bf18b3813fbb1a30eed8d41dc1d51d", "sha256_hash": "f113bc4b90aa0447b7992c2783d7c3b16d63f0e65e2c54c6e93ba833e8e0c667", "size": 1175552, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000015-region_00001298-addr_0x00000000001c0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000015-region_00001298-addr_0x00000000001c0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_329", "md5_hash": "663e0c81aa5e0a3ff2a43da751ac3ea6", "ref_process": { "ref_id": "proc_15", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "e73f43d3b9108b46aa594a997edc25f4aa778b3a", "sha256_hash": "83341888a1a94ed307472f9945ea15735d3580b3043db1b990ac64f5eda31432", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000015-region_00001299-addr_0x00000000001d0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000015-region_00001299-addr_0x00000000001d0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_330", "md5_hash": "620f0b67a91f7f74151bc5be745b7110", "ref_process": { "ref_id": "proc_15", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "1ceaf73df40e531df3bfb26b4fb7cd95fb7bff1d", "sha256_hash": "ad7facb2586fc6e966c004d7d1d16b024f5805ff7cb47c7a85dabd8b48892ca7", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000016-region_00001305-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "filename": "process_00000016-region_00001305-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "id": "proc_dump_331", "md5_hash": "c872ce3b2d1a173af8a89dd9cbe453ff", "ref_process": { "ref_id": "proc_16", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "acb87ec591a52b50a30f8d0582d09a5ee2a88db9", "sha256_hash": "01122d5f6b956863665161643bc655524e7aa83c61467800833a7d258c8df0bc", "size": 131072, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000016-region_00001306-addr_0x0000000000030000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000016-region_00001306-addr_0x0000000000030000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_332", "md5_hash": "01fc4124c62af41940b8d44914c8a453", "ref_process": { "ref_id": "proc_16", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "e801e16b6b7c736c9b6a0e477755553a1db8dc8b", "sha256_hash": "f22b12ad919c99b1239b1814f283baa55a501dae9905482448abdf9adee9c3cd", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000016-region_00001310-addr_0x0000000000110000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000016-region_00001310-addr_0x0000000000110000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_333", "md5_hash": "aba44bce7194c73dca6b646aec89b000", "ref_process": { "ref_id": "proc_16", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "0705c47fd91f680dd04c2de4ff0c4379e8f32aa4", "sha256_hash": "5d2dfcb98496f05c2a2eec754c5bbfa97619a483216a3c4d5e824204f4069256", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000016-region_00001311-addr_0x0000000000180000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000016-region_00001311-addr_0x0000000000180000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_334", "md5_hash": "3fe152c3a4dc0ea0fc06ebd0e5d5d184", "ref_process": { "ref_id": "proc_16", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "52c33febe7bb0a4a9fc8ce485d5161e285fde547", "sha256_hash": "24741deba3faf2ea5e5badbae4553bb98b078c0ed7ed3379b5b39e0cf3b88635", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000016-region_00001316-addr_0x000000007efdb000-size_0x0000000000003000-perm_rw.bin", "filename": "process_00000016-region_00001316-addr_0x000000007efdb000-size_0x0000000000003000-perm_rw.bin", "id": "proc_dump_335", "md5_hash": "78deb822c145cb3beb41c59c07808f63", "ref_process": { "ref_id": "proc_16", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "2df6f3fdeacac78fb1962770ad4ef5854f83ca77", "sha256_hash": "888261b1c32306483c82de900d10ee79e26a6e80a078c5e0d44c68febb5dd079", "size": 12288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000016-region_00001317-addr_0x000000007efde000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000016-region_00001317-addr_0x000000007efde000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_336", "md5_hash": "2b641ba391845a49762f5c460b2573b6", "ref_process": { "ref_id": "proc_16", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "6bab29b99df11acd5171a77b5f3c95b6d4d0be41", "sha256_hash": "d4fed238af5ad4a6898d709af919fddf23aa36820f1b0432a3c9f89da83b2781", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000016-region_00001318-addr_0x000000007efdf000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000016-region_00001318-addr_0x000000007efdf000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_337", "md5_hash": "929cbdf04abded6cd5501af80d430b14", "ref_process": { "ref_id": "proc_16", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "d86d4145859a8a092283480abcf89fc573fe3ca0", "sha256_hash": "1f57603401ada66b1a25b760a191f1eafb65debdd0d4e20ae171477089be507b", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000016-region_00001320-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "filename": "process_00000016-region_00001320-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "id": "proc_dump_338", "md5_hash": "79df9c7b609809d8149d326ab9934b61", "ref_process": { "ref_id": "proc_16", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "ba2d929c47d59daa5988464529b2b849e3c5e624", "sha256_hash": "9d019f8bccbfcb5018078a4826fe5ffe83fec8be0cf9b9383b736125c96aad29", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000016-region_00001322-addr_0x0000000000280000-size_0x0000000000080000-perm_rw.bin", "filename": "process_00000016-region_00001322-addr_0x0000000000280000-size_0x0000000000080000-perm_rw.bin", "id": "proc_dump_339", "md5_hash": "c93c0b1a03d4cc05d5a00b8160ae016e", "ref_process": { "ref_id": "proc_16", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "ae72d411fac3e9916305a8aaaffbbd07ff634d0a", "sha256_hash": "8adf8d11845f2c84007470bcfd3a107a8ad04332a6b2432d7ff0c3b927e48303", "size": 524288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000016-region_00001329-addr_0x00000000003c0000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000016-region_00001329-addr_0x00000000003c0000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_340", "md5_hash": "8a2654475cc98967ad42335edc8df530", "ref_process": { "ref_id": "proc_16", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "88256a3d63d9b2737af8152b4564643478d4fd8e", "sha256_hash": "9a7e92d487adfeadca8781655444ebc73a4da1aa4d000f8fd4af98ac57777486", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000016-region_00001330-addr_0x0000000000610000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000016-region_00001330-addr_0x0000000000610000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_341", "md5_hash": "95a6c80a2df4cbbe99c15aa9cb91f0c4", "ref_process": { "ref_id": "proc_16", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "2015f2bc15b10359ef5899ada4238d8a22f6acdb", "sha256_hash": "6ce4a224832fd7da4bfe80d7a8ad5297f4792b045e31b3f64357c786fe6742e6", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000016-region_00001347-addr_0x0000000076b70000-size_0x00000000000fa000-perm_rwx.bin", "filename": "process_00000016-region_00001347-addr_0x0000000076b70000-size_0x00000000000fa000-perm_rwx.bin", "id": "proc_dump_342", "md5_hash": "6eeea0bcbc21bd1c0d7f0d6ae3488f7b", "ref_process": { "ref_id": "proc_16", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "fad191d56abe255a03a7b4b3b641fcfa8a4f81fe", "sha256_hash": "938a68694e4495227ebc925be61a20adb5c6c82d7dd57cc67a2717e2f9f2bf70", "size": 1024000, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000016-region_00001348-addr_0x0000000076c70000-size_0x000000000011f000-perm_rwx.bin", "filename": "process_00000016-region_00001348-addr_0x0000000076c70000-size_0x000000000011f000-perm_rwx.bin", "id": "proc_dump_343", "md5_hash": "caf76e9dd8864dfb7d729847f3595e80", "ref_process": { "ref_id": "proc_16", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "71745f0f20bf18b3813fbb1a30eed8d41dc1d51d", "sha256_hash": "f113bc4b90aa0447b7992c2783d7c3b16d63f0e65e2c54c6e93ba833e8e0c667", "size": 1175552, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000016-region_00001357-addr_0x0000000000100000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000016-region_00001357-addr_0x0000000000100000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_344", "md5_hash": "663e0c81aa5e0a3ff2a43da751ac3ea6", "ref_process": { "ref_id": "proc_16", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "e73f43d3b9108b46aa594a997edc25f4aa778b3a", "sha256_hash": "83341888a1a94ed307472f9945ea15735d3580b3043db1b990ac64f5eda31432", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000016-region_00001358-addr_0x0000000000150000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000016-region_00001358-addr_0x0000000000150000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_345", "md5_hash": "620f0b67a91f7f74151bc5be745b7110", "ref_process": { "ref_id": "proc_16", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "1ceaf73df40e531df3bfb26b4fb7cd95fb7bff1d", "sha256_hash": "ad7facb2586fc6e966c004d7d1d16b024f5805ff7cb47c7a85dabd8b48892ca7", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000017-region_00001364-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "filename": "process_00000017-region_00001364-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "id": "proc_dump_346", "md5_hash": "efb322f912b3bda7df1f83ba4a3a3e50", "ref_process": { "ref_id": "proc_17", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "540e18fd4fe11650ea01154f1037c1812ffec50f", "sha256_hash": "57fc2f81a3f7d653adc399fe50ca5cc29a07fe527c4ffeeb371a13f80fe19bc3", "size": 131072, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000017-region_00001365-addr_0x0000000000030000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000017-region_00001365-addr_0x0000000000030000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_347", "md5_hash": "637a9e9a140de37ba72bb87135183674", "ref_process": { "ref_id": "proc_17", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "bd1f6948ff236b062ff3a66e15f189a115c70e3c", "sha256_hash": "25b48c5efc9c9fc58c2beea5abe760e1a0ef21e5e9da86e77687795621db9e29", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000017-region_00001369-addr_0x00000000001b0000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000017-region_00001369-addr_0x00000000001b0000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_348", "md5_hash": "e361bf51818de8829bd08e289e6f7a68", "ref_process": { "ref_id": "proc_17", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "5769d86d508ab3c3ec738767cbc6367a34862e23", "sha256_hash": "6b91d2b3bd5bf299de3e1261ae9a2822191c51a038e754c28f3c4c346bd10a74", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000017-region_00001370-addr_0x00000000001f0000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000017-region_00001370-addr_0x00000000001f0000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_349", "md5_hash": "787f86960ce2b2e9f1a09140ad7ffb04", "ref_process": { "ref_id": "proc_17", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "505ffdaed853cd46d5b40693578e4e9c819b54de", "sha256_hash": "18a8ebde165198e9c00c3e6c30174ec2df29d5d20ca8d675db68230330f39c20", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000017-region_00001375-addr_0x000000007efdb000-size_0x0000000000003000-perm_rw.bin", "filename": "process_00000017-region_00001375-addr_0x000000007efdb000-size_0x0000000000003000-perm_rw.bin", "id": "proc_dump_350", "md5_hash": "643bb5cc6c23b3f3295d427213c3354c", "ref_process": { "ref_id": "proc_17", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "81c19bca8e1775291f19c7f83f7c87d3a12af475", "sha256_hash": "27f83107010d07c0efd05775279ed24bdbb17add9c4adae6e0c9762688a666de", "size": 12288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000017-region_00001376-addr_0x000000007efde000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000017-region_00001376-addr_0x000000007efde000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_351", "md5_hash": "27777c3ed6bddd836c86b2b11b98d24c", "ref_process": { "ref_id": "proc_17", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "4f6f75b42c426c9a17d5ec35858e724173800377", "sha256_hash": "76e0f59bfba6db74cf810b95d698d3b33841eb1605a1819920c2401c2f94106f", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000017-region_00001377-addr_0x000000007efdf000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000017-region_00001377-addr_0x000000007efdf000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_352", "md5_hash": "5c490834a329b891e25a185a77b032ba", "ref_process": { "ref_id": "proc_17", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "9a4761d0d7d0761eb298298d3b7d4c8e105611ad", "sha256_hash": "6a7678ed754675b327ddfb5e946e8018132f62474e66f3efae853da5ad05e41b", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000017-region_00001379-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "filename": "process_00000017-region_00001379-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "id": "proc_dump_353", "md5_hash": "0d8d91814b0c871208847485c0ce3618", "ref_process": { "ref_id": "proc_17", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "67ba9c411983867eaf214f69569e3eb8a116fcfa", "sha256_hash": "8d1719ab12763da50f7cebd703ae778b5d62ee997c1649ea193a5a8ed1f8432d", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000017-region_00001381-addr_0x0000000000370000-size_0x0000000000080000-perm_rw.bin", "filename": "process_00000017-region_00001381-addr_0x0000000000370000-size_0x0000000000080000-perm_rw.bin", "id": "proc_dump_354", "md5_hash": "85111ea152469b714174cde59b80bc93", "ref_process": { "ref_id": "proc_17", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "4c1be5eb3e670cc2c4cf1486f6f5bfb63d6ca07f", "sha256_hash": "0c7e1fd2f5194069790ad52e8d20c09c127d2b3d376dcaac70ec38139237e54c", "size": 524288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000017-region_00001388-addr_0x0000000000360000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000017-region_00001388-addr_0x0000000000360000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_355", "md5_hash": "b6b4689cec73f95bfbde3d8d8b0b2ad8", "ref_process": { "ref_id": "proc_17", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "344a10e7bb050e1d4b84e02d320c78ee84ad87a6", "sha256_hash": "320ef3842eb5a28157063d117791ea27f4231a24db2b29cdf29b950779c3e716", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000017-region_00001389-addr_0x0000000000530000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000017-region_00001389-addr_0x0000000000530000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_356", "md5_hash": "d944128999b3b25af55c44ba34934ffe", "ref_process": { "ref_id": "proc_17", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "0300ac51fa59c36ae80cebf0c5493cb95fae815e", "sha256_hash": "b68012e80c27a73d8a4ea0442fde41a36a381d6c5829ea492128716e2b8ed795", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000017-region_00001408-addr_0x0000000076b70000-size_0x00000000000fa000-perm_rwx.bin", "filename": "process_00000017-region_00001408-addr_0x0000000076b70000-size_0x00000000000fa000-perm_rwx.bin", "id": "proc_dump_357", "md5_hash": "6eeea0bcbc21bd1c0d7f0d6ae3488f7b", "ref_process": { "ref_id": "proc_17", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "fad191d56abe255a03a7b4b3b641fcfa8a4f81fe", "sha256_hash": "938a68694e4495227ebc925be61a20adb5c6c82d7dd57cc67a2717e2f9f2bf70", "size": 1024000, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000017-region_00001409-addr_0x0000000076c70000-size_0x000000000011f000-perm_rwx.bin", "filename": "process_00000017-region_00001409-addr_0x0000000076c70000-size_0x000000000011f000-perm_rwx.bin", "id": "proc_dump_358", "md5_hash": "e0257c47598dd5e5006590d9c4d4bde1", "ref_process": { "ref_id": "proc_17", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "80413583c977ad3e5981e5a0afdfba467064b9c6", "sha256_hash": "0e36bbe86417cae3773c9ccb385d6d5a01ae11c567d6d824a26a15314b6dc83c", "size": 729088, "type": "process_dump", "version": 1 } ], "processes": [ { "cmd_line": "\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ifzkkpwij.exe\" ", "filename": "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ifzkkpwij.exe", "id": "proc_1", "image_name": "ifzkkpwij.exe", "monitor_reason": "analysis_target", "monitored_id": 1, "origin_monitor_id": 0, "ref_parent_process": null, "regions": [ { "dump": { "filename": "process_00000001-region_00000001-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_41", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 131072, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_1", "name": "private_0x0000000000010000", "norm_filename": null, "region_type": "private_memory", "start_va": 65536, "timestamp": "00:00:11.092", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000002-addr_0x0000000000030000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_42", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 204799, "entry_point": 0, "filename": null, "id": "region_2", "name": "private_0x0000000000030000", "norm_filename": null, "region_type": "private_memory", "start_va": 196608, "timestamp": "00:00:11.093", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 266239, "entry_point": 262144, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_3", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 262144, "timestamp": "00:00:11.093", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 327680, "type": "region", "version": 1 }, "end_va": 344063, "entry_point": 0, "filename": null, "id": "region_4", "name": "pagefile_0x0000000000050000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 327680, "timestamp": "00:00:11.095", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 393216, "type": "region", "version": 1 }, "end_va": 397311, "entry_point": 0, "filename": null, "id": "region_5", "name": "pagefile_0x0000000000060000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 393216, "timestamp": "00:00:11.095", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000006-addr_0x0000000000190000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_43", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 1638400, "type": "region", "version": 1 }, "end_va": 1900543, "entry_point": 0, "filename": null, "id": "region_6", "name": "private_0x0000000000190000", "norm_filename": null, "region_type": "private_memory", "start_va": 1638400, "timestamp": "00:00:11.096", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000007-addr_0x0000000000280000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_44", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 2621440, "type": "region", "version": 1 }, "end_va": 3670015, "entry_point": 0, "filename": null, "id": "region_7", "name": "private_0x0000000000280000", "norm_filename": null, "region_type": "private_memory", "start_va": 2621440, "timestamp": "00:00:11.096", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000008-addr_0x0000000000ff0000-size_0x0000000000012000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_45", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 73728, "start_va": 16711680, "type": "region", "version": 1 }, "end_va": 16785407, "entry_point": 16711680, "filename": "\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ifzkkpwij.exe", "id": "region_8", "name": "ifzkkpwij.exe", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ifzkkpwij.exe", "region_type": "memory_mapped_file", "start_va": 16711680, "timestamp": "00:00:11.096", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 1993932800, "type": "region", "version": 1 }, "end_va": 1995673599, "entry_point": 1993932800, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_9", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 1993932800, "timestamp": "00:00:11.096", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1572864, "start_va": 1995898880, "type": "region", "version": 1 }, "end_va": 1997471743, "entry_point": 1995898880, "filename": "\\Windows\\SysWOW64\\ntdll.dll", "id": "region_10", "name": "ntdll.dll", "norm_filename": "c:\\windows\\syswow64\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 1995898880, "timestamp": "00:00:11.177", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 2130378752, "type": "region", "version": 1 }, "end_va": 2130522111, "entry_point": 0, "filename": null, "id": "region_11", "name": "pagefile_0x000000007efb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130378752, "timestamp": "00:00:11.261", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000012-addr_0x000000007efdb000-size_0x0000000000003000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_46", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 12288, "start_va": 2130554880, "type": "region", "version": 1 }, "end_va": 2130567167, "entry_point": 0, "filename": null, "id": "region_12", "name": "private_0x000000007efdb000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130554880, "timestamp": "00:00:11.262", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000013-addr_0x000000007efde000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_47", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2130567168, "type": "region", "version": 1 }, "end_va": 2130571263, "entry_point": 0, "filename": null, "id": "region_13", "name": "private_0x000000007efde000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130567168, "timestamp": "00:00:11.262", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000014-addr_0x000000007efdf000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_48", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2130571264, "type": "region", "version": 1 }, "end_va": 2130575359, "entry_point": 0, "filename": null, "id": "region_14", "name": "private_0x000000007efdf000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130571264, "timestamp": "00:00:11.262", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16777216, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_15", "name": "private_0x000000007efe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130575360, "timestamp": "00:00:11.262", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000016-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable" ], "ref_process_dump": { "ref_id": "proc_dump_49", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_16", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:00:11.263", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "ignored_region" ], "info": "No dump was created because this is an ignored region", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8793945538560, "start_va": 2147418112, "type": "region", "version": 1 }, "end_va": 8796092956671, "entry_point": 0, "filename": null, "id": "region_17", "name": "private_0x000000007fff0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147418112, "timestamp": "00:00:11.263", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000150-addr_0x0000000000490000-size_0x0000000000080000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_50", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 524288, "start_va": 4784128, "type": "region", "version": 1 }, "end_va": 5308415, "entry_point": 0, "filename": null, "id": "region_150", "name": "private_0x0000000000490000", "norm_filename": null, "region_type": "private_memory", "start_va": 4784128, "timestamp": "00:00:12.716", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1951006720, "type": "region", "version": 1 }, "end_va": 1951039487, "entry_point": 1951006720, "filename": "\\Windows\\System32\\wow64cpu.dll", "id": "region_151", "name": "wow64cpu.dll", "norm_filename": "c:\\windows\\system32\\wow64cpu.dll", "region_type": "memory_mapped_file", "start_va": 1951006720, "timestamp": "00:00:12.717", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 376832, "start_va": 1951072256, "type": "region", "version": 1 }, "end_va": 1951449087, "entry_point": 1951072256, "filename": "\\Windows\\System32\\wow64win.dll", "id": "region_152", "name": "wow64win.dll", "norm_filename": "c:\\windows\\system32\\wow64win.dll", "region_type": "memory_mapped_file", "start_va": 1951072256, "timestamp": "00:00:12.725", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 258048, "start_va": 1951465472, "type": "region", "version": 1 }, "end_va": 1951723519, "entry_point": 1951465472, "filename": "\\Windows\\System32\\wow64.dll", "id": "region_153", "name": "wow64.dll", "norm_filename": "c:\\windows\\system32\\wow64.dll", "region_type": "memory_mapped_file", "start_va": 1951465472, "timestamp": "00:00:12.731", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000154-addr_0x0000000000620000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_51", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 6422528, "type": "region", "version": 1 }, "end_va": 7471103, "entry_point": 0, "filename": null, "id": "region_154", "name": "private_0x0000000000620000", "norm_filename": null, "region_type": "private_memory", "start_va": 6422528, "timestamp": "00:00:12.749", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 286720, "start_va": 1985675264, "type": "region", "version": 1 }, "end_va": 1985961983, "entry_point": 1985675264, "filename": "\\Windows\\SysWOW64\\KernelBase.dll", "id": "region_155", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\syswow64\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 1985675264, "timestamp": "00:00:12.750", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1114112, "start_va": 1986002944, "type": "region", "version": 1 }, "end_va": 1987117055, "entry_point": 1986002944, "filename": "\\Windows\\SysWOW64\\kernel32.dll", "id": "region_156", "name": "kernel32.dll", "norm_filename": "c:\\windows\\syswow64\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1986002944, "timestamp": "00:00:12.799", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000157-addr_0x0000000076b70000-size_0x00000000000fa000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_52", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1024000, "start_va": 1991704576, "type": "region", "version": 1 }, "end_va": 1992728575, "entry_point": 0, "filename": null, "id": "region_157", "name": "private_0x0000000076b70000", "norm_filename": null, "region_type": "private_memory", "start_va": 1991704576, "timestamp": "00:00:13.011", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000158-addr_0x0000000076c70000-size_0x000000000011f000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_53", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1175552, "start_va": 1992753152, "type": "region", "version": 1 }, "end_va": 1993928703, "entry_point": 0, "filename": null, "id": "region_158", "name": "private_0x0000000076c70000", "norm_filename": null, "region_type": "private_memory", "start_va": 1992753152, "timestamp": "00:00:13.011", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_159", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:00:13.057", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_160", "name": "pagefile_0x0000000000020000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 131072, "timestamp": "00:00:13.057", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 458752, "type": "region", "version": 1 }, "end_va": 880639, "entry_point": 458752, "filename": "\\Windows\\System32\\locale.nls", "id": "region_161", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 458752, "timestamp": "00:00:13.057", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1957429248, "type": "region", "version": 1 }, "end_va": 1957478399, "entry_point": 1957429248, "filename": "\\Windows\\SysWOW64\\cryptbase.dll", "id": "region_162", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\syswow64\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 1957429248, "timestamp": "00:00:13.058", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1957494784, "type": "region", "version": 1 }, "end_va": 1957887999, "entry_point": 1957494784, "filename": "\\Windows\\SysWOW64\\sspicli.dll", "id": "region_163", "name": "sspicli.dll", "norm_filename": "c:\\windows\\syswow64\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 1957494784, "timestamp": "00:00:13.063", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1048576, "start_va": 1959395328, "type": "region", "version": 1 }, "end_va": 1960443903, "entry_point": 1959395328, "filename": "\\Windows\\SysWOW64\\user32.dll", "id": "region_164", "name": "user32.dll", "norm_filename": "c:\\windows\\syswow64\\user32.dll", "region_type": "memory_mapped_file", "start_va": 1959395328, "timestamp": "00:00:13.070", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1960443904, "type": "region", "version": 1 }, "end_va": 1960484863, "entry_point": 1960443904, "filename": "\\Windows\\SysWOW64\\lpk.dll", "id": "region_165", "name": "lpk.dll", "norm_filename": "c:\\windows\\syswow64\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 1960443904, "timestamp": "00:00:13.125", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 1961361408, "type": "region", "version": 1 }, "end_va": 1961463807, "entry_point": 1961361408, "filename": "\\Windows\\SysWOW64\\sechost.dll", "id": "region_166", "name": "sechost.dll", "norm_filename": "c:\\windows\\syswow64\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 1961361408, "timestamp": "00:00:13.131", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 655360, "start_va": 1961492480, "type": "region", "version": 1 }, "end_va": 1962147839, "entry_point": 1961492480, "filename": "\\Windows\\SysWOW64\\advapi32.dll", "id": "region_167", "name": "advapi32.dll", "norm_filename": "c:\\windows\\syswow64\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 1961492480, "timestamp": "00:00:13.138", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 12886016, "start_va": 1962147840, "type": "region", "version": 1 }, "end_va": 1975033855, "entry_point": 1962147840, "filename": "\\Windows\\SysWOW64\\shell32.dll", "id": "region_168", "name": "shell32.dll", "norm_filename": "c:\\windows\\syswow64\\shell32.dll", "region_type": "memory_mapped_file", "start_va": 1962147840, "timestamp": "00:00:13.213", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 983040, "start_va": 1978531840, "type": "region", "version": 1 }, "end_va": 1979514879, "entry_point": 1978531840, "filename": "\\Windows\\SysWOW64\\rpcrt4.dll", "id": "region_169", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\syswow64\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 1978531840, "timestamp": "00:00:13.979", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 356352, "start_va": 1980170240, "type": "region", "version": 1 }, "end_va": 1980526591, "entry_point": 1980170240, "filename": "\\Windows\\SysWOW64\\shlwapi.dll", "id": "region_170", "name": "shlwapi.dll", "norm_filename": "c:\\windows\\syswow64\\shlwapi.dll", "region_type": "memory_mapped_file", "start_va": 1980170240, "timestamp": "00:00:14.245", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 589824, "start_va": 1983840256, "type": "region", "version": 1 }, "end_va": 1984430079, "entry_point": 1983840256, "filename": "\\Windows\\SysWOW64\\gdi32.dll", "id": "region_171", "name": "gdi32.dll", "norm_filename": "c:\\windows\\syswow64\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 1983840256, "timestamp": "00:00:14.306", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 643072, "start_va": 1985019904, "type": "region", "version": 1 }, "end_va": 1985662975, "entry_point": 1985019904, "filename": "\\Windows\\SysWOW64\\usp10.dll", "id": "region_172", "name": "usp10.dll", "norm_filename": "c:\\windows\\syswow64\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 1985019904, "timestamp": "00:00:14.342", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 704512, "start_va": 1990459392, "type": "region", "version": 1 }, "end_va": 1991163903, "entry_point": 1990459392, "filename": "\\Windows\\SysWOW64\\msvcrt.dll", "id": "region_173", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\syswow64\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 1990459392, "timestamp": "00:00:14.352", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2131623935, "entry_point": 0, "filename": null, "id": "region_174", "name": "pagefile_0x000000007efe0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130575360, "timestamp": "00:00:14.366", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 15728640, "start_va": 2131623936, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_175", "name": "private_0x000000007f0e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2131623936, "timestamp": "00:00:14.367", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000176-addr_0x0000000000840000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_54", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 8650752, "type": "region", "version": 1 }, "end_va": 8716287, "entry_point": 0, "filename": null, "id": "region_176", "name": "private_0x0000000000840000", "norm_filename": null, "region_type": "private_memory", "start_va": 8650752, "timestamp": "00:00:14.387", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 8716288, "type": "region", "version": 1 }, "end_va": 10321919, "entry_point": 0, "filename": null, "id": "region_177", "name": "pagefile_0x0000000000850000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 8716288, "timestamp": "00:00:14.387", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1957888000, "type": "region", "version": 1 }, "end_va": 1958281215, "entry_point": 1957888000, "filename": "\\Windows\\SysWOW64\\imm32.dll", "id": "region_178", "name": "imm32.dll", "norm_filename": "c:\\windows\\syswow64\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 1957888000, "timestamp": "00:00:14.387", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 835584, "start_va": 1960509440, "type": "region", "version": 1 }, "end_va": 1961345023, "entry_point": 1960509440, "filename": "\\Windows\\SysWOW64\\msctf.dll", "id": "region_179", "name": "msctf.dll", "norm_filename": "c:\\windows\\syswow64\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 1960509440, "timestamp": "00:00:14.396", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000180-addr_0x0000000000030000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_55", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 200703, "entry_point": 0, "filename": null, "id": "region_180", "name": "private_0x0000000000030000", "norm_filename": null, "region_type": "private_memory", "start_va": 196608, "timestamp": "00:00:14.410", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000181-addr_0x00000000000e0000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_56", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 917504, "type": "region", "version": 1 }, "end_va": 921599, "entry_point": 0, "filename": null, "id": "region_181", "name": "private_0x00000000000e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 917504, "timestamp": "00:00:14.410", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 10354688, "type": "region", "version": 1 }, "end_va": 11931647, "entry_point": 0, "filename": null, "id": "region_182", "name": "pagefile_0x00000000009e0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 10354688, "timestamp": "00:00:14.410", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20971520, "start_va": 16842752, "type": "region", "version": 1 }, "end_va": 37814271, "entry_point": 0, "filename": null, "id": "region_183", "name": "pagefile_0x0000000001010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 16842752, "timestamp": "00:00:14.410", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "C:\\Windows\\system32\\rundll32.exe C:\\Windows\\infpub.dat,#1 15", "filename": "c:\\windows\\syswow64\\rundll32.exe", "id": "proc_2", "image_name": "rundll32.exe", "monitor_reason": "child_process", "monitored_id": 2, "origin_monitor_id": 1, "ref_parent_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "process_00000002-region_00000184-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_57", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 131072, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_184", "name": "private_0x0000000000010000", "norm_filename": null, "region_type": "private_memory", "start_va": 65536, "timestamp": "00:00:14.446", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000185-addr_0x0000000000030000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_58", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 204799, "entry_point": 0, "filename": null, "id": "region_185", "name": "private_0x0000000000030000", "norm_filename": null, "region_type": "private_memory", "start_va": 196608, "timestamp": "00:00:14.446", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 266239, "entry_point": 262144, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_186", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 262144, "timestamp": "00:00:14.446", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 327680, "type": "region", "version": 1 }, "end_va": 344063, "entry_point": 0, "filename": null, "id": "region_187", "name": "pagefile_0x0000000000050000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 327680, "timestamp": "00:00:14.449", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 393216, "type": "region", "version": 1 }, "end_va": 397311, "entry_point": 0, "filename": null, "id": "region_188", "name": "pagefile_0x0000000000060000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 393216, "timestamp": "00:00:14.449", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 1376256, "type": "region", "version": 1 }, "end_va": 1638399, "entry_point": 0, "filename": null, "id": "region_189", "name": "private_0x0000000000150000", "norm_filename": null, "region_type": "private_memory", "start_va": 1376256, "timestamp": "00:00:14.449", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 2031616, "type": "region", "version": 1 }, "end_va": 2293759, "entry_point": 0, "filename": null, "id": "region_190", "name": "private_0x00000000001f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2031616, "timestamp": "00:00:14.449", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 57344, "start_va": 16449536, "type": "region", "version": 1 }, "end_va": 16506879, "entry_point": 16449536, "filename": "\\Windows\\SysWOW64\\rundll32.exe", "id": "region_191", "name": "rundll32.exe", "norm_filename": "c:\\windows\\syswow64\\rundll32.exe", "region_type": "memory_mapped_file", "start_va": 16449536, "timestamp": "00:00:14.449", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 1993932800, "type": "region", "version": 1 }, "end_va": 1995673599, "entry_point": 1993932800, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_192", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 1993932800, "timestamp": "00:00:14.455", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1572864, "start_va": 1995898880, "type": "region", "version": 1 }, "end_va": 1997471743, "entry_point": 1995898880, "filename": "\\Windows\\SysWOW64\\ntdll.dll", "id": "region_193", "name": "ntdll.dll", "norm_filename": "c:\\windows\\syswow64\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 1995898880, "timestamp": "00:00:14.455", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 2130378752, "type": "region", "version": 1 }, "end_va": 2130522111, "entry_point": 0, "filename": null, "id": "region_194", "name": "pagefile_0x000000007efb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130378752, "timestamp": "00:00:14.455", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130554880, "type": "region", "version": 1 }, "end_va": 2130567167, "entry_point": 0, "filename": null, "id": "region_195", "name": "private_0x000000007efdb000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130554880, "timestamp": "00:00:14.456", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2130567168, "type": "region", "version": 1 }, "end_va": 2130571263, "entry_point": 0, "filename": null, "id": "region_196", "name": "private_0x000000007efde000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130567168, "timestamp": "00:00:14.456", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2130571264, "type": "region", "version": 1 }, "end_va": 2130575359, "entry_point": 0, "filename": null, "id": "region_197", "name": "private_0x000000007efdf000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130571264, "timestamp": "00:00:14.456", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16777216, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_198", "name": "private_0x000000007efe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130575360, "timestamp": "00:00:14.456", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable" ], "ref_process_dump": null, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_199", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:00:14.457", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "ignored_region" ], "info": "No dump was created because this is an ignored region", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8793945538560, "start_va": 2147418112, "type": "region", "version": 1 }, "end_va": 8796092956671, "entry_point": 0, "filename": null, "id": "region_200", "name": "private_0x000000007fff0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147418112, "timestamp": "00:00:14.457", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 851968, "type": "region", "version": 1 }, "end_va": 1376255, "entry_point": 0, "filename": null, "id": "region_201", "name": "private_0x00000000000d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 851968, "timestamp": "00:00:14.461", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1951006720, "type": "region", "version": 1 }, "end_va": 1951039487, "entry_point": 1951015160, "filename": "\\Windows\\System32\\wow64cpu.dll", "id": "region_202", "name": "wow64cpu.dll", "norm_filename": "c:\\windows\\system32\\wow64cpu.dll", "region_type": "memory_mapped_file", "start_va": 1951006720, "timestamp": "00:00:14.461", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 376832, "start_va": 1951072256, "type": "region", "version": 1 }, "end_va": 1951449087, "entry_point": 1951332248, "filename": "\\Windows\\System32\\wow64win.dll", "id": "region_203", "name": "wow64win.dll", "norm_filename": "c:\\windows\\system32\\wow64win.dll", "region_type": "memory_mapped_file", "start_va": 1951072256, "timestamp": "00:00:14.462", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 258048, "start_va": 1951465472, "type": "region", "version": 1 }, "end_va": 1951723519, "entry_point": 1951653496, "filename": "\\Windows\\System32\\wow64.dll", "id": "region_204", "name": "wow64.dll", "norm_filename": "c:\\windows\\system32\\wow64.dll", "region_type": "memory_mapped_file", "start_va": 1951465472, "timestamp": "00:00:14.462", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_205", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:00:14.485", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2686976, "type": "region", "version": 1 }, "end_va": 3735551, "entry_point": 0, "filename": null, "id": "region_206", "name": "private_0x0000000000290000", "norm_filename": null, "region_type": "private_memory", "start_va": 2686976, "timestamp": "00:00:14.485", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 3735552, "type": "region", "version": 1 }, "end_va": 4157439, "entry_point": 3735552, "filename": "\\Windows\\System32\\locale.nls", "id": "region_207", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 3735552, "timestamp": "00:00:14.485", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1957429248, "type": "region", "version": 1 }, "end_va": 1957478399, "entry_point": 1957433569, "filename": "\\Windows\\SysWOW64\\cryptbase.dll", "id": "region_208", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\syswow64\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 1957429248, "timestamp": "00:00:14.486", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1957494784, "type": "region", "version": 1 }, "end_va": 1957887999, "entry_point": 1957602227, "filename": "\\Windows\\SysWOW64\\sspicli.dll", "id": "region_209", "name": "sspicli.dll", "norm_filename": "c:\\windows\\syswow64\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 1957494784, "timestamp": "00:00:14.486", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1048576, "start_va": 1959395328, "type": "region", "version": 1 }, "end_va": 1960443903, "entry_point": 1959507693, "filename": "\\Windows\\SysWOW64\\user32.dll", "id": "region_210", "name": "user32.dll", "norm_filename": "c:\\windows\\syswow64\\user32.dll", "region_type": "memory_mapped_file", "start_va": 1959395328, "timestamp": "00:00:14.487", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1960443904, "type": "region", "version": 1 }, "end_va": 1960484863, "entry_point": 1960457888, "filename": "\\Windows\\SysWOW64\\lpk.dll", "id": "region_211", "name": "lpk.dll", "norm_filename": "c:\\windows\\syswow64\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 1960443904, "timestamp": "00:00:14.487", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 1961361408, "type": "region", "version": 1 }, "end_va": 1961463807, "entry_point": 1961380213, "filename": "\\Windows\\SysWOW64\\sechost.dll", "id": "region_212", "name": "sechost.dll", "norm_filename": "c:\\windows\\syswow64\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 1961361408, "timestamp": "00:00:14.488", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 655360, "start_va": 1961492480, "type": "region", "version": 1 }, "end_va": 1962147839, "entry_point": 1961576933, "filename": "\\Windows\\SysWOW64\\advapi32.dll", "id": "region_213", "name": "advapi32.dll", "norm_filename": "c:\\windows\\syswow64\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 1961492480, "timestamp": "00:00:14.488", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 983040, "start_va": 1978531840, "type": "region", "version": 1 }, "end_va": 1979514879, "entry_point": 1978598761, "filename": "\\Windows\\SysWOW64\\rpcrt4.dll", "id": "region_214", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\syswow64\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 1978531840, "timestamp": "00:00:14.488", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 589824, "start_va": 1983840256, "type": "region", "version": 1 }, "end_va": 1984430079, "entry_point": 1983931203, "filename": "\\Windows\\SysWOW64\\gdi32.dll", "id": "region_215", "name": "gdi32.dll", "norm_filename": "c:\\windows\\syswow64\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 1983840256, "timestamp": "00:00:14.489", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 643072, "start_va": 1985019904, "type": "region", "version": 1 }, "end_va": 1985662975, "entry_point": 1985232855, "filename": "\\Windows\\SysWOW64\\usp10.dll", "id": "region_216", "name": "usp10.dll", "norm_filename": "c:\\windows\\syswow64\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 1985019904, "timestamp": "00:00:14.489", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 286720, "start_va": 1985675264, "type": "region", "version": 1 }, "end_va": 1985961983, "entry_point": 1985705080, "filename": "\\Windows\\SysWOW64\\KernelBase.dll", "id": "region_217", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\syswow64\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 1985675264, "timestamp": "00:00:14.490", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1114112, "start_va": 1986002944, "type": "region", "version": 1 }, "end_va": 1987117055, "entry_point": 1986081491, "filename": "\\Windows\\SysWOW64\\kernel32.dll", "id": "region_218", "name": "kernel32.dll", "norm_filename": "c:\\windows\\syswow64\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1986002944, "timestamp": "00:00:14.490", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 172032, "start_va": 1988558848, "type": "region", "version": 1 }, "end_va": 1988730879, "entry_point": 1988558848, "filename": "\\Windows\\SysWOW64\\imagehlp.dll", "id": "region_219", "name": "imagehlp.dll", "norm_filename": "c:\\windows\\syswow64\\imagehlp.dll", "region_type": "memory_mapped_file", "start_va": 1988558848, "timestamp": "00:00:14.490", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 704512, "start_va": 1990459392, "type": "region", "version": 1 }, "end_va": 1991163903, "entry_point": 1990501490, "filename": "\\Windows\\SysWOW64\\msvcrt.dll", "id": "region_220", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\syswow64\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 1990459392, "timestamp": "00:00:14.499", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1024000, "start_va": 1991704576, "type": "region", "version": 1 }, "end_va": 1992728575, "entry_point": 0, "filename": null, "id": "region_221", "name": "private_0x0000000076b70000", "norm_filename": null, "region_type": "private_memory", "start_va": 1991704576, "timestamp": "00:00:14.500", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1175552, "start_va": 1992753152, "type": "region", "version": 1 }, "end_va": 1993928703, "entry_point": 0, "filename": null, "id": "region_222", "name": "private_0x0000000076c70000", "norm_filename": null, "region_type": "private_memory", "start_va": 1992753152, "timestamp": "00:00:14.500", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2131623935, "entry_point": 0, "filename": null, "id": "region_223", "name": "pagefile_0x000000007efe0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130575360, "timestamp": "00:00:14.500", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 15728640, "start_va": 2131623936, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_224", "name": "private_0x000000007f0e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2131623936, "timestamp": "00:00:14.501", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 5570560, "type": "region", "version": 1 }, "end_va": 5636095, "entry_point": 0, "filename": null, "id": "region_225", "name": "private_0x0000000000550000", "norm_filename": null, "region_type": "private_memory", "start_va": 5570560, "timestamp": "00:00:14.506", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 5636096, "type": "region", "version": 1 }, "end_va": 7241727, "entry_point": 0, "filename": null, "id": "region_226", "name": "pagefile_0x0000000000560000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 5636096, "timestamp": "00:00:14.506", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1957888000, "type": "region", "version": 1 }, "end_va": 1958281215, "entry_point": 1957959055, "filename": "\\Windows\\SysWOW64\\imm32.dll", "id": "region_227", "name": "imm32.dll", "norm_filename": "c:\\windows\\syswow64\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 1957888000, "timestamp": "00:00:14.506", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 835584, "start_va": 1960509440, "type": "region", "version": 1 }, "end_va": 1961345023, "entry_point": 1960515211, "filename": "\\Windows\\SysWOW64\\msctf.dll", "id": "region_228", "name": "msctf.dll", "norm_filename": "c:\\windows\\syswow64\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 1960509440, "timestamp": "00:00:14.508", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 28672, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 159743, "entry_point": 0, "filename": null, "id": "region_229", "name": "pagefile_0x0000000000020000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 131072, "timestamp": "00:00:14.589", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 204799, "entry_point": 0, "filename": null, "id": "region_230", "name": "pagefile_0x0000000000030000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 196608, "timestamp": "00:00:14.589", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 458752, "type": "region", "version": 1 }, "end_va": 462847, "entry_point": 0, "filename": null, "id": "region_231", "name": "private_0x0000000000070000", "norm_filename": null, "region_type": "private_memory", "start_va": 458752, "timestamp": "00:00:14.589", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 524288, "type": "region", "version": 1 }, "end_va": 528383, "entry_point": 0, "filename": null, "id": "region_232", "name": "private_0x0000000000080000", "norm_filename": null, "region_type": "private_memory", "start_va": 524288, "timestamp": "00:00:14.590", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 589824, "type": "region", "version": 1 }, "end_va": 593919, "entry_point": 0, "filename": null, "id": "region_233", "name": "pagefile_0x0000000000090000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 589824, "timestamp": "00:00:14.590", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 7274496, "type": "region", "version": 1 }, "end_va": 8851455, "entry_point": 0, "filename": null, "id": "region_234", "name": "pagefile_0x00000000006f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 7274496, "timestamp": "00:00:14.590", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 3420160, "start_va": 8912896, "type": "region", "version": 1 }, "end_va": 12333055, "entry_point": 0, "filename": null, "id": "region_235", "name": "pagefile_0x0000000000880000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 8912896, "timestamp": "00:00:14.590", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 13631488, "type": "region", "version": 1 }, "end_va": 13893631, "entry_point": 0, "filename": null, "id": "region_236", "name": "private_0x0000000000d00000", "norm_filename": null, "region_type": "private_memory", "start_va": 13631488, "timestamp": "00:00:14.590", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20971520, "start_va": 16515072, "type": "region", "version": 1 }, "end_va": 37486591, "entry_point": 0, "filename": null, "id": "region_237", "name": "pagefile_0x0000000000fc0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 16515072, "timestamp": "00:00:14.591", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 278528, "start_va": 1954283520, "type": "region", "version": 1 }, "end_va": 1954562047, "entry_point": 1954283520, "filename": "\\Windows\\SysWOW64\\dnsapi.dll", "id": "region_238", "name": "dnsapi.dll", "norm_filename": "c:\\windows\\syswow64\\dnsapi.dll", "region_type": "memory_mapped_file", "start_va": 1954283520, "timestamp": "00:00:14.591", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 212992, "start_va": 1954611200, "type": "region", "version": 1 }, "end_va": 1954824191, "entry_point": 1954611200, "filename": "\\Windows\\SysWOW64\\adsldpc.dll", "id": "region_239", "name": "adsldpc.dll", "norm_filename": "c:\\windows\\syswow64\\adsldpc.dll", "region_type": "memory_mapped_file", "start_va": 1954611200, "timestamp": "00:00:14.601", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 45056, "start_va": 1954873344, "type": "region", "version": 1 }, "end_va": 1954918399, "entry_point": 1954873344, "filename": "\\Windows\\SysWOW64\\dsauth.dll", "id": "region_240", "name": "dsauth.dll", "norm_filename": "c:\\windows\\syswow64\\dsauth.dll", "region_type": "memory_mapped_file", "start_va": 1954873344, "timestamp": "00:00:14.609", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 61440, "start_va": 1954938880, "type": "region", "version": 1 }, "end_va": 1955000319, "entry_point": 1954938880, "filename": "\\Windows\\SysWOW64\\samcli.dll", "id": "region_241", "name": "samcli.dll", "norm_filename": "c:\\windows\\syswow64\\samcli.dll", "region_type": "memory_mapped_file", "start_va": 1954938880, "timestamp": "00:00:14.616", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 90112, "start_va": 1955004416, "type": "region", "version": 1 }, "end_va": 1955094527, "entry_point": 1955004416, "filename": "\\Windows\\SysWOW64\\dhcpsapi.dll", "id": "region_242", "name": "dhcpsapi.dll", "norm_filename": "c:\\windows\\syswow64\\dhcpsapi.dll", "region_type": "memory_mapped_file", "start_va": 1955004416, "timestamp": "00:00:14.622", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 53248, "start_va": 1955135488, "type": "region", "version": 1 }, "end_va": 1955188735, "entry_point": 1955135488, "filename": "\\Windows\\SysWOW64\\browcli.dll", "id": "region_243", "name": "browcli.dll", "norm_filename": "c:\\windows\\syswow64\\browcli.dll", "region_type": "memory_mapped_file", "start_va": 1955135488, "timestamp": "00:00:14.629", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 61440, "start_va": 1955201024, "type": "region", "version": 1 }, "end_va": 1955262463, "entry_point": 1955201024, "filename": "\\Windows\\SysWOW64\\wkscli.dll", "id": "region_244", "name": "wkscli.dll", "norm_filename": "c:\\windows\\syswow64\\wkscli.dll", "region_type": "memory_mapped_file", "start_va": 1955201024, "timestamp": "00:00:14.635", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 1955266560, "type": "region", "version": 1 }, "end_va": 1955368959, "entry_point": 1955266560, "filename": "\\Windows\\SysWOW64\\srvcli.dll", "id": "region_245", "name": "srvcli.dll", "norm_filename": "c:\\windows\\syswow64\\srvcli.dll", "region_type": "memory_mapped_file", "start_va": 1955266560, "timestamp": "00:00:14.643", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 36864, "start_va": 1955397632, "type": "region", "version": 1 }, "end_va": 1955434495, "entry_point": 1955397632, "filename": "\\Windows\\SysWOW64\\netutils.dll", "id": "region_246", "name": "netutils.dll", "norm_filename": "c:\\windows\\syswow64\\netutils.dll", "region_type": "memory_mapped_file", "start_va": 1955397632, "timestamp": "00:00:14.651", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 69632, "start_va": 1955463168, "type": "region", "version": 1 }, "end_va": 1955532799, "entry_point": 1955463168, "filename": "\\Windows\\SysWOW64\\netapi32.dll", "id": "region_247", "name": "netapi32.dll", "norm_filename": "c:\\windows\\syswow64\\netapi32.dll", "region_type": "memory_mapped_file", "start_va": 1955463168, "timestamp": "00:00:14.657", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 73728, "start_va": 1955594240, "type": "region", "version": 1 }, "end_va": 1955667967, "entry_point": 1955594240, "filename": "\\Windows\\SysWOW64\\mpr.dll", "id": "region_248", "name": "mpr.dll", "norm_filename": "c:\\windows\\syswow64\\mpr.dll", "region_type": "memory_mapped_file", "start_va": 1955594240, "timestamp": "00:00:14.665", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 28672, "start_va": 1955725312, "type": "region", "version": 1 }, "end_va": 1955753983, "entry_point": 1955725312, "filename": "\\Windows\\SysWOW64\\winnsi.dll", "id": "region_249", "name": "winnsi.dll", "norm_filename": "c:\\windows\\syswow64\\winnsi.dll", "region_type": "memory_mapped_file", "start_va": 1955725312, "timestamp": "00:00:14.672", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 114688, "start_va": 1955790848, "type": "region", "version": 1 }, "end_va": 1955905535, "entry_point": 1955790848, "filename": "\\Windows\\SysWOW64\\IPHLPAPI.DLL", "id": "region_250", "name": "iphlpapi.dll", "norm_filename": "c:\\windows\\syswow64\\iphlpapi.dll", "region_type": "memory_mapped_file", "start_va": 1955790848, "timestamp": "00:00:14.679", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000251-addr_0x0000000074950000-size_0x0000000000068000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_59", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 425984, "start_va": 1955921920, "type": "region", "version": 1 }, "end_va": 1956347903, "entry_point": 1955921920, "filename": "\\Windows\\infpub.dat", "id": "region_251", "name": "infpub.dat", "norm_filename": "c:\\windows\\infpub.dat", "region_type": "memory_mapped_file", "start_va": 1955921920, "timestamp": "00:00:14.687", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 12886016, "start_va": 1962147840, "type": "region", "version": 1 }, "end_va": 1975033855, "entry_point": 1962677761, "filename": "\\Windows\\SysWOW64\\shell32.dll", "id": "region_252", "name": "shell32.dll", "norm_filename": "c:\\windows\\syswow64\\shell32.dll", "region_type": "memory_mapped_file", "start_va": 1962147840, "timestamp": "00:00:14.688", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 24576, "start_va": 1979514880, "type": "region", "version": 1 }, "end_va": 1979539455, "entry_point": 1979514880, "filename": "\\Windows\\SysWOW64\\nsi.dll", "id": "region_253", "name": "nsi.dll", "norm_filename": "c:\\windows\\syswow64\\nsi.dll", "region_type": "memory_mapped_file", "start_va": 1979514880, "timestamp": "00:00:14.689", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 356352, "start_va": 1980170240, "type": "region", "version": 1 }, "end_va": 1980526591, "entry_point": 1980275622, "filename": "\\Windows\\SysWOW64\\shlwapi.dll", "id": "region_254", "name": "shlwapi.dll", "norm_filename": "c:\\windows\\syswow64\\shlwapi.dll", "region_type": "memory_mapped_file", "start_va": 1980170240, "timestamp": "00:00:14.695", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1167360, "start_va": 1980563456, "type": "region", "version": 1 }, "end_va": 1981730815, "entry_point": 1980563456, "filename": "\\Windows\\SysWOW64\\crypt32.dll", "id": "region_255", "name": "crypt32.dll", "norm_filename": "c:\\windows\\syswow64\\crypt32.dll", "region_type": "memory_mapped_file", "start_va": 1980563456, "timestamp": "00:00:14.696", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 282624, "start_va": 1982332928, "type": "region", "version": 1 }, "end_va": 1982615551, "entry_point": 1982332928, "filename": "\\Windows\\SysWOW64\\Wldap32.dll", "id": "region_256", "name": "wldap32.dll", "norm_filename": "c:\\windows\\syswow64\\wldap32.dll", "region_type": "memory_mapped_file", "start_va": 1982332928, "timestamp": "00:00:14.709", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 217088, "start_va": 1982791680, "type": "region", "version": 1 }, "end_va": 1983008767, "entry_point": 1982791680, "filename": "\\Windows\\SysWOW64\\ws2_32.dll", "id": "region_257", "name": "ws2_32.dll", "norm_filename": "c:\\windows\\syswow64\\ws2_32.dll", "region_type": "memory_mapped_file", "start_va": 1982791680, "timestamp": "00:00:14.719", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1425408, "start_va": 1987117056, "type": "region", "version": 1 }, "end_va": 1988542463, "entry_point": 1987117056, "filename": "\\Windows\\SysWOW64\\ole32.dll", "id": "region_258", "name": "ole32.dll", "norm_filename": "c:\\windows\\syswow64\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 1987117056, "timestamp": "00:00:14.728", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1995702272, "type": "region", "version": 1 }, "end_va": 1995751423, "entry_point": 1995702272, "filename": "\\Windows\\SysWOW64\\msasn1.dll", "id": "region_259", "name": "msasn1.dll", "norm_filename": "c:\\windows\\syswow64\\msasn1.dll", "region_type": "memory_mapped_file", "start_va": 1995702272, "timestamp": "00:00:15.007", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000260-addr_0x00000000001a0000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_60", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 1703936, "type": "region", "version": 1 }, "end_va": 1966079, "entry_point": 0, "filename": null, "id": "region_260", "name": "private_0x00000000001a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1703936, "timestamp": "00:00:15.029", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 4194304, "type": "region", "version": 1 }, "end_va": 5242879, "entry_point": 0, "filename": null, "id": "region_261", "name": "private_0x0000000000400000", "norm_filename": null, "region_type": "private_memory", "start_va": 4194304, "timestamp": "00:00:15.030", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 524288, "start_va": 1950416896, "type": "region", "version": 1 }, "end_va": 1950941183, "entry_point": 1950416896, "filename": "\\Windows\\SysWOW64\\uxtheme.dll", "id": "region_262", "name": "uxtheme.dll", "norm_filename": "c:\\windows\\syswow64\\uxtheme.dll", "region_type": "memory_mapped_file", "start_va": 1950416896, "timestamp": "00:00:15.030", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 913408, "start_va": 12386304, "type": "region", "version": 1 }, "end_va": 13299711, "entry_point": 0, "filename": null, "id": "region_263", "name": "pagefile_0x0000000000bd0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 12386304, "timestamp": "00:00:15.042", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 15073280, "type": "region", "version": 1 }, "end_va": 15335423, "entry_point": 0, "filename": null, "id": "region_264", "name": "private_0x0000000000e60000", "norm_filename": null, "region_type": "private_memory", "start_va": 15073280, "timestamp": "00:00:15.043", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 77824, "start_va": 1950285824, "type": "region", "version": 1 }, "end_va": 1950363647, "entry_point": 1950285824, "filename": "\\Windows\\SysWOW64\\dwmapi.dll", "id": "region_265", "name": "dwmapi.dll", "norm_filename": "c:\\windows\\syswow64\\dwmapi.dll", "region_type": "memory_mapped_file", "start_va": 1950285824, "timestamp": "00:00:15.043", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000266-addr_0x00000000000a0000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_61", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 655360, "type": "region", "version": 1 }, "end_va": 720895, "entry_point": 0, "filename": null, "id": "region_266", "name": "private_0x00000000000a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 655360, "timestamp": "00:00:15.057", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 15335424, "type": "region", "version": 1 }, "end_va": 15597567, "entry_point": 0, "filename": null, "id": "region_267", "name": "private_0x0000000000ea0000", "norm_filename": null, "region_type": "private_memory", "start_va": 15335424, "timestamp": "00:00:15.057", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 15859712, "type": "region", "version": 1 }, "end_va": 16121855, "entry_point": 0, "filename": null, "id": "region_268", "name": "private_0x0000000000f20000", "norm_filename": null, "region_type": "private_memory", "start_va": 15859712, "timestamp": "00:00:15.057", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130542592, "type": "region", "version": 1 }, "end_va": 2130554879, "entry_point": 0, "filename": null, "id": "region_269", "name": "private_0x000000007efd8000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130542592, "timestamp": "00:00:15.057", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 28672, "start_va": 720896, "type": "region", "version": 1 }, "end_va": 749567, "entry_point": 0, "filename": null, "id": "region_270", "name": "pagefile_0x00000000000b0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 720896, "timestamp": "00:00:15.058", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 28672, "start_va": 655360, "type": "region", "version": 1 }, "end_va": 684031, "entry_point": 0, "filename": null, "id": "region_271", "name": "pagefile_0x00000000000a0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 655360, "timestamp": "00:00:15.059", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 90112, "start_va": 1954152448, "type": "region", "version": 1 }, "end_va": 1954242559, "entry_point": 1954152448, "filename": "\\Windows\\SysWOW64\\cryptsp.dll", "id": "region_319", "name": "cryptsp.dll", "norm_filename": "c:\\windows\\syswow64\\cryptsp.dll", "region_type": "memory_mapped_file", "start_va": 1954152448, "timestamp": "00:00:15.079", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 245760, "start_va": 2293760, "type": "region", "version": 1 }, "end_va": 2539519, "entry_point": 2293760, "filename": "\\Windows\\SysWOW64\\rsaenh.dll", "id": "region_320", "name": "rsaenh.dll", "norm_filename": "c:\\windows\\syswow64\\rsaenh.dll", "region_type": "memory_mapped_file", "start_va": 2293760, "timestamp": "00:00:15.090", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 245760, "start_va": 2293760, "type": "region", "version": 1 }, "end_va": 2539519, "entry_point": 2298509, "filename": "\\Windows\\SysWOW64\\rsaenh.dll", "id": "region_321", "name": "rsaenh.dll", "norm_filename": "c:\\windows\\syswow64\\rsaenh.dll", "region_type": "memory_mapped_file", "start_va": 2293760, "timestamp": "00:00:15.099", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 241664, "start_va": 1953890304, "type": "region", "version": 1 }, "end_va": 1954131967, "entry_point": 1953895053, "filename": "\\Windows\\SysWOW64\\rsaenh.dll", "id": "region_325", "name": "rsaenh.dll", "norm_filename": "c:\\windows\\syswow64\\rsaenh.dll", "region_type": "memory_mapped_file", "start_va": 1953890304, "timestamp": "00:00:15.108", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 425984, "start_va": 13893632, "type": "region", "version": 1 }, "end_va": 14319615, "entry_point": 0, "filename": null, "id": "region_326", "name": "private_0x0000000000d40000", "norm_filename": null, "region_type": "private_memory", "start_va": 13893632, "timestamp": "00:00:15.114", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1425408, "start_va": 1987117056, "type": "region", "version": 1 }, "end_va": 1988542463, "entry_point": 1987426877, "filename": "\\Windows\\SysWOW64\\ole32.dll", "id": "region_329", "name": "ole32.dll", "norm_filename": "c:\\windows\\syswow64\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 1987117056, "timestamp": "00:00:15.163", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1167360, "start_va": 1980563456, "type": "region", "version": 1 }, "end_va": 1981730815, "entry_point": 1980568970, "filename": "\\Windows\\SysWOW64\\crypt32.dll", "id": "region_330", "name": "crypt32.dll", "norm_filename": "c:\\windows\\syswow64\\crypt32.dll", "region_type": "memory_mapped_file", "start_va": 1980563456, "timestamp": "00:00:15.165", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1995702272, "type": "region", "version": 1 }, "end_va": 1995751423, "entry_point": 1995711374, "filename": "\\Windows\\SysWOW64\\msasn1.dll", "id": "region_331", "name": "msasn1.dll", "norm_filename": "c:\\windows\\syswow64\\msasn1.dll", "region_type": "memory_mapped_file", "start_va": 1995702272, "timestamp": "00:00:15.166", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 114688, "start_va": 1956249600, "type": "region", "version": 1 }, "end_va": 1956364287, "entry_point": 1956291633, "filename": "\\Windows\\SysWOW64\\IPHLPAPI.DLL", "id": "region_332", "name": "iphlpapi.dll", "norm_filename": "c:\\windows\\syswow64\\iphlpapi.dll", "region_type": "memory_mapped_file", "start_va": 1956249600, "timestamp": "00:00:15.171", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 24576, "start_va": 1979514880, "type": "region", "version": 1 }, "end_va": 1979539455, "entry_point": 1979520898, "filename": "\\Windows\\SysWOW64\\nsi.dll", "id": "region_333", "name": "nsi.dll", "norm_filename": "c:\\windows\\syswow64\\nsi.dll", "region_type": "memory_mapped_file", "start_va": 1979514880, "timestamp": "00:00:15.172", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 28672, "start_va": 1956184064, "type": "region", "version": 1 }, "end_va": 1956212735, "entry_point": 1956188813, "filename": "\\Windows\\SysWOW64\\winnsi.dll", "id": "region_334", "name": "winnsi.dll", "norm_filename": "c:\\windows\\syswow64\\winnsi.dll", "region_type": "memory_mapped_file", "start_va": 1956184064, "timestamp": "00:00:15.173", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 217088, "start_va": 1982791680, "type": "region", "version": 1 }, "end_va": 1983008767, "entry_point": 1982796893, "filename": "\\Windows\\SysWOW64\\ws2_32.dll", "id": "region_335", "name": "ws2_32.dll", "norm_filename": "c:\\windows\\syswow64\\ws2_32.dll", "region_type": "memory_mapped_file", "start_va": 1982791680, "timestamp": "00:00:15.174", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000336-addr_0x00000000023c0000-size_0x00000000001c0000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_62", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1835008, "start_va": 37486592, "type": "region", "version": 1 }, "end_va": 39321599, "entry_point": 0, "filename": null, "id": "region_336", "name": "private_0x00000000023c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 37486592, "timestamp": "00:00:15.176", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 73728, "start_va": 1956052992, "type": "region", "version": 1 }, "end_va": 1956126719, "entry_point": 1956057600, "filename": "\\Windows\\SysWOW64\\mpr.dll", "id": "region_337", "name": "mpr.dll", "norm_filename": "c:\\windows\\syswow64\\mpr.dll", "region_type": "memory_mapped_file", "start_va": 1956052992, "timestamp": "00:00:15.179", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 69632, "start_va": 1955921920, "type": "region", "version": 1 }, "end_va": 1955991551, "entry_point": 1955926784, "filename": "\\Windows\\SysWOW64\\netapi32.dll", "id": "region_338", "name": "netapi32.dll", "norm_filename": "c:\\windows\\syswow64\\netapi32.dll", "region_type": "memory_mapped_file", "start_va": 1955921920, "timestamp": "00:00:15.182", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 36864, "start_va": 1955856384, "type": "region", "version": 1 }, "end_va": 1955893247, "entry_point": 1955861926, "filename": "\\Windows\\SysWOW64\\netutils.dll", "id": "region_339", "name": "netutils.dll", "norm_filename": "c:\\windows\\syswow64\\netutils.dll", "region_type": "memory_mapped_file", "start_va": 1955856384, "timestamp": "00:00:15.183", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 1955725312, "type": "region", "version": 1 }, "end_va": 1955827711, "entry_point": 1955730201, "filename": "\\Windows\\SysWOW64\\srvcli.dll", "id": "region_340", "name": "srvcli.dll", "norm_filename": "c:\\windows\\syswow64\\srvcli.dll", "region_type": "memory_mapped_file", "start_va": 1955725312, "timestamp": "00:00:15.184", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 61440, "start_va": 1955659776, "type": "region", "version": 1 }, "end_va": 1955721215, "entry_point": 1955664545, "filename": "\\Windows\\SysWOW64\\wkscli.dll", "id": "region_341", "name": "wkscli.dll", "norm_filename": "c:\\windows\\syswow64\\wkscli.dll", "region_type": "memory_mapped_file", "start_va": 1955659776, "timestamp": "00:00:15.186", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 53248, "start_va": 1955594240, "type": "region", "version": 1 }, "end_va": 1955647487, "entry_point": 1955599056, "filename": "\\Windows\\SysWOW64\\browcli.dll", "id": "region_342", "name": "browcli.dll", "norm_filename": "c:\\windows\\syswow64\\browcli.dll", "region_type": "memory_mapped_file", "start_va": 1955594240, "timestamp": "00:00:15.188", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 90112, "start_va": 1955463168, "type": "region", "version": 1 }, "end_va": 1955553279, "entry_point": 1955505834, "filename": "\\Windows\\SysWOW64\\dhcpsapi.dll", "id": "region_343", "name": "dhcpsapi.dll", "norm_filename": "c:\\windows\\syswow64\\dhcpsapi.dll", "region_type": "memory_mapped_file", "start_va": 1955463168, "timestamp": "00:00:15.190", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 61440, "start_va": 1955397632, "type": "region", "version": 1 }, "end_va": 1955459071, "entry_point": 1955402334, "filename": "\\Windows\\SysWOW64\\samcli.dll", "id": "region_344", "name": "samcli.dll", "norm_filename": "c:\\windows\\syswow64\\samcli.dll", "region_type": "memory_mapped_file", "start_va": 1955397632, "timestamp": "00:00:15.192", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 45056, "start_va": 1955332096, "type": "region", "version": 1 }, "end_va": 1955377151, "entry_point": 1955357183, "filename": "\\Windows\\SysWOW64\\dsauth.dll", "id": "region_345", "name": "dsauth.dll", "norm_filename": "c:\\windows\\syswow64\\dsauth.dll", "region_type": "memory_mapped_file", "start_va": 1955332096, "timestamp": "00:00:15.194", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 212992, "start_va": 1955069952, "type": "region", "version": 1 }, "end_va": 1955282943, "entry_point": 1955074766, "filename": "\\Windows\\SysWOW64\\adsldpc.dll", "id": "region_346", "name": "adsldpc.dll", "norm_filename": "c:\\windows\\syswow64\\adsldpc.dll", "region_type": "memory_mapped_file", "start_va": 1955069952, "timestamp": "00:00:15.195", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 282624, "start_va": 1982332928, "type": "region", "version": 1 }, "end_va": 1982615551, "entry_point": 1982337505, "filename": "\\Windows\\SysWOW64\\Wldap32.dll", "id": "region_347", "name": "wldap32.dll", "norm_filename": "c:\\windows\\syswow64\\wldap32.dll", "region_type": "memory_mapped_file", "start_va": 1982332928, "timestamp": "00:00:15.196", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 278528, "start_va": 1954742272, "type": "region", "version": 1 }, "end_va": 1955020799, "entry_point": 1954833401, "filename": "\\Windows\\SysWOW64\\dnsapi.dll", "id": "region_348", "name": "dnsapi.dll", "norm_filename": "c:\\windows\\syswow64\\dnsapi.dll", "region_type": "memory_mapped_file", "start_va": 1954742272, "timestamp": "00:00:15.199", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000349-addr_0x00000000023c0000-size_0x0000000000160000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_63", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1441792, "start_va": 37486592, "type": "region", "version": 1 }, "end_va": 38928383, "entry_point": 0, "filename": null, "id": "region_349", "name": "private_0x00000000023c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 37486592, "timestamp": "00:00:15.202", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 39059456, "type": "region", "version": 1 }, "end_va": 39321599, "entry_point": 0, "filename": null, "id": "region_350", "name": "private_0x0000000002540000", "norm_filename": null, "region_type": "private_memory", "start_va": 39059456, "timestamp": "00:00:15.203", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000351-addr_0x00000000000a0000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_64", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 655360, "type": "region", "version": 1 }, "end_va": 720895, "entry_point": 0, "filename": null, "id": "region_351", "name": "private_0x00000000000a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 655360, "timestamp": "00:00:15.217", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 37486592, "type": "region", "version": 1 }, "end_va": 38535167, "entry_point": 0, "filename": null, "id": "region_577", "name": "private_0x00000000023c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 37486592, "timestamp": "00:00:17.503", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 38666240, "type": "region", "version": 1 }, "end_va": 38928383, "entry_point": 0, "filename": null, "id": "region_578", "name": "private_0x00000000024e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 38666240, "timestamp": "00:00:17.504", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2945024, "start_va": 39321600, "type": "region", "version": 1 }, "end_va": 42266623, "entry_point": 39321600, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_579", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 39321600, "timestamp": "00:00:17.504", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 1638400, "type": "region", "version": 1 }, "end_va": 1900543, "entry_point": 0, "filename": null, "id": "region_602", "name": "private_0x0000000000190000", "norm_filename": null, "region_type": "private_memory", "start_va": 1638400, "timestamp": "00:00:17.558", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 13303808, "type": "region", "version": 1 }, "end_va": 13565951, "entry_point": 0, "filename": null, "id": "region_603", "name": "private_0x0000000000cb0000", "norm_filename": null, "region_type": "private_memory", "start_va": 13303808, "timestamp": "00:00:17.559", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 16187392, "type": "region", "version": 1 }, "end_va": 16449535, "entry_point": 0, "filename": null, "id": "region_604", "name": "private_0x0000000000f70000", "norm_filename": null, "region_type": "private_memory", "start_va": 16187392, "timestamp": "00:00:17.559", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 42991616, "type": "region", "version": 1 }, "end_va": 43253759, "entry_point": 0, "filename": null, "id": "region_605", "name": "private_0x0000000002900000", "norm_filename": null, "region_type": "private_memory", "start_va": 42991616, "timestamp": "00:00:17.559", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 43384832, "type": "region", "version": 1 }, "end_va": 43646975, "entry_point": 0, "filename": null, "id": "region_606", "name": "private_0x0000000002960000", "norm_filename": null, "region_type": "private_memory", "start_va": 43384832, "timestamp": "00:00:17.560", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 43778048, "type": "region", "version": 1 }, "end_va": 44040191, "entry_point": 0, "filename": null, "id": "region_607", "name": "private_0x00000000029c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 43778048, "timestamp": "00:00:17.560", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130354176, "type": "region", "version": 1 }, "end_va": 2130366463, "entry_point": 0, "filename": null, "id": "region_608", "name": "private_0x000000007efaa000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130354176, "timestamp": "00:00:17.560", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130366464, "type": "region", "version": 1 }, "end_va": 2130378751, "entry_point": 0, "filename": null, "id": "region_609", "name": "private_0x000000007efad000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130366464, "timestamp": "00:00:17.560", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130530304, "type": "region", "version": 1 }, "end_va": 2130542591, "entry_point": 0, "filename": null, "id": "region_610", "name": "private_0x000000007efd5000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130530304, "timestamp": "00:00:17.561", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000657-addr_0x0000000002870000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_137", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 42401792, "type": "region", "version": 1 }, "end_va": 42663935, "entry_point": 0, "filename": null, "id": "region_657", "name": "private_0x0000000002870000", "norm_filename": null, "region_type": "private_memory", "start_va": 42401792, "timestamp": "00:00:17.614", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000658-addr_0x00000000028b0000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_138", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 42663936, "type": "region", "version": 1 }, "end_va": 42926079, "entry_point": 0, "filename": null, "id": "region_658", "name": "private_0x00000000028b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 42663936, "timestamp": "00:00:17.614", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000659-addr_0x0000000002a80000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_139", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 44564480, "type": "region", "version": 1 }, "end_va": 44826623, "entry_point": 0, "filename": null, "id": "region_659", "name": "private_0x0000000002a80000", "norm_filename": null, "region_type": "private_memory", "start_va": 44564480, "timestamp": "00:00:17.615", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000660-addr_0x0000000002ad0000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_140", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 44892160, "type": "region", "version": 1 }, "end_va": 45154303, "entry_point": 0, "filename": null, "id": "region_660", "name": "private_0x0000000002ad0000", "norm_filename": null, "region_type": "private_memory", "start_va": 44892160, "timestamp": "00:00:17.615", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000661-addr_0x000000007efa4000-size_0x0000000000003000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_141", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 12288, "start_va": 2130329600, "type": "region", "version": 1 }, "end_va": 2130341887, "entry_point": 0, "filename": null, "id": "region_661", "name": "private_0x000000007efa4000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130329600, "timestamp": "00:00:17.615", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000662-addr_0x000000007efa7000-size_0x0000000000003000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_142", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 12288, "start_va": 2130341888, "type": "region", "version": 1 }, "end_va": 2130354175, "entry_point": 0, "filename": null, "id": "region_662", "name": "private_0x000000007efa7000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130341888, "timestamp": "00:00:17.615", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 45056, "start_va": 1954545664, "type": "region", "version": 1 }, "end_va": 1954590719, "entry_point": 1954545664, "filename": "\\Windows\\SysWOW64\\cscapi.dll", "id": "region_663", "name": "cscapi.dll", "norm_filename": "c:\\windows\\syswow64\\cscapi.dll", "region_type": "memory_mapped_file", "start_va": 1954545664, "timestamp": "00:00:17.624", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 73728, "start_va": 1954349056, "type": "region", "version": 1 }, "end_va": 1954422783, "entry_point": 1954349056, "filename": "\\Windows\\SysWOW64\\dhcpcsvc.dll", "id": "region_726", "name": "dhcpcsvc.dll", "norm_filename": "c:\\windows\\syswow64\\dhcpcsvc.dll", "region_type": "memory_mapped_file", "start_va": 1954349056, "timestamp": "00:00:17.974", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 45350912, "type": "region", "version": 1 }, "end_va": 45613055, "entry_point": 0, "filename": null, "id": "region_833", "name": "private_0x0000000002b40000", "norm_filename": null, "region_type": "private_memory", "start_va": 45350912, "timestamp": "00:00:18.653", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 45678592, "type": "region", "version": 1 }, "end_va": 45940735, "entry_point": 0, "filename": null, "id": "region_834", "name": "private_0x0000000002b90000", "norm_filename": null, "region_type": "private_memory", "start_va": 45678592, "timestamp": "00:00:18.654", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 245760, "start_va": 1953431552, "type": "region", "version": 1 }, "end_va": 1953677311, "entry_point": 1953431552, "filename": "\\Windows\\SysWOW64\\mswsock.dll", "id": "region_835", "name": "mswsock.dll", "norm_filename": "c:\\windows\\syswow64\\mswsock.dll", "region_type": "memory_mapped_file", "start_va": 1953431552, "timestamp": "00:00:18.654", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130317312, "type": "region", "version": 1 }, "end_va": 2130329599, "entry_point": 0, "filename": null, "id": "region_836", "name": "private_0x000000007efa1000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130317312, "timestamp": "00:00:18.663", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000838-addr_0x0000000000db0000-size_0x00000000000b0000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_191", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 720896, "start_va": 14352384, "type": "region", "version": 1 }, "end_va": 15073279, "entry_point": 0, "filename": null, "id": "region_838", "name": "private_0x0000000000db0000", "norm_filename": null, "region_type": "private_memory", "start_va": 14352384, "timestamp": "00:00:18.774", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 20480, "start_va": 1954283520, "type": "region", "version": 1 }, "end_va": 1954303999, "entry_point": 1954283520, "filename": "\\Windows\\SysWOW64\\WSHTCPIP.DLL", "id": "region_839", "name": "wshtcpip.dll", "norm_filename": "c:\\windows\\syswow64\\wshtcpip.dll", "region_type": "memory_mapped_file", "start_va": 1954283520, "timestamp": "00:00:18.792", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 2293760, "type": "region", "version": 1 }, "end_va": 2555903, "entry_point": 0, "filename": null, "id": "region_841", "name": "private_0x0000000000230000", "norm_filename": null, "region_type": "private_memory", "start_va": 2293760, "timestamp": "00:00:19.500", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 14548992, "type": "region", "version": 1 }, "end_va": 14811135, "entry_point": 0, "filename": null, "id": "region_842", "name": "private_0x0000000000de0000", "norm_filename": null, "region_type": "private_memory", "start_va": 14548992, "timestamp": "00:00:19.501", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 14811136, "type": "region", "version": 1 }, "end_va": 15073279, "entry_point": 0, "filename": null, "id": "region_843", "name": "private_0x0000000000e20000", "norm_filename": null, "region_type": "private_memory", "start_va": 14811136, "timestamp": "00:00:19.502", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 15597568, "type": "region", "version": 1 }, "end_va": 15859711, "entry_point": 0, "filename": null, "id": "region_844", "name": "private_0x0000000000ee0000", "norm_filename": null, "region_type": "private_memory", "start_va": 15597568, "timestamp": "00:00:19.504", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 44433408, "type": "region", "version": 1 }, "end_va": 44695551, "entry_point": 0, "filename": null, "id": "region_845", "name": "private_0x0000000002a60000", "norm_filename": null, "region_type": "private_memory", "start_va": 44433408, "timestamp": "00:00:19.505", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 46071808, "type": "region", "version": 1 }, "end_va": 46333951, "entry_point": 0, "filename": null, "id": "region_846", "name": "private_0x0000000002bf0000", "norm_filename": null, "region_type": "private_memory", "start_va": 46071808, "timestamp": "00:00:19.506", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 46399488, "type": "region", "version": 1 }, "end_va": 46661631, "entry_point": 0, "filename": null, "id": "region_847", "name": "private_0x0000000002c40000", "norm_filename": null, "region_type": "private_memory", "start_va": 46399488, "timestamp": "00:00:19.506", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4141056, "start_va": 46661632, "type": "region", "version": 1 }, "end_va": 50802687, "entry_point": 0, "filename": null, "id": "region_848", "name": "pagefile_0x0000000002c80000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 46661632, "timestamp": "00:00:19.506", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000867-addr_0x00000000000a0000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_192", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 655360, "type": "region", "version": 1 }, "end_va": 720895, "entry_point": 655360, "filename": "\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelLR.cab", "id": "region_867", "name": "excellr.cab", "norm_filename": "c:\\msocache\\all users\\{90140000-0016-0409-1000-0000000ff1ce}-c\\excellr.cab", "region_type": "memory_mapped_file", "start_va": 655360, "timestamp": "00:00:20.333", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000869-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_193", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 655360, "type": "region", "version": 1 }, "end_va": 659455, "entry_point": 655360, "filename": "\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelMUI.xml", "id": "region_869", "name": "excelmui.xml", "norm_filename": "c:\\msocache\\all users\\{90140000-0016-0409-1000-0000000ff1ce}-c\\excelmui.xml", "region_type": "memory_mapped_file", "start_va": 655360, "timestamp": "00:00:20.523", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000870-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_194", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 655360, "type": "region", "version": 1 }, "end_va": 659455, "entry_point": 655360, "filename": "\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelMUI.xml", "id": "region_870", "name": "excelmui.xml", "norm_filename": "c:\\msocache\\all users\\{90140000-0016-0409-1000-0000000ff1ce}-c\\excelmui.xml", "region_type": "memory_mapped_file", "start_va": 655360, "timestamp": "00:00:20.525", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000872-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_195", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 655360, "type": "region", "version": 1 }, "end_va": 659455, "entry_point": 655360, "filename": "\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\Setup.xml", "id": "region_872", "name": "setup.xml", "norm_filename": "c:\\msocache\\all users\\{90140000-0016-0409-1000-0000000ff1ce}-c\\setup.xml", "region_type": "memory_mapped_file", "start_va": 655360, "timestamp": "00:00:20.531", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000873-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_196", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 655360, "type": "region", "version": 1 }, "end_va": 659455, "entry_point": 655360, "filename": "\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\Setup.xml", "id": "region_873", "name": "setup.xml", "norm_filename": "c:\\msocache\\all users\\{90140000-0016-0409-1000-0000000ff1ce}-c\\setup.xml", "region_type": "memory_mapped_file", "start_va": 655360, "timestamp": "00:00:20.534", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000875-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_197", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 655360, "type": "region", "version": 1 }, "end_va": 659455, "entry_point": 655360, "filename": "\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PowerPointMUI.xml", "id": "region_875", "name": "powerpointmui.xml", "norm_filename": "c:\\msocache\\all users\\{90140000-0018-0409-1000-0000000ff1ce}-c\\powerpointmui.xml", "region_type": "memory_mapped_file", "start_va": 655360, "timestamp": "00:00:20.539", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000876-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_198", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 655360, "type": "region", "version": 1 }, "end_va": 659455, "entry_point": 655360, "filename": "\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PowerPointMUI.xml", "id": "region_876", "name": "powerpointmui.xml", "norm_filename": "c:\\msocache\\all users\\{90140000-0018-0409-1000-0000000ff1ce}-c\\powerpointmui.xml", "region_type": "memory_mapped_file", "start_va": 655360, "timestamp": "00:00:20.542", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000879-addr_0x00000000000a0000-size_0x000000000000b000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_199", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 45056, "start_va": 655360, "type": "region", "version": 1 }, "end_va": 700415, "entry_point": 655360, "filename": "\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PptLR.cab", "id": "region_879", "name": "pptlr.cab", "norm_filename": "c:\\msocache\\all users\\{90140000-0018-0409-1000-0000000ff1ce}-c\\pptlr.cab", "region_type": "memory_mapped_file", "start_va": 655360, "timestamp": "00:00:21.150", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000881-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_200", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 655360, "type": "region", "version": 1 }, "end_va": 659455, "entry_point": 655360, "filename": "\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\Setup.xml", "id": "region_881", "name": "setup.xml", "norm_filename": "c:\\msocache\\all users\\{90140000-0018-0409-1000-0000000ff1ce}-c\\setup.xml", "region_type": "memory_mapped_file", "start_va": 655360, "timestamp": "00:00:21.343", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000882-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_201", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 655360, "type": "region", "version": 1 }, "end_va": 659455, "entry_point": 655360, "filename": "\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\Setup.xml", "id": "region_882", "name": "setup.xml", "norm_filename": "c:\\msocache\\all users\\{90140000-0018-0409-1000-0000000ff1ce}-c\\setup.xml", "region_type": "memory_mapped_file", "start_va": 655360, "timestamp": "00:00:21.376", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000884-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_202", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 655360, "type": "region", "version": 1 }, "end_va": 659455, "entry_point": 655360, "filename": "\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PublisherMUI.xml", "id": "region_884", "name": "publishermui.xml", "norm_filename": "c:\\msocache\\all users\\{90140000-0019-0409-1000-0000000ff1ce}-c\\publishermui.xml", "region_type": "memory_mapped_file", "start_va": 655360, "timestamp": "00:00:21.382", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000885-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_203", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 655360, "type": "region", "version": 1 }, "end_va": 659455, "entry_point": 655360, "filename": "\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PublisherMUI.xml", "id": "region_885", "name": "publishermui.xml", "norm_filename": "c:\\msocache\\all users\\{90140000-0019-0409-1000-0000000ff1ce}-c\\publishermui.xml", "region_type": "memory_mapped_file", "start_va": 655360, "timestamp": "00:00:21.385", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000887-addr_0x0000000003240000-size_0x0000000000980000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_204", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 9961472, "start_va": 52690944, "type": "region", "version": 1 }, "end_va": 62652415, "entry_point": 52690944, "filename": "\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PubLR.cab", "id": "region_887", "name": "publr.cab", "norm_filename": "c:\\msocache\\all users\\{90140000-0019-0409-1000-0000000ff1ce}-c\\publr.cab", "region_type": "memory_mapped_file", "start_va": 52690944, "timestamp": "00:00:21.389", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000888-addr_0x00000000000a0000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_205", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 655360, "type": "region", "version": 1 }, "end_va": 720895, "entry_point": 655360, "filename": "\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PubLR.cab", "id": "region_888", "name": "publr.cab", "norm_filename": "c:\\msocache\\all users\\{90140000-0019-0409-1000-0000000ff1ce}-c\\publr.cab", "region_type": "memory_mapped_file", "start_va": 655360, "timestamp": "00:00:21.740", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000890-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_206", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 655360, "type": "region", "version": 1 }, "end_va": 659455, "entry_point": 655360, "filename": "\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\Setup.xml", "id": "region_890", "name": "setup.xml", "norm_filename": "c:\\msocache\\all users\\{90140000-0019-0409-1000-0000000ff1ce}-c\\setup.xml", "region_type": "memory_mapped_file", "start_va": 655360, "timestamp": "00:00:21.931", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000891-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_207", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 655360, "type": "region", "version": 1 }, "end_va": 659455, "entry_point": 655360, "filename": "\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\Setup.xml", "id": "region_891", "name": "setup.xml", "norm_filename": "c:\\msocache\\all users\\{90140000-0019-0409-1000-0000000ff1ce}-c\\setup.xml", "region_type": "memory_mapped_file", "start_va": 655360, "timestamp": "00:00:21.935", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000894-addr_0x00000000000a0000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_208", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 655360, "type": "region", "version": 1 }, "end_va": 663551, "entry_point": 655360, "filename": "\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlkLR.cab", "id": "region_894", "name": "outlklr.cab", "norm_filename": "c:\\msocache\\all users\\{90140000-001a-0409-1000-0000000ff1ce}-c\\outlklr.cab", "region_type": "memory_mapped_file", "start_va": 655360, "timestamp": "00:00:22.449", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000896-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_209", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 655360, "type": "region", "version": 1 }, "end_va": 659455, "entry_point": 655360, "filename": "\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlookMUI.xml", "id": "region_896", "name": "outlookmui.xml", "norm_filename": "c:\\msocache\\all users\\{90140000-001a-0409-1000-0000000ff1ce}-c\\outlookmui.xml", "region_type": "memory_mapped_file", "start_va": 655360, "timestamp": "00:00:22.648", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000897-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_210", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 655360, "type": "region", "version": 1 }, "end_va": 659455, "entry_point": 655360, "filename": "\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlookMUI.xml", "id": "region_897", "name": "outlookmui.xml", "norm_filename": "c:\\msocache\\all users\\{90140000-001a-0409-1000-0000000ff1ce}-c\\outlookmui.xml", "region_type": "memory_mapped_file", "start_va": 655360, "timestamp": "00:00:22.658", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000899-addr_0x00000000000a0000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_211", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 655360, "type": "region", "version": 1 }, "end_va": 663551, "entry_point": 655360, "filename": "\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\Setup.xml", "id": "region_899", "name": "setup.xml", "norm_filename": "c:\\msocache\\all users\\{90140000-001a-0409-1000-0000000ff1ce}-c\\setup.xml", "region_type": "memory_mapped_file", "start_va": 655360, "timestamp": "00:00:22.663", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000900-addr_0x00000000000a0000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_212", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 655360, "type": "region", "version": 1 }, "end_va": 663551, "entry_point": 655360, "filename": "\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\Setup.xml", "id": "region_900", "name": "setup.xml", "norm_filename": "c:\\msocache\\all users\\{90140000-001a-0409-1000-0000000ff1ce}-c\\setup.xml", "region_type": "memory_mapped_file", "start_va": 655360, "timestamp": "00:00:22.666", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000902-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_213", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 655360, "type": "region", "version": 1 }, "end_va": 659455, "entry_point": 655360, "filename": "\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\Setup.xml", "id": "region_902", "name": "setup.xml", "norm_filename": "c:\\msocache\\all users\\{90140000-001b-0409-1000-0000000ff1ce}-c\\setup.xml", "region_type": "memory_mapped_file", "start_va": 655360, "timestamp": "00:00:22.673", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000903-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_214", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 655360, "type": "region", "version": 1 }, "end_va": 659455, "entry_point": 655360, "filename": "\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\Setup.xml", "id": "region_903", "name": "setup.xml", "norm_filename": "c:\\msocache\\all users\\{90140000-001b-0409-1000-0000000ff1ce}-c\\setup.xml", "region_type": "memory_mapped_file", "start_va": 655360, "timestamp": "00:00:22.676", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000972-addr_0x00000000000a0000-size_0x0000000000007000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_215", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 28672, "start_va": 655360, "type": "region", "version": 1 }, "end_va": 684031, "entry_point": 655360, "filename": "\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\WordLR.cab", "id": "region_972", "name": "wordlr.cab", "norm_filename": "c:\\msocache\\all users\\{90140000-001b-0409-1000-0000000ff1ce}-c\\wordlr.cab", "region_type": "memory_mapped_file", "start_va": 655360, "timestamp": "00:00:23.757", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000974-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_216", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 655360, "type": "region", "version": 1 }, "end_va": 659455, "entry_point": 655360, "filename": "\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\WordMUI.xml", "id": "region_974", "name": "wordmui.xml", "norm_filename": "c:\\msocache\\all users\\{90140000-001b-0409-1000-0000000ff1ce}-c\\wordmui.xml", "region_type": "memory_mapped_file", "start_va": 655360, "timestamp": "00:00:23.951", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000975-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_217", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 655360, "type": "region", "version": 1 }, "end_va": 659455, "entry_point": 655360, "filename": "\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\WordMUI.xml", "id": "region_975", "name": "wordmui.xml", "norm_filename": "c:\\msocache\\all users\\{90140000-001b-0409-1000-0000000ff1ce}-c\\wordmui.xml", "region_type": "memory_mapped_file", "start_va": 655360, "timestamp": "00:00:23.953", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000978-addr_0x00000000000a0000-size_0x0000000000004000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_218", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 16384, "start_va": 655360, "type": "region", "version": 1 }, "end_va": 671743, "entry_point": 655360, "filename": "\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\Proof.cab", "id": "region_978", "name": "proof.cab", "norm_filename": "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.en\\proof.cab", "region_type": "memory_mapped_file", "start_va": 655360, "timestamp": "00:00:24.379", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000980-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_219", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 655360, "type": "region", "version": 1 }, "end_va": 659455, "entry_point": 655360, "filename": "\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\Proof.xml", "id": "region_980", "name": "proof.xml", "norm_filename": "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.en\\proof.xml", "region_type": "memory_mapped_file", "start_va": 655360, "timestamp": "00:00:24.604", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000981-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_220", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 655360, "type": "region", "version": 1 }, "end_va": 659455, "entry_point": 655360, "filename": "\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\Proof.xml", "id": "region_981", "name": "proof.xml", "norm_filename": "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.en\\proof.xml", "region_type": "memory_mapped_file", "start_va": 655360, "timestamp": "00:00:24.607", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000984-addr_0x00000000000a0000-size_0x0000000000003000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_221", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 12288, "start_va": 655360, "type": "region", "version": 1 }, "end_va": 667647, "entry_point": 655360, "filename": "\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\Proof.cab", "id": "region_984", "name": "proof.cab", "norm_filename": "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.es\\proof.cab", "region_type": "memory_mapped_file", "start_va": 655360, "timestamp": "00:00:25.108", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000986-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_222", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 655360, "type": "region", "version": 1 }, "end_va": 659455, "entry_point": 655360, "filename": "\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\Proof.xml", "id": "region_986", "name": "proof.xml", "norm_filename": "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.es\\proof.xml", "region_type": "memory_mapped_file", "start_va": 655360, "timestamp": "00:00:25.343", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000987-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_223", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 655360, "type": "region", "version": 1 }, "end_va": 659455, "entry_point": 655360, "filename": "\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\Proof.xml", "id": "region_987", "name": "proof.xml", "norm_filename": "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.es\\proof.xml", "region_type": "memory_mapped_file", "start_va": 655360, "timestamp": "00:00:25.346", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000990-addr_0x00000000000a0000-size_0x0000000000007000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_224", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 28672, "start_va": 655360, "type": "region", "version": 1 }, "end_va": 684031, "entry_point": 655360, "filename": "\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\Proof.cab", "id": "region_990", "name": "proof.cab", "norm_filename": "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.fr\\proof.cab", "region_type": "memory_mapped_file", "start_va": 655360, "timestamp": "00:00:25.972", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000992-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_225", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 655360, "type": "region", "version": 1 }, "end_va": 659455, "entry_point": 655360, "filename": "\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\Proof.xml", "id": "region_992", "name": "proof.xml", "norm_filename": "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.fr\\proof.xml", "region_type": "memory_mapped_file", "start_va": 655360, "timestamp": "00:00:26.168", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000993-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_226", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 655360, "type": "region", "version": 1 }, "end_va": 659455, "entry_point": 655360, "filename": "\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\Proof.xml", "id": "region_993", "name": "proof.xml", "norm_filename": "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.fr\\proof.xml", "region_type": "memory_mapped_file", "start_va": 655360, "timestamp": "00:00:26.170", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000995-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_227", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 655360, "type": "region", "version": 1 }, "end_va": 659455, "entry_point": 655360, "filename": "\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proofing.xml", "id": "region_995", "name": "proofing.xml", "norm_filename": "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proofing.xml", "region_type": "memory_mapped_file", "start_va": 655360, "timestamp": "00:00:26.174", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000996-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_228", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 655360, "type": "region", "version": 1 }, "end_va": 659455, "entry_point": 655360, "filename": "\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proofing.xml", "id": "region_996", "name": "proofing.xml", "norm_filename": "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proofing.xml", "region_type": "memory_mapped_file", "start_va": 655360, "timestamp": "00:00:26.177", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000998-addr_0x00000000000a0000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_229", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 655360, "type": "region", "version": 1 }, "end_va": 663551, "entry_point": 655360, "filename": "\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Setup.xml", "id": "region_998", "name": "setup.xml", "norm_filename": "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\setup.xml", "region_type": "memory_mapped_file", "start_va": 655360, "timestamp": "00:00:26.180", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000999-addr_0x00000000000a0000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_230", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 655360, "type": "region", "version": 1 }, "end_va": 663551, "entry_point": 655360, "filename": "\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Setup.xml", "id": "region_999", "name": "setup.xml", "norm_filename": "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\setup.xml", "region_type": "memory_mapped_file", "start_va": 655360, "timestamp": "00:00:26.183", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00001001-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_231", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 655360, "type": "region", "version": 1 }, "end_va": 659455, "entry_point": 655360, "filename": "\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\Office32MUI.xml", "id": "region_1001", "name": "office32mui.xml", "norm_filename": "c:\\msocache\\all users\\{90140000-0043-0409-1000-0000000ff1ce}-c\\office32mui.xml", "region_type": "memory_mapped_file", "start_va": 655360, "timestamp": "00:00:26.188", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00001002-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_232", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 655360, "type": "region", "version": 1 }, "end_va": 659455, "entry_point": 655360, "filename": "\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\Office32MUI.xml", "id": "region_1002", "name": "office32mui.xml", "norm_filename": "c:\\msocache\\all users\\{90140000-0043-0409-1000-0000000ff1ce}-c\\office32mui.xml", "region_type": "memory_mapped_file", "start_va": 655360, "timestamp": "00:00:26.191", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00001004-addr_0x0000000003240000-size_0x00000000002cc000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_233", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 2932736, "start_va": 52690944, "type": "region", "version": 1 }, "end_va": 55623679, "entry_point": 52690944, "filename": "\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\OWOW32LR.cab", "id": "region_1004", "name": "owow32lr.cab", "norm_filename": "c:\\msocache\\all users\\{90140000-0043-0409-1000-0000000ff1ce}-c\\owow32lr.cab", "region_type": "memory_mapped_file", "start_va": 52690944, "timestamp": "00:00:26.197", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00001005-addr_0x00000000000a0000-size_0x000000000000c000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_234", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 49152, "start_va": 655360, "type": "region", "version": 1 }, "end_va": 704511, "entry_point": 655360, "filename": "\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\OWOW32LR.cab", "id": "region_1005", "name": "owow32lr.cab", "norm_filename": "c:\\msocache\\all users\\{90140000-0043-0409-1000-0000000ff1ce}-c\\owow32lr.cab", "region_type": "memory_mapped_file", "start_va": 655360, "timestamp": "00:00:26.298", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00001007-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_235", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 655360, "type": "region", "version": 1 }, "end_va": 659455, "entry_point": 655360, "filename": "\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\Setup.xml", "id": "region_1007", "name": "setup.xml", "norm_filename": "c:\\msocache\\all users\\{90140000-0043-0409-1000-0000000ff1ce}-c\\setup.xml", "region_type": "memory_mapped_file", "start_va": 655360, "timestamp": "00:00:26.351", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00001008-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_236", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 655360, "type": "region", "version": 1 }, "end_va": 659455, "entry_point": 655360, "filename": "\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\Setup.xml", "id": "region_1008", "name": "setup.xml", "norm_filename": "c:\\msocache\\all users\\{90140000-0043-0409-1000-0000000ff1ce}-c\\setup.xml", "region_type": "memory_mapped_file", "start_va": 655360, "timestamp": "00:00:26.354", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00001011-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_237", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 655360, "type": "region", "version": 1 }, "end_va": 659455, "entry_point": 655360, "filename": "\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\InfLR.cab", "id": "region_1011", "name": "inflr.cab", "norm_filename": "c:\\msocache\\all users\\{90140000-0044-0409-1000-0000000ff1ce}-c\\inflr.cab", "region_type": "memory_mapped_file", "start_va": 655360, "timestamp": "00:00:26.996", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00001013-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_238", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 655360, "type": "region", "version": 1 }, "end_va": 659455, "entry_point": 655360, "filename": "\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\InfoPathMUI.xml", "id": "region_1013", "name": "infopathmui.xml", "norm_filename": "c:\\msocache\\all users\\{90140000-0044-0409-1000-0000000ff1ce}-c\\infopathmui.xml", "region_type": "memory_mapped_file", "start_va": 655360, "timestamp": "00:00:27.195", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00001014-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_239", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 655360, "type": "region", "version": 1 }, "end_va": 659455, "entry_point": 655360, "filename": "\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\InfoPathMUI.xml", "id": "region_1014", "name": "infopathmui.xml", "norm_filename": "c:\\msocache\\all users\\{90140000-0044-0409-1000-0000000ff1ce}-c\\infopathmui.xml", "region_type": "memory_mapped_file", "start_va": 655360, "timestamp": "00:00:27.197", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00001016-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_240", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 655360, "type": "region", "version": 1 }, "end_va": 659455, "entry_point": 655360, "filename": "\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\Setup.xml", "id": "region_1016", "name": "setup.xml", "norm_filename": "c:\\msocache\\all users\\{90140000-0044-0409-1000-0000000ff1ce}-c\\setup.xml", "region_type": "memory_mapped_file", "start_va": 655360, "timestamp": "00:00:27.202", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00001017-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_241", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 655360, "type": "region", "version": 1 }, "end_va": 659455, "entry_point": 655360, "filename": "\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\Setup.xml", "id": "region_1017", "name": "setup.xml", "norm_filename": "c:\\msocache\\all users\\{90140000-0044-0409-1000-0000000ff1ce}-c\\setup.xml", "region_type": "memory_mapped_file", "start_va": 655360, "timestamp": "00:00:27.205", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00001019-addr_0x00000000000a0000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_242", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 655360, "type": "region", "version": 1 }, "end_va": 663551, "entry_point": 655360, "filename": "\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\Setup.xml", "id": "region_1019", "name": "setup.xml", "norm_filename": "c:\\msocache\\all users\\{90140000-0054-0409-1000-0000000ff1ce}-c\\setup.xml", "region_type": "memory_mapped_file", "start_va": 655360, "timestamp": "00:00:27.210", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00001020-addr_0x00000000000a0000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_243", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 655360, "type": "region", "version": 1 }, "end_va": 663551, "entry_point": 655360, "filename": "\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\Setup.xml", "id": "region_1020", "name": "setup.xml", "norm_filename": "c:\\msocache\\all users\\{90140000-0054-0409-1000-0000000ff1ce}-c\\setup.xml", "region_type": "memory_mapped_file", "start_va": 655360, "timestamp": "00:00:27.212", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00001023-addr_0x00000000000a0000-size_0x0000000000009000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_244", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 36864, "start_va": 655360, "type": "region", "version": 1 }, "end_va": 692223, "entry_point": 655360, "filename": "\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\VisioLR.cab", "id": "region_1023", "name": "visiolr.cab", "norm_filename": "c:\\msocache\\all users\\{90140000-0054-0409-1000-0000000ff1ce}-c\\visiolr.cab", "region_type": "memory_mapped_file", "start_va": 655360, "timestamp": "00:00:27.861", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00001025-addr_0x00000000000a0000-size_0x0000000000003000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_245", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 12288, "start_va": 655360, "type": "region", "version": 1 }, "end_va": 667647, "entry_point": 655360, "filename": "\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\VisioMUI.xml", "id": "region_1025", "name": "visiomui.xml", "norm_filename": "c:\\msocache\\all users\\{90140000-0054-0409-1000-0000000ff1ce}-c\\visiomui.xml", "region_type": "memory_mapped_file", "start_va": 655360, "timestamp": "00:00:28.028", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00001026-addr_0x00000000000a0000-size_0x0000000000003000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_246", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 12288, "start_va": 655360, "type": "region", "version": 1 }, "end_va": 667647, "entry_point": 655360, "filename": "\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\VisioMUI.xml", "id": "region_1026", "name": "visiomui.xml", "norm_filename": "c:\\msocache\\all users\\{90140000-0054-0409-1000-0000000ff1ce}-c\\visiomui.xml", "region_type": "memory_mapped_file", "start_va": 655360, "timestamp": "00:00:28.030", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00001028-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_247", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 655360, "type": "region", "version": 1 }, "end_va": 659455, "entry_point": 655360, "filename": "\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\OneNoteMUI.xml", "id": "region_1028", "name": "onenotemui.xml", "norm_filename": "c:\\msocache\\all users\\{90140000-00a1-0409-1000-0000000ff1ce}-c\\onenotemui.xml", "region_type": "memory_mapped_file", "start_va": 655360, "timestamp": "00:00:28.062", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00001029-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_248", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 655360, "type": "region", "version": 1 }, "end_va": 659455, "entry_point": 655360, "filename": "\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\OneNoteMUI.xml", "id": "region_1029", "name": "onenotemui.xml", "norm_filename": "c:\\msocache\\all users\\{90140000-00a1-0409-1000-0000000ff1ce}-c\\onenotemui.xml", "region_type": "memory_mapped_file", "start_va": 655360, "timestamp": "00:00:28.071", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00001032-addr_0x00000000000a0000-size_0x0000000000006000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_249", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 24576, "start_va": 655360, "type": "region", "version": 1 }, "end_va": 679935, "entry_point": 655360, "filename": "\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\OnoteLR.cab", "id": "region_1032", "name": "onotelr.cab", "norm_filename": "c:\\msocache\\all users\\{90140000-00a1-0409-1000-0000000ff1ce}-c\\onotelr.cab", "region_type": "memory_mapped_file", "start_va": 655360, "timestamp": "00:00:28.785", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00001034-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_250", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 655360, "type": "region", "version": 1 }, "end_va": 659455, "entry_point": 655360, "filename": "\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\Setup.xml", "id": "region_1034", "name": "setup.xml", "norm_filename": "c:\\msocache\\all users\\{90140000-00a1-0409-1000-0000000ff1ce}-c\\setup.xml", "region_type": "memory_mapped_file", "start_va": 655360, "timestamp": "00:00:28.794", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00001035-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_251", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 655360, "type": "region", "version": 1 }, "end_va": 659455, "entry_point": 655360, "filename": "\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\Setup.xml", "id": "region_1035", "name": "setup.xml", "norm_filename": "c:\\msocache\\all users\\{90140000-00a1-0409-1000-0000000ff1ce}-c\\setup.xml", "region_type": "memory_mapped_file", "start_va": 655360, "timestamp": "00:00:28.797", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00001037-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_252", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 655360, "type": "region", "version": 1 }, "end_va": 659455, "entry_point": 655360, "filename": "\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\ProjectMUI.xml", "id": "region_1037", "name": "projectmui.xml", "norm_filename": "c:\\msocache\\all users\\{90140000-00b4-0409-1000-0000000ff1ce}-c\\projectmui.xml", "region_type": "memory_mapped_file", "start_va": 655360, "timestamp": "00:00:28.815", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00001038-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_253", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 655360, "type": "region", "version": 1 }, "end_va": 659455, "entry_point": 655360, "filename": "\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\ProjectMUI.xml", "id": "region_1038", "name": "projectmui.xml", "norm_filename": "c:\\msocache\\all users\\{90140000-00b4-0409-1000-0000000ff1ce}-c\\projectmui.xml", "region_type": "memory_mapped_file", "start_va": 655360, "timestamp": "00:00:28.817", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00001040-addr_0x0000000003240000-size_0x00000000007e2000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_254", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8265728, "start_va": 52690944, "type": "region", "version": 1 }, "end_va": 60956671, "entry_point": 52690944, "filename": "\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\ProjLR.cab", "id": "region_1040", "name": "projlr.cab", "norm_filename": "c:\\msocache\\all users\\{90140000-00b4-0409-1000-0000000ff1ce}-c\\projlr.cab", "region_type": "memory_mapped_file", "start_va": 52690944, "timestamp": "00:00:28.836", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00001041-addr_0x00000000000a0000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_255", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 655360, "type": "region", "version": 1 }, "end_va": 663551, "entry_point": 655360, "filename": "\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\ProjLR.cab", "id": "region_1041", "name": "projlr.cab", "norm_filename": "c:\\msocache\\all users\\{90140000-00b4-0409-1000-0000000ff1ce}-c\\projlr.cab", "region_type": "memory_mapped_file", "start_va": 655360, "timestamp": "00:00:29.142", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00001043-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_256", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 655360, "type": "region", "version": 1 }, "end_va": 659455, "entry_point": 655360, "filename": "\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\Setup.xml", "id": "region_1043", "name": "setup.xml", "norm_filename": "c:\\msocache\\all users\\{90140000-00b4-0409-1000-0000000ff1ce}-c\\setup.xml", "region_type": "memory_mapped_file", "start_va": 655360, "timestamp": "00:00:29.146", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00001044-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_257", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 655360, "type": "region", "version": 1 }, "end_va": 659455, "entry_point": 655360, "filename": "\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\Setup.xml", "id": "region_1044", "name": "setup.xml", "norm_filename": "c:\\msocache\\all users\\{90140000-00b4-0409-1000-0000000ff1ce}-c\\setup.xml", "region_type": "memory_mapped_file", "start_va": 655360, "timestamp": "00:00:29.148", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00001046-addr_0x0000000003240000-size_0x00000000003e8000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_258", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096000, "start_va": 52690944, "type": "region", "version": 1 }, "end_va": 56786943, "entry_point": 52690944, "filename": "\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\GrooveLR.cab", "id": "region_1046", "name": "groovelr.cab", "norm_filename": "c:\\msocache\\all users\\{90140000-00ba-0409-1000-0000000ff1ce}-c\\groovelr.cab", "region_type": "memory_mapped_file", "start_va": 52690944, "timestamp": "00:00:29.193", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00001047-addr_0x00000000000a0000-size_0x0000000000008000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_259", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 32768, "start_va": 655360, "type": "region", "version": 1 }, "end_va": 688127, "entry_point": 655360, "filename": "\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\GrooveLR.cab", "id": "region_1047", "name": "groovelr.cab", "norm_filename": "c:\\msocache\\all users\\{90140000-00ba-0409-1000-0000000ff1ce}-c\\groovelr.cab", "region_type": "memory_mapped_file", "start_va": 655360, "timestamp": "00:00:29.391", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00001049-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_260", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 655360, "type": "region", "version": 1 }, "end_va": 659455, "entry_point": 655360, "filename": "\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\GrooveMUI.xml", "id": "region_1049", "name": "groovemui.xml", "norm_filename": "c:\\msocache\\all users\\{90140000-00ba-0409-1000-0000000ff1ce}-c\\groovemui.xml", "region_type": "memory_mapped_file", "start_va": 655360, "timestamp": "00:00:29.416", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00001050-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_261", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 655360, "type": "region", "version": 1 }, "end_va": 659455, "entry_point": 655360, "filename": "\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\GrooveMUI.xml", "id": "region_1050", "name": "groovemui.xml", "norm_filename": "c:\\msocache\\all users\\{90140000-00ba-0409-1000-0000000ff1ce}-c\\groovemui.xml", "region_type": "memory_mapped_file", "start_va": 655360, "timestamp": "00:00:29.421", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00001052-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_262", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 655360, "type": "region", "version": 1 }, "end_va": 659455, "entry_point": 655360, "filename": "\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\Setup.xml", "id": "region_1052", "name": "setup.xml", "norm_filename": "c:\\msocache\\all users\\{90140000-00ba-0409-1000-0000000ff1ce}-c\\setup.xml", "region_type": "memory_mapped_file", "start_va": 655360, "timestamp": "00:00:29.425", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00001053-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_263", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 655360, "type": "region", "version": 1 }, "end_va": 659455, "entry_point": 655360, "filename": "\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\Setup.xml", "id": "region_1053", "name": "setup.xml", "norm_filename": "c:\\msocache\\all users\\{90140000-00ba-0409-1000-0000000ff1ce}-c\\setup.xml", "region_type": "memory_mapped_file", "start_va": 655360, "timestamp": "00:00:29.427", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00001055-addr_0x0000000002850000-size_0x0000000000092000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_264", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 598016, "start_va": 42270720, "type": "region", "version": 1 }, "end_va": 42868735, "entry_point": 42270720, "filename": "\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\branding.xml", "id": "region_1055", "name": "branding.xml", "norm_filename": "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\branding.xml", "region_type": "memory_mapped_file", "start_va": 42270720, "timestamp": "00:00:29.456", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00001056-addr_0x00000000000a0000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_265", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 655360, "type": "region", "version": 1 }, "end_va": 663551, "entry_point": 655360, "filename": "\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\branding.xml", "id": "region_1056", "name": "branding.xml", "norm_filename": "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\branding.xml", "region_type": "memory_mapped_file", "start_va": 655360, "timestamp": "00:00:29.490", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00001080-addr_0x00000000000a0000-size_0x000000000000a000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_273", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 40960, "start_va": 655360, "type": "region", "version": 1 }, "end_va": 696319, "entry_point": 655360, "filename": "\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeLR.cab", "id": "region_1080", "name": "officelr.cab", "norm_filename": "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\officelr.cab", "region_type": "memory_mapped_file", "start_va": 655360, "timestamp": "00:00:30.334", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00001082-addr_0x00000000000a0000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_274", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 655360, "type": "region", "version": 1 }, "end_va": 663551, "entry_point": 655360, "filename": "\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUI.xml", "id": "region_1082", "name": "officemui.xml", "norm_filename": "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\officemui.xml", "region_type": "memory_mapped_file", "start_va": 655360, "timestamp": "00:00:30.347", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00001115-addr_0x00000000000a0000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_279", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 655360, "type": "region", "version": 1 }, "end_va": 663551, "entry_point": 655360, "filename": "\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUI.xml", "id": "region_1115", "name": "officemui.xml", "norm_filename": "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\officemui.xml", "region_type": "memory_mapped_file", "start_va": 655360, "timestamp": "00:00:30.388", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00001135-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_288", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 655360, "type": "region", "version": 1 }, "end_va": 659455, "entry_point": 655360, "filename": "\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUISet.xml", "id": "region_1135", "name": "officemuiset.xml", "norm_filename": "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\officemuiset.xml", "region_type": "memory_mapped_file", "start_va": 655360, "timestamp": "00:00:30.471", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00001165-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_294", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 655360, "type": "region", "version": 1 }, "end_va": 659455, "entry_point": 655360, "filename": "\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUISet.xml", "id": "region_1165", "name": "officemuiset.xml", "norm_filename": "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\officemuiset.xml", "region_type": "memory_mapped_file", "start_va": 655360, "timestamp": "00:00:30.530", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00001180-addr_0x00000000000a0000-size_0x0000000000003000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_297", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 12288, "start_va": 655360, "type": "region", "version": 1 }, "end_va": 667647, "entry_point": 655360, "filename": "\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\Setup.xml", "id": "region_1180", "name": "setup.xml", "norm_filename": "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\setup.xml", "region_type": "memory_mapped_file", "start_va": 655360, "timestamp": "00:00:30.589", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00001181-addr_0x00000000000a0000-size_0x0000000000003000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_298", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 12288, "start_va": 655360, "type": "region", "version": 1 }, "end_va": 667647, "entry_point": 655360, "filename": "\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\Setup.xml", "id": "region_1181", "name": "setup.xml", "norm_filename": "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\setup.xml", "region_type": "memory_mapped_file", "start_va": 655360, "timestamp": "00:00:30.594", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00001242-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_314", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 655360, "type": "region", "version": 1 }, "end_va": 659455, "entry_point": 655360, "filename": "\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\AccessMUI.xml", "id": "region_1242", "name": "accessmui.xml", "norm_filename": "c:\\msocache\\all users\\{90140000-0117-0409-1000-0000000ff1ce}-c\\access.en-us\\accessmui.xml", "region_type": "memory_mapped_file", "start_va": 655360, "timestamp": "00:00:30.706", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00001243-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_315", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 655360, "type": "region", "version": 1 }, "end_va": 659455, "entry_point": 655360, "filename": "\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\AccessMUI.xml", "id": "region_1243", "name": "accessmui.xml", "norm_filename": "c:\\msocache\\all users\\{90140000-0117-0409-1000-0000000ff1ce}-c\\access.en-us\\accessmui.xml", "region_type": "memory_mapped_file", "start_va": 655360, "timestamp": "00:00:30.718", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "/c schtasks /Delete /F /TN rhaegal", "filename": "c:\\windows\\syswow64\\cmd.exe", "id": "proc_3", "image_name": "cmd.exe", "monitor_reason": "child_process", "monitored_id": 3, "origin_monitor_id": 2, "ref_parent_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "process_00000003-region_00000400-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_65", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 131072, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_400", "name": "private_0x0000000000010000", "norm_filename": null, "region_type": "private_memory", "start_va": 65536, "timestamp": "00:00:15.262", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000401-addr_0x0000000000030000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_66", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 204799, "entry_point": 0, "filename": null, "id": "region_401", "name": "private_0x0000000000030000", "norm_filename": null, "region_type": "private_memory", "start_va": 196608, "timestamp": "00:00:15.262", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 266239, "entry_point": 262144, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_402", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 262144, "timestamp": "00:00:15.262", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 327680, "type": "region", "version": 1 }, "end_va": 344063, "entry_point": 0, "filename": null, "id": "region_403", "name": "pagefile_0x0000000000050000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 327680, "timestamp": "00:00:15.264", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 393216, "type": "region", "version": 1 }, "end_va": 397311, "entry_point": 0, "filename": null, "id": "region_404", "name": "pagefile_0x0000000000060000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 393216, "timestamp": "00:00:15.264", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000405-addr_0x00000000000b0000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_67", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 720896, "type": "region", "version": 1 }, "end_va": 1769471, "entry_point": 0, "filename": null, "id": "region_405", "name": "private_0x00000000000b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 720896, "timestamp": "00:00:15.265", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000406-addr_0x00000000001b0000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_68", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 1769472, "type": "region", "version": 1 }, "end_va": 2031615, "entry_point": 0, "filename": null, "id": "region_406", "name": "private_0x00000000001b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1769472, "timestamp": "00:00:15.265", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 311296, "start_va": 1247412224, "type": "region", "version": 1 }, "end_va": 1247723519, "entry_point": 1247412224, "filename": "\\Windows\\SysWOW64\\cmd.exe", "id": "region_407", "name": "cmd.exe", "norm_filename": "c:\\windows\\syswow64\\cmd.exe", "region_type": "memory_mapped_file", "start_va": 1247412224, "timestamp": "00:00:15.265", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 1993932800, "type": "region", "version": 1 }, "end_va": 1995673599, "entry_point": 1993932800, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_408", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 1993932800, "timestamp": "00:00:15.271", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1572864, "start_va": 1995898880, "type": "region", "version": 1 }, "end_va": 1997471743, "entry_point": 1995898880, "filename": "\\Windows\\SysWOW64\\ntdll.dll", "id": "region_409", "name": "ntdll.dll", "norm_filename": "c:\\windows\\syswow64\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 1995898880, "timestamp": "00:00:15.272", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 2130378752, "type": "region", "version": 1 }, "end_va": 2130522111, "entry_point": 0, "filename": null, "id": "region_410", "name": "pagefile_0x000000007efb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130378752, "timestamp": "00:00:15.272", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000411-addr_0x000000007efdb000-size_0x0000000000003000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_69", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 12288, "start_va": 2130554880, "type": "region", "version": 1 }, "end_va": 2130567167, "entry_point": 0, "filename": null, "id": "region_411", "name": "private_0x000000007efdb000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130554880, "timestamp": "00:00:15.273", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000412-addr_0x000000007efde000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_70", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2130567168, "type": "region", "version": 1 }, "end_va": 2130571263, "entry_point": 0, "filename": null, "id": "region_412", "name": "private_0x000000007efde000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130567168, "timestamp": "00:00:15.273", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000413-addr_0x000000007efdf000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_71", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2130571264, "type": "region", "version": 1 }, "end_va": 2130575359, "entry_point": 0, "filename": null, "id": "region_413", "name": "private_0x000000007efdf000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130571264, "timestamp": "00:00:15.273", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16777216, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_414", "name": "private_0x000000007efe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130575360, "timestamp": "00:00:15.273", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000415-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable" ], "ref_process_dump": { "ref_id": "proc_dump_72", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_415", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:00:15.274", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "ignored_region" ], "info": "No dump was created because this is an ignored region", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8793945538560, "start_va": 2147418112, "type": "region", "version": 1 }, "end_va": 8796092956671, "entry_point": 0, "filename": null, "id": "region_416", "name": "private_0x000000007fff0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147418112, "timestamp": "00:00:15.274", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000417-addr_0x0000000000320000-size_0x0000000000080000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_73", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 524288, "start_va": 3276800, "type": "region", "version": 1 }, "end_va": 3801087, "entry_point": 0, "filename": null, "id": "region_417", "name": "private_0x0000000000320000", "norm_filename": null, "region_type": "private_memory", "start_va": 3276800, "timestamp": "00:00:15.306", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1951006720, "type": "region", "version": 1 }, "end_va": 1951039487, "entry_point": 1951015160, "filename": "\\Windows\\System32\\wow64cpu.dll", "id": "region_418", "name": "wow64cpu.dll", "norm_filename": "c:\\windows\\system32\\wow64cpu.dll", "region_type": "memory_mapped_file", "start_va": 1951006720, "timestamp": "00:00:15.306", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 376832, "start_va": 1951072256, "type": "region", "version": 1 }, "end_va": 1951449087, "entry_point": 1951332248, "filename": "\\Windows\\System32\\wow64win.dll", "id": "region_419", "name": "wow64win.dll", "norm_filename": "c:\\windows\\system32\\wow64win.dll", "region_type": "memory_mapped_file", "start_va": 1951072256, "timestamp": "00:00:15.306", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 258048, "start_va": 1951465472, "type": "region", "version": 1 }, "end_va": 1951723519, "entry_point": 1951653496, "filename": "\\Windows\\System32\\wow64.dll", "id": "region_420", "name": "wow64.dll", "norm_filename": "c:\\windows\\system32\\wow64.dll", "region_type": "memory_mapped_file", "start_va": 1951465472, "timestamp": "00:00:15.307", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_421", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:00:15.358", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_422", "name": "pagefile_0x0000000000020000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 131072, "timestamp": "00:00:15.358", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 2031616, "type": "region", "version": 1 }, "end_va": 2453503, "entry_point": 2031616, "filename": "\\Windows\\System32\\locale.nls", "id": "region_423", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 2031616, "timestamp": "00:00:15.358", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000424-addr_0x00000000002a0000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_74", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 2752512, "type": "region", "version": 1 }, "end_va": 2818047, "entry_point": 0, "filename": null, "id": "region_424", "name": "private_0x00000000002a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2752512, "timestamp": "00:00:15.358", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000425-addr_0x00000000004d0000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_75", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 5046272, "type": "region", "version": 1 }, "end_va": 6094847, "entry_point": 0, "filename": null, "id": "region_425", "name": "private_0x00000000004d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 5046272, "timestamp": "00:00:15.359", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 28672, "start_va": 1954676736, "type": "region", "version": 1 }, "end_va": 1954705407, "entry_point": 1954676736, "filename": "\\Windows\\SysWOW64\\winbrand.dll", "id": "region_426", "name": "winbrand.dll", "norm_filename": "c:\\windows\\syswow64\\winbrand.dll", "region_type": "memory_mapped_file", "start_va": 1954676736, "timestamp": "00:00:15.359", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1957429248, "type": "region", "version": 1 }, "end_va": 1957478399, "entry_point": 1957433569, "filename": "\\Windows\\SysWOW64\\cryptbase.dll", "id": "region_427", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\syswow64\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 1957429248, "timestamp": "00:00:15.366", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1957494784, "type": "region", "version": 1 }, "end_va": 1957887999, "entry_point": 1957602227, "filename": "\\Windows\\SysWOW64\\sspicli.dll", "id": "region_428", "name": "sspicli.dll", "norm_filename": "c:\\windows\\syswow64\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 1957494784, "timestamp": "00:00:15.366", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1048576, "start_va": 1959395328, "type": "region", "version": 1 }, "end_va": 1960443903, "entry_point": 1959507693, "filename": "\\Windows\\SysWOW64\\user32.dll", "id": "region_429", "name": "user32.dll", "norm_filename": "c:\\windows\\syswow64\\user32.dll", "region_type": "memory_mapped_file", "start_va": 1959395328, "timestamp": "00:00:15.367", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1960443904, "type": "region", "version": 1 }, "end_va": 1960484863, "entry_point": 1960457888, "filename": "\\Windows\\SysWOW64\\lpk.dll", "id": "region_430", "name": "lpk.dll", "norm_filename": "c:\\windows\\syswow64\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 1960443904, "timestamp": "00:00:15.367", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 1961361408, "type": "region", "version": 1 }, "end_va": 1961463807, "entry_point": 1961380213, "filename": "\\Windows\\SysWOW64\\sechost.dll", "id": "region_431", "name": "sechost.dll", "norm_filename": "c:\\windows\\syswow64\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 1961361408, "timestamp": "00:00:15.368", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 655360, "start_va": 1961492480, "type": "region", "version": 1 }, "end_va": 1962147839, "entry_point": 1961576933, "filename": "\\Windows\\SysWOW64\\advapi32.dll", "id": "region_432", "name": "advapi32.dll", "norm_filename": "c:\\windows\\syswow64\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 1961492480, "timestamp": "00:00:15.368", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 983040, "start_va": 1978531840, "type": "region", "version": 1 }, "end_va": 1979514879, "entry_point": 1978598761, "filename": "\\Windows\\SysWOW64\\rpcrt4.dll", "id": "region_433", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\syswow64\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 1978531840, "timestamp": "00:00:15.369", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 589824, "start_va": 1983840256, "type": "region", "version": 1 }, "end_va": 1984430079, "entry_point": 1983931203, "filename": "\\Windows\\SysWOW64\\gdi32.dll", "id": "region_434", "name": "gdi32.dll", "norm_filename": "c:\\windows\\syswow64\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 1983840256, "timestamp": "00:00:15.369", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 643072, "start_va": 1985019904, "type": "region", "version": 1 }, "end_va": 1985662975, "entry_point": 1985232855, "filename": "\\Windows\\SysWOW64\\usp10.dll", "id": "region_435", "name": "usp10.dll", "norm_filename": "c:\\windows\\syswow64\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 1985019904, "timestamp": "00:00:15.370", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 286720, "start_va": 1985675264, "type": "region", "version": 1 }, "end_va": 1985961983, "entry_point": 1985705080, "filename": "\\Windows\\SysWOW64\\KernelBase.dll", "id": "region_436", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\syswow64\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 1985675264, "timestamp": "00:00:15.371", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1114112, "start_va": 1986002944, "type": "region", "version": 1 }, "end_va": 1987117055, "entry_point": 1986081491, "filename": "\\Windows\\SysWOW64\\kernel32.dll", "id": "region_437", "name": "kernel32.dll", "norm_filename": "c:\\windows\\syswow64\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1986002944, "timestamp": "00:00:15.371", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 704512, "start_va": 1990459392, "type": "region", "version": 1 }, "end_va": 1991163903, "entry_point": 1990501490, "filename": "\\Windows\\SysWOW64\\msvcrt.dll", "id": "region_438", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\syswow64\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 1990459392, "timestamp": "00:00:15.372", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000439-addr_0x0000000076b70000-size_0x00000000000fa000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_76", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1024000, "start_va": 1991704576, "type": "region", "version": 1 }, "end_va": 1992728575, "entry_point": 0, "filename": null, "id": "region_439", "name": "private_0x0000000076b70000", "norm_filename": null, "region_type": "private_memory", "start_va": 1991704576, "timestamp": "00:00:15.373", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000440-addr_0x0000000076c70000-size_0x000000000011f000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_77", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1175552, "start_va": 1992753152, "type": "region", "version": 1 }, "end_va": 1993928703, "entry_point": 0, "filename": null, "id": "region_440", "name": "private_0x0000000076c70000", "norm_filename": null, "region_type": "private_memory", "start_va": 1992753152, "timestamp": "00:00:15.373", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2131623935, "entry_point": 0, "filename": null, "id": "region_441", "name": "pagefile_0x000000007efe0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130575360, "timestamp": "00:00:15.373", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 15728640, "start_va": 2131623936, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_442", "name": "private_0x000000007f0e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2131623936, "timestamp": "00:00:15.373", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 6094848, "type": "region", "version": 1 }, "end_va": 7700479, "entry_point": 0, "filename": null, "id": "region_443", "name": "pagefile_0x00000000005d0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 6094848, "timestamp": "00:00:15.377", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1957888000, "type": "region", "version": 1 }, "end_va": 1958281215, "entry_point": 1957959055, "filename": "\\Windows\\SysWOW64\\imm32.dll", "id": "region_444", "name": "imm32.dll", "norm_filename": "c:\\windows\\syswow64\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 1957888000, "timestamp": "00:00:15.377", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 835584, "start_va": 1960509440, "type": "region", "version": 1 }, "end_va": 1961345023, "entry_point": 1960515211, "filename": "\\Windows\\SysWOW64\\msctf.dll", "id": "region_445", "name": "msctf.dll", "norm_filename": "c:\\windows\\syswow64\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 1960509440, "timestamp": "00:00:15.378", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 28672, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 225279, "entry_point": 0, "filename": null, "id": "region_446", "name": "pagefile_0x0000000000030000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 196608, "timestamp": "00:00:15.395", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 458752, "type": "region", "version": 1 }, "end_va": 466943, "entry_point": 0, "filename": null, "id": "region_447", "name": "pagefile_0x0000000000070000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 458752, "timestamp": "00:00:15.395", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000448-addr_0x0000000000080000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_78", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 524288, "type": "region", "version": 1 }, "end_va": 528383, "entry_point": 0, "filename": null, "id": "region_448", "name": "private_0x0000000000080000", "norm_filename": null, "region_type": "private_memory", "start_va": 524288, "timestamp": "00:00:15.395", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000449-addr_0x0000000000090000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_79", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 589824, "type": "region", "version": 1 }, "end_va": 593919, "entry_point": 0, "filename": null, "id": "region_449", "name": "private_0x0000000000090000", "norm_filename": null, "region_type": "private_memory", "start_va": 589824, "timestamp": "00:00:15.396", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 7733248, "type": "region", "version": 1 }, "end_va": 9310207, "entry_point": 0, "filename": null, "id": "region_450", "name": "pagefile_0x0000000000760000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 7733248, "timestamp": "00:00:15.396", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20971520, "start_va": 9371648, "type": "region", "version": 1 }, "end_va": 30343167, "entry_point": 0, "filename": null, "id": "region_451", "name": "pagefile_0x00000000008f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 9371648, "timestamp": "00:00:15.396", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 3420160, "start_va": 30343168, "type": "region", "version": 1 }, "end_va": 33763327, "entry_point": 0, "filename": null, "id": "region_452", "name": "pagefile_0x0000000001cf0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 30343168, "timestamp": "00:00:15.396", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2945024, "start_va": 33816576, "type": "region", "version": 1 }, "end_va": 36761599, "entry_point": 33816576, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_453", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 33816576, "timestamp": "00:00:15.419", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "schtasks /Delete /F /TN rhaegal", "filename": "c:\\windows\\syswow64\\schtasks.exe", "id": "proc_4", "image_name": "schtasks.exe", "monitor_reason": "child_process", "monitored_id": 4, "origin_monitor_id": 3, "ref_parent_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "process_00000004-region_00000454-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_80", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 131072, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_454", "name": "private_0x0000000000010000", "norm_filename": null, "region_type": "private_memory", "start_va": 65536, "timestamp": "00:00:15.425", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00000455-addr_0x0000000000030000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_81", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 204799, "entry_point": 0, "filename": null, "id": "region_455", "name": "private_0x0000000000030000", "norm_filename": null, "region_type": "private_memory", "start_va": 196608, "timestamp": "00:00:15.426", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 266239, "entry_point": 262144, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_456", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 262144, "timestamp": "00:00:15.426", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 327680, "type": "region", "version": 1 }, "end_va": 344063, "entry_point": 0, "filename": null, "id": "region_457", "name": "pagefile_0x0000000000050000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 327680, "timestamp": "00:00:15.429", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 393216, "type": "region", "version": 1 }, "end_va": 397311, "entry_point": 0, "filename": null, "id": "region_458", "name": "pagefile_0x0000000000060000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 393216, "timestamp": "00:00:15.429", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00000459-addr_0x00000000000d0000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_82", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 851968, "type": "region", "version": 1 }, "end_va": 1114111, "entry_point": 0, "filename": null, "id": "region_459", "name": "private_0x00000000000d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 851968, "timestamp": "00:00:15.429", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 188416, "start_va": 2424832, "type": "region", "version": 1 }, "end_va": 2613247, "entry_point": 2424832, "filename": "\\Windows\\SysWOW64\\schtasks.exe", "id": "region_460", "name": "schtasks.exe", "norm_filename": "c:\\windows\\syswow64\\schtasks.exe", "region_type": "memory_mapped_file", "start_va": 2424832, "timestamp": "00:00:15.429", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00000461-addr_0x00000000002e0000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_83", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 3014656, "type": "region", "version": 1 }, "end_va": 3276799, "entry_point": 0, "filename": null, "id": "region_461", "name": "private_0x00000000002e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 3014656, "timestamp": "00:00:15.436", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 1993932800, "type": "region", "version": 1 }, "end_va": 1995673599, "entry_point": 1993932800, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_462", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 1993932800, "timestamp": "00:00:15.436", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1572864, "start_va": 1995898880, "type": "region", "version": 1 }, "end_va": 1997471743, "entry_point": 1995898880, "filename": "\\Windows\\SysWOW64\\ntdll.dll", "id": "region_463", "name": "ntdll.dll", "norm_filename": "c:\\windows\\syswow64\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 1995898880, "timestamp": "00:00:15.437", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 2130378752, "type": "region", "version": 1 }, "end_va": 2130522111, "entry_point": 0, "filename": null, "id": "region_464", "name": "pagefile_0x000000007efb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130378752, "timestamp": "00:00:15.437", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00000465-addr_0x000000007efdb000-size_0x0000000000003000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_84", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 12288, "start_va": 2130554880, "type": "region", "version": 1 }, "end_va": 2130567167, "entry_point": 0, "filename": null, "id": "region_465", "name": "private_0x000000007efdb000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130554880, "timestamp": "00:00:15.438", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00000466-addr_0x000000007efde000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_85", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2130567168, "type": "region", "version": 1 }, "end_va": 2130571263, "entry_point": 0, "filename": null, "id": "region_466", "name": "private_0x000000007efde000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130567168, "timestamp": "00:00:15.438", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00000467-addr_0x000000007efdf000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_86", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2130571264, "type": "region", "version": 1 }, "end_va": 2130575359, "entry_point": 0, "filename": null, "id": "region_467", "name": "private_0x000000007efdf000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130571264, "timestamp": "00:00:15.438", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16777216, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_468", "name": "private_0x000000007efe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130575360, "timestamp": "00:00:15.439", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00000469-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable" ], "ref_process_dump": { "ref_id": "proc_dump_87", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_469", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:00:15.439", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "ignored_region" ], "info": "No dump was created because this is an ignored region", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8793945538560, "start_va": 2147418112, "type": "region", "version": 1 }, "end_va": 8796092956671, "entry_point": 0, "filename": null, "id": "region_470", "name": "private_0x000000007fff0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147418112, "timestamp": "00:00:15.439", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00000471-addr_0x0000000000160000-size_0x0000000000080000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_88", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 524288, "start_va": 1441792, "type": "region", "version": 1 }, "end_va": 1966079, "entry_point": 0, "filename": null, "id": "region_471", "name": "private_0x0000000000160000", "norm_filename": null, "region_type": "private_memory", "start_va": 1441792, "timestamp": "00:00:15.445", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1951006720, "type": "region", "version": 1 }, "end_va": 1951039487, "entry_point": 1951015160, "filename": "\\Windows\\System32\\wow64cpu.dll", "id": "region_472", "name": "wow64cpu.dll", "norm_filename": "c:\\windows\\system32\\wow64cpu.dll", "region_type": "memory_mapped_file", "start_va": 1951006720, "timestamp": "00:00:15.445", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 376832, "start_va": 1951072256, "type": "region", "version": 1 }, "end_va": 1951449087, "entry_point": 1951332248, "filename": "\\Windows\\System32\\wow64win.dll", "id": "region_473", "name": "wow64win.dll", "norm_filename": "c:\\windows\\system32\\wow64win.dll", "region_type": "memory_mapped_file", "start_va": 1951072256, "timestamp": "00:00:15.446", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 258048, "start_va": 1951465472, "type": "region", "version": 1 }, "end_va": 1951723519, "entry_point": 1951653496, "filename": "\\Windows\\System32\\wow64.dll", "id": "region_474", "name": "wow64.dll", "norm_filename": "c:\\windows\\system32\\wow64.dll", "region_type": "memory_mapped_file", "start_va": 1951465472, "timestamp": "00:00:15.446", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_475", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:00:15.464", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_476", "name": "pagefile_0x0000000000020000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 131072, "timestamp": "00:00:15.464", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 1966080, "type": "region", "version": 1 }, "end_va": 2387967, "entry_point": 1966080, "filename": "\\Windows\\System32\\locale.nls", "id": "region_477", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 1966080, "timestamp": "00:00:15.465", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00000478-addr_0x0000000000370000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_89", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 3604480, "type": "region", "version": 1 }, "end_va": 4653055, "entry_point": 0, "filename": null, "id": "region_478", "name": "private_0x0000000000370000", "norm_filename": null, "region_type": "private_memory", "start_va": 3604480, "timestamp": "00:00:15.465", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00000479-addr_0x0000000000600000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_90", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 6291456, "type": "region", "version": 1 }, "end_va": 6356991, "entry_point": 0, "filename": null, "id": "region_479", "name": "private_0x0000000000600000", "norm_filename": null, "region_type": "private_memory", "start_va": 6291456, "timestamp": "00:00:15.465", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 36864, "start_va": 1954611200, "type": "region", "version": 1 }, "end_va": 1954648063, "entry_point": 1954611200, "filename": "\\Windows\\SysWOW64\\ktmw32.dll", "id": "region_480", "name": "ktmw32.dll", "norm_filename": "c:\\windows\\syswow64\\ktmw32.dll", "region_type": "memory_mapped_file", "start_va": 1954611200, "timestamp": "00:00:15.465", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1957429248, "type": "region", "version": 1 }, "end_va": 1957478399, "entry_point": 1957433569, "filename": "\\Windows\\SysWOW64\\cryptbase.dll", "id": "region_481", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\syswow64\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 1957429248, "timestamp": "00:00:15.475", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1957494784, "type": "region", "version": 1 }, "end_va": 1957887999, "entry_point": 1957602227, "filename": "\\Windows\\SysWOW64\\sspicli.dll", "id": "region_482", "name": "sspicli.dll", "norm_filename": "c:\\windows\\syswow64\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 1957494784, "timestamp": "00:00:15.476", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1048576, "start_va": 1959395328, "type": "region", "version": 1 }, "end_va": 1960443903, "entry_point": 1959507693, "filename": "\\Windows\\SysWOW64\\user32.dll", "id": "region_483", "name": "user32.dll", "norm_filename": "c:\\windows\\syswow64\\user32.dll", "region_type": "memory_mapped_file", "start_va": 1959395328, "timestamp": "00:00:15.476", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1960443904, "type": "region", "version": 1 }, "end_va": 1960484863, "entry_point": 1960457888, "filename": "\\Windows\\SysWOW64\\lpk.dll", "id": "region_484", "name": "lpk.dll", "norm_filename": "c:\\windows\\syswow64\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 1960443904, "timestamp": "00:00:15.477", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 1961361408, "type": "region", "version": 1 }, "end_va": 1961463807, "entry_point": 1961380213, "filename": "\\Windows\\SysWOW64\\sechost.dll", "id": "region_485", "name": "sechost.dll", "norm_filename": "c:\\windows\\syswow64\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 1961361408, "timestamp": "00:00:15.477", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 655360, "start_va": 1961492480, "type": "region", "version": 1 }, "end_va": 1962147839, "entry_point": 1961576933, "filename": "\\Windows\\SysWOW64\\advapi32.dll", "id": "region_486", "name": "advapi32.dll", "norm_filename": "c:\\windows\\syswow64\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 1961492480, "timestamp": "00:00:15.477", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 983040, "start_va": 1978531840, "type": "region", "version": 1 }, "end_va": 1979514879, "entry_point": 1978598761, "filename": "\\Windows\\SysWOW64\\rpcrt4.dll", "id": "region_487", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\syswow64\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 1978531840, "timestamp": "00:00:15.478", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 585728, "start_va": 1979580416, "type": "region", "version": 1 }, "end_va": 1980166143, "entry_point": 1979580416, "filename": "\\Windows\\SysWOW64\\oleaut32.dll", "id": "region_488", "name": "oleaut32.dll", "norm_filename": "c:\\windows\\syswow64\\oleaut32.dll", "region_type": "memory_mapped_file", "start_va": 1979580416, "timestamp": "00:00:15.478", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 356352, "start_va": 1980170240, "type": "region", "version": 1 }, "end_va": 1980526591, "entry_point": 1980275622, "filename": "\\Windows\\SysWOW64\\shlwapi.dll", "id": "region_489", "name": "shlwapi.dll", "norm_filename": "c:\\windows\\syswow64\\shlwapi.dll", "region_type": "memory_mapped_file", "start_va": 1980170240, "timestamp": "00:00:15.487", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 589824, "start_va": 1983840256, "type": "region", "version": 1 }, "end_va": 1984430079, "entry_point": 1983931203, "filename": "\\Windows\\SysWOW64\\gdi32.dll", "id": "region_490", "name": "gdi32.dll", "norm_filename": "c:\\windows\\syswow64\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 1983840256, "timestamp": "00:00:15.487", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 643072, "start_va": 1985019904, "type": "region", "version": 1 }, "end_va": 1985662975, "entry_point": 1985232855, "filename": "\\Windows\\SysWOW64\\usp10.dll", "id": "region_491", "name": "usp10.dll", "norm_filename": "c:\\windows\\syswow64\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 1985019904, "timestamp": "00:00:15.488", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 286720, "start_va": 1985675264, "type": "region", "version": 1 }, "end_va": 1985961983, "entry_point": 1985705080, "filename": "\\Windows\\SysWOW64\\KernelBase.dll", "id": "region_492", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\syswow64\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 1985675264, "timestamp": "00:00:15.488", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1114112, "start_va": 1986002944, "type": "region", "version": 1 }, "end_va": 1987117055, "entry_point": 1986081491, "filename": "\\Windows\\SysWOW64\\kernel32.dll", "id": "region_493", "name": "kernel32.dll", "norm_filename": "c:\\windows\\syswow64\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1986002944, "timestamp": "00:00:15.489", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1425408, "start_va": 1987117056, "type": "region", "version": 1 }, "end_va": 1988542463, "entry_point": 1987426877, "filename": "\\Windows\\SysWOW64\\ole32.dll", "id": "region_494", "name": "ole32.dll", "norm_filename": "c:\\windows\\syswow64\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 1987117056, "timestamp": "00:00:15.489", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 704512, "start_va": 1990459392, "type": "region", "version": 1 }, "end_va": 1991163903, "entry_point": 1990501490, "filename": "\\Windows\\SysWOW64\\msvcrt.dll", "id": "region_495", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\syswow64\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 1990459392, "timestamp": "00:00:15.490", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00000496-addr_0x0000000076b70000-size_0x00000000000fa000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_91", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1024000, "start_va": 1991704576, "type": "region", "version": 1 }, "end_va": 1992728575, "entry_point": 0, "filename": null, "id": "region_496", "name": "private_0x0000000076b70000", "norm_filename": null, "region_type": "private_memory", "start_va": 1991704576, "timestamp": "00:00:15.490", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00000497-addr_0x0000000076c70000-size_0x000000000011f000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_92", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1175552, "start_va": 1992753152, "type": "region", "version": 1 }, "end_va": 1993928703, "entry_point": 0, "filename": null, "id": "region_497", "name": "private_0x0000000076c70000", "norm_filename": null, "region_type": "private_memory", "start_va": 1992753152, "timestamp": "00:00:15.491", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2131623935, "entry_point": 0, "filename": null, "id": "region_498", "name": "pagefile_0x000000007efe0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130575360, "timestamp": "00:00:15.491", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 15728640, "start_va": 2131623936, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_499", "name": "private_0x000000007f0e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2131623936, "timestamp": "00:00:15.491", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 4653056, "type": "region", "version": 1 }, "end_va": 6258687, "entry_point": 0, "filename": null, "id": "region_500", "name": "pagefile_0x0000000000470000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 4653056, "timestamp": "00:00:15.495", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1957888000, "type": "region", "version": 1 }, "end_va": 1958281215, "entry_point": 1957959055, "filename": "\\Windows\\SysWOW64\\imm32.dll", "id": "region_501", "name": "imm32.dll", "norm_filename": "c:\\windows\\syswow64\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 1957888000, "timestamp": "00:00:15.495", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 835584, "start_va": 1960509440, "type": "region", "version": 1 }, "end_va": 1961345023, "entry_point": 1960515211, "filename": "\\Windows\\SysWOW64\\msctf.dll", "id": "region_502", "name": "msctf.dll", "norm_filename": "c:\\windows\\syswow64\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 1960509440, "timestamp": "00:00:15.495", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 28672, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 225279, "entry_point": 0, "filename": null, "id": "region_503", "name": "pagefile_0x0000000000030000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 196608, "timestamp": "00:00:15.501", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 458752, "type": "region", "version": 1 }, "end_va": 466943, "entry_point": 0, "filename": null, "id": "region_504", "name": "pagefile_0x0000000000070000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 458752, "timestamp": "00:00:15.501", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 73728, "start_va": 524288, "type": "region", "version": 1 }, "end_va": 598015, "entry_point": 524288, "filename": "\\Windows\\SysWOW64\\en-US\\schtasks.exe.mui", "id": "region_505", "name": "schtasks.exe.mui", "norm_filename": "c:\\windows\\syswow64\\en-us\\schtasks.exe.mui", "region_type": "memory_mapped_file", "start_va": 524288, "timestamp": "00:00:15.501", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00000506-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_93", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 655360, "type": "region", "version": 1 }, "end_va": 659455, "entry_point": 0, "filename": null, "id": "region_506", "name": "private_0x00000000000a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 655360, "timestamp": "00:00:15.507", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00000507-addr_0x00000000000b0000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_94", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 720896, "type": "region", "version": 1 }, "end_va": 724991, "entry_point": 0, "filename": null, "id": "region_507", "name": "private_0x00000000000b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 720896, "timestamp": "00:00:15.507", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 6356992, "type": "region", "version": 1 }, "end_va": 7933951, "entry_point": 0, "filename": null, "id": "region_508", "name": "pagefile_0x0000000000610000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 6356992, "timestamp": "00:00:15.507", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20971520, "start_va": 7995392, "type": "region", "version": 1 }, "end_va": 28966911, "entry_point": 0, "filename": null, "id": "region_509", "name": "pagefile_0x00000000007a0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 7995392, "timestamp": "00:00:15.507", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 36864, "start_va": 1954545664, "type": "region", "version": 1 }, "end_va": 1954582527, "entry_point": 1954545664, "filename": "\\Windows\\SysWOW64\\version.dll", "id": "region_510", "name": "version.dll", "norm_filename": "c:\\windows\\syswow64\\version.dll", "region_type": "memory_mapped_file", "start_va": 1954545664, "timestamp": "00:00:15.511", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2945024, "start_va": 28966912, "type": "region", "version": 1 }, "end_va": 31911935, "entry_point": 28966912, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_511", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 28966912, "timestamp": "00:00:15.521", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00000512-addr_0x0000000001e80000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_95", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 31981568, "type": "region", "version": 1 }, "end_va": 32243711, "entry_point": 0, "filename": null, "id": "region_512", "name": "private_0x0000000001e80000", "norm_filename": null, "region_type": "private_memory", "start_va": 31981568, "timestamp": "00:00:15.540", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00000513-addr_0x0000000001f60000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_96", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 32899072, "type": "region", "version": 1 }, "end_va": 33161215, "entry_point": 0, "filename": null, "id": "region_513", "name": "private_0x0000000001f60000", "norm_filename": null, "region_type": "private_memory", "start_va": 32899072, "timestamp": "00:00:15.540", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00000514-addr_0x000000007efd8000-size_0x0000000000003000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_97", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 12288, "start_va": 2130542592, "type": "region", "version": 1 }, "end_va": 2130554879, "entry_point": 0, "filename": null, "id": "region_514", "name": "private_0x000000007efd8000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130542592, "timestamp": "00:00:15.540", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 524288, "start_va": 1950416896, "type": "region", "version": 1 }, "end_va": 1950941183, "entry_point": 1950496713, "filename": "\\Windows\\SysWOW64\\uxtheme.dll", "id": "region_515", "name": "uxtheme.dll", "norm_filename": "c:\\windows\\syswow64\\uxtheme.dll", "region_type": "memory_mapped_file", "start_va": 1950416896, "timestamp": "00:00:15.541", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00000516-addr_0x0000000001fa0000-size_0x0000000000120000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_98", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1179648, "start_va": 33161216, "type": "region", "version": 1 }, "end_va": 34340863, "entry_point": 0, "filename": null, "id": "region_516", "name": "private_0x0000000001fa0000", "norm_filename": null, "region_type": "private_memory", "start_va": 33161216, "timestamp": "00:00:15.543", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 913408, "start_va": 33161216, "type": "region", "version": 1 }, "end_va": 34074623, "entry_point": 0, "filename": null, "id": "region_517", "name": "pagefile_0x0000000001fa0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 33161216, "timestamp": "00:00:15.545", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00000518-addr_0x0000000002080000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_99", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 34078720, "type": "region", "version": 1 }, "end_va": 34340863, "entry_point": 0, "filename": null, "id": "region_518", "name": "private_0x0000000002080000", "norm_filename": null, "region_type": "private_memory", "start_va": 34078720, "timestamp": "00:00:15.545", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 786432, "type": "region", "version": 1 }, "end_va": 790527, "entry_point": 0, "filename": null, "id": "region_519", "name": "pagefile_0x00000000000c0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 786432, "timestamp": "00:00:15.550", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 536576, "start_va": 1981743104, "type": "region", "version": 1 }, "end_va": 1982279679, "entry_point": 1981743104, "filename": "\\Windows\\SysWOW64\\clbcatq.dll", "id": "region_520", "name": "clbcatq.dll", "norm_filename": "c:\\windows\\syswow64\\clbcatq.dll", "region_type": "memory_mapped_file", "start_va": 1981743104, "timestamp": "00:00:15.550", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 1114112, "type": "region", "version": 1 }, "end_va": 1118207, "entry_point": 0, "filename": null, "id": "region_521", "name": "pagefile_0x0000000000110000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1114112, "timestamp": "00:00:15.562", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 512000, "start_va": 1953366016, "type": "region", "version": 1 }, "end_va": 1953878015, "entry_point": 1953366016, "filename": "\\Windows\\SysWOW64\\taskschd.dll", "id": "region_522", "name": "taskschd.dll", "norm_filename": "c:\\windows\\syswow64\\taskschd.dll", "region_type": "memory_mapped_file", "start_va": 1953366016, "timestamp": "00:00:15.565", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 786432, "start_va": 34340864, "type": "region", "version": 1 }, "end_va": 35127295, "entry_point": 34340864, "filename": "\\Windows\\SysWOW64\\en-US\\KernelBase.dll.mui", "id": "region_523", "name": "kernelbase.dll.mui", "norm_filename": "c:\\windows\\syswow64\\en-us\\kernelbase.dll.mui", "region_type": "memory_mapped_file", "start_va": 34340864, "timestamp": "00:00:15.584", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "/c schtasks /Create /RU SYSTEM /SC ONSTART /TN rhaegal /TR \"C:\\Windows\\system32\\cmd.exe /C Start \\\"\\\" \\\"C:\\Windows\\dispci.exe\\\" -id 1550063777 && exit\"", "filename": "c:\\windows\\syswow64\\cmd.exe", "id": "proc_5", "image_name": "cmd.exe", "monitor_reason": "child_process", "monitored_id": 5, "origin_monitor_id": 2, "ref_parent_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "process_00000005-region_00000524-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_100", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 131072, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_524", "name": "private_0x0000000000010000", "norm_filename": null, "region_type": "private_memory", "start_va": 65536, "timestamp": "00:00:17.329", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000525-addr_0x0000000000030000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_101", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 204799, "entry_point": 0, "filename": null, "id": "region_525", "name": "private_0x0000000000030000", "norm_filename": null, "region_type": "private_memory", "start_va": 196608, "timestamp": "00:00:17.330", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 266239, "entry_point": 262144, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_526", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 262144, "timestamp": "00:00:17.331", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000527-addr_0x0000000000050000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_102", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 327680, "type": "region", "version": 1 }, "end_va": 589823, "entry_point": 0, "filename": null, "id": "region_527", "name": "private_0x0000000000050000", "norm_filename": null, "region_type": "private_memory", "start_va": 327680, "timestamp": "00:00:17.341", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 589824, "type": "region", "version": 1 }, "end_va": 606207, "entry_point": 0, "filename": null, "id": "region_528", "name": "pagefile_0x0000000000090000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 589824, "timestamp": "00:00:17.341", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 655360, "type": "region", "version": 1 }, "end_va": 659455, "entry_point": 0, "filename": null, "id": "region_529", "name": "pagefile_0x00000000000a0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 655360, "timestamp": "00:00:17.341", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000530-addr_0x0000000000230000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_103", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 2293760, "type": "region", "version": 1 }, "end_va": 3342335, "entry_point": 0, "filename": null, "id": "region_530", "name": "private_0x0000000000230000", "norm_filename": null, "region_type": "private_memory", "start_va": 2293760, "timestamp": "00:00:17.342", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 311296, "start_va": 1247346688, "type": "region", "version": 1 }, "end_va": 1247657983, "entry_point": 1247380122, "filename": "\\Windows\\SysWOW64\\cmd.exe", "id": "region_531", "name": "cmd.exe", "norm_filename": "c:\\windows\\syswow64\\cmd.exe", "region_type": "memory_mapped_file", "start_va": 1247346688, "timestamp": "00:00:17.342", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 1993932800, "type": "region", "version": 1 }, "end_va": 1995673599, "entry_point": 1993932800, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_532", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 1993932800, "timestamp": "00:00:17.343", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1572864, "start_va": 1995898880, "type": "region", "version": 1 }, "end_va": 1997471743, "entry_point": 1995898880, "filename": "\\Windows\\SysWOW64\\ntdll.dll", "id": "region_533", "name": "ntdll.dll", "norm_filename": "c:\\windows\\syswow64\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 1995898880, "timestamp": "00:00:17.345", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 2130378752, "type": "region", "version": 1 }, "end_va": 2130522111, "entry_point": 0, "filename": null, "id": "region_534", "name": "pagefile_0x000000007efb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130378752, "timestamp": "00:00:17.346", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000535-addr_0x000000007efdb000-size_0x0000000000003000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_104", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 12288, "start_va": 2130554880, "type": "region", "version": 1 }, "end_va": 2130567167, "entry_point": 0, "filename": null, "id": "region_535", "name": "private_0x000000007efdb000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130554880, "timestamp": "00:00:17.347", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000536-addr_0x000000007efde000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_105", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2130567168, "type": "region", "version": 1 }, "end_va": 2130571263, "entry_point": 0, "filename": null, "id": "region_536", "name": "private_0x000000007efde000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130567168, "timestamp": "00:00:17.348", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000537-addr_0x000000007efdf000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_106", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2130571264, "type": "region", "version": 1 }, "end_va": 2130575359, "entry_point": 0, "filename": null, "id": "region_537", "name": "private_0x000000007efdf000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130571264, "timestamp": "00:00:17.349", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16777216, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_538", "name": "private_0x000000007efe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130575360, "timestamp": "00:00:17.350", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000539-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable" ], "ref_process_dump": { "ref_id": "proc_dump_107", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_539", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:00:17.351", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "ignored_region" ], "info": "No dump was created because this is an ignored region", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8793945538560, "start_va": 2147418112, "type": "region", "version": 1 }, "end_va": 8796092956671, "entry_point": 0, "filename": null, "id": "region_540", "name": "private_0x000000007fff0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147418112, "timestamp": "00:00:17.351", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000541-addr_0x0000000000100000-size_0x0000000000080000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_108", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 524288, "start_va": 1048576, "type": "region", "version": 1 }, "end_va": 1572863, "entry_point": 0, "filename": null, "id": "region_541", "name": "private_0x0000000000100000", "norm_filename": null, "region_type": "private_memory", "start_va": 1048576, "timestamp": "00:00:17.363", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1951006720, "type": "region", "version": 1 }, "end_va": 1951039487, "entry_point": 1951015160, "filename": "\\Windows\\System32\\wow64cpu.dll", "id": "region_542", "name": "wow64cpu.dll", "norm_filename": "c:\\windows\\system32\\wow64cpu.dll", "region_type": "memory_mapped_file", "start_va": 1951006720, "timestamp": "00:00:17.363", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 376832, "start_va": 1951072256, "type": "region", "version": 1 }, "end_va": 1951449087, "entry_point": 1951332248, "filename": "\\Windows\\System32\\wow64win.dll", "id": "region_543", "name": "wow64win.dll", "norm_filename": "c:\\windows\\system32\\wow64win.dll", "region_type": "memory_mapped_file", "start_va": 1951072256, "timestamp": "00:00:17.369", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 258048, "start_va": 1951465472, "type": "region", "version": 1 }, "end_va": 1951723519, "entry_point": 1951653496, "filename": "\\Windows\\System32\\wow64.dll", "id": "region_544", "name": "wow64.dll", "norm_filename": "c:\\windows\\system32\\wow64.dll", "region_type": "memory_mapped_file", "start_va": 1951465472, "timestamp": "00:00:17.370", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_545", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:00:17.480", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_546", "name": "pagefile_0x0000000000020000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 131072, "timestamp": "00:00:17.480", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 1572864, "type": "region", "version": 1 }, "end_va": 1994751, "entry_point": 1572864, "filename": "\\Windows\\System32\\locale.nls", "id": "region_547", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 1572864, "timestamp": "00:00:17.481", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000548-addr_0x0000000000380000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_109", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 3670016, "type": "region", "version": 1 }, "end_va": 4718591, "entry_point": 0, "filename": null, "id": "region_548", "name": "private_0x0000000000380000", "norm_filename": null, "region_type": "private_memory", "start_va": 3670016, "timestamp": "00:00:17.481", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000549-addr_0x0000000000640000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_110", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 6553600, "type": "region", "version": 1 }, "end_va": 6619135, "entry_point": 0, "filename": null, "id": "region_549", "name": "private_0x0000000000640000", "norm_filename": null, "region_type": "private_memory", "start_va": 6553600, "timestamp": "00:00:17.482", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 28672, "start_va": 1954611200, "type": "region", "version": 1 }, "end_va": 1954639871, "entry_point": 1954615856, "filename": "\\Windows\\SysWOW64\\winbrand.dll", "id": "region_550", "name": "winbrand.dll", "norm_filename": "c:\\windows\\syswow64\\winbrand.dll", "region_type": "memory_mapped_file", "start_va": 1954611200, "timestamp": "00:00:17.482", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1957429248, "type": "region", "version": 1 }, "end_va": 1957478399, "entry_point": 1957433569, "filename": "\\Windows\\SysWOW64\\cryptbase.dll", "id": "region_551", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\syswow64\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 1957429248, "timestamp": "00:00:17.482", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1957494784, "type": "region", "version": 1 }, "end_va": 1957887999, "entry_point": 1957602227, "filename": "\\Windows\\SysWOW64\\sspicli.dll", "id": "region_552", "name": "sspicli.dll", "norm_filename": "c:\\windows\\syswow64\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 1957494784, "timestamp": "00:00:17.482", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1048576, "start_va": 1959395328, "type": "region", "version": 1 }, "end_va": 1960443903, "entry_point": 1959507693, "filename": "\\Windows\\SysWOW64\\user32.dll", "id": "region_553", "name": "user32.dll", "norm_filename": "c:\\windows\\syswow64\\user32.dll", "region_type": "memory_mapped_file", "start_va": 1959395328, "timestamp": "00:00:17.483", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1960443904, "type": "region", "version": 1 }, "end_va": 1960484863, "entry_point": 1960457888, "filename": "\\Windows\\SysWOW64\\lpk.dll", "id": "region_554", "name": "lpk.dll", "norm_filename": "c:\\windows\\syswow64\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 1960443904, "timestamp": "00:00:17.483", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 1961361408, "type": "region", "version": 1 }, "end_va": 1961463807, "entry_point": 1961380213, "filename": "\\Windows\\SysWOW64\\sechost.dll", "id": "region_555", "name": "sechost.dll", "norm_filename": "c:\\windows\\syswow64\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 1961361408, "timestamp": "00:00:17.484", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 655360, "start_va": 1961492480, "type": "region", "version": 1 }, "end_va": 1962147839, "entry_point": 1961576933, "filename": "\\Windows\\SysWOW64\\advapi32.dll", "id": "region_556", "name": "advapi32.dll", "norm_filename": "c:\\windows\\syswow64\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 1961492480, "timestamp": "00:00:17.484", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 983040, "start_va": 1978531840, "type": "region", "version": 1 }, "end_va": 1979514879, "entry_point": 1978598761, "filename": "\\Windows\\SysWOW64\\rpcrt4.dll", "id": "region_557", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\syswow64\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 1978531840, "timestamp": "00:00:17.485", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 589824, "start_va": 1983840256, "type": "region", "version": 1 }, "end_va": 1984430079, "entry_point": 1983931203, "filename": "\\Windows\\SysWOW64\\gdi32.dll", "id": "region_558", "name": "gdi32.dll", "norm_filename": "c:\\windows\\syswow64\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 1983840256, "timestamp": "00:00:17.485", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 643072, "start_va": 1985019904, "type": "region", "version": 1 }, "end_va": 1985662975, "entry_point": 1985232855, "filename": "\\Windows\\SysWOW64\\usp10.dll", "id": "region_559", "name": "usp10.dll", "norm_filename": "c:\\windows\\syswow64\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 1985019904, "timestamp": "00:00:17.486", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 286720, "start_va": 1985675264, "type": "region", "version": 1 }, "end_va": 1985961983, "entry_point": 1985705080, "filename": "\\Windows\\SysWOW64\\KernelBase.dll", "id": "region_560", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\syswow64\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 1985675264, "timestamp": "00:00:17.486", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1114112, "start_va": 1986002944, "type": "region", "version": 1 }, "end_va": 1987117055, "entry_point": 1986081491, "filename": "\\Windows\\SysWOW64\\kernel32.dll", "id": "region_561", "name": "kernel32.dll", "norm_filename": "c:\\windows\\syswow64\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1986002944, "timestamp": "00:00:17.486", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 704512, "start_va": 1990459392, "type": "region", "version": 1 }, "end_va": 1991163903, "entry_point": 1990501490, "filename": "\\Windows\\SysWOW64\\msvcrt.dll", "id": "region_562", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\syswow64\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 1990459392, "timestamp": "00:00:17.487", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000563-addr_0x0000000076b70000-size_0x00000000000fa000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_111", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1024000, "start_va": 1991704576, "type": "region", "version": 1 }, "end_va": 1992728575, "entry_point": 0, "filename": null, "id": "region_563", "name": "private_0x0000000076b70000", "norm_filename": null, "region_type": "private_memory", "start_va": 1991704576, "timestamp": "00:00:17.487", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000564-addr_0x0000000076c70000-size_0x000000000011f000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_112", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1175552, "start_va": 1992753152, "type": "region", "version": 1 }, "end_va": 1993928703, "entry_point": 0, "filename": null, "id": "region_564", "name": "private_0x0000000076c70000", "norm_filename": null, "region_type": "private_memory", "start_va": 1992753152, "timestamp": "00:00:17.488", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2131623935, "entry_point": 0, "filename": null, "id": "region_565", "name": "pagefile_0x000000007efe0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130575360, "timestamp": "00:00:17.488", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 15728640, "start_va": 2131623936, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_566", "name": "private_0x000000007f0e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2131623936, "timestamp": "00:00:17.488", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 4718592, "type": "region", "version": 1 }, "end_va": 6324223, "entry_point": 0, "filename": null, "id": "region_567", "name": "pagefile_0x0000000000480000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 4718592, "timestamp": "00:00:17.491", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1957888000, "type": "region", "version": 1 }, "end_va": 1958281215, "entry_point": 1957959055, "filename": "\\Windows\\SysWOW64\\imm32.dll", "id": "region_568", "name": "imm32.dll", "norm_filename": "c:\\windows\\syswow64\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 1957888000, "timestamp": "00:00:17.491", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 835584, "start_va": 1960509440, "type": "region", "version": 1 }, "end_va": 1961345023, "entry_point": 1960515211, "filename": "\\Windows\\SysWOW64\\msctf.dll", "id": "region_569", "name": "msctf.dll", "norm_filename": "c:\\windows\\syswow64\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 1960509440, "timestamp": "00:00:17.492", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 28672, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 225279, "entry_point": 0, "filename": null, "id": "region_570", "name": "pagefile_0x0000000000030000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 196608, "timestamp": "00:00:17.496", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 720896, "type": "region", "version": 1 }, "end_va": 729087, "entry_point": 0, "filename": null, "id": "region_571", "name": "pagefile_0x00000000000b0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 720896, "timestamp": "00:00:17.496", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000572-addr_0x00000000000c0000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_113", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 786432, "type": "region", "version": 1 }, "end_va": 790527, "entry_point": 0, "filename": null, "id": "region_572", "name": "private_0x00000000000c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 786432, "timestamp": "00:00:17.497", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000573-addr_0x00000000000d0000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_114", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 851968, "type": "region", "version": 1 }, "end_va": 856063, "entry_point": 0, "filename": null, "id": "region_573", "name": "private_0x00000000000d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 851968, "timestamp": "00:00:17.497", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 6619136, "type": "region", "version": 1 }, "end_va": 8196095, "entry_point": 0, "filename": null, "id": "region_574", "name": "pagefile_0x0000000000650000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 6619136, "timestamp": "00:00:17.497", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20971520, "start_va": 8257536, "type": "region", "version": 1 }, "end_va": 29229055, "entry_point": 0, "filename": null, "id": "region_575", "name": "pagefile_0x00000000007e0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 8257536, "timestamp": "00:00:17.497", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 3420160, "start_va": 29229056, "type": "region", "version": 1 }, "end_va": 32649215, "entry_point": 0, "filename": null, "id": "region_576", "name": "pagefile_0x0000000001be0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 29229056, "timestamp": "00:00:17.497", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2945024, "start_va": 32702464, "type": "region", "version": 1 }, "end_va": 35647487, "entry_point": 32702464, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_580", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 32702464, "timestamp": "00:00:17.533", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "/c schtasks /Create /SC once /TN drogon /RU SYSTEM /TR \"C:\\Windows\\system32\\shutdown.exe /r /t 0 /f\" /ST 02:34:00", "filename": "c:\\windows\\syswow64\\cmd.exe", "id": "proc_6", "image_name": "cmd.exe", "monitor_reason": "child_process", "monitored_id": 6, "origin_monitor_id": 2, "ref_parent_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "process_00000006-region_00000581-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_115", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 131072, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_581", "name": "private_0x0000000000010000", "norm_filename": null, "region_type": "private_memory", "start_va": 65536, "timestamp": "00:00:17.538", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00000582-addr_0x0000000000030000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_116", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 204799, "entry_point": 0, "filename": null, "id": "region_582", "name": "private_0x0000000000030000", "norm_filename": null, "region_type": "private_memory", "start_va": 196608, "timestamp": "00:00:17.538", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 266239, "entry_point": 262144, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_583", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 262144, "timestamp": "00:00:17.538", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 327680, "type": "region", "version": 1 }, "end_va": 344063, "entry_point": 0, "filename": null, "id": "region_584", "name": "pagefile_0x0000000000050000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 327680, "timestamp": "00:00:17.541", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 393216, "type": "region", "version": 1 }, "end_va": 397311, "entry_point": 0, "filename": null, "id": "region_585", "name": "pagefile_0x0000000000060000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 393216, "timestamp": "00:00:17.541", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00000586-addr_0x00000000001d0000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_117", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 1900544, "type": "region", "version": 1 }, "end_va": 2162687, "entry_point": 0, "filename": null, "id": "region_586", "name": "private_0x00000000001d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1900544, "timestamp": "00:00:17.541", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00000587-addr_0x0000000000300000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_118", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 3145728, "type": "region", "version": 1 }, "end_va": 4194303, "entry_point": 0, "filename": null, "id": "region_587", "name": "private_0x0000000000300000", "norm_filename": null, "region_type": "private_memory", "start_va": 3145728, "timestamp": "00:00:17.541", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 311296, "start_va": 1247346688, "type": "region", "version": 1 }, "end_va": 1247657983, "entry_point": 1247380122, "filename": "\\Windows\\SysWOW64\\cmd.exe", "id": "region_588", "name": "cmd.exe", "norm_filename": "c:\\windows\\syswow64\\cmd.exe", "region_type": "memory_mapped_file", "start_va": 1247346688, "timestamp": "00:00:17.541", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 1993932800, "type": "region", "version": 1 }, "end_va": 1995673599, "entry_point": 1993932800, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_589", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 1993932800, "timestamp": "00:00:17.542", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1572864, "start_va": 1995898880, "type": "region", "version": 1 }, "end_va": 1997471743, "entry_point": 1995898880, "filename": "\\Windows\\SysWOW64\\ntdll.dll", "id": "region_590", "name": "ntdll.dll", "norm_filename": "c:\\windows\\syswow64\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 1995898880, "timestamp": "00:00:17.542", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 2130378752, "type": "region", "version": 1 }, "end_va": 2130522111, "entry_point": 0, "filename": null, "id": "region_591", "name": "pagefile_0x000000007efb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130378752, "timestamp": "00:00:17.542", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00000592-addr_0x000000007efdb000-size_0x0000000000003000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_119", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 12288, "start_va": 2130554880, "type": "region", "version": 1 }, "end_va": 2130567167, "entry_point": 0, "filename": null, "id": "region_592", "name": "private_0x000000007efdb000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130554880, "timestamp": "00:00:17.543", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00000593-addr_0x000000007efde000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_120", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2130567168, "type": "region", "version": 1 }, "end_va": 2130571263, "entry_point": 0, "filename": null, "id": "region_593", "name": "private_0x000000007efde000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130567168, "timestamp": "00:00:17.543", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00000594-addr_0x000000007efdf000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_121", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2130571264, "type": "region", "version": 1 }, "end_va": 2130575359, "entry_point": 0, "filename": null, "id": "region_594", "name": "private_0x000000007efdf000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130571264, "timestamp": "00:00:17.543", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16777216, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_595", "name": "private_0x000000007efe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130575360, "timestamp": "00:00:17.544", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00000596-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable" ], "ref_process_dump": { "ref_id": "proc_dump_122", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_596", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:00:17.544", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "ignored_region" ], "info": "No dump was created because this is an ignored region", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8793945538560, "start_va": 2147418112, "type": "region", "version": 1 }, "end_va": 8796092956671, "entry_point": 0, "filename": null, "id": "region_597", "name": "private_0x000000007fff0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147418112, "timestamp": "00:00:17.544", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00000598-addr_0x00000000000b0000-size_0x0000000000080000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_123", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 524288, "start_va": 720896, "type": "region", "version": 1 }, "end_va": 1245183, "entry_point": 0, "filename": null, "id": "region_598", "name": "private_0x00000000000b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 720896, "timestamp": "00:00:17.547", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1951006720, "type": "region", "version": 1 }, "end_va": 1951039487, "entry_point": 1951015160, "filename": "\\Windows\\System32\\wow64cpu.dll", "id": "region_599", "name": "wow64cpu.dll", "norm_filename": "c:\\windows\\system32\\wow64cpu.dll", "region_type": "memory_mapped_file", "start_va": 1951006720, "timestamp": "00:00:17.548", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 376832, "start_va": 1951072256, "type": "region", "version": 1 }, "end_va": 1951449087, "entry_point": 1951332248, "filename": "\\Windows\\System32\\wow64win.dll", "id": "region_600", "name": "wow64win.dll", "norm_filename": "c:\\windows\\system32\\wow64win.dll", "region_type": "memory_mapped_file", "start_va": 1951072256, "timestamp": "00:00:17.548", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 258048, "start_va": 1951465472, "type": "region", "version": 1 }, "end_va": 1951723519, "entry_point": 1951653496, "filename": "\\Windows\\System32\\wow64.dll", "id": "region_601", "name": "wow64.dll", "norm_filename": "c:\\windows\\system32\\wow64.dll", "region_type": "memory_mapped_file", "start_va": 1951465472, "timestamp": "00:00:17.548", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_691", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:00:17.922", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_692", "name": "pagefile_0x0000000000020000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 131072, "timestamp": "00:00:17.922", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 1245184, "type": "region", "version": 1 }, "end_va": 1667071, "entry_point": 1245184, "filename": "\\Windows\\System32\\locale.nls", "id": "region_693", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 1245184, "timestamp": "00:00:17.922", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00000694-addr_0x00000000002f0000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_153", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 3080192, "type": "region", "version": 1 }, "end_va": 3145727, "entry_point": 0, "filename": null, "id": "region_694", "name": "private_0x00000000002f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 3080192, "timestamp": "00:00:17.923", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00000695-addr_0x0000000000440000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_154", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 4456448, "type": "region", "version": 1 }, "end_va": 5505023, "entry_point": 0, "filename": null, "id": "region_695", "name": "private_0x0000000000440000", "norm_filename": null, "region_type": "private_memory", "start_va": 4456448, "timestamp": "00:00:17.923", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 28672, "start_va": 1954611200, "type": "region", "version": 1 }, "end_va": 1954639871, "entry_point": 1954615856, "filename": "\\Windows\\SysWOW64\\winbrand.dll", "id": "region_696", "name": "winbrand.dll", "norm_filename": "c:\\windows\\syswow64\\winbrand.dll", "region_type": "memory_mapped_file", "start_va": 1954611200, "timestamp": "00:00:17.923", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1957429248, "type": "region", "version": 1 }, "end_va": 1957478399, "entry_point": 1957433569, "filename": "\\Windows\\SysWOW64\\cryptbase.dll", "id": "region_697", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\syswow64\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 1957429248, "timestamp": "00:00:17.923", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1957494784, "type": "region", "version": 1 }, "end_va": 1957887999, "entry_point": 1957602227, "filename": "\\Windows\\SysWOW64\\sspicli.dll", "id": "region_698", "name": "sspicli.dll", "norm_filename": "c:\\windows\\syswow64\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 1957494784, "timestamp": "00:00:17.924", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1048576, "start_va": 1959395328, "type": "region", "version": 1 }, "end_va": 1960443903, "entry_point": 1959507693, "filename": "\\Windows\\SysWOW64\\user32.dll", "id": "region_699", "name": "user32.dll", "norm_filename": "c:\\windows\\syswow64\\user32.dll", "region_type": "memory_mapped_file", "start_va": 1959395328, "timestamp": "00:00:17.924", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1960443904, "type": "region", "version": 1 }, "end_va": 1960484863, "entry_point": 1960457888, "filename": "\\Windows\\SysWOW64\\lpk.dll", "id": "region_700", "name": "lpk.dll", "norm_filename": "c:\\windows\\syswow64\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 1960443904, "timestamp": "00:00:17.925", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 1961361408, "type": "region", "version": 1 }, "end_va": 1961463807, "entry_point": 1961380213, "filename": "\\Windows\\SysWOW64\\sechost.dll", "id": "region_701", "name": "sechost.dll", "norm_filename": "c:\\windows\\syswow64\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 1961361408, "timestamp": "00:00:17.925", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 655360, "start_va": 1961492480, "type": "region", "version": 1 }, "end_va": 1962147839, "entry_point": 1961576933, "filename": "\\Windows\\SysWOW64\\advapi32.dll", "id": "region_702", "name": "advapi32.dll", "norm_filename": "c:\\windows\\syswow64\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 1961492480, "timestamp": "00:00:17.926", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 983040, "start_va": 1978531840, "type": "region", "version": 1 }, "end_va": 1979514879, "entry_point": 1978598761, "filename": "\\Windows\\SysWOW64\\rpcrt4.dll", "id": "region_703", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\syswow64\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 1978531840, "timestamp": "00:00:17.926", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 589824, "start_va": 1983840256, "type": "region", "version": 1 }, "end_va": 1984430079, "entry_point": 1983931203, "filename": "\\Windows\\SysWOW64\\gdi32.dll", "id": "region_704", "name": "gdi32.dll", "norm_filename": "c:\\windows\\syswow64\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 1983840256, "timestamp": "00:00:17.927", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 643072, "start_va": 1985019904, "type": "region", "version": 1 }, "end_va": 1985662975, "entry_point": 1985232855, "filename": "\\Windows\\SysWOW64\\usp10.dll", "id": "region_705", "name": "usp10.dll", "norm_filename": "c:\\windows\\syswow64\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 1985019904, "timestamp": "00:00:17.927", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 286720, "start_va": 1985675264, "type": "region", "version": 1 }, "end_va": 1985961983, "entry_point": 1985705080, "filename": "\\Windows\\SysWOW64\\KernelBase.dll", "id": "region_706", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\syswow64\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 1985675264, "timestamp": "00:00:17.927", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1114112, "start_va": 1986002944, "type": "region", "version": 1 }, "end_va": 1987117055, "entry_point": 1986081491, "filename": "\\Windows\\SysWOW64\\kernel32.dll", "id": "region_707", "name": "kernel32.dll", "norm_filename": "c:\\windows\\syswow64\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1986002944, "timestamp": "00:00:17.928", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 704512, "start_va": 1990459392, "type": "region", "version": 1 }, "end_va": 1991163903, "entry_point": 1990501490, "filename": "\\Windows\\SysWOW64\\msvcrt.dll", "id": "region_708", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\syswow64\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 1990459392, "timestamp": "00:00:17.928", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00000709-addr_0x0000000076b70000-size_0x00000000000fa000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_155", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1024000, "start_va": 1991704576, "type": "region", "version": 1 }, "end_va": 1992728575, "entry_point": 0, "filename": null, "id": "region_709", "name": "private_0x0000000076b70000", "norm_filename": null, "region_type": "private_memory", "start_va": 1991704576, "timestamp": "00:00:17.929", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00000710-addr_0x0000000076c70000-size_0x000000000011f000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_156", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1175552, "start_va": 1992753152, "type": "region", "version": 1 }, "end_va": 1993928703, "entry_point": 0, "filename": null, "id": "region_710", "name": "private_0x0000000076c70000", "norm_filename": null, "region_type": "private_memory", "start_va": 1992753152, "timestamp": "00:00:17.929", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2131623935, "entry_point": 0, "filename": null, "id": "region_711", "name": "pagefile_0x000000007efe0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130575360, "timestamp": "00:00:17.929", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 15728640, "start_va": 2131623936, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_712", "name": "private_0x000000007f0e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2131623936, "timestamp": "00:00:17.930", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 5505024, "type": "region", "version": 1 }, "end_va": 7110655, "entry_point": 0, "filename": null, "id": "region_713", "name": "pagefile_0x0000000000540000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 5505024, "timestamp": "00:00:17.933", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1957888000, "type": "region", "version": 1 }, "end_va": 1958281215, "entry_point": 1957959055, "filename": "\\Windows\\SysWOW64\\imm32.dll", "id": "region_714", "name": "imm32.dll", "norm_filename": "c:\\windows\\syswow64\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 1957888000, "timestamp": "00:00:17.933", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 835584, "start_va": 1960509440, "type": "region", "version": 1 }, "end_va": 1961345023, "entry_point": 1960515211, "filename": "\\Windows\\SysWOW64\\msctf.dll", "id": "region_715", "name": "msctf.dll", "norm_filename": "c:\\windows\\syswow64\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 1960509440, "timestamp": "00:00:17.934", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 28672, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 225279, "entry_point": 0, "filename": null, "id": "region_716", "name": "pagefile_0x0000000000030000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 196608, "timestamp": "00:00:17.938", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 458752, "type": "region", "version": 1 }, "end_va": 466943, "entry_point": 0, "filename": null, "id": "region_717", "name": "pagefile_0x0000000000070000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 458752, "timestamp": "00:00:17.938", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00000718-addr_0x0000000000080000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_157", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 524288, "type": "region", "version": 1 }, "end_va": 528383, "entry_point": 0, "filename": null, "id": "region_718", "name": "private_0x0000000000080000", "norm_filename": null, "region_type": "private_memory", "start_va": 524288, "timestamp": "00:00:17.939", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00000719-addr_0x0000000000090000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_158", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 589824, "type": "region", "version": 1 }, "end_va": 593919, "entry_point": 0, "filename": null, "id": "region_719", "name": "private_0x0000000000090000", "norm_filename": null, "region_type": "private_memory", "start_va": 589824, "timestamp": "00:00:17.939", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 7143424, "type": "region", "version": 1 }, "end_va": 8720383, "entry_point": 0, "filename": null, "id": "region_720", "name": "pagefile_0x00000000006d0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 7143424, "timestamp": "00:00:17.939", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20971520, "start_va": 8781824, "type": "region", "version": 1 }, "end_va": 29753343, "entry_point": 0, "filename": null, "id": "region_721", "name": "pagefile_0x0000000000860000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 8781824, "timestamp": "00:00:17.939", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 3420160, "start_va": 29753344, "type": "region", "version": 1 }, "end_va": 33173503, "entry_point": 0, "filename": null, "id": "region_722", "name": "pagefile_0x0000000001c60000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 29753344, "timestamp": "00:00:17.939", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2945024, "start_va": 33226752, "type": "region", "version": 1 }, "end_va": 36171775, "entry_point": 33226752, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_725", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 33226752, "timestamp": "00:00:17.970", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "schtasks /Create /RU SYSTEM /SC ONSTART /TN rhaegal /TR \"C:\\Windows\\system32\\cmd.exe /C Start \\\"\\\" \\\"C:\\Windows\\dispci.exe\\\" -id 1550063777 && exit\"", "filename": "c:\\windows\\syswow64\\schtasks.exe", "id": "proc_7", "image_name": "schtasks.exe", "monitor_reason": "child_process", "monitored_id": 7, "origin_monitor_id": 5, "ref_parent_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "process_00000007-region_00000611-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_124", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 131072, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_611", "name": "private_0x0000000000010000", "norm_filename": null, "region_type": "private_memory", "start_va": 65536, "timestamp": "00:00:17.563", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00000612-addr_0x0000000000030000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_125", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 204799, "entry_point": 0, "filename": null, "id": "region_612", "name": "private_0x0000000000030000", "norm_filename": null, "region_type": "private_memory", "start_va": 196608, "timestamp": "00:00:17.563", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 266239, "entry_point": 262144, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_613", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 262144, "timestamp": "00:00:17.563", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 327680, "type": "region", "version": 1 }, "end_va": 344063, "entry_point": 0, "filename": null, "id": "region_614", "name": "pagefile_0x0000000000050000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 327680, "timestamp": "00:00:17.565", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 393216, "type": "region", "version": 1 }, "end_va": 397311, "entry_point": 0, "filename": null, "id": "region_615", "name": "pagefile_0x0000000000060000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 393216, "timestamp": "00:00:17.565", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00000616-addr_0x0000000000070000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_126", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 458752, "type": "region", "version": 1 }, "end_va": 720895, "entry_point": 0, "filename": null, "id": "region_616", "name": "private_0x0000000000070000", "norm_filename": null, "region_type": "private_memory", "start_va": 458752, "timestamp": "00:00:17.565", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00000617-addr_0x0000000000130000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_127", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 1245184, "type": "region", "version": 1 }, "end_va": 1507327, "entry_point": 0, "filename": null, "id": "region_617", "name": "private_0x0000000000130000", "norm_filename": null, "region_type": "private_memory", "start_va": 1245184, "timestamp": "00:00:17.566", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 188416, "start_va": 4521984, "type": "region", "version": 1 }, "end_va": 4710399, "entry_point": 4617859, "filename": "\\Windows\\SysWOW64\\schtasks.exe", "id": "region_618", "name": "schtasks.exe", "norm_filename": "c:\\windows\\syswow64\\schtasks.exe", "region_type": "memory_mapped_file", "start_va": 4521984, "timestamp": "00:00:17.566", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 1993932800, "type": "region", "version": 1 }, "end_va": 1995673599, "entry_point": 1993932800, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_619", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 1993932800, "timestamp": "00:00:17.566", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1572864, "start_va": 1995898880, "type": "region", "version": 1 }, "end_va": 1997471743, "entry_point": 1995898880, "filename": "\\Windows\\SysWOW64\\ntdll.dll", "id": "region_620", "name": "ntdll.dll", "norm_filename": "c:\\windows\\syswow64\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 1995898880, "timestamp": "00:00:17.567", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 2130378752, "type": "region", "version": 1 }, "end_va": 2130522111, "entry_point": 0, "filename": null, "id": "region_621", "name": "pagefile_0x000000007efb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130378752, "timestamp": "00:00:17.567", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00000622-addr_0x000000007efdb000-size_0x0000000000003000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_128", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 12288, "start_va": 2130554880, "type": "region", "version": 1 }, "end_va": 2130567167, "entry_point": 0, "filename": null, "id": "region_622", "name": "private_0x000000007efdb000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130554880, "timestamp": "00:00:17.567", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00000623-addr_0x000000007efde000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_129", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2130567168, "type": "region", "version": 1 }, "end_va": 2130571263, "entry_point": 0, "filename": null, "id": "region_623", "name": "private_0x000000007efde000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130567168, "timestamp": "00:00:17.567", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00000624-addr_0x000000007efdf000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_130", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2130571264, "type": "region", "version": 1 }, "end_va": 2130575359, "entry_point": 0, "filename": null, "id": "region_624", "name": "private_0x000000007efdf000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130571264, "timestamp": "00:00:17.568", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16777216, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_625", "name": "private_0x000000007efe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130575360, "timestamp": "00:00:17.568", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00000626-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable" ], "ref_process_dump": { "ref_id": "proc_dump_131", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_626", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:00:17.568", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "ignored_region" ], "info": "No dump was created because this is an ignored region", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8793945538560, "start_va": 2147418112, "type": "region", "version": 1 }, "end_va": 8796092956671, "entry_point": 0, "filename": null, "id": "region_627", "name": "private_0x000000007fff0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147418112, "timestamp": "00:00:17.568", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00000628-addr_0x0000000000290000-size_0x0000000000080000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_132", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 524288, "start_va": 2686976, "type": "region", "version": 1 }, "end_va": 3211263, "entry_point": 0, "filename": null, "id": "region_628", "name": "private_0x0000000000290000", "norm_filename": null, "region_type": "private_memory", "start_va": 2686976, "timestamp": "00:00:17.579", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1951006720, "type": "region", "version": 1 }, "end_va": 1951039487, "entry_point": 1951015160, "filename": "\\Windows\\System32\\wow64cpu.dll", "id": "region_629", "name": "wow64cpu.dll", "norm_filename": "c:\\windows\\system32\\wow64cpu.dll", "region_type": "memory_mapped_file", "start_va": 1951006720, "timestamp": "00:00:17.579", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 376832, "start_va": 1951072256, "type": "region", "version": 1 }, "end_va": 1951449087, "entry_point": 1951332248, "filename": "\\Windows\\System32\\wow64win.dll", "id": "region_630", "name": "wow64win.dll", "norm_filename": "c:\\windows\\system32\\wow64win.dll", "region_type": "memory_mapped_file", "start_va": 1951072256, "timestamp": "00:00:17.579", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 258048, "start_va": 1951465472, "type": "region", "version": 1 }, "end_va": 1951723519, "entry_point": 1951653496, "filename": "\\Windows\\System32\\wow64.dll", "id": "region_631", "name": "wow64.dll", "norm_filename": "c:\\windows\\system32\\wow64.dll", "region_type": "memory_mapped_file", "start_va": 1951465472, "timestamp": "00:00:17.580", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_632", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:00:17.597", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_633", "name": "pagefile_0x0000000000020000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 131072, "timestamp": "00:00:17.597", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 720896, "type": "region", "version": 1 }, "end_va": 1142783, "entry_point": 720896, "filename": "\\Windows\\System32\\locale.nls", "id": "region_634", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 720896, "timestamp": "00:00:17.597", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00000635-addr_0x00000000001c0000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_133", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 1835008, "type": "region", "version": 1 }, "end_va": 1900543, "entry_point": 0, "filename": null, "id": "region_635", "name": "private_0x00000000001c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1835008, "timestamp": "00:00:17.598", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00000636-addr_0x00000000005a0000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_134", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 5898240, "type": "region", "version": 1 }, "end_va": 6946815, "entry_point": 0, "filename": null, "id": "region_636", "name": "private_0x00000000005a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 5898240, "timestamp": "00:00:17.598", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 36864, "start_va": 1954676736, "type": "region", "version": 1 }, "end_va": 1954713599, "entry_point": 1954682928, "filename": "\\Windows\\SysWOW64\\ktmw32.dll", "id": "region_637", "name": "ktmw32.dll", "norm_filename": "c:\\windows\\syswow64\\ktmw32.dll", "region_type": "memory_mapped_file", "start_va": 1954676736, "timestamp": "00:00:17.598", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1957429248, "type": "region", "version": 1 }, "end_va": 1957478399, "entry_point": 1957433569, "filename": "\\Windows\\SysWOW64\\cryptbase.dll", "id": "region_638", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\syswow64\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 1957429248, "timestamp": "00:00:17.599", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1957494784, "type": "region", "version": 1 }, "end_va": 1957887999, "entry_point": 1957602227, "filename": "\\Windows\\SysWOW64\\sspicli.dll", "id": "region_639", "name": "sspicli.dll", "norm_filename": "c:\\windows\\syswow64\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 1957494784, "timestamp": "00:00:17.599", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1048576, "start_va": 1959395328, "type": "region", "version": 1 }, "end_va": 1960443903, "entry_point": 1959507693, "filename": "\\Windows\\SysWOW64\\user32.dll", "id": "region_640", "name": "user32.dll", "norm_filename": "c:\\windows\\syswow64\\user32.dll", "region_type": "memory_mapped_file", "start_va": 1959395328, "timestamp": "00:00:17.599", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1960443904, "type": "region", "version": 1 }, "end_va": 1960484863, "entry_point": 1960457888, "filename": "\\Windows\\SysWOW64\\lpk.dll", "id": "region_641", "name": "lpk.dll", "norm_filename": "c:\\windows\\syswow64\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 1960443904, "timestamp": "00:00:17.600", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 1961361408, "type": "region", "version": 1 }, "end_va": 1961463807, "entry_point": 1961380213, "filename": "\\Windows\\SysWOW64\\sechost.dll", "id": "region_642", "name": "sechost.dll", "norm_filename": "c:\\windows\\syswow64\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 1961361408, "timestamp": "00:00:17.600", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 655360, "start_va": 1961492480, "type": "region", "version": 1 }, "end_va": 1962147839, "entry_point": 1961576933, "filename": "\\Windows\\SysWOW64\\advapi32.dll", "id": "region_643", "name": "advapi32.dll", "norm_filename": "c:\\windows\\syswow64\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 1961492480, "timestamp": "00:00:17.601", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 983040, "start_va": 1978531840, "type": "region", "version": 1 }, "end_va": 1979514879, "entry_point": 1978598761, "filename": "\\Windows\\SysWOW64\\rpcrt4.dll", "id": "region_644", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\syswow64\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 1978531840, "timestamp": "00:00:17.601", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 585728, "start_va": 1979580416, "type": "region", "version": 1 }, "end_va": 1980166143, "entry_point": 1979596721, "filename": "\\Windows\\SysWOW64\\oleaut32.dll", "id": "region_645", "name": "oleaut32.dll", "norm_filename": "c:\\windows\\syswow64\\oleaut32.dll", "region_type": "memory_mapped_file", "start_va": 1979580416, "timestamp": "00:00:17.602", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 356352, "start_va": 1980170240, "type": "region", "version": 1 }, "end_va": 1980526591, "entry_point": 1980275622, "filename": "\\Windows\\SysWOW64\\shlwapi.dll", "id": "region_646", "name": "shlwapi.dll", "norm_filename": "c:\\windows\\syswow64\\shlwapi.dll", "region_type": "memory_mapped_file", "start_va": 1980170240, "timestamp": "00:00:17.602", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 589824, "start_va": 1983840256, "type": "region", "version": 1 }, "end_va": 1984430079, "entry_point": 1983931203, "filename": "\\Windows\\SysWOW64\\gdi32.dll", "id": "region_647", "name": "gdi32.dll", "norm_filename": "c:\\windows\\syswow64\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 1983840256, "timestamp": "00:00:17.602", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 643072, "start_va": 1985019904, "type": "region", "version": 1 }, "end_va": 1985662975, "entry_point": 1985232855, "filename": "\\Windows\\SysWOW64\\usp10.dll", "id": "region_648", "name": "usp10.dll", "norm_filename": "c:\\windows\\syswow64\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 1985019904, "timestamp": "00:00:17.603", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 286720, "start_va": 1985675264, "type": "region", "version": 1 }, "end_va": 1985961983, "entry_point": 1985705080, "filename": "\\Windows\\SysWOW64\\KernelBase.dll", "id": "region_649", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\syswow64\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 1985675264, "timestamp": "00:00:17.603", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1114112, "start_va": 1986002944, "type": "region", "version": 1 }, "end_va": 1987117055, "entry_point": 1986081491, "filename": "\\Windows\\SysWOW64\\kernel32.dll", "id": "region_650", "name": "kernel32.dll", "norm_filename": "c:\\windows\\syswow64\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1986002944, "timestamp": "00:00:17.604", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1425408, "start_va": 1987117056, "type": "region", "version": 1 }, "end_va": 1988542463, "entry_point": 1987426877, "filename": "\\Windows\\SysWOW64\\ole32.dll", "id": "region_651", "name": "ole32.dll", "norm_filename": "c:\\windows\\syswow64\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 1987117056, "timestamp": "00:00:17.604", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 704512, "start_va": 1990459392, "type": "region", "version": 1 }, "end_va": 1991163903, "entry_point": 1990501490, "filename": "\\Windows\\SysWOW64\\msvcrt.dll", "id": "region_652", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\syswow64\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 1990459392, "timestamp": "00:00:17.605", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00000653-addr_0x0000000076b70000-size_0x00000000000fa000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_135", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1024000, "start_va": 1991704576, "type": "region", "version": 1 }, "end_va": 1992728575, "entry_point": 0, "filename": null, "id": "region_653", "name": "private_0x0000000076b70000", "norm_filename": null, "region_type": "private_memory", "start_va": 1991704576, "timestamp": "00:00:17.605", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00000654-addr_0x0000000076c70000-size_0x000000000011f000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_136", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1175552, "start_va": 1992753152, "type": "region", "version": 1 }, "end_va": 1993928703, "entry_point": 0, "filename": null, "id": "region_654", "name": "private_0x0000000076c70000", "norm_filename": null, "region_type": "private_memory", "start_va": 1992753152, "timestamp": "00:00:17.606", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2131623935, "entry_point": 0, "filename": null, "id": "region_655", "name": "pagefile_0x000000007efe0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130575360, "timestamp": "00:00:17.606", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 15728640, "start_va": 2131623936, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_656", "name": "private_0x000000007f0e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2131623936, "timestamp": "00:00:17.606", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 6946816, "type": "region", "version": 1 }, "end_va": 8552447, "entry_point": 0, "filename": null, "id": "region_679", "name": "pagefile_0x00000000006a0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 6946816, "timestamp": "00:00:17.851", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1957888000, "type": "region", "version": 1 }, "end_va": 1958281215, "entry_point": 1957959055, "filename": "\\Windows\\SysWOW64\\imm32.dll", "id": "region_680", "name": "imm32.dll", "norm_filename": "c:\\windows\\syswow64\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 1957888000, "timestamp": "00:00:17.851", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 835584, "start_va": 1960509440, "type": "region", "version": 1 }, "end_va": 1961345023, "entry_point": 1960515211, "filename": "\\Windows\\SysWOW64\\msctf.dll", "id": "region_681", "name": "msctf.dll", "norm_filename": "c:\\windows\\syswow64\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 1960509440, "timestamp": "00:00:17.852", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 28672, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 225279, "entry_point": 0, "filename": null, "id": "region_682", "name": "pagefile_0x0000000000030000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 196608, "timestamp": "00:00:17.861", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 1179648, "type": "region", "version": 1 }, "end_va": 1187839, "entry_point": 0, "filename": null, "id": "region_683", "name": "pagefile_0x0000000000120000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1179648, "timestamp": "00:00:17.861", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 73728, "start_va": 1507328, "type": "region", "version": 1 }, "end_va": 1581055, "entry_point": 1507328, "filename": "\\Windows\\SysWOW64\\en-US\\schtasks.exe.mui", "id": "region_684", "name": "schtasks.exe.mui", "norm_filename": "c:\\windows\\syswow64\\en-us\\schtasks.exe.mui", "region_type": "memory_mapped_file", "start_va": 1507328, "timestamp": "00:00:17.861", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00000685-addr_0x0000000000190000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_151", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 1638400, "type": "region", "version": 1 }, "end_va": 1642495, "entry_point": 0, "filename": null, "id": "region_685", "name": "private_0x0000000000190000", "norm_filename": null, "region_type": "private_memory", "start_va": 1638400, "timestamp": "00:00:17.862", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00000686-addr_0x00000000001a0000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_152", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 1703936, "type": "region", "version": 1 }, "end_va": 1708031, "entry_point": 0, "filename": null, "id": "region_686", "name": "private_0x00000000001a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1703936, "timestamp": "00:00:17.863", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 8585216, "type": "region", "version": 1 }, "end_va": 10162175, "entry_point": 0, "filename": null, "id": "region_687", "name": "pagefile_0x0000000000830000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 8585216, "timestamp": "00:00:17.863", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20971520, "start_va": 10223616, "type": "region", "version": 1 }, "end_va": 31195135, "entry_point": 0, "filename": null, "id": "region_688", "name": "pagefile_0x00000000009c0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 10223616, "timestamp": "00:00:17.863", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 36864, "start_va": 1954480128, "type": "region", "version": 1 }, "end_va": 1954516991, "entry_point": 1954484768, "filename": "\\Windows\\SysWOW64\\version.dll", "id": "region_689", "name": "version.dll", "norm_filename": "c:\\windows\\syswow64\\version.dll", "region_type": "memory_mapped_file", "start_va": 1954480128, "timestamp": "00:00:17.867", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2945024, "start_va": 31195136, "type": "region", "version": 1 }, "end_va": 34140159, "entry_point": 31195136, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_690", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 31195136, "timestamp": "00:00:17.869", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 524288, "start_va": 1950416896, "type": "region", "version": 1 }, "end_va": 1950941183, "entry_point": 1950496713, "filename": "\\Windows\\SysWOW64\\uxtheme.dll", "id": "region_723", "name": "uxtheme.dll", "norm_filename": "c:\\windows\\syswow64\\uxtheme.dll", "region_type": "memory_mapped_file", "start_va": 1950416896, "timestamp": "00:00:17.956", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00000724-addr_0x0000000002090000-size_0x00000000001d0000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_159", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1900544, "start_va": 34144256, "type": "region", "version": 1 }, "end_va": 36044799, "entry_point": 0, "filename": null, "id": "region_724", "name": "private_0x0000000002090000", "norm_filename": null, "region_type": "private_memory", "start_va": 34144256, "timestamp": "00:00:17.958", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 913408, "start_va": 3211264, "type": "region", "version": 1 }, "end_va": 4124671, "entry_point": 0, "filename": null, "id": "region_727", "name": "pagefile_0x0000000000310000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 3211264, "timestamp": "00:00:17.985", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00000814-addr_0x0000000000560000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_181", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 5636096, "type": "region", "version": 1 }, "end_va": 5898239, "entry_point": 0, "filename": null, "id": "region_814", "name": "private_0x0000000000560000", "norm_filename": null, "region_type": "private_memory", "start_va": 5636096, "timestamp": "00:00:18.510", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00000815-addr_0x00000000020e0000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_182", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 34471936, "type": "region", "version": 1 }, "end_va": 34734079, "entry_point": 0, "filename": null, "id": "region_815", "name": "private_0x00000000020e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 34471936, "timestamp": "00:00:18.511", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00000816-addr_0x0000000002220000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_183", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 35782656, "type": "region", "version": 1 }, "end_va": 36044799, "entry_point": 0, "filename": null, "id": "region_816", "name": "private_0x0000000002220000", "norm_filename": null, "region_type": "private_memory", "start_va": 35782656, "timestamp": "00:00:18.511", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00000817-addr_0x000000007efd8000-size_0x0000000000003000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_184", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 12288, "start_va": 2130542592, "type": "region", "version": 1 }, "end_va": 2130554879, "entry_point": 0, "filename": null, "id": "region_817", "name": "private_0x000000007efd8000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130542592, "timestamp": "00:00:18.511", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 1769472, "type": "region", "version": 1 }, "end_va": 1773567, "entry_point": 0, "filename": null, "id": "region_818", "name": "pagefile_0x00000000001b0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1769472, "timestamp": "00:00:18.513", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 536576, "start_va": 1981743104, "type": "region", "version": 1 }, "end_va": 1982279679, "entry_point": 1981752274, "filename": "\\Windows\\SysWOW64\\clbcatq.dll", "id": "region_819", "name": "clbcatq.dll", "norm_filename": "c:\\windows\\syswow64\\clbcatq.dll", "region_type": "memory_mapped_file", "start_va": 1981743104, "timestamp": "00:00:18.513", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 1900544, "type": "region", "version": 1 }, "end_va": 1904639, "entry_point": 0, "filename": null, "id": "region_820", "name": "pagefile_0x00000000001d0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1900544, "timestamp": "00:00:18.515", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 512000, "start_va": 1952841728, "type": "region", "version": 1 }, "end_va": 1953353727, "entry_point": 1952847466, "filename": "\\Windows\\SysWOW64\\taskschd.dll", "id": "region_821", "name": "taskschd.dll", "norm_filename": "c:\\windows\\syswow64\\taskschd.dll", "region_type": "memory_mapped_file", "start_va": 1952841728, "timestamp": "00:00:18.518", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 192512, "start_va": 1953693696, "type": "region", "version": 1 }, "end_va": 1953886207, "entry_point": 1953693696, "filename": "\\Windows\\SysWOW64\\xmllite.dll", "id": "region_824", "name": "xmllite.dll", "norm_filename": "c:\\windows\\syswow64\\xmllite.dll", "region_type": "memory_mapped_file", "start_va": 1953693696, "timestamp": "00:00:18.589", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "\"C:\\Windows\\41D0.tmp\" \\\\.\\pipe\\{2FDFCF81-BD74-41C3-9115-F628925CC568}", "filename": "c:\\windows\\41d0.tmp", "id": "proc_8", "image_name": "41d0.tmp", "monitor_reason": "child_process", "monitored_id": 8, "origin_monitor_id": 2, "ref_parent_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "process_00000008-region_00000664-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_143", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 131072, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_664", "name": "private_0x0000000000010000", "norm_filename": null, "region_type": "private_memory", "start_va": 65536, "timestamp": "00:00:17.635", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 212991, "entry_point": 0, "filename": null, "id": "region_665", "name": "pagefile_0x0000000000030000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 196608, "timestamp": "00:00:17.635", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00000666-addr_0x0000000000190000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_144", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 1638400, "type": "region", "version": 1 }, "end_va": 2686975, "entry_point": 0, "filename": null, "id": "region_666", "name": "private_0x0000000000190000", "norm_filename": null, "region_type": "private_memory", "start_va": 1638400, "timestamp": "00:00:17.635", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 1993932800, "type": "region", "version": 1 }, "end_va": 1995673599, "entry_point": 1993932800, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_667", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 1993932800, "timestamp": "00:00:17.635", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16777216, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_668", "name": "private_0x000000007efe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130575360, "timestamp": "00:00:17.636", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00000669-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable" ], "ref_process_dump": { "ref_id": "proc_dump_145", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_669", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:00:17.636", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00000670-addr_0x000000007fff2000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_146", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2147426304, "type": "region", "version": 1 }, "end_va": 2147430399, "entry_point": 0, "filename": null, "id": "region_670", "name": "private_0x000000007fff2000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147426304, "timestamp": "00:00:17.637", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00000671-addr_0x000000013f340000-size_0x0000000000013000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_147", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 77824, "start_va": 5355339776, "type": "region", "version": 1 }, "end_va": 5355417599, "entry_point": 5355339776, "filename": "\\Windows\\41D0.tmp", "id": "region_671", "name": "41d0.tmp", "norm_filename": "c:\\windows\\41d0.tmp", "region_type": "memory_mapped_file", "start_va": 5355339776, "timestamp": "00:00:17.637", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 8791781998592, "type": "region", "version": 1 }, "end_va": 8791782002687, "entry_point": 8791781998592, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_672", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 8791781998592, "timestamp": "00:00:17.637", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 8796092694528, "type": "region", "version": 1 }, "end_va": 8796092837887, "entry_point": 0, "filename": null, "id": "region_673", "name": "pagefile_0x000007fffffb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 8796092694528, "timestamp": "00:00:17.639", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00000674-addr_0x000007fffffdc000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_148", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 8796092874752, "type": "region", "version": 1 }, "end_va": 8796092882943, "entry_point": 0, "filename": null, "id": "region_674", "name": "private_0x000007fffffdc000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092874752, "timestamp": "00:00:17.640", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00000675-addr_0x000007fffffde000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_149", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 8796092882944, "type": "region", "version": 1 }, "end_va": 8796092887039, "entry_point": 0, "filename": null, "id": "region_675", "name": "private_0x000007fffffde000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092882944, "timestamp": "00:00:17.640", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00000676-addr_0x0000000000080000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_150", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 524288, "type": "region", "version": 1 }, "end_va": 1572863, "entry_point": 0, "filename": null, "id": "region_676", "name": "private_0x0000000000080000", "norm_filename": null, "region_type": "private_memory", "start_va": 524288, "timestamp": "00:00:17.644", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1175552, "start_va": 1992753152, "type": "region", "version": 1 }, "end_va": 1993928703, "entry_point": 1992753152, "filename": "\\Windows\\System32\\kernel32.dll", "id": "region_677", "name": "kernel32.dll", "norm_filename": "c:\\windows\\system32\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1992753152, "timestamp": "00:00:17.644", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 438272, "start_va": 8791747723264, "type": "region", "version": 1 }, "end_va": 8791748161535, "entry_point": 8791747723264, "filename": "\\Windows\\System32\\KernelBase.dll", "id": "region_678", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\system32\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 8791747723264, "timestamp": "00:00:17.804", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_728", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:00:17.997", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_729", "name": "pagefile_0x0000000000020000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 131072, "timestamp": "00:00:17.997", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 2686976, "type": "region", "version": 1 }, "end_va": 3108863, "entry_point": 2686976, "filename": "\\Windows\\System32\\locale.nls", "id": "region_730", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 2686976, "timestamp": "00:00:17.997", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1024000, "start_va": 1991704576, "type": "region", "version": 1 }, "end_va": 1992728575, "entry_point": 1991704576, "filename": "\\Windows\\System32\\user32.dll", "id": "region_731", "name": "user32.dll", "norm_filename": "c:\\windows\\system32\\user32.dll", "region_type": "memory_mapped_file", "start_va": 1991704576, "timestamp": "00:00:17.998", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2131623935, "entry_point": 0, "filename": null, "id": "region_732", "name": "pagefile_0x000000007efe0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130575360, "timestamp": "00:00:18.055", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 15728640, "start_va": 2131623936, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_733", "name": "private_0x000000007f0e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2131623936, "timestamp": "00:00:18.055", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1232896, "start_va": 8791768956928, "type": "region", "version": 1 }, "end_va": 8791770189823, "entry_point": 8791768956928, "filename": "\\Windows\\System32\\rpcrt4.dll", "id": "region_734", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\system32\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 8791768956928, "timestamp": "00:00:18.056", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 897024, "start_va": 8791772364800, "type": "region", "version": 1 }, "end_va": 8791773261823, "entry_point": 8791772364800, "filename": "\\Windows\\System32\\advapi32.dll", "id": "region_735", "name": "advapi32.dll", "norm_filename": "c:\\windows\\system32\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 8791772364800, "timestamp": "00:00:18.080", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 651264, "start_va": 8791774396416, "type": "region", "version": 1 }, "end_va": 8791775047679, "entry_point": 8791774396416, "filename": "\\Windows\\System32\\msvcrt.dll", "id": "region_736", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\system32\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 8791774396416, "timestamp": "00:00:18.137", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 57344, "start_va": 8791775969280, "type": "region", "version": 1 }, "end_va": 8791776026623, "entry_point": 8791775969280, "filename": "\\Windows\\System32\\lpk.dll", "id": "region_737", "name": "lpk.dll", "norm_filename": "c:\\windows\\system32\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 8791775969280, "timestamp": "00:00:18.150", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 421888, "start_va": 8791776034816, "type": "region", "version": 1 }, "end_va": 8791776456703, "entry_point": 8791776034816, "filename": "\\Windows\\System32\\gdi32.dll", "id": "region_738", "name": "gdi32.dll", "norm_filename": "c:\\windows\\system32\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 8791776034816, "timestamp": "00:00:18.156", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 462848, "start_va": 8791776493568, "type": "region", "version": 1 }, "end_va": 8791776956415, "entry_point": 8791776493568, "filename": "\\Windows\\System32\\shlwapi.dll", "id": "region_739", "name": "shlwapi.dll", "norm_filename": "c:\\windows\\system32\\shlwapi.dll", "region_type": "memory_mapped_file", "start_va": 8791776493568, "timestamp": "00:00:18.200", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 823296, "start_va": 8791777148928, "type": "region", "version": 1 }, "end_va": 8791777972223, "entry_point": 8791777148928, "filename": "\\Windows\\System32\\usp10.dll", "id": "region_740", "name": "usp10.dll", "norm_filename": "c:\\windows\\system32\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 8791777148928, "timestamp": "00:00:18.254", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 126976, "start_va": 8791780229120, "type": "region", "version": 1 }, "end_va": 8791780356095, "entry_point": 8791780229120, "filename": "\\Windows\\System32\\sechost.dll", "id": "region_741", "name": "sechost.dll", "norm_filename": "c:\\windows\\system32\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 8791780229120, "timestamp": "00:00:18.262", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00000788-addr_0x0000000000300000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_173", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 3145728, "type": "region", "version": 1 }, "end_va": 4194303, "entry_point": 0, "filename": null, "id": "region_788", "name": "private_0x0000000000300000", "norm_filename": null, "region_type": "private_memory", "start_va": 3145728, "timestamp": "00:00:18.341", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00000789-addr_0x0000000000470000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_174", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 4653056, "type": "region", "version": 1 }, "end_va": 4718591, "entry_point": 0, "filename": null, "id": "region_789", "name": "private_0x0000000000470000", "norm_filename": null, "region_type": "private_memory", "start_va": 4653056, "timestamp": "00:00:18.342", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 4718592, "type": "region", "version": 1 }, "end_va": 6324223, "entry_point": 0, "filename": null, "id": "region_790", "name": "pagefile_0x0000000000480000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 4718592, "timestamp": "00:00:18.342", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1085440, "start_va": 8791773282304, "type": "region", "version": 1 }, "end_va": 8791774367743, "entry_point": 8791773282304, "filename": "\\Windows\\System32\\msctf.dll", "id": "region_791", "name": "msctf.dll", "norm_filename": "c:\\windows\\system32\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 8791773282304, "timestamp": "00:00:18.342", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 188416, "start_va": 8791779966976, "type": "region", "version": 1 }, "end_va": 8791780155391, "entry_point": 8791779966976, "filename": "\\Windows\\System32\\imm32.dll", "id": "region_792", "name": "imm32.dll", "norm_filename": "c:\\windows\\system32\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 8791779966976, "timestamp": "00:00:18.352", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00000805-addr_0x0000000000040000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_177", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 266239, "entry_point": 0, "filename": null, "id": "region_805", "name": "private_0x0000000000040000", "norm_filename": null, "region_type": "private_memory", "start_va": 262144, "timestamp": "00:00:18.416", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00000806-addr_0x0000000000050000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_178", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 327680, "type": "region", "version": 1 }, "end_va": 331775, "entry_point": 0, "filename": null, "id": "region_806", "name": "private_0x0000000000050000", "norm_filename": null, "region_type": "private_memory", "start_va": 327680, "timestamp": "00:00:18.417", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 6356992, "type": "region", "version": 1 }, "end_va": 7933951, "entry_point": 0, "filename": null, "id": "region_807", "name": "pagefile_0x0000000000610000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 6356992, "timestamp": "00:00:18.417", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20971520, "start_va": 7995392, "type": "region", "version": 1 }, "end_va": 28966911, "entry_point": 0, "filename": null, "id": "region_808", "name": "pagefile_0x00000000007a0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 7995392, "timestamp": "00:00:18.417", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00000809-addr_0x0000000001cc0000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_179", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 30146560, "type": "region", "version": 1 }, "end_va": 30212095, "entry_point": 0, "filename": null, "id": "region_809", "name": "private_0x0000000001cc0000", "norm_filename": null, "region_type": "private_memory", "start_va": 30146560, "timestamp": "00:00:18.417", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 139264, "start_va": 8791738286080, "type": "region", "version": 1 }, "end_va": 8791738425343, "entry_point": 8791738286080, "filename": "\\Windows\\System32\\bcrypt.dll", "id": "region_810", "name": "bcrypt.dll", "norm_filename": "c:\\windows\\system32\\bcrypt.dll", "region_type": "memory_mapped_file", "start_va": 8791738286080, "timestamp": "00:00:18.421", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 311296, "start_va": 8791733108736, "type": "region", "version": 1 }, "end_va": 8791733420031, "entry_point": 8791733108736, "filename": "\\Windows\\System32\\bcryptprimitives.dll", "id": "region_811", "name": "bcryptprimitives.dll", "norm_filename": "c:\\windows\\system32\\bcryptprimitives.dll", "region_type": "memory_mapped_file", "start_va": 8791733108736, "timestamp": "00:00:18.439", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00000822-addr_0x0000000001cd0000-size_0x0000000000168000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_185", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1474560, "start_va": 30212096, "type": "region", "version": 1 }, "end_va": 31686655, "entry_point": 0, "filename": null, "id": "region_822", "name": "private_0x0000000001cd0000", "norm_filename": null, "region_type": "private_memory", "start_va": 30212096, "timestamp": "00:00:18.557", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "schtasks /Create /SC once /TN drogon /RU SYSTEM /TR \"C:\\Windows\\system32\\shutdown.exe /r /t 0 /f\" /ST 02:34:00", "filename": "c:\\windows\\syswow64\\schtasks.exe", "id": "proc_9", "image_name": "schtasks.exe", "monitor_reason": "child_process", "monitored_id": 9, "origin_monitor_id": 6, "ref_parent_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "process_00000009-region_00000742-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_160", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 131072, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_742", "name": "private_0x0000000000010000", "norm_filename": null, "region_type": "private_memory", "start_va": 65536, "timestamp": "00:00:18.270", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000009-region_00000743-addr_0x0000000000030000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_161", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 204799, "entry_point": 0, "filename": null, "id": "region_743", "name": "private_0x0000000000030000", "norm_filename": null, "region_type": "private_memory", "start_va": 196608, "timestamp": "00:00:18.270", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 266239, "entry_point": 262144, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_744", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 262144, "timestamp": "00:00:18.270", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 327680, "type": "region", "version": 1 }, "end_va": 344063, "entry_point": 0, "filename": null, "id": "region_745", "name": "pagefile_0x0000000000050000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 327680, "timestamp": "00:00:18.272", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 393216, "type": "region", "version": 1 }, "end_va": 397311, "entry_point": 0, "filename": null, "id": "region_746", "name": "pagefile_0x0000000000060000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 393216, "timestamp": "00:00:18.272", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000009-region_00000747-addr_0x0000000000070000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_162", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 458752, "type": "region", "version": 1 }, "end_va": 720895, "entry_point": 0, "filename": null, "id": "region_747", "name": "private_0x0000000000070000", "norm_filename": null, "region_type": "private_memory", "start_va": 458752, "timestamp": "00:00:18.272", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000009-region_00000748-addr_0x0000000000110000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_163", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 1114112, "type": "region", "version": 1 }, "end_va": 1376255, "entry_point": 0, "filename": null, "id": "region_748", "name": "private_0x0000000000110000", "norm_filename": null, "region_type": "private_memory", "start_va": 1114112, "timestamp": "00:00:18.273", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 188416, "start_va": 4521984, "type": "region", "version": 1 }, "end_va": 4710399, "entry_point": 4617859, "filename": "\\Windows\\SysWOW64\\schtasks.exe", "id": "region_749", "name": "schtasks.exe", "norm_filename": "c:\\windows\\syswow64\\schtasks.exe", "region_type": "memory_mapped_file", "start_va": 4521984, "timestamp": "00:00:18.273", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 1993932800, "type": "region", "version": 1 }, "end_va": 1995673599, "entry_point": 1993932800, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_750", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 1993932800, "timestamp": "00:00:18.273", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1572864, "start_va": 1995898880, "type": "region", "version": 1 }, "end_va": 1997471743, "entry_point": 1995898880, "filename": "\\Windows\\SysWOW64\\ntdll.dll", "id": "region_751", "name": "ntdll.dll", "norm_filename": "c:\\windows\\syswow64\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 1995898880, "timestamp": "00:00:18.273", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 2130378752, "type": "region", "version": 1 }, "end_va": 2130522111, "entry_point": 0, "filename": null, "id": "region_752", "name": "pagefile_0x000000007efb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130378752, "timestamp": "00:00:18.274", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000009-region_00000753-addr_0x000000007efdb000-size_0x0000000000003000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_164", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 12288, "start_va": 2130554880, "type": "region", "version": 1 }, "end_va": 2130567167, "entry_point": 0, "filename": null, "id": "region_753", "name": "private_0x000000007efdb000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130554880, "timestamp": "00:00:18.274", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000009-region_00000754-addr_0x000000007efde000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_165", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2130567168, "type": "region", "version": 1 }, "end_va": 2130571263, "entry_point": 0, "filename": null, "id": "region_754", "name": "private_0x000000007efde000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130567168, "timestamp": "00:00:18.274", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000009-region_00000755-addr_0x000000007efdf000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_166", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2130571264, "type": "region", "version": 1 }, "end_va": 2130575359, "entry_point": 0, "filename": null, "id": "region_755", "name": "private_0x000000007efdf000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130571264, "timestamp": "00:00:18.274", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16777216, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_756", "name": "private_0x000000007efe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130575360, "timestamp": "00:00:18.275", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000009-region_00000757-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable" ], "ref_process_dump": { "ref_id": "proc_dump_167", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_757", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:00:18.275", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "ignored_region" ], "info": "No dump was created because this is an ignored region", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8793945538560, "start_va": 2147418112, "type": "region", "version": 1 }, "end_va": 8796092956671, "entry_point": 0, "filename": null, "id": "region_758", "name": "private_0x000000007fff0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147418112, "timestamp": "00:00:18.275", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000009-region_00000759-addr_0x00000000002f0000-size_0x0000000000080000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_168", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 524288, "start_va": 3080192, "type": "region", "version": 1 }, "end_va": 3604479, "entry_point": 0, "filename": null, "id": "region_759", "name": "private_0x00000000002f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 3080192, "timestamp": "00:00:18.278", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1951006720, "type": "region", "version": 1 }, "end_va": 1951039487, "entry_point": 1951015160, "filename": "\\Windows\\System32\\wow64cpu.dll", "id": "region_760", "name": "wow64cpu.dll", "norm_filename": "c:\\windows\\system32\\wow64cpu.dll", "region_type": "memory_mapped_file", "start_va": 1951006720, "timestamp": "00:00:18.278", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 376832, "start_va": 1951072256, "type": "region", "version": 1 }, "end_va": 1951449087, "entry_point": 1951332248, "filename": "\\Windows\\System32\\wow64win.dll", "id": "region_761", "name": "wow64win.dll", "norm_filename": "c:\\windows\\system32\\wow64win.dll", "region_type": "memory_mapped_file", "start_va": 1951072256, "timestamp": "00:00:18.279", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 258048, "start_va": 1951465472, "type": "region", "version": 1 }, "end_va": 1951723519, "entry_point": 1951653496, "filename": "\\Windows\\System32\\wow64.dll", "id": "region_762", "name": "wow64.dll", "norm_filename": "c:\\windows\\system32\\wow64.dll", "region_type": "memory_mapped_file", "start_va": 1951465472, "timestamp": "00:00:18.279", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_763", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:00:18.299", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_764", "name": "pagefile_0x0000000000020000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 131072, "timestamp": "00:00:18.299", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 1376256, "type": "region", "version": 1 }, "end_va": 1798143, "entry_point": 1376256, "filename": "\\Windows\\System32\\locale.nls", "id": "region_765", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 1376256, "timestamp": "00:00:18.299", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000009-region_00000766-addr_0x0000000000620000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_169", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 6422528, "type": "region", "version": 1 }, "end_va": 7471103, "entry_point": 0, "filename": null, "id": "region_766", "name": "private_0x0000000000620000", "norm_filename": null, "region_type": "private_memory", "start_va": 6422528, "timestamp": "00:00:18.300", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000009-region_00000767-addr_0x00000000008c0000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_170", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 9175040, "type": "region", "version": 1 }, "end_va": 9240575, "entry_point": 0, "filename": null, "id": "region_767", "name": "private_0x00000000008c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 9175040, "timestamp": "00:00:18.300", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 36864, "start_va": 1954676736, "type": "region", "version": 1 }, "end_va": 1954713599, "entry_point": 1954682928, "filename": "\\Windows\\SysWOW64\\ktmw32.dll", "id": "region_768", "name": "ktmw32.dll", "norm_filename": "c:\\windows\\syswow64\\ktmw32.dll", "region_type": "memory_mapped_file", "start_va": 1954676736, "timestamp": "00:00:18.300", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1957429248, "type": "region", "version": 1 }, "end_va": 1957478399, "entry_point": 1957433569, "filename": "\\Windows\\SysWOW64\\cryptbase.dll", "id": "region_769", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\syswow64\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 1957429248, "timestamp": "00:00:18.301", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1957494784, "type": "region", "version": 1 }, "end_va": 1957887999, "entry_point": 1957602227, "filename": "\\Windows\\SysWOW64\\sspicli.dll", "id": "region_770", "name": "sspicli.dll", "norm_filename": "c:\\windows\\syswow64\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 1957494784, "timestamp": "00:00:18.301", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1048576, "start_va": 1959395328, "type": "region", "version": 1 }, "end_va": 1960443903, "entry_point": 1959507693, "filename": "\\Windows\\SysWOW64\\user32.dll", "id": "region_771", "name": "user32.dll", "norm_filename": "c:\\windows\\syswow64\\user32.dll", "region_type": "memory_mapped_file", "start_va": 1959395328, "timestamp": "00:00:18.302", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1960443904, "type": "region", "version": 1 }, "end_va": 1960484863, "entry_point": 1960457888, "filename": "\\Windows\\SysWOW64\\lpk.dll", "id": "region_772", "name": "lpk.dll", "norm_filename": "c:\\windows\\syswow64\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 1960443904, "timestamp": "00:00:18.302", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 1961361408, "type": "region", "version": 1 }, "end_va": 1961463807, "entry_point": 1961380213, "filename": "\\Windows\\SysWOW64\\sechost.dll", "id": "region_773", "name": "sechost.dll", "norm_filename": "c:\\windows\\syswow64\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 1961361408, "timestamp": "00:00:18.305", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 655360, "start_va": 1961492480, "type": "region", "version": 1 }, "end_va": 1962147839, "entry_point": 1961576933, "filename": "\\Windows\\SysWOW64\\advapi32.dll", "id": "region_774", "name": "advapi32.dll", "norm_filename": "c:\\windows\\syswow64\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 1961492480, "timestamp": "00:00:18.306", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 983040, "start_va": 1978531840, "type": "region", "version": 1 }, "end_va": 1979514879, "entry_point": 1978598761, "filename": "\\Windows\\SysWOW64\\rpcrt4.dll", "id": "region_775", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\syswow64\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 1978531840, "timestamp": "00:00:18.306", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 585728, "start_va": 1979580416, "type": "region", "version": 1 }, "end_va": 1980166143, "entry_point": 1979596721, "filename": "\\Windows\\SysWOW64\\oleaut32.dll", "id": "region_776", "name": "oleaut32.dll", "norm_filename": "c:\\windows\\syswow64\\oleaut32.dll", "region_type": "memory_mapped_file", "start_va": 1979580416, "timestamp": "00:00:18.307", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 356352, "start_va": 1980170240, "type": "region", "version": 1 }, "end_va": 1980526591, "entry_point": 1980275622, "filename": "\\Windows\\SysWOW64\\shlwapi.dll", "id": "region_777", "name": "shlwapi.dll", "norm_filename": "c:\\windows\\syswow64\\shlwapi.dll", "region_type": "memory_mapped_file", "start_va": 1980170240, "timestamp": "00:00:18.307", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 589824, "start_va": 1983840256, "type": "region", "version": 1 }, "end_va": 1984430079, "entry_point": 1983931203, "filename": "\\Windows\\SysWOW64\\gdi32.dll", "id": "region_778", "name": "gdi32.dll", "norm_filename": "c:\\windows\\syswow64\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 1983840256, "timestamp": "00:00:18.307", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 643072, "start_va": 1985019904, "type": "region", "version": 1 }, "end_va": 1985662975, "entry_point": 1985232855, "filename": "\\Windows\\SysWOW64\\usp10.dll", "id": "region_779", "name": "usp10.dll", "norm_filename": "c:\\windows\\syswow64\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 1985019904, "timestamp": "00:00:18.308", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 286720, "start_va": 1985675264, "type": "region", "version": 1 }, "end_va": 1985961983, "entry_point": 1985705080, "filename": "\\Windows\\SysWOW64\\KernelBase.dll", "id": "region_780", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\syswow64\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 1985675264, "timestamp": "00:00:18.308", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1114112, "start_va": 1986002944, "type": "region", "version": 1 }, "end_va": 1987117055, "entry_point": 1986081491, "filename": "\\Windows\\SysWOW64\\kernel32.dll", "id": "region_781", "name": "kernel32.dll", "norm_filename": "c:\\windows\\syswow64\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1986002944, "timestamp": "00:00:18.309", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1425408, "start_va": 1987117056, "type": "region", "version": 1 }, "end_va": 1988542463, "entry_point": 1987426877, "filename": "\\Windows\\SysWOW64\\ole32.dll", "id": "region_782", "name": "ole32.dll", "norm_filename": "c:\\windows\\syswow64\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 1987117056, "timestamp": "00:00:18.309", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 704512, "start_va": 1990459392, "type": "region", "version": 1 }, "end_va": 1991163903, "entry_point": 1990501490, "filename": "\\Windows\\SysWOW64\\msvcrt.dll", "id": "region_783", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\syswow64\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 1990459392, "timestamp": "00:00:18.310", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000009-region_00000784-addr_0x0000000076b70000-size_0x00000000000fa000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_171", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1024000, "start_va": 1991704576, "type": "region", "version": 1 }, "end_va": 1992728575, "entry_point": 0, "filename": null, "id": "region_784", "name": "private_0x0000000076b70000", "norm_filename": null, "region_type": "private_memory", "start_va": 1991704576, "timestamp": "00:00:18.310", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000009-region_00000785-addr_0x0000000076c70000-size_0x000000000011f000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_172", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1175552, "start_va": 1992753152, "type": "region", "version": 1 }, "end_va": 1993928703, "entry_point": 0, "filename": null, "id": "region_785", "name": "private_0x0000000076c70000", "norm_filename": null, "region_type": "private_memory", "start_va": 1992753152, "timestamp": "00:00:18.311", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2131623935, "entry_point": 0, "filename": null, "id": "region_786", "name": "pagefile_0x000000007efe0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130575360, "timestamp": "00:00:18.311", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 15728640, "start_va": 2131623936, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_787", "name": "private_0x000000007f0e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2131623936, "timestamp": "00:00:18.311", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 4718592, "type": "region", "version": 1 }, "end_va": 6324223, "entry_point": 0, "filename": null, "id": "region_793", "name": "pagefile_0x0000000000480000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 4718592, "timestamp": "00:00:18.364", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1957888000, "type": "region", "version": 1 }, "end_va": 1958281215, "entry_point": 1957959055, "filename": "\\Windows\\SysWOW64\\imm32.dll", "id": "region_794", "name": "imm32.dll", "norm_filename": "c:\\windows\\syswow64\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 1957888000, "timestamp": "00:00:18.364", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 835584, "start_va": 1960509440, "type": "region", "version": 1 }, "end_va": 1961345023, "entry_point": 1960515211, "filename": "\\Windows\\SysWOW64\\msctf.dll", "id": "region_795", "name": "msctf.dll", "norm_filename": "c:\\windows\\syswow64\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 1960509440, "timestamp": "00:00:18.364", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 28672, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 225279, "entry_point": 0, "filename": null, "id": "region_796", "name": "pagefile_0x0000000000030000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 196608, "timestamp": "00:00:18.371", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 720896, "type": "region", "version": 1 }, "end_va": 729087, "entry_point": 0, "filename": null, "id": "region_797", "name": "pagefile_0x00000000000b0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 720896, "timestamp": "00:00:18.371", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 73728, "start_va": 786432, "type": "region", "version": 1 }, "end_va": 860159, "entry_point": 786432, "filename": "\\Windows\\SysWOW64\\en-US\\schtasks.exe.mui", "id": "region_798", "name": "schtasks.exe.mui", "norm_filename": "c:\\windows\\syswow64\\en-us\\schtasks.exe.mui", "region_type": "memory_mapped_file", "start_va": 786432, "timestamp": "00:00:18.371", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000009-region_00000799-addr_0x00000000000e0000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_175", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 917504, "type": "region", "version": 1 }, "end_va": 921599, "entry_point": 0, "filename": null, "id": "region_799", "name": "private_0x00000000000e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 917504, "timestamp": "00:00:18.372", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000009-region_00000800-addr_0x00000000000f0000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_176", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 983040, "type": "region", "version": 1 }, "end_va": 987135, "entry_point": 0, "filename": null, "id": "region_800", "name": "private_0x00000000000f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 983040, "timestamp": "00:00:18.372", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 7471104, "type": "region", "version": 1 }, "end_va": 9048063, "entry_point": 0, "filename": null, "id": "region_801", "name": "pagefile_0x0000000000720000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 7471104, "timestamp": "00:00:18.372", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20971520, "start_va": 9240576, "type": "region", "version": 1 }, "end_va": 30212095, "entry_point": 0, "filename": null, "id": "region_802", "name": "pagefile_0x00000000008d0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 9240576, "timestamp": "00:00:18.372", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 36864, "start_va": 1954480128, "type": "region", "version": 1 }, "end_va": 1954516991, "entry_point": 1954484768, "filename": "\\Windows\\SysWOW64\\version.dll", "id": "region_803", "name": "version.dll", "norm_filename": "c:\\windows\\syswow64\\version.dll", "region_type": "memory_mapped_file", "start_va": 1954480128, "timestamp": "00:00:18.376", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2945024, "start_va": 30212096, "type": "region", "version": 1 }, "end_va": 33157119, "entry_point": 30212096, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_804", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 30212096, "timestamp": "00:00:18.378", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 524288, "start_va": 1950416896, "type": "region", "version": 1 }, "end_va": 1950941183, "entry_point": 1950496713, "filename": "\\Windows\\SysWOW64\\uxtheme.dll", "id": "region_812", "name": "uxtheme.dll", "norm_filename": "c:\\windows\\syswow64\\uxtheme.dll", "region_type": "memory_mapped_file", "start_va": 1950416896, "timestamp": "00:00:18.465", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000009-region_00000813-addr_0x00000000001c0000-size_0x0000000000080000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_180", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 524288, "start_va": 1835008, "type": "region", "version": 1 }, "end_va": 2359295, "entry_point": 0, "filename": null, "id": "region_813", "name": "private_0x00000000001c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1835008, "timestamp": "00:00:18.508", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 913408, "start_va": 3604480, "type": "region", "version": 1 }, "end_va": 4517887, "entry_point": 0, "filename": null, "id": "region_823", "name": "pagefile_0x0000000000370000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 3604480, "timestamp": "00:00:18.567", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000009-region_00000825-addr_0x0000000000290000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_186", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 2686976, "type": "region", "version": 1 }, "end_va": 2949119, "entry_point": 0, "filename": null, "id": "region_825", "name": "private_0x0000000000290000", "norm_filename": null, "region_type": "private_memory", "start_va": 2686976, "timestamp": "00:00:18.614", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000009-region_00000826-addr_0x0000000002150000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_187", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 34930688, "type": "region", "version": 1 }, "end_va": 35192831, "entry_point": 0, "filename": null, "id": "region_826", "name": "private_0x0000000002150000", "norm_filename": null, "region_type": "private_memory", "start_va": 34930688, "timestamp": "00:00:18.614", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000009-region_00000827-addr_0x000000007efd8000-size_0x0000000000003000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_188", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 12288, "start_va": 2130542592, "type": "region", "version": 1 }, "end_va": 2130554879, "entry_point": 0, "filename": null, "id": "region_827", "name": "private_0x000000007efd8000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130542592, "timestamp": "00:00:18.614", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 1048576, "type": "region", "version": 1 }, "end_va": 1052671, "entry_point": 0, "filename": null, "id": "region_828", "name": "pagefile_0x0000000000100000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1048576, "timestamp": "00:00:18.632", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 536576, "start_va": 1981743104, "type": "region", "version": 1 }, "end_va": 1982279679, "entry_point": 1981752274, "filename": "\\Windows\\SysWOW64\\clbcatq.dll", "id": "region_829", "name": "clbcatq.dll", "norm_filename": "c:\\windows\\syswow64\\clbcatq.dll", "region_type": "memory_mapped_file", "start_va": 1981743104, "timestamp": "00:00:18.632", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 1835008, "type": "region", "version": 1 }, "end_va": 1839103, "entry_point": 0, "filename": null, "id": "region_830", "name": "pagefile_0x00000000001c0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1835008, "timestamp": "00:00:18.634", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000009-region_00000831-addr_0x0000000000200000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_189", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 2097152, "type": "region", "version": 1 }, "end_va": 2359295, "entry_point": 0, "filename": null, "id": "region_831", "name": "private_0x0000000000200000", "norm_filename": null, "region_type": "private_memory", "start_va": 2097152, "timestamp": "00:00:18.635", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 512000, "start_va": 1952841728, "type": "region", "version": 1 }, "end_va": 1953353727, "entry_point": 1952847466, "filename": "\\Windows\\SysWOW64\\taskschd.dll", "id": "region_832", "name": "taskschd.dll", "norm_filename": "c:\\windows\\syswow64\\taskschd.dll", "region_type": "memory_mapped_file", "start_va": 1952841728, "timestamp": "00:00:18.637", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 192512, "start_va": 1953693696, "type": "region", "version": 1 }, "end_va": 1953886207, "entry_point": 1953698114, "filename": "\\Windows\\SysWOW64\\xmllite.dll", "id": "region_840", "name": "xmllite.dll", "norm_filename": "c:\\windows\\syswow64\\xmllite.dll", "region_type": "memory_mapped_file", "start_va": 1953693696, "timestamp": "00:00:18.817", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "taskeng.exe {E7027C3A-1DB2-40E8-88FC-68D4A38CC290} S-1-5-18:NT AUTHORITY\\System:Service:", "filename": "c:\\windows\\system32\\taskeng.exe", "id": "proc_10", "image_name": "taskeng.exe", "monitor_reason": "created_scheduled_job", "monitored_id": 10, "origin_monitor_id": 7, "ref_parent_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_1468", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:00:38.549", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 28672, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 159743, "entry_point": 0, "filename": null, "id": "region_1469", "name": "pagefile_0x0000000000020000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 131072, "timestamp": "00:00:38.549", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 212991, "entry_point": 0, "filename": null, "id": "region_1470", "name": "pagefile_0x0000000000030000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 196608, "timestamp": "00:00:38.549", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 266239, "entry_point": 0, "filename": null, "id": "region_1471", "name": "pagefile_0x0000000000040000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 262144, "timestamp": "00:00:38.549", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 327680, "type": "region", "version": 1 }, "end_va": 749567, "entry_point": 327680, "filename": "\\Windows\\System32\\locale.nls", "id": "region_1472", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 327680, "timestamp": "00:00:38.550", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 786432, "type": "region", "version": 1 }, "end_va": 794623, "entry_point": 0, "filename": null, "id": "region_1473", "name": "pagefile_0x00000000000c0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 786432, "timestamp": "00:00:38.550", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 851968, "type": "region", "version": 1 }, "end_va": 856063, "entry_point": 0, "filename": null, "id": "region_1474", "name": "private_0x00000000000d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 851968, "timestamp": "00:00:38.550", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 917504, "type": "region", "version": 1 }, "end_va": 921599, "entry_point": 0, "filename": null, "id": "region_1475", "name": "private_0x00000000000e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 917504, "timestamp": "00:00:38.550", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 983040, "type": "region", "version": 1 }, "end_va": 987135, "entry_point": 0, "filename": null, "id": "region_1476", "name": "pagefile_0x00000000000f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 983040, "timestamp": "00:00:38.550", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 1245184, "type": "region", "version": 1 }, "end_va": 1310719, "entry_point": 0, "filename": null, "id": "region_1477", "name": "private_0x0000000000130000", "norm_filename": null, "region_type": "private_memory", "start_va": 1245184, "timestamp": "00:00:38.551", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 786432, "start_va": 1310720, "type": "region", "version": 1 }, "end_va": 2097151, "entry_point": 0, "filename": null, "id": "region_1478", "name": "pagefile_0x0000000000140000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1310720, "timestamp": "00:00:38.551", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 2162688, "type": "region", "version": 1 }, "end_va": 2686975, "entry_point": 0, "filename": null, "id": "region_1479", "name": "private_0x0000000000210000", "norm_filename": null, "region_type": "private_memory", "start_va": 2162688, "timestamp": "00:00:38.551", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2686976, "type": "region", "version": 1 }, "end_va": 3735551, "entry_point": 0, "filename": null, "id": "region_1480", "name": "private_0x0000000000290000", "norm_filename": null, "region_type": "private_memory", "start_va": 2686976, "timestamp": "00:00:38.551", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 4194304, "type": "region", "version": 1 }, "end_va": 5242879, "entry_point": 0, "filename": null, "id": "region_1481", "name": "private_0x0000000000400000", "norm_filename": null, "region_type": "private_memory", "start_va": 4194304, "timestamp": "00:00:38.552", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 5242880, "type": "region", "version": 1 }, "end_va": 6848511, "entry_point": 0, "filename": null, "id": "region_1482", "name": "pagefile_0x0000000000500000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 5242880, "timestamp": "00:00:38.552", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 6881280, "type": "region", "version": 1 }, "end_va": 8458239, "entry_point": 0, "filename": null, "id": "region_1483", "name": "pagefile_0x0000000000690000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 6881280, "timestamp": "00:00:38.552", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4141056, "start_va": 8519680, "type": "region", "version": 1 }, "end_va": 12660735, "entry_point": 0, "filename": null, "id": "region_1484", "name": "pagefile_0x0000000000820000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 8519680, "timestamp": "00:00:38.552", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 12713984, "type": "region", "version": 1 }, "end_va": 13762559, "entry_point": 0, "filename": null, "id": "region_1485", "name": "private_0x0000000000c20000", "norm_filename": null, "region_type": "private_memory", "start_va": 12713984, "timestamp": "00:00:38.552", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 14090240, "type": "region", "version": 1 }, "end_va": 14614527, "entry_point": 0, "filename": null, "id": "region_1486", "name": "private_0x0000000000d70000", "norm_filename": null, "region_type": "private_memory", "start_va": 14090240, "timestamp": "00:00:38.552", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 15007744, "type": "region", "version": 1 }, "end_va": 15532031, "entry_point": 0, "filename": null, "id": "region_1487", "name": "private_0x0000000000e50000", "norm_filename": null, "region_type": "private_memory", "start_va": 15007744, "timestamp": "00:00:38.552", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 15532032, "type": "region", "version": 1 }, "end_va": 16056319, "entry_point": 0, "filename": null, "id": "region_1488", "name": "private_0x0000000000ed0000", "norm_filename": null, "region_type": "private_memory", "start_va": 15532032, "timestamp": "00:00:38.553", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 16449536, "type": "region", "version": 1 }, "end_va": 16973823, "entry_point": 0, "filename": null, "id": "region_1489", "name": "private_0x0000000000fb0000", "norm_filename": null, "region_type": "private_memory", "start_va": 16449536, "timestamp": "00:00:38.553", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2945024, "start_va": 17498112, "type": "region", "version": 1 }, "end_va": 20443135, "entry_point": 17498112, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_1490", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 17498112, "timestamp": "00:00:38.553", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 20905984, "type": "region", "version": 1 }, "end_va": 21430271, "entry_point": 0, "filename": null, "id": "region_1491", "name": "private_0x00000000013f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 20905984, "timestamp": "00:00:38.554", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 22151168, "type": "region", "version": 1 }, "end_va": 22675455, "entry_point": 0, "filename": null, "id": "region_1492", "name": "private_0x0000000001520000", "norm_filename": null, "region_type": "private_memory", "start_va": 22151168, "timestamp": "00:00:38.556", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1024000, "start_va": 1991704576, "type": "region", "version": 1 }, "end_va": 1992728575, "entry_point": 1991811784, "filename": "\\Windows\\System32\\user32.dll", "id": "region_1493", "name": "user32.dll", "norm_filename": "c:\\windows\\system32\\user32.dll", "region_type": "memory_mapped_file", "start_va": 1991704576, "timestamp": "00:00:38.556", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1175552, "start_va": 1992753152, "type": "region", "version": 1 }, "end_va": 1993928703, "entry_point": 1992842912, "filename": "\\Windows\\System32\\kernel32.dll", "id": "region_1494", "name": "kernel32.dll", "norm_filename": "c:\\windows\\system32\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1992753152, "timestamp": "00:00:38.557", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 1993932800, "type": "region", "version": 1 }, "end_va": 1995673599, "entry_point": 1993932800, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_1495", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 1993932800, "timestamp": "00:00:38.557", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2131623935, "entry_point": 0, "filename": null, "id": "region_1496", "name": "pagefile_0x000000007efe0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130575360, "timestamp": "00:00:38.558", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 15728640, "start_va": 2131623936, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_1497", "name": "private_0x000000007f0e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2131623936, "timestamp": "00:00:38.558", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable" ], "ref_process_dump": null, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_1498", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:00:38.559", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 475136, "start_va": 4281008128, "type": "region", "version": 1 }, "end_va": 4281483263, "entry_point": 4281070668, "filename": "\\Windows\\System32\\taskeng.exe", "id": "region_1499", "name": "taskeng.exe", "norm_filename": "c:\\windows\\system32\\taskeng.exe", "region_type": "memory_mapped_file", "start_va": 4281008128, "timestamp": "00:00:38.559", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 36864, "start_va": 8791645814784, "type": "region", "version": 1 }, "end_va": 8791645851647, "entry_point": 8791645819296, "filename": "\\Windows\\System32\\TSChannel.dll", "id": "region_1500", "name": "tschannel.dll", "norm_filename": "c:\\windows\\system32\\tschannel.dll", "region_type": "memory_mapped_file", "start_va": 8791645814784, "timestamp": "00:00:38.559", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 217088, "start_va": 8791713185792, "type": "region", "version": 1 }, "end_va": 8791713402879, "entry_point": 8791713189988, "filename": "\\Windows\\System32\\xmllite.dll", "id": "region_1501", "name": "xmllite.dll", "norm_filename": "c:\\windows\\system32\\xmllite.dll", "region_type": "memory_mapped_file", "start_va": 8791713185792, "timestamp": "00:00:38.560", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 8791713447936, "type": "region", "version": 1 }, "end_va": 8791713488895, "entry_point": 8791713457676, "filename": "\\Windows\\System32\\ktmw32.dll", "id": "region_1502", "name": "ktmw32.dll", "norm_filename": "c:\\windows\\system32\\ktmw32.dll", "region_type": "memory_mapped_file", "start_va": 8791713447936, "timestamp": "00:00:38.561", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 290816, "start_va": 8791733895168, "type": "region", "version": 1 }, "end_va": 8791734185983, "entry_point": 8791733899364, "filename": "\\Windows\\System32\\rsaenh.dll", "id": "region_1503", "name": "rsaenh.dll", "norm_filename": "c:\\windows\\system32\\rsaenh.dll", "region_type": "memory_mapped_file", "start_va": 8791733895168, "timestamp": "00:00:38.561", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 94208, "start_va": 8791737040896, "type": "region", "version": 1 }, "end_va": 8791737135103, "entry_point": 8791737053880, "filename": "\\Windows\\System32\\cryptsp.dll", "id": "region_1504", "name": "cryptsp.dll", "norm_filename": "c:\\windows\\system32\\cryptsp.dll", "region_type": "memory_mapped_file", "start_va": 8791737040896, "timestamp": "00:00:38.561", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 446464, "start_va": 8791739072512, "type": "region", "version": 1 }, "end_va": 8791739518975, "entry_point": 8791739076624, "filename": "\\Windows\\System32\\wevtapi.dll", "id": "region_1505", "name": "wevtapi.dll", "norm_filename": "c:\\windows\\system32\\wevtapi.dll", "region_type": "memory_mapped_file", "start_va": 8791739072512, "timestamp": "00:00:38.562", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 151552, "start_va": 8791743135744, "type": "region", "version": 1 }, "end_va": 8791743287295, "entry_point": 8791743174232, "filename": "\\Windows\\System32\\sspicli.dll", "id": "region_1506", "name": "sspicli.dll", "norm_filename": "c:\\windows\\system32\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 8791743135744, "timestamp": "00:00:38.562", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 61440, "start_va": 8791743332352, "type": "region", "version": 1 }, "end_va": 8791743393791, "entry_point": 8791743336464, "filename": "\\Windows\\System32\\cryptbase.dll", "id": "region_1507", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\system32\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 8791743332352, "timestamp": "00:00:38.563", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 81920, "start_va": 8791744315392, "type": "region", "version": 1 }, "end_va": 8791744397311, "entry_point": 8791744319712, "filename": "\\Windows\\System32\\RpcRtRemote.dll", "id": "region_1508", "name": "rpcrtremote.dll", "norm_filename": "c:\\windows\\system32\\rpcrtremote.dll", "region_type": "memory_mapped_file", "start_va": 8791744315392, "timestamp": "00:00:38.563", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 438272, "start_va": 8791747723264, "type": "region", "version": 1 }, "end_va": 8791748161535, "entry_point": 8791747735776, "filename": "\\Windows\\System32\\KernelBase.dll", "id": "region_1509", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\system32\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 8791747723264, "timestamp": "00:00:38.564", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 626688, "start_va": 8791751196672, "type": "region", "version": 1 }, "end_va": 8791751823359, "entry_point": 8791751203856, "filename": "\\Windows\\System32\\clbcatq.dll", "id": "region_1510", "name": "clbcatq.dll", "norm_filename": "c:\\windows\\system32\\clbcatq.dll", "region_type": "memory_mapped_file", "start_va": 8791751196672, "timestamp": "00:00:38.564", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1232896, "start_va": 8791768956928, "type": "region", "version": 1 }, "end_va": 8791770189823, "entry_point": 8791769279824, "filename": "\\Windows\\System32\\rpcrt4.dll", "id": "region_1511", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\system32\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 8791768956928, "timestamp": "00:00:38.565", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2109440, "start_va": 8791770202112, "type": "region", "version": 1 }, "end_va": 8791772311551, "entry_point": 8791770346288, "filename": "\\Windows\\System32\\ole32.dll", "id": "region_1512", "name": "ole32.dll", "norm_filename": "c:\\windows\\system32\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 8791770202112, "timestamp": "00:00:38.566", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 897024, "start_va": 8791772364800, "type": "region", "version": 1 }, "end_va": 8791773261823, "entry_point": 8791772497760, "filename": "\\Windows\\System32\\advapi32.dll", "id": "region_1513", "name": "advapi32.dll", "norm_filename": "c:\\windows\\system32\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 8791772364800, "timestamp": "00:00:38.566", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1085440, "start_va": 8791773282304, "type": "region", "version": 1 }, "end_va": 8791774367743, "entry_point": 8791773286500, "filename": "\\Windows\\System32\\msctf.dll", "id": "region_1514", "name": "msctf.dll", "norm_filename": "c:\\windows\\system32\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 8791773282304, "timestamp": "00:00:38.567", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 651264, "start_va": 8791774396416, "type": "region", "version": 1 }, "end_va": 8791775047679, "entry_point": 8791774406048, "filename": "\\Windows\\System32\\msvcrt.dll", "id": "region_1515", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\system32\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 8791774396416, "timestamp": "00:00:38.567", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 880640, "start_va": 8791775051776, "type": "region", "version": 1 }, "end_va": 8791775932415, "entry_point": 8791775064692, "filename": "\\Windows\\System32\\oleaut32.dll", "id": "region_1516", "name": "oleaut32.dll", "norm_filename": "c:\\windows\\system32\\oleaut32.dll", "region_type": "memory_mapped_file", "start_va": 8791775051776, "timestamp": "00:00:38.568", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 57344, "start_va": 8791775969280, "type": "region", "version": 1 }, "end_va": 8791776026623, "entry_point": 8791775973504, "filename": "\\Windows\\System32\\lpk.dll", "id": "region_1517", "name": "lpk.dll", "norm_filename": "c:\\windows\\system32\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 8791775969280, "timestamp": "00:00:38.568", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 421888, "start_va": 8791776034816, "type": "region", "version": 1 }, "end_va": 8791776456703, "entry_point": 8791776079932, "filename": "\\Windows\\System32\\gdi32.dll", "id": "region_1518", "name": "gdi32.dll", "norm_filename": "c:\\windows\\system32\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 8791776034816, "timestamp": "00:00:38.569", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 462848, "start_va": 8791776493568, "type": "region", "version": 1 }, "end_va": 8791776956415, "entry_point": 8791776566816, "filename": "\\Windows\\System32\\shlwapi.dll", "id": "region_1519", "name": "shlwapi.dll", "norm_filename": "c:\\windows\\system32\\shlwapi.dll", "region_type": "memory_mapped_file", "start_va": 8791776493568, "timestamp": "00:00:38.569", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 823296, "start_va": 8791777148928, "type": "region", "version": 1 }, "end_va": 8791777972223, "entry_point": 8791777650804, "filename": "\\Windows\\System32\\usp10.dll", "id": "region_1520", "name": "usp10.dll", "norm_filename": "c:\\windows\\system32\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 8791777148928, "timestamp": "00:00:38.570", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 188416, "start_va": 8791779966976, "type": "region", "version": 1 }, "end_va": 8791780155391, "entry_point": 8791779971088, "filename": "\\Windows\\System32\\imm32.dll", "id": "region_1521", "name": "imm32.dll", "norm_filename": "c:\\windows\\system32\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 8791779966976, "timestamp": "00:00:38.570", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 126976, "start_va": 8791780229120, "type": "region", "version": 1 }, "end_va": 8791780356095, "entry_point": 8791780253928, "filename": "\\Windows\\System32\\sechost.dll", "id": "region_1522", "name": "sechost.dll", "norm_filename": "c:\\windows\\system32\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 8791780229120, "timestamp": "00:00:38.571", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 8791781998592, "type": "region", "version": 1 }, "end_va": 8791782002687, "entry_point": 8791781998592, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_1523", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 8791781998592, "timestamp": "00:00:38.572", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092686336, "type": "region", "version": 1 }, "end_va": 8796092694527, "entry_point": 0, "filename": null, "id": "region_1524", "name": "private_0x000007fffffae000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092686336, "timestamp": "00:00:38.575", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 8796092694528, "type": "region", "version": 1 }, "end_va": 8796092837887, "entry_point": 0, "filename": null, "id": "region_1525", "name": "pagefile_0x000007fffffb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 8796092694528, "timestamp": "00:00:38.575", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092841984, "type": "region", "version": 1 }, "end_va": 8796092850175, "entry_point": 0, "filename": null, "id": "region_1526", "name": "private_0x000007fffffd4000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092841984, "timestamp": "00:00:38.575", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092850176, "type": "region", "version": 1 }, "end_va": 8796092858367, "entry_point": 0, "filename": null, "id": "region_1527", "name": "private_0x000007fffffd6000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092850176, "timestamp": "00:00:38.575", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 8796092858368, "type": "region", "version": 1 }, "end_va": 8796092862463, "entry_point": 0, "filename": null, "id": "region_1528", "name": "private_0x000007fffffd8000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092858368, "timestamp": "00:00:38.575", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092866560, "type": "region", "version": 1 }, "end_va": 8796092874751, "entry_point": 0, "filename": null, "id": "region_1529", "name": "private_0x000007fffffda000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092866560, "timestamp": "00:00:38.576", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092874752, "type": "region", "version": 1 }, "end_va": 8796092882943, "entry_point": 0, "filename": null, "id": "region_1530", "name": "private_0x000007fffffdc000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092874752, "timestamp": "00:00:38.576", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092882944, "type": "region", "version": 1 }, "end_va": 8796092891135, "entry_point": 0, "filename": null, "id": "region_1531", "name": "private_0x000007fffffde000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092882944, "timestamp": "00:00:38.576", "type": "region", "version": 1 } ], "terminate_reason": "timeout", "type": "monitored_process", "unmonitor_reason": "terminated", "version": 1 }, { "cmd_line": "taskeng.exe {896F3D9B-55A7-4F1F-A74F-2820A0C0801C} S-1-5-21-3388679973-3930757225-3770151564-1000:XDUWTFONO\\5p5NrGJn0jS HALPmcxz:Interactive:Highest[1]", "filename": "c:\\windows\\system32\\taskeng.exe", "id": "proc_11", "image_name": "taskeng.exe", "monitor_reason": "created_scheduled_job", "monitored_id": 11, "origin_monitor_id": 7, "ref_parent_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_906", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:00:22.892", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 28672, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 159743, "entry_point": 0, "filename": null, "id": "region_907", "name": "pagefile_0x0000000000020000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 131072, "timestamp": "00:00:22.892", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 212991, "entry_point": 0, "filename": null, "id": "region_908", "name": "pagefile_0x0000000000030000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 196608, "timestamp": "00:00:22.892", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 266239, "entry_point": 0, "filename": null, "id": "region_909", "name": "pagefile_0x0000000000040000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 262144, "timestamp": "00:00:22.892", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 327680, "type": "region", "version": 1 }, "end_va": 749567, "entry_point": 327680, "filename": "\\Windows\\System32\\locale.nls", "id": "region_910", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 327680, "timestamp": "00:00:22.892", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 786432, "type": "region", "version": 1 }, "end_va": 794623, "entry_point": 0, "filename": null, "id": "region_911", "name": "pagefile_0x00000000000c0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 786432, "timestamp": "00:00:22.893", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 851968, "type": "region", "version": 1 }, "end_va": 856063, "entry_point": 0, "filename": null, "id": "region_912", "name": "private_0x00000000000d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 851968, "timestamp": "00:00:22.894", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 917504, "type": "region", "version": 1 }, "end_va": 921599, "entry_point": 0, "filename": null, "id": "region_913", "name": "private_0x00000000000e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 917504, "timestamp": "00:00:22.894", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 983040, "type": "region", "version": 1 }, "end_va": 987135, "entry_point": 0, "filename": null, "id": "region_914", "name": "pagefile_0x00000000000f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 983040, "timestamp": "00:00:22.894", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 1114112, "type": "region", "version": 1 }, "end_va": 1638399, "entry_point": 0, "filename": null, "id": "region_915", "name": "private_0x0000000000110000", "norm_filename": null, "region_type": "private_memory", "start_va": 1114112, "timestamp": "00:00:22.894", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 1638400, "type": "region", "version": 1 }, "end_va": 1703935, "entry_point": 0, "filename": null, "id": "region_916", "name": "private_0x0000000000190000", "norm_filename": null, "region_type": "private_memory", "start_va": 1638400, "timestamp": "00:00:22.894", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 1769472, "type": "region", "version": 1 }, "end_va": 2293759, "entry_point": 0, "filename": null, "id": "region_917", "name": "private_0x00000000001b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1769472, "timestamp": "00:00:22.895", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2293760, "type": "region", "version": 1 }, "end_va": 3342335, "entry_point": 0, "filename": null, "id": "region_918", "name": "private_0x0000000000230000", "norm_filename": null, "region_type": "private_memory", "start_va": 2293760, "timestamp": "00:00:22.895", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 3473408, "type": "region", "version": 1 }, "end_va": 4521983, "entry_point": 0, "filename": null, "id": "region_919", "name": "private_0x0000000000350000", "norm_filename": null, "region_type": "private_memory", "start_va": 3473408, "timestamp": "00:00:22.895", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 4521984, "type": "region", "version": 1 }, "end_va": 6127615, "entry_point": 0, "filename": null, "id": "region_920", "name": "pagefile_0x0000000000450000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 4521984, "timestamp": "00:00:22.895", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 6160384, "type": "region", "version": 1 }, "end_va": 7737343, "entry_point": 0, "filename": null, "id": "region_921", "name": "pagefile_0x00000000005e0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 6160384, "timestamp": "00:00:22.895", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20971520, "start_va": 7798784, "type": "region", "version": 1 }, "end_va": 28770303, "entry_point": 0, "filename": null, "id": "region_922", "name": "pagefile_0x0000000000770000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 7798784, "timestamp": "00:00:22.896", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4141056, "start_va": 28770304, "type": "region", "version": 1 }, "end_va": 32911359, "entry_point": 0, "filename": null, "id": "region_923", "name": "pagefile_0x0000000001b70000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 28770304, "timestamp": "00:00:22.896", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 33161216, "type": "region", "version": 1 }, "end_va": 33685503, "entry_point": 0, "filename": null, "id": "region_924", "name": "private_0x0000000001fa0000", "norm_filename": null, "region_type": "private_memory", "start_va": 33161216, "timestamp": "00:00:22.896", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 34603008, "type": "region", "version": 1 }, "end_va": 35127295, "entry_point": 0, "filename": null, "id": "region_925", "name": "private_0x0000000002100000", "norm_filename": null, "region_type": "private_memory", "start_va": 34603008, "timestamp": "00:00:22.896", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 35651584, "type": "region", "version": 1 }, "end_va": 36175871, "entry_point": 0, "filename": null, "id": "region_926", "name": "private_0x0000000002200000", "norm_filename": null, "region_type": "private_memory", "start_va": 35651584, "timestamp": "00:00:22.897", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 36175872, "type": "region", "version": 1 }, "end_va": 37224447, "entry_point": 0, "filename": null, "id": "region_927", "name": "private_0x0000000002280000", "norm_filename": null, "region_type": "private_memory", "start_va": 36175872, "timestamp": "00:00:22.897", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2945024, "start_va": 37224448, "type": "region", "version": 1 }, "end_va": 40169471, "entry_point": 37224448, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_928", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 37224448, "timestamp": "00:00:22.897", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 41091072, "type": "region", "version": 1 }, "end_va": 41615359, "entry_point": 0, "filename": null, "id": "region_929", "name": "private_0x0000000002730000", "norm_filename": null, "region_type": "private_memory", "start_va": 41091072, "timestamp": "00:00:22.898", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 913408, "start_va": 41615360, "type": "region", "version": 1 }, "end_va": 42528767, "entry_point": 0, "filename": null, "id": "region_930", "name": "pagefile_0x00000000027b0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 41615360, "timestamp": "00:00:22.898", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 43646976, "type": "region", "version": 1 }, "end_va": 44171263, "entry_point": 0, "filename": null, "id": "region_931", "name": "private_0x00000000029a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 43646976, "timestamp": "00:00:22.898", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1024000, "start_va": 1991704576, "type": "region", "version": 1 }, "end_va": 1992728575, "entry_point": 1991811784, "filename": "\\Windows\\System32\\user32.dll", "id": "region_932", "name": "user32.dll", "norm_filename": "c:\\windows\\system32\\user32.dll", "region_type": "memory_mapped_file", "start_va": 1991704576, "timestamp": "00:00:22.898", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1175552, "start_va": 1992753152, "type": "region", "version": 1 }, "end_va": 1993928703, "entry_point": 1992842912, "filename": "\\Windows\\System32\\kernel32.dll", "id": "region_933", "name": "kernel32.dll", "norm_filename": "c:\\windows\\system32\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1992753152, "timestamp": "00:00:22.899", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 1993932800, "type": "region", "version": 1 }, "end_va": 1995673599, "entry_point": 1993932800, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_934", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 1993932800, "timestamp": "00:00:22.899", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2131623935, "entry_point": 0, "filename": null, "id": "region_935", "name": "pagefile_0x000000007efe0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130575360, "timestamp": "00:00:22.900", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 15728640, "start_va": 2131623936, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_936", "name": "private_0x000000007f0e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2131623936, "timestamp": "00:00:22.900", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable" ], "ref_process_dump": null, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_937", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:00:22.900", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 475136, "start_va": 4281008128, "type": "region", "version": 1 }, "end_va": 4281483263, "entry_point": 4281008128, "filename": "\\Windows\\System32\\taskeng.exe", "id": "region_938", "name": "taskeng.exe", "norm_filename": "c:\\windows\\system32\\taskeng.exe", "region_type": "memory_mapped_file", "start_va": 4281008128, "timestamp": "00:00:22.900", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 36864, "start_va": 8791645814784, "type": "region", "version": 1 }, "end_va": 8791645851647, "entry_point": 8791645814784, "filename": "\\Windows\\System32\\TSChannel.dll", "id": "region_939", "name": "tschannel.dll", "norm_filename": "c:\\windows\\system32\\tschannel.dll", "region_type": "memory_mapped_file", "start_va": 8791645814784, "timestamp": "00:00:22.907", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 98304, "start_va": 8791704797184, "type": "region", "version": 1 }, "end_va": 8791704895487, "entry_point": 8791704797184, "filename": "\\Windows\\System32\\dwmapi.dll", "id": "region_940", "name": "dwmapi.dll", "norm_filename": "c:\\windows\\system32\\dwmapi.dll", "region_type": "memory_mapped_file", "start_va": 8791704797184, "timestamp": "00:00:22.917", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 352256, "start_va": 8791708860416, "type": "region", "version": 1 }, "end_va": 8791709212671, "entry_point": 8791708860416, "filename": "\\Windows\\System32\\uxtheme.dll", "id": "region_941", "name": "uxtheme.dll", "norm_filename": "c:\\windows\\system32\\uxtheme.dll", "region_type": "memory_mapped_file", "start_va": 8791708860416, "timestamp": "00:00:22.925", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 217088, "start_va": 8791713185792, "type": "region", "version": 1 }, "end_va": 8791713402879, "entry_point": 8791713185792, "filename": "\\Windows\\System32\\xmllite.dll", "id": "region_942", "name": "xmllite.dll", "norm_filename": "c:\\windows\\system32\\xmllite.dll", "region_type": "memory_mapped_file", "start_va": 8791713185792, "timestamp": "00:00:22.934", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 8791713447936, "type": "region", "version": 1 }, "end_va": 8791713488895, "entry_point": 8791713447936, "filename": "\\Windows\\System32\\ktmw32.dll", "id": "region_943", "name": "ktmw32.dll", "norm_filename": "c:\\windows\\system32\\ktmw32.dll", "region_type": "memory_mapped_file", "start_va": 8791713447936, "timestamp": "00:00:22.945", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 290816, "start_va": 8791733895168, "type": "region", "version": 1 }, "end_va": 8791734185983, "entry_point": 8791733895168, "filename": "\\Windows\\System32\\rsaenh.dll", "id": "region_944", "name": "rsaenh.dll", "norm_filename": "c:\\windows\\system32\\rsaenh.dll", "region_type": "memory_mapped_file", "start_va": 8791733895168, "timestamp": "00:00:22.955", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 94208, "start_va": 8791737040896, "type": "region", "version": 1 }, "end_va": 8791737135103, "entry_point": 8791737040896, "filename": "\\Windows\\System32\\cryptsp.dll", "id": "region_945", "name": "cryptsp.dll", "norm_filename": "c:\\windows\\system32\\cryptsp.dll", "region_type": "memory_mapped_file", "start_va": 8791737040896, "timestamp": "00:00:22.964", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 446464, "start_va": 8791739072512, "type": "region", "version": 1 }, "end_va": 8791739518975, "entry_point": 8791739072512, "filename": "\\Windows\\System32\\wevtapi.dll", "id": "region_946", "name": "wevtapi.dll", "norm_filename": "c:\\windows\\system32\\wevtapi.dll", "region_type": "memory_mapped_file", "start_va": 8791739072512, "timestamp": "00:00:22.970", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 151552, "start_va": 8791743135744, "type": "region", "version": 1 }, "end_va": 8791743287295, "entry_point": 8791743135744, "filename": "\\Windows\\System32\\sspicli.dll", "id": "region_947", "name": "sspicli.dll", "norm_filename": "c:\\windows\\system32\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 8791743135744, "timestamp": "00:00:22.979", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 61440, "start_va": 8791743332352, "type": "region", "version": 1 }, "end_va": 8791743393791, "entry_point": 8791743332352, "filename": "\\Windows\\System32\\cryptbase.dll", "id": "region_948", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\system32\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 8791743332352, "timestamp": "00:00:22.987", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 81920, "start_va": 8791744315392, "type": "region", "version": 1 }, "end_va": 8791744397311, "entry_point": 8791744315392, "filename": "\\Windows\\System32\\RpcRtRemote.dll", "id": "region_949", "name": "rpcrtremote.dll", "norm_filename": "c:\\windows\\system32\\rpcrtremote.dll", "region_type": "memory_mapped_file", "start_va": 8791744315392, "timestamp": "00:00:22.995", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 438272, "start_va": 8791747723264, "type": "region", "version": 1 }, "end_va": 8791748161535, "entry_point": 8791747735776, "filename": "\\Windows\\System32\\KernelBase.dll", "id": "region_950", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\system32\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 8791747723264, "timestamp": "00:00:23.003", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 626688, "start_va": 8791751196672, "type": "region", "version": 1 }, "end_va": 8791751823359, "entry_point": 8791751196672, "filename": "\\Windows\\System32\\clbcatq.dll", "id": "region_951", "name": "clbcatq.dll", "norm_filename": "c:\\windows\\system32\\clbcatq.dll", "region_type": "memory_mapped_file", "start_va": 8791751196672, "timestamp": "00:00:23.004", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1232896, "start_va": 8791768956928, "type": "region", "version": 1 }, "end_va": 8791770189823, "entry_point": 8791769279824, "filename": "\\Windows\\System32\\rpcrt4.dll", "id": "region_952", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\system32\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 8791768956928, "timestamp": "00:00:23.013", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2109440, "start_va": 8791770202112, "type": "region", "version": 1 }, "end_va": 8791772311551, "entry_point": 8791770202112, "filename": "\\Windows\\System32\\ole32.dll", "id": "region_953", "name": "ole32.dll", "norm_filename": "c:\\windows\\system32\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 8791770202112, "timestamp": "00:00:23.013", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 897024, "start_va": 8791772364800, "type": "region", "version": 1 }, "end_va": 8791773261823, "entry_point": 8791772497760, "filename": "\\Windows\\System32\\advapi32.dll", "id": "region_954", "name": "advapi32.dll", "norm_filename": "c:\\windows\\system32\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 8791772364800, "timestamp": "00:00:23.303", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1085440, "start_va": 8791773282304, "type": "region", "version": 1 }, "end_va": 8791774367743, "entry_point": 8791773286500, "filename": "\\Windows\\System32\\msctf.dll", "id": "region_955", "name": "msctf.dll", "norm_filename": "c:\\windows\\system32\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 8791773282304, "timestamp": "00:00:23.304", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 651264, "start_va": 8791774396416, "type": "region", "version": 1 }, "end_va": 8791775047679, "entry_point": 8791774406048, "filename": "\\Windows\\System32\\msvcrt.dll", "id": "region_956", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\system32\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 8791774396416, "timestamp": "00:00:23.304", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 880640, "start_va": 8791775051776, "type": "region", "version": 1 }, "end_va": 8791775932415, "entry_point": 8791775051776, "filename": "\\Windows\\System32\\oleaut32.dll", "id": "region_957", "name": "oleaut32.dll", "norm_filename": "c:\\windows\\system32\\oleaut32.dll", "region_type": "memory_mapped_file", "start_va": 8791775051776, "timestamp": "00:00:23.305", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 57344, "start_va": 8791775969280, "type": "region", "version": 1 }, "end_va": 8791776026623, "entry_point": 8791775973504, "filename": "\\Windows\\System32\\lpk.dll", "id": "region_958", "name": "lpk.dll", "norm_filename": "c:\\windows\\system32\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 8791775969280, "timestamp": "00:00:23.318", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 421888, "start_va": 8791776034816, "type": "region", "version": 1 }, "end_va": 8791776456703, "entry_point": 8791776079932, "filename": "\\Windows\\System32\\gdi32.dll", "id": "region_959", "name": "gdi32.dll", "norm_filename": "c:\\windows\\system32\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 8791776034816, "timestamp": "00:00:23.319", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 462848, "start_va": 8791776493568, "type": "region", "version": 1 }, "end_va": 8791776956415, "entry_point": 8791776566816, "filename": "\\Windows\\System32\\shlwapi.dll", "id": "region_960", "name": "shlwapi.dll", "norm_filename": "c:\\windows\\system32\\shlwapi.dll", "region_type": "memory_mapped_file", "start_va": 8791776493568, "timestamp": "00:00:23.319", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 823296, "start_va": 8791777148928, "type": "region", "version": 1 }, "end_va": 8791777972223, "entry_point": 8791777650804, "filename": "\\Windows\\System32\\usp10.dll", "id": "region_961", "name": "usp10.dll", "norm_filename": "c:\\windows\\system32\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 8791777148928, "timestamp": "00:00:23.320", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 188416, "start_va": 8791779966976, "type": "region", "version": 1 }, "end_va": 8791780155391, "entry_point": 8791779971088, "filename": "\\Windows\\System32\\imm32.dll", "id": "region_962", "name": "imm32.dll", "norm_filename": "c:\\windows\\system32\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 8791779966976, "timestamp": "00:00:23.320", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 126976, "start_va": 8791780229120, "type": "region", "version": 1 }, "end_va": 8791780356095, "entry_point": 8791780253928, "filename": "\\Windows\\System32\\sechost.dll", "id": "region_963", "name": "sechost.dll", "norm_filename": "c:\\windows\\system32\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 8791780229120, "timestamp": "00:00:23.321", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 8791781998592, "type": "region", "version": 1 }, "end_va": 8791782002687, "entry_point": 8791781998592, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_964", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 8791781998592, "timestamp": "00:00:23.322", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092686336, "type": "region", "version": 1 }, "end_va": 8796092694527, "entry_point": 0, "filename": null, "id": "region_965", "name": "private_0x000007fffffae000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092686336, "timestamp": "00:00:23.326", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 8796092694528, "type": "region", "version": 1 }, "end_va": 8796092837887, "entry_point": 0, "filename": null, "id": "region_966", "name": "pagefile_0x000007fffffb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 8796092694528, "timestamp": "00:00:23.326", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092841984, "type": "region", "version": 1 }, "end_va": 8796092850175, "entry_point": 0, "filename": null, "id": "region_967", "name": "private_0x000007fffffd4000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092841984, "timestamp": "00:00:23.327", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 8796092858368, "type": "region", "version": 1 }, "end_va": 8796092862463, "entry_point": 0, "filename": null, "id": "region_968", "name": "private_0x000007fffffd8000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092858368, "timestamp": "00:00:23.327", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092866560, "type": "region", "version": 1 }, "end_va": 8796092874751, "entry_point": 0, "filename": null, "id": "region_969", "name": "private_0x000007fffffda000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092866560, "timestamp": "00:00:23.327", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092874752, "type": "region", "version": 1 }, "end_va": 8796092882943, "entry_point": 0, "filename": null, "id": "region_970", "name": "private_0x000007fffffdc000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092874752, "timestamp": "00:00:23.327", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092882944, "type": "region", "version": 1 }, "end_va": 8796092891135, "entry_point": 0, "filename": null, "id": "region_971", "name": "private_0x000007fffffde000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092882944, "timestamp": "00:00:23.328", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "/c wevtutil cl Setup & wevtutil cl System & wevtutil cl Security & wevtutil cl Application & fsutil usn deletejournal /D C:", "filename": "c:\\windows\\syswow64\\cmd.exe", "id": "proc_12", "image_name": "cmd.exe", "monitor_reason": "child_process", "monitored_id": 12, "origin_monitor_id": 2, "ref_parent_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "process_00000012-region_00001059-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_266", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 131072, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_1059", "name": "private_0x0000000000010000", "norm_filename": null, "region_type": "private_memory", "start_va": 65536, "timestamp": "00:00:30.295", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000012-region_00001060-addr_0x0000000000030000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_267", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 204799, "entry_point": 0, "filename": null, "id": "region_1060", "name": "private_0x0000000000030000", "norm_filename": null, "region_type": "private_memory", "start_va": 196608, "timestamp": "00:00:30.295", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 266239, "entry_point": 262144, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_1061", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 262144, "timestamp": "00:00:30.295", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 327680, "type": "region", "version": 1 }, "end_va": 344063, "entry_point": 0, "filename": null, "id": "region_1062", "name": "pagefile_0x0000000000050000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 327680, "timestamp": "00:00:30.298", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 393216, "type": "region", "version": 1 }, "end_va": 397311, "entry_point": 0, "filename": null, "id": "region_1063", "name": "pagefile_0x0000000000060000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 393216, "timestamp": "00:00:30.298", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 1376256, "type": "region", "version": 1 }, "end_va": 1638399, "entry_point": 0, "filename": null, "id": "region_1064", "name": "private_0x0000000000150000", "norm_filename": null, "region_type": "private_memory", "start_va": 1376256, "timestamp": "00:00:30.298", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 3276800, "type": "region", "version": 1 }, "end_va": 4325375, "entry_point": 0, "filename": null, "id": "region_1065", "name": "private_0x0000000000320000", "norm_filename": null, "region_type": "private_memory", "start_va": 3276800, "timestamp": "00:00:30.298", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 311296, "start_va": 1246494720, "type": "region", "version": 1 }, "end_va": 1246806015, "entry_point": 1246528154, "filename": "\\Windows\\SysWOW64\\cmd.exe", "id": "region_1066", "name": "cmd.exe", "norm_filename": "c:\\windows\\syswow64\\cmd.exe", "region_type": "memory_mapped_file", "start_va": 1246494720, "timestamp": "00:00:30.298", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 1993932800, "type": "region", "version": 1 }, "end_va": 1995673599, "entry_point": 1993932800, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_1067", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 1993932800, "timestamp": "00:00:30.299", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1572864, "start_va": 1995898880, "type": "region", "version": 1 }, "end_va": 1997471743, "entry_point": 1995898880, "filename": "\\Windows\\SysWOW64\\ntdll.dll", "id": "region_1068", "name": "ntdll.dll", "norm_filename": "c:\\windows\\syswow64\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 1995898880, "timestamp": "00:00:30.299", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 2130378752, "type": "region", "version": 1 }, "end_va": 2130522111, "entry_point": 0, "filename": null, "id": "region_1069", "name": "pagefile_0x000000007efb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130378752, "timestamp": "00:00:30.300", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000012-region_00001070-addr_0x000000007efdb000-size_0x0000000000003000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_268", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 12288, "start_va": 2130554880, "type": "region", "version": 1 }, "end_va": 2130567167, "entry_point": 0, "filename": null, "id": "region_1070", "name": "private_0x000000007efdb000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130554880, "timestamp": "00:00:30.300", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000012-region_00001071-addr_0x000000007efde000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_269", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2130567168, "type": "region", "version": 1 }, "end_va": 2130571263, "entry_point": 0, "filename": null, "id": "region_1071", "name": "private_0x000000007efde000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130567168, "timestamp": "00:00:30.301", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000012-region_00001072-addr_0x000000007efdf000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_270", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2130571264, "type": "region", "version": 1 }, "end_va": 2130575359, "entry_point": 0, "filename": null, "id": "region_1072", "name": "private_0x000000007efdf000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130571264, "timestamp": "00:00:30.301", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16777216, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_1073", "name": "private_0x000000007efe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130575360, "timestamp": "00:00:30.301", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000012-region_00001074-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable" ], "ref_process_dump": { "ref_id": "proc_dump_271", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_1074", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:00:30.301", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "ignored_region" ], "info": "No dump was created because this is an ignored region", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8793945538560, "start_va": 2147418112, "type": "region", "version": 1 }, "end_va": 8796092956671, "entry_point": 0, "filename": null, "id": "region_1075", "name": "private_0x000000007fff0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147418112, "timestamp": "00:00:30.301", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000012-region_00001076-addr_0x00000000005e0000-size_0x0000000000080000-perm_rw.bin", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_272", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 524288, "start_va": 6160384, "type": "region", "version": 1 }, "end_va": 6684671, "entry_point": 0, "filename": null, "id": "region_1076", "name": "private_0x00000000005e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 6160384, "timestamp": "00:00:30.306", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1951006720, "type": "region", "version": 1 }, "end_va": 1951039487, "entry_point": 1951015160, "filename": "\\Windows\\System32\\wow64cpu.dll", "id": "region_1077", "name": "wow64cpu.dll", "norm_filename": "c:\\windows\\system32\\wow64cpu.dll", "region_type": "memory_mapped_file", "start_va": 1951006720, "timestamp": "00:00:30.306", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 376832, "start_va": 1951072256, "type": "region", "version": 1 }, "end_va": 1951449087, "entry_point": 1951332248, "filename": "\\Windows\\System32\\wow64win.dll", "id": "region_1078", "name": "wow64win.dll", "norm_filename": "c:\\windows\\system32\\wow64win.dll", "region_type": "memory_mapped_file", "start_va": 1951072256, "timestamp": "00:00:30.306", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 258048, "start_va": 1951465472, "type": "region", "version": 1 }, "end_va": 1951723519, "entry_point": 1951653496, "filename": "\\Windows\\System32\\wow64.dll", "id": "region_1079", "name": "wow64.dll", "norm_filename": "c:\\windows\\system32\\wow64.dll", "region_type": "memory_mapped_file", "start_va": 1951465472, "timestamp": "00:00:30.307", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_1083", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:00:30.363", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_1084", "name": "pagefile_0x0000000000020000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 131072, "timestamp": "00:00:30.363", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 458752, "type": "region", "version": 1 }, "end_va": 880639, "entry_point": 458752, "filename": "\\Windows\\System32\\locale.nls", "id": "region_1085", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 458752, "timestamp": "00:00:30.363", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000012-region_00001086-addr_0x00000000005b0000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_275", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 5963776, "type": "region", "version": 1 }, "end_va": 6029311, "entry_point": 0, "filename": null, "id": "region_1086", "name": "private_0x00000000005b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 5963776, "timestamp": "00:00:30.363", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000012-region_00001087-addr_0x0000000000820000-size_0x0000000000100000-perm_rw.bin", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_276", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 8519680, "type": "region", "version": 1 }, "end_va": 9568255, "entry_point": 0, "filename": null, "id": "region_1087", "name": "private_0x0000000000820000", "norm_filename": null, "region_type": "private_memory", "start_va": 8519680, "timestamp": "00:00:30.364", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 28672, "start_va": 1954480128, "type": "region", "version": 1 }, "end_va": 1954508799, "entry_point": 1954484784, "filename": "\\Windows\\SysWOW64\\winbrand.dll", "id": "region_1088", "name": "winbrand.dll", "norm_filename": "c:\\windows\\syswow64\\winbrand.dll", "region_type": "memory_mapped_file", "start_va": 1954480128, "timestamp": "00:00:30.364", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1957429248, "type": "region", "version": 1 }, "end_va": 1957478399, "entry_point": 1957433569, "filename": "\\Windows\\SysWOW64\\cryptbase.dll", "id": "region_1089", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\syswow64\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 1957429248, "timestamp": "00:00:30.364", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1957494784, "type": "region", "version": 1 }, "end_va": 1957887999, "entry_point": 1957602227, "filename": "\\Windows\\SysWOW64\\sspicli.dll", "id": "region_1090", "name": "sspicli.dll", "norm_filename": "c:\\windows\\syswow64\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 1957494784, "timestamp": "00:00:30.365", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1048576, "start_va": 1959395328, "type": "region", "version": 1 }, "end_va": 1960443903, "entry_point": 1959507693, "filename": "\\Windows\\SysWOW64\\user32.dll", "id": "region_1091", "name": "user32.dll", "norm_filename": "c:\\windows\\syswow64\\user32.dll", "region_type": "memory_mapped_file", "start_va": 1959395328, "timestamp": "00:00:30.365", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1960443904, "type": "region", "version": 1 }, "end_va": 1960484863, "entry_point": 1960457888, "filename": "\\Windows\\SysWOW64\\lpk.dll", "id": "region_1092", "name": "lpk.dll", "norm_filename": "c:\\windows\\syswow64\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 1960443904, "timestamp": "00:00:30.366", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 1961361408, "type": "region", "version": 1 }, "end_va": 1961463807, "entry_point": 1961380213, "filename": "\\Windows\\SysWOW64\\sechost.dll", "id": "region_1093", "name": "sechost.dll", "norm_filename": "c:\\windows\\syswow64\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 1961361408, "timestamp": "00:00:30.366", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 655360, "start_va": 1961492480, "type": "region", "version": 1 }, "end_va": 1962147839, "entry_point": 1961576933, "filename": "\\Windows\\SysWOW64\\advapi32.dll", "id": "region_1094", "name": "advapi32.dll", "norm_filename": "c:\\windows\\syswow64\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 1961492480, "timestamp": "00:00:30.367", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 983040, "start_va": 1978531840, "type": "region", "version": 1 }, "end_va": 1979514879, "entry_point": 1978598761, "filename": "\\Windows\\SysWOW64\\rpcrt4.dll", "id": "region_1095", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\syswow64\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 1978531840, "timestamp": "00:00:30.367", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 589824, "start_va": 1983840256, "type": "region", "version": 1 }, "end_va": 1984430079, "entry_point": 1983931203, "filename": "\\Windows\\SysWOW64\\gdi32.dll", "id": "region_1096", "name": "gdi32.dll", "norm_filename": "c:\\windows\\syswow64\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 1983840256, "timestamp": "00:00:30.368", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 643072, "start_va": 1985019904, "type": "region", "version": 1 }, "end_va": 1985662975, "entry_point": 1985232855, "filename": "\\Windows\\SysWOW64\\usp10.dll", "id": "region_1097", "name": "usp10.dll", "norm_filename": "c:\\windows\\syswow64\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 1985019904, "timestamp": "00:00:30.368", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 286720, "start_va": 1985675264, "type": "region", "version": 1 }, "end_va": 1985961983, "entry_point": 1985705080, "filename": "\\Windows\\SysWOW64\\KernelBase.dll", "id": "region_1098", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\syswow64\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 1985675264, "timestamp": "00:00:30.369", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1114112, "start_va": 1986002944, "type": "region", "version": 1 }, "end_va": 1987117055, "entry_point": 1986081491, "filename": "\\Windows\\SysWOW64\\kernel32.dll", "id": "region_1099", "name": "kernel32.dll", "norm_filename": "c:\\windows\\syswow64\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1986002944, "timestamp": "00:00:30.369", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 704512, "start_va": 1990459392, "type": "region", "version": 1 }, "end_va": 1991163903, "entry_point": 1990501490, "filename": "\\Windows\\SysWOW64\\msvcrt.dll", "id": "region_1100", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\syswow64\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 1990459392, "timestamp": "00:00:30.370", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1024000, "start_va": 1991704576, "type": "region", "version": 1 }, "end_va": 1992728575, "entry_point": 0, "filename": null, "id": "region_1101", "name": "private_0x0000000076b70000", "norm_filename": null, "region_type": "private_memory", "start_va": 1991704576, "timestamp": "00:00:30.371", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1175552, "start_va": 1992753152, "type": "region", "version": 1 }, "end_va": 1993928703, "entry_point": 0, "filename": null, "id": "region_1102", "name": "private_0x0000000076c70000", "norm_filename": null, "region_type": "private_memory", "start_va": 1992753152, "timestamp": "00:00:30.371", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2131623935, "entry_point": 0, "filename": null, "id": "region_1103", "name": "pagefile_0x000000007efe0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130575360, "timestamp": "00:00:30.371", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 15728640, "start_va": 2131623936, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_1104", "name": "private_0x000000007f0e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2131623936, "timestamp": "00:00:30.371", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 1638400, "type": "region", "version": 1 }, "end_va": 3244031, "entry_point": 0, "filename": null, "id": "region_1105", "name": "pagefile_0x0000000000190000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1638400, "timestamp": "00:00:30.375", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1957888000, "type": "region", "version": 1 }, "end_va": 1958281215, "entry_point": 1957959055, "filename": "\\Windows\\SysWOW64\\imm32.dll", "id": "region_1106", "name": "imm32.dll", "norm_filename": "c:\\windows\\syswow64\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 1957888000, "timestamp": "00:00:30.375", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 835584, "start_va": 1960509440, "type": "region", "version": 1 }, "end_va": 1961345023, "entry_point": 1960515211, "filename": "\\Windows\\SysWOW64\\msctf.dll", "id": "region_1107", "name": "msctf.dll", "norm_filename": "c:\\windows\\syswow64\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 1960509440, "timestamp": "00:00:30.375", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 28672, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 225279, "entry_point": 0, "filename": null, "id": "region_1108", "name": "pagefile_0x0000000000030000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 196608, "timestamp": "00:00:30.380", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 917504, "type": "region", "version": 1 }, "end_va": 925695, "entry_point": 0, "filename": null, "id": "region_1109", "name": "pagefile_0x00000000000e0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 917504, "timestamp": "00:00:30.380", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000012-region_00001110-addr_0x00000000000f0000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_277", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 983040, "type": "region", "version": 1 }, "end_va": 987135, "entry_point": 0, "filename": null, "id": "region_1110", "name": "private_0x00000000000f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 983040, "timestamp": "00:00:30.381", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000012-region_00001111-addr_0x0000000000100000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_278", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 1048576, "type": "region", "version": 1 }, "end_va": 1052671, "entry_point": 0, "filename": null, "id": "region_1111", "name": "private_0x0000000000100000", "norm_filename": null, "region_type": "private_memory", "start_va": 1048576, "timestamp": "00:00:30.381", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 4325376, "type": "region", "version": 1 }, "end_va": 5902335, "entry_point": 0, "filename": null, "id": "region_1112", "name": "pagefile_0x0000000000420000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 4325376, "timestamp": "00:00:30.381", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20971520, "start_va": 9568256, "type": "region", "version": 1 }, "end_va": 30539775, "entry_point": 0, "filename": null, "id": "region_1113", "name": "pagefile_0x0000000000920000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 9568256, "timestamp": "00:00:30.381", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 3420160, "start_va": 30539776, "type": "region", "version": 1 }, "end_va": 33959935, "entry_point": 0, "filename": null, "id": "region_1114", "name": "pagefile_0x0000000001d20000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 30539776, "timestamp": "00:00:30.381", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2945024, "start_va": 34013184, "type": "region", "version": 1 }, "end_va": 36958207, "entry_point": 34013184, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_1116", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 34013184, "timestamp": "00:00:30.406", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "wevtutil cl Setup ", "filename": "c:\\windows\\syswow64\\wevtutil.exe", "id": "proc_13", "image_name": "wevtutil.exe", "monitor_reason": "child_process", "monitored_id": 13, "origin_monitor_id": 12, "ref_parent_process": { "ref_id": "proc_12", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "process_00000013-region_00001118-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_280", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 131072, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_1118", "name": "private_0x0000000000010000", "norm_filename": null, "region_type": "private_memory", "start_va": 65536, "timestamp": "00:00:30.429", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000013-region_00001119-addr_0x0000000000030000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_281", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 204799, "entry_point": 0, "filename": null, "id": "region_1119", "name": "private_0x0000000000030000", "norm_filename": null, "region_type": "private_memory", "start_va": 196608, "timestamp": "00:00:30.429", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 266239, "entry_point": 262144, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_1120", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 262144, "timestamp": "00:00:30.429", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 327680, "type": "region", "version": 1 }, "end_va": 344063, "entry_point": 0, "filename": null, "id": "region_1121", "name": "pagefile_0x0000000000050000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 327680, "timestamp": "00:00:30.432", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 393216, "type": "region", "version": 1 }, "end_va": 397311, "entry_point": 0, "filename": null, "id": "region_1122", "name": "pagefile_0x0000000000060000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 393216, "timestamp": "00:00:30.432", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000013-region_00001123-addr_0x0000000000170000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_282", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 1507328, "type": "region", "version": 1 }, "end_va": 1769471, "entry_point": 0, "filename": null, "id": "region_1123", "name": "private_0x0000000000170000", "norm_filename": null, "region_type": "private_memory", "start_va": 1507328, "timestamp": "00:00:30.432", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000013-region_00001124-addr_0x00000000001f0000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_283", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 2031616, "type": "region", "version": 1 }, "end_va": 2293759, "entry_point": 0, "filename": null, "id": "region_1124", "name": "private_0x00000000001f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2031616, "timestamp": "00:00:30.432", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 184320, "start_va": 15925248, "type": "region", "version": 1 }, "end_va": 16109567, "entry_point": 15925248, "filename": "\\Windows\\SysWOW64\\wevtutil.exe", "id": "region_1125", "name": "wevtutil.exe", "norm_filename": "c:\\windows\\syswow64\\wevtutil.exe", "region_type": "memory_mapped_file", "start_va": 15925248, "timestamp": "00:00:30.432", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 1993932800, "type": "region", "version": 1 }, "end_va": 1995673599, "entry_point": 1993932800, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_1126", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 1993932800, "timestamp": "00:00:30.438", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1572864, "start_va": 1995898880, "type": "region", "version": 1 }, "end_va": 1997471743, "entry_point": 1995898880, "filename": "\\Windows\\SysWOW64\\ntdll.dll", "id": "region_1127", "name": "ntdll.dll", "norm_filename": "c:\\windows\\syswow64\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 1995898880, "timestamp": "00:00:30.439", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 2130378752, "type": "region", "version": 1 }, "end_va": 2130522111, "entry_point": 0, "filename": null, "id": "region_1128", "name": "pagefile_0x000000007efb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130378752, "timestamp": "00:00:30.439", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000013-region_00001129-addr_0x000000007efdb000-size_0x0000000000003000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_284", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 12288, "start_va": 2130554880, "type": "region", "version": 1 }, "end_va": 2130567167, "entry_point": 0, "filename": null, "id": "region_1129", "name": "private_0x000000007efdb000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130554880, "timestamp": "00:00:30.440", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000013-region_00001130-addr_0x000000007efde000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_285", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2130567168, "type": "region", "version": 1 }, "end_va": 2130571263, "entry_point": 0, "filename": null, "id": "region_1130", "name": "private_0x000000007efde000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130567168, "timestamp": "00:00:30.440", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000013-region_00001131-addr_0x000000007efdf000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_286", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2130571264, "type": "region", "version": 1 }, "end_va": 2130575359, "entry_point": 0, "filename": null, "id": "region_1131", "name": "private_0x000000007efdf000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130571264, "timestamp": "00:00:30.440", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16777216, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_1132", "name": "private_0x000000007efe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130575360, "timestamp": "00:00:30.441", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000013-region_00001133-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable" ], "ref_process_dump": { "ref_id": "proc_dump_287", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_1133", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:00:30.441", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "ignored_region" ], "info": "No dump was created because this is an ignored region", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8793945538560, "start_va": 2147418112, "type": "region", "version": 1 }, "end_va": 8796092956671, "entry_point": 0, "filename": null, "id": "region_1134", "name": "private_0x000000007fff0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147418112, "timestamp": "00:00:30.441", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000013-region_00001136-addr_0x0000000000320000-size_0x0000000000080000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_289", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 524288, "start_va": 3276800, "type": "region", "version": 1 }, "end_va": 3801087, "entry_point": 0, "filename": null, "id": "region_1136", "name": "private_0x0000000000320000", "norm_filename": null, "region_type": "private_memory", "start_va": 3276800, "timestamp": "00:00:30.485", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1951006720, "type": "region", "version": 1 }, "end_va": 1951039487, "entry_point": 1951015160, "filename": "\\Windows\\System32\\wow64cpu.dll", "id": "region_1137", "name": "wow64cpu.dll", "norm_filename": "c:\\windows\\system32\\wow64cpu.dll", "region_type": "memory_mapped_file", "start_va": 1951006720, "timestamp": "00:00:30.485", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 376832, "start_va": 1951072256, "type": "region", "version": 1 }, "end_va": 1951449087, "entry_point": 1951332248, "filename": "\\Windows\\System32\\wow64win.dll", "id": "region_1138", "name": "wow64win.dll", "norm_filename": "c:\\windows\\system32\\wow64win.dll", "region_type": "memory_mapped_file", "start_va": 1951072256, "timestamp": "00:00:30.486", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 258048, "start_va": 1951465472, "type": "region", "version": 1 }, "end_va": 1951723519, "entry_point": 1951653496, "filename": "\\Windows\\System32\\wow64.dll", "id": "region_1139", "name": "wow64.dll", "norm_filename": "c:\\windows\\system32\\wow64.dll", "region_type": "memory_mapped_file", "start_va": 1951465472, "timestamp": "00:00:30.487", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_1140", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:00:30.506", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_1141", "name": "pagefile_0x0000000000020000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 131072, "timestamp": "00:00:30.506", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 458752, "type": "region", "version": 1 }, "end_va": 880639, "entry_point": 458752, "filename": "\\Windows\\System32\\locale.nls", "id": "region_1142", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 458752, "timestamp": "00:00:30.506", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000013-region_00001143-addr_0x0000000000490000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_290", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 4784128, "type": "region", "version": 1 }, "end_va": 5832703, "entry_point": 0, "filename": null, "id": "region_1143", "name": "private_0x0000000000490000", "norm_filename": null, "region_type": "private_memory", "start_va": 4784128, "timestamp": "00:00:30.507", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000013-region_00001144-addr_0x0000000000680000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_291", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 6815744, "type": "region", "version": 1 }, "end_va": 6881279, "entry_point": 0, "filename": null, "id": "region_1144", "name": "private_0x0000000000680000", "norm_filename": null, "region_type": "private_memory", "start_va": 6815744, "timestamp": "00:00:30.507", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 270336, "start_va": 1952645120, "type": "region", "version": 1 }, "end_va": 1952915455, "entry_point": 1952645120, "filename": "\\Windows\\SysWOW64\\wevtapi.dll", "id": "region_1145", "name": "wevtapi.dll", "norm_filename": "c:\\windows\\syswow64\\wevtapi.dll", "region_type": "memory_mapped_file", "start_va": 1952645120, "timestamp": "00:00:30.507", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 176128, "start_va": 1952972800, "type": "region", "version": 1 }, "end_va": 1953148927, "entry_point": 1952972800, "filename": "\\Windows\\SysWOW64\\credui.dll", "id": "region_1146", "name": "credui.dll", "norm_filename": "c:\\windows\\syswow64\\credui.dll", "region_type": "memory_mapped_file", "start_va": 1952972800, "timestamp": "00:00:30.515", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1957429248, "type": "region", "version": 1 }, "end_va": 1957478399, "entry_point": 1957433569, "filename": "\\Windows\\SysWOW64\\cryptbase.dll", "id": "region_1147", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\syswow64\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 1957429248, "timestamp": "00:00:30.522", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1957494784, "type": "region", "version": 1 }, "end_va": 1957887999, "entry_point": 1957602227, "filename": "\\Windows\\SysWOW64\\sspicli.dll", "id": "region_1148", "name": "sspicli.dll", "norm_filename": "c:\\windows\\syswow64\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 1957494784, "timestamp": "00:00:30.523", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1048576, "start_va": 1959395328, "type": "region", "version": 1 }, "end_va": 1960443903, "entry_point": 1959507693, "filename": "\\Windows\\SysWOW64\\user32.dll", "id": "region_1149", "name": "user32.dll", "norm_filename": "c:\\windows\\syswow64\\user32.dll", "region_type": "memory_mapped_file", "start_va": 1959395328, "timestamp": "00:00:30.523", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1960443904, "type": "region", "version": 1 }, "end_va": 1960484863, "entry_point": 1960457888, "filename": "\\Windows\\SysWOW64\\lpk.dll", "id": "region_1150", "name": "lpk.dll", "norm_filename": "c:\\windows\\syswow64\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 1960443904, "timestamp": "00:00:30.524", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 1961361408, "type": "region", "version": 1 }, "end_va": 1961463807, "entry_point": 1961380213, "filename": "\\Windows\\SysWOW64\\sechost.dll", "id": "region_1151", "name": "sechost.dll", "norm_filename": "c:\\windows\\syswow64\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 1961361408, "timestamp": "00:00:30.524", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 655360, "start_va": 1961492480, "type": "region", "version": 1 }, "end_va": 1962147839, "entry_point": 1961576933, "filename": "\\Windows\\SysWOW64\\advapi32.dll", "id": "region_1152", "name": "advapi32.dll", "norm_filename": "c:\\windows\\syswow64\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 1961492480, "timestamp": "00:00:30.524", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 983040, "start_va": 1978531840, "type": "region", "version": 1 }, "end_va": 1979514879, "entry_point": 1978598761, "filename": "\\Windows\\SysWOW64\\rpcrt4.dll", "id": "region_1153", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\syswow64\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 1978531840, "timestamp": "00:00:30.525", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 585728, "start_va": 1979580416, "type": "region", "version": 1 }, "end_va": 1980166143, "entry_point": 1979596721, "filename": "\\Windows\\SysWOW64\\oleaut32.dll", "id": "region_1154", "name": "oleaut32.dll", "norm_filename": "c:\\windows\\syswow64\\oleaut32.dll", "region_type": "memory_mapped_file", "start_va": 1979580416, "timestamp": "00:00:30.525", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 589824, "start_va": 1983840256, "type": "region", "version": 1 }, "end_va": 1984430079, "entry_point": 1983931203, "filename": "\\Windows\\SysWOW64\\gdi32.dll", "id": "region_1155", "name": "gdi32.dll", "norm_filename": "c:\\windows\\syswow64\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 1983840256, "timestamp": "00:00:30.526", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 643072, "start_va": 1985019904, "type": "region", "version": 1 }, "end_va": 1985662975, "entry_point": 1985232855, "filename": "\\Windows\\SysWOW64\\usp10.dll", "id": "region_1156", "name": "usp10.dll", "norm_filename": "c:\\windows\\syswow64\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 1985019904, "timestamp": "00:00:30.526", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 286720, "start_va": 1985675264, "type": "region", "version": 1 }, "end_va": 1985961983, "entry_point": 1985705080, "filename": "\\Windows\\SysWOW64\\KernelBase.dll", "id": "region_1157", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\syswow64\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 1985675264, "timestamp": "00:00:30.527", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1114112, "start_va": 1986002944, "type": "region", "version": 1 }, "end_va": 1987117055, "entry_point": 1986081491, "filename": "\\Windows\\SysWOW64\\kernel32.dll", "id": "region_1158", "name": "kernel32.dll", "norm_filename": "c:\\windows\\syswow64\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1986002944, "timestamp": "00:00:30.527", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1425408, "start_va": 1987117056, "type": "region", "version": 1 }, "end_va": 1988542463, "entry_point": 1987426877, "filename": "\\Windows\\SysWOW64\\ole32.dll", "id": "region_1159", "name": "ole32.dll", "norm_filename": "c:\\windows\\syswow64\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 1987117056, "timestamp": "00:00:30.528", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 704512, "start_va": 1990459392, "type": "region", "version": 1 }, "end_va": 1991163903, "entry_point": 1990501490, "filename": "\\Windows\\SysWOW64\\msvcrt.dll", "id": "region_1160", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\syswow64\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 1990459392, "timestamp": "00:00:30.528", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000013-region_00001161-addr_0x0000000076b70000-size_0x00000000000fa000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_292", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1024000, "start_va": 1991704576, "type": "region", "version": 1 }, "end_va": 1992728575, "entry_point": 0, "filename": null, "id": "region_1161", "name": "private_0x0000000076b70000", "norm_filename": null, "region_type": "private_memory", "start_va": 1991704576, "timestamp": "00:00:30.529", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000013-region_00001162-addr_0x0000000076c70000-size_0x000000000011f000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_293", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1175552, "start_va": 1992753152, "type": "region", "version": 1 }, "end_va": 1993928703, "entry_point": 0, "filename": null, "id": "region_1162", "name": "private_0x0000000076c70000", "norm_filename": null, "region_type": "private_memory", "start_va": 1992753152, "timestamp": "00:00:30.529", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2131623935, "entry_point": 0, "filename": null, "id": "region_1163", "name": "pagefile_0x000000007efe0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130575360, "timestamp": "00:00:30.529", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 15728640, "start_va": 2131623936, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_1164", "name": "private_0x000000007f0e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2131623936, "timestamp": "00:00:30.529", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 6881280, "type": "region", "version": 1 }, "end_va": 8486911, "entry_point": 0, "filename": null, "id": "region_1166", "name": "pagefile_0x0000000000690000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 6881280, "timestamp": "00:00:30.535", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1957888000, "type": "region", "version": 1 }, "end_va": 1958281215, "entry_point": 1957959055, "filename": "\\Windows\\SysWOW64\\imm32.dll", "id": "region_1167", "name": "imm32.dll", "norm_filename": "c:\\windows\\syswow64\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 1957888000, "timestamp": "00:00:30.535", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 835584, "start_va": 1960509440, "type": "region", "version": 1 }, "end_va": 1961345023, "entry_point": 1960515211, "filename": "\\Windows\\SysWOW64\\msctf.dll", "id": "region_1168", "name": "msctf.dll", "norm_filename": "c:\\windows\\syswow64\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 1960509440, "timestamp": "00:00:30.536", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 28672, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 225279, "entry_point": 0, "filename": null, "id": "region_1169", "name": "pagefile_0x0000000000030000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 196608, "timestamp": "00:00:30.556", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 917504, "type": "region", "version": 1 }, "end_va": 925695, "entry_point": 0, "filename": null, "id": "region_1170", "name": "pagefile_0x00000000000e0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 917504, "timestamp": "00:00:30.556", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 45056, "start_va": 983040, "type": "region", "version": 1 }, "end_va": 1028095, "entry_point": 983040, "filename": "\\Windows\\SysWOW64\\en-US\\wevtutil.exe.mui", "id": "region_1171", "name": "wevtutil.exe.mui", "norm_filename": "c:\\windows\\syswow64\\en-us\\wevtutil.exe.mui", "region_type": "memory_mapped_file", "start_va": 983040, "timestamp": "00:00:30.556", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000013-region_00001172-addr_0x0000000000100000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_295", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 1048576, "type": "region", "version": 1 }, "end_va": 1052671, "entry_point": 0, "filename": null, "id": "region_1172", "name": "private_0x0000000000100000", "norm_filename": null, "region_type": "private_memory", "start_va": 1048576, "timestamp": "00:00:30.561", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000013-region_00001173-addr_0x0000000000110000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_296", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 1114112, "type": "region", "version": 1 }, "end_va": 1118207, "entry_point": 0, "filename": null, "id": "region_1173", "name": "private_0x0000000000110000", "norm_filename": null, "region_type": "private_memory", "start_va": 1114112, "timestamp": "00:00:30.561", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 1179648, "type": "region", "version": 1 }, "end_va": 1187839, "entry_point": 0, "filename": null, "id": "region_1174", "name": "pagefile_0x0000000000120000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1179648, "timestamp": "00:00:30.561", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 8519680, "type": "region", "version": 1 }, "end_va": 10096639, "entry_point": 0, "filename": null, "id": "region_1175", "name": "pagefile_0x0000000000820000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 8519680, "timestamp": "00:00:30.561", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20971520, "start_va": 16121856, "type": "region", "version": 1 }, "end_va": 37093375, "entry_point": 0, "filename": null, "id": "region_1176", "name": "pagefile_0x0000000000f60000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 16121856, "timestamp": "00:00:30.561", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1695744, "start_va": 1946877952, "type": "region", "version": 1 }, "end_va": 1948573695, "entry_point": 1946877952, "filename": "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll", "id": "region_1177", "name": "comctl32.dll", "norm_filename": "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll", "region_type": "memory_mapped_file", "start_va": 1946877952, "timestamp": "00:00:30.562", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 356352, "start_va": 1980170240, "type": "region", "version": 1 }, "end_va": 1980526591, "entry_point": 1980275622, "filename": "\\Windows\\SysWOW64\\shlwapi.dll", "id": "region_1178", "name": "shlwapi.dll", "norm_filename": "c:\\windows\\syswow64\\shlwapi.dll", "region_type": "memory_mapped_file", "start_va": 1980170240, "timestamp": "00:00:30.571", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "wevtutil cl System ", "filename": "c:\\windows\\syswow64\\wevtutil.exe", "id": "proc_14", "image_name": "wevtutil.exe", "monitor_reason": "child_process", "monitored_id": 14, "origin_monitor_id": 12, "ref_parent_process": { "ref_id": "proc_12", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "process_00000014-region_00001182-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_299", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 131072, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_1182", "name": "private_0x0000000000010000", "norm_filename": null, "region_type": "private_memory", "start_va": 65536, "timestamp": "00:00:30.623", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000014-region_00001183-addr_0x0000000000030000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_300", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 204799, "entry_point": 0, "filename": null, "id": "region_1183", "name": "private_0x0000000000030000", "norm_filename": null, "region_type": "private_memory", "start_va": 196608, "timestamp": "00:00:30.623", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 266239, "entry_point": 262144, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_1184", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 262144, "timestamp": "00:00:30.623", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 327680, "type": "region", "version": 1 }, "end_va": 344063, "entry_point": 0, "filename": null, "id": "region_1185", "name": "pagefile_0x0000000000050000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 327680, "timestamp": "00:00:30.626", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 393216, "type": "region", "version": 1 }, "end_va": 397311, "entry_point": 0, "filename": null, "id": "region_1186", "name": "pagefile_0x0000000000060000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 393216, "timestamp": "00:00:30.626", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000014-region_00001187-addr_0x00000000000f0000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_301", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 983040, "type": "region", "version": 1 }, "end_va": 1245183, "entry_point": 0, "filename": null, "id": "region_1187", "name": "private_0x00000000000f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 983040, "timestamp": "00:00:30.626", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000014-region_00001188-addr_0x0000000000180000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_302", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 1572864, "type": "region", "version": 1 }, "end_va": 1835007, "entry_point": 0, "filename": null, "id": "region_1188", "name": "private_0x0000000000180000", "norm_filename": null, "region_type": "private_memory", "start_va": 1572864, "timestamp": "00:00:30.626", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 184320, "start_va": 14680064, "type": "region", "version": 1 }, "end_va": 14864383, "entry_point": 14693869, "filename": "\\Windows\\SysWOW64\\wevtutil.exe", "id": "region_1189", "name": "wevtutil.exe", "norm_filename": "c:\\windows\\syswow64\\wevtutil.exe", "region_type": "memory_mapped_file", "start_va": 14680064, "timestamp": "00:00:30.626", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 1993932800, "type": "region", "version": 1 }, "end_va": 1995673599, "entry_point": 1993932800, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_1190", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 1993932800, "timestamp": "00:00:30.627", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1572864, "start_va": 1995898880, "type": "region", "version": 1 }, "end_va": 1997471743, "entry_point": 1995898880, "filename": "\\Windows\\SysWOW64\\ntdll.dll", "id": "region_1191", "name": "ntdll.dll", "norm_filename": "c:\\windows\\syswow64\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 1995898880, "timestamp": "00:00:30.627", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 2130378752, "type": "region", "version": 1 }, "end_va": 2130522111, "entry_point": 0, "filename": null, "id": "region_1192", "name": "pagefile_0x000000007efb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130378752, "timestamp": "00:00:30.628", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000014-region_00001193-addr_0x000000007efdb000-size_0x0000000000003000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_303", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 12288, "start_va": 2130554880, "type": "region", "version": 1 }, "end_va": 2130567167, "entry_point": 0, "filename": null, "id": "region_1193", "name": "private_0x000000007efdb000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130554880, "timestamp": "00:00:30.628", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000014-region_00001194-addr_0x000000007efde000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_304", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2130567168, "type": "region", "version": 1 }, "end_va": 2130571263, "entry_point": 0, "filename": null, "id": "region_1194", "name": "private_0x000000007efde000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130567168, "timestamp": "00:00:30.628", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000014-region_00001195-addr_0x000000007efdf000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_305", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2130571264, "type": "region", "version": 1 }, "end_va": 2130575359, "entry_point": 0, "filename": null, "id": "region_1195", "name": "private_0x000000007efdf000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130571264, "timestamp": "00:00:30.629", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16777216, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_1196", "name": "private_0x000000007efe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130575360, "timestamp": "00:00:30.629", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000014-region_00001197-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable" ], "ref_process_dump": { "ref_id": "proc_dump_306", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_1197", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:00:30.629", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "ignored_region" ], "info": "No dump was created because this is an ignored region", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8793945538560, "start_va": 2147418112, "type": "region", "version": 1 }, "end_va": 8796092956671, "entry_point": 0, "filename": null, "id": "region_1198", "name": "private_0x000000007fff0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147418112, "timestamp": "00:00:30.629", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000014-region_00001199-addr_0x00000000003b0000-size_0x0000000000080000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_307", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 524288, "start_va": 3866624, "type": "region", "version": 1 }, "end_va": 4390911, "entry_point": 0, "filename": null, "id": "region_1199", "name": "private_0x00000000003b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 3866624, "timestamp": "00:00:30.638", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1951006720, "type": "region", "version": 1 }, "end_va": 1951039487, "entry_point": 1951015160, "filename": "\\Windows\\System32\\wow64cpu.dll", "id": "region_1200", "name": "wow64cpu.dll", "norm_filename": "c:\\windows\\system32\\wow64cpu.dll", "region_type": "memory_mapped_file", "start_va": 1951006720, "timestamp": "00:00:30.638", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 376832, "start_va": 1951072256, "type": "region", "version": 1 }, "end_va": 1951449087, "entry_point": 1951332248, "filename": "\\Windows\\System32\\wow64win.dll", "id": "region_1201", "name": "wow64win.dll", "norm_filename": "c:\\windows\\system32\\wow64win.dll", "region_type": "memory_mapped_file", "start_va": 1951072256, "timestamp": "00:00:30.639", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 258048, "start_va": 1951465472, "type": "region", "version": 1 }, "end_va": 1951723519, "entry_point": 1951653496, "filename": "\\Windows\\System32\\wow64.dll", "id": "region_1202", "name": "wow64.dll", "norm_filename": "c:\\windows\\system32\\wow64.dll", "region_type": "memory_mapped_file", "start_va": 1951465472, "timestamp": "00:00:30.640", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_1203", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:00:30.665", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_1204", "name": "pagefile_0x0000000000020000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 131072, "timestamp": "00:00:30.665", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 458752, "type": "region", "version": 1 }, "end_va": 880639, "entry_point": 458752, "filename": "\\Windows\\System32\\locale.nls", "id": "region_1205", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 458752, "timestamp": "00:00:30.665", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000014-region_00001206-addr_0x00000000002b0000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_308", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 2818048, "type": "region", "version": 1 }, "end_va": 2883583, "entry_point": 0, "filename": null, "id": "region_1206", "name": "private_0x00000000002b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2818048, "timestamp": "00:00:30.666", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000014-region_00001207-addr_0x0000000000620000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_309", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 6422528, "type": "region", "version": 1 }, "end_va": 7471103, "entry_point": 0, "filename": null, "id": "region_1207", "name": "private_0x0000000000620000", "norm_filename": null, "region_type": "private_memory", "start_va": 6422528, "timestamp": "00:00:30.666", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 270336, "start_va": 1952645120, "type": "region", "version": 1 }, "end_va": 1952915455, "entry_point": 1952650080, "filename": "\\Windows\\SysWOW64\\wevtapi.dll", "id": "region_1208", "name": "wevtapi.dll", "norm_filename": "c:\\windows\\syswow64\\wevtapi.dll", "region_type": "memory_mapped_file", "start_va": 1952645120, "timestamp": "00:00:30.666", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 176128, "start_va": 1952972800, "type": "region", "version": 1 }, "end_va": 1953148927, "entry_point": 1952978095, "filename": "\\Windows\\SysWOW64\\credui.dll", "id": "region_1209", "name": "credui.dll", "norm_filename": "c:\\windows\\syswow64\\credui.dll", "region_type": "memory_mapped_file", "start_va": 1952972800, "timestamp": "00:00:30.667", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1957429248, "type": "region", "version": 1 }, "end_va": 1957478399, "entry_point": 1957433569, "filename": "\\Windows\\SysWOW64\\cryptbase.dll", "id": "region_1210", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\syswow64\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 1957429248, "timestamp": "00:00:30.667", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1957494784, "type": "region", "version": 1 }, "end_va": 1957887999, "entry_point": 1957602227, "filename": "\\Windows\\SysWOW64\\sspicli.dll", "id": "region_1211", "name": "sspicli.dll", "norm_filename": "c:\\windows\\syswow64\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 1957494784, "timestamp": "00:00:30.668", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1048576, "start_va": 1959395328, "type": "region", "version": 1 }, "end_va": 1960443903, "entry_point": 1959507693, "filename": "\\Windows\\SysWOW64\\user32.dll", "id": "region_1212", "name": "user32.dll", "norm_filename": "c:\\windows\\syswow64\\user32.dll", "region_type": "memory_mapped_file", "start_va": 1959395328, "timestamp": "00:00:30.668", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1960443904, "type": "region", "version": 1 }, "end_va": 1960484863, "entry_point": 1960457888, "filename": "\\Windows\\SysWOW64\\lpk.dll", "id": "region_1213", "name": "lpk.dll", "norm_filename": "c:\\windows\\syswow64\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 1960443904, "timestamp": "00:00:30.669", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 1961361408, "type": "region", "version": 1 }, "end_va": 1961463807, "entry_point": 1961380213, "filename": "\\Windows\\SysWOW64\\sechost.dll", "id": "region_1214", "name": "sechost.dll", "norm_filename": "c:\\windows\\syswow64\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 1961361408, "timestamp": "00:00:30.669", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 655360, "start_va": 1961492480, "type": "region", "version": 1 }, "end_va": 1962147839, "entry_point": 1961576933, "filename": "\\Windows\\SysWOW64\\advapi32.dll", "id": "region_1215", "name": "advapi32.dll", "norm_filename": "c:\\windows\\syswow64\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 1961492480, "timestamp": "00:00:30.670", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 983040, "start_va": 1978531840, "type": "region", "version": 1 }, "end_va": 1979514879, "entry_point": 1978598761, "filename": "\\Windows\\SysWOW64\\rpcrt4.dll", "id": "region_1216", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\syswow64\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 1978531840, "timestamp": "00:00:30.670", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 585728, "start_va": 1979580416, "type": "region", "version": 1 }, "end_va": 1980166143, "entry_point": 1979596721, "filename": "\\Windows\\SysWOW64\\oleaut32.dll", "id": "region_1217", "name": "oleaut32.dll", "norm_filename": "c:\\windows\\syswow64\\oleaut32.dll", "region_type": "memory_mapped_file", "start_va": 1979580416, "timestamp": "00:00:30.671", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 589824, "start_va": 1983840256, "type": "region", "version": 1 }, "end_va": 1984430079, "entry_point": 1983931203, "filename": "\\Windows\\SysWOW64\\gdi32.dll", "id": "region_1218", "name": "gdi32.dll", "norm_filename": "c:\\windows\\syswow64\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 1983840256, "timestamp": "00:00:30.672", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 643072, "start_va": 1985019904, "type": "region", "version": 1 }, "end_va": 1985662975, "entry_point": 1985232855, "filename": "\\Windows\\SysWOW64\\usp10.dll", "id": "region_1219", "name": "usp10.dll", "norm_filename": "c:\\windows\\syswow64\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 1985019904, "timestamp": "00:00:30.672", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 286720, "start_va": 1985675264, "type": "region", "version": 1 }, "end_va": 1985961983, "entry_point": 1985705080, "filename": "\\Windows\\SysWOW64\\KernelBase.dll", "id": "region_1220", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\syswow64\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 1985675264, "timestamp": "00:00:30.673", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1114112, "start_va": 1986002944, "type": "region", "version": 1 }, "end_va": 1987117055, "entry_point": 1986081491, "filename": "\\Windows\\SysWOW64\\kernel32.dll", "id": "region_1221", "name": "kernel32.dll", "norm_filename": "c:\\windows\\syswow64\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1986002944, "timestamp": "00:00:30.673", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1425408, "start_va": 1987117056, "type": "region", "version": 1 }, "end_va": 1988542463, "entry_point": 1987426877, "filename": "\\Windows\\SysWOW64\\ole32.dll", "id": "region_1222", "name": "ole32.dll", "norm_filename": "c:\\windows\\syswow64\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 1987117056, "timestamp": "00:00:30.674", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 704512, "start_va": 1990459392, "type": "region", "version": 1 }, "end_va": 1991163903, "entry_point": 1990501490, "filename": "\\Windows\\SysWOW64\\msvcrt.dll", "id": "region_1223", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\syswow64\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 1990459392, "timestamp": "00:00:30.674", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000014-region_00001224-addr_0x0000000076b70000-size_0x00000000000fa000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_310", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1024000, "start_va": 1991704576, "type": "region", "version": 1 }, "end_va": 1992728575, "entry_point": 0, "filename": null, "id": "region_1224", "name": "private_0x0000000076b70000", "norm_filename": null, "region_type": "private_memory", "start_va": 1991704576, "timestamp": "00:00:30.675", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000014-region_00001225-addr_0x0000000076c70000-size_0x000000000011f000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_311", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1175552, "start_va": 1992753152, "type": "region", "version": 1 }, "end_va": 1993928703, "entry_point": 0, "filename": null, "id": "region_1225", "name": "private_0x0000000076c70000", "norm_filename": null, "region_type": "private_memory", "start_va": 1992753152, "timestamp": "00:00:30.675", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2131623935, "entry_point": 0, "filename": null, "id": "region_1226", "name": "pagefile_0x000000007efe0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130575360, "timestamp": "00:00:30.675", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 15728640, "start_va": 2131623936, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_1227", "name": "private_0x000000007f0e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2131623936, "timestamp": "00:00:30.676", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 4390912, "type": "region", "version": 1 }, "end_va": 5996543, "entry_point": 0, "filename": null, "id": "region_1228", "name": "pagefile_0x0000000000430000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 4390912, "timestamp": "00:00:30.680", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1957888000, "type": "region", "version": 1 }, "end_va": 1958281215, "entry_point": 1957959055, "filename": "\\Windows\\SysWOW64\\imm32.dll", "id": "region_1229", "name": "imm32.dll", "norm_filename": "c:\\windows\\syswow64\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 1957888000, "timestamp": "00:00:30.680", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 835584, "start_va": 1960509440, "type": "region", "version": 1 }, "end_va": 1961345023, "entry_point": 1960515211, "filename": "\\Windows\\SysWOW64\\msctf.dll", "id": "region_1230", "name": "msctf.dll", "norm_filename": "c:\\windows\\syswow64\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 1960509440, "timestamp": "00:00:30.681", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 28672, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 225279, "entry_point": 0, "filename": null, "id": "region_1231", "name": "pagefile_0x0000000000030000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 196608, "timestamp": "00:00:30.690", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 917504, "type": "region", "version": 1 }, "end_va": 925695, "entry_point": 0, "filename": null, "id": "region_1232", "name": "pagefile_0x00000000000e0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 917504, "timestamp": "00:00:30.690", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 45056, "start_va": 1245184, "type": "region", "version": 1 }, "end_va": 1290239, "entry_point": 1245184, "filename": "\\Windows\\SysWOW64\\en-US\\wevtutil.exe.mui", "id": "region_1233", "name": "wevtutil.exe.mui", "norm_filename": "c:\\windows\\syswow64\\en-us\\wevtutil.exe.mui", "region_type": "memory_mapped_file", "start_va": 1245184, "timestamp": "00:00:30.690", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000014-region_00001234-addr_0x0000000000140000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_312", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 1310720, "type": "region", "version": 1 }, "end_va": 1314815, "entry_point": 0, "filename": null, "id": "region_1234", "name": "private_0x0000000000140000", "norm_filename": null, "region_type": "private_memory", "start_va": 1310720, "timestamp": "00:00:30.691", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000014-region_00001235-addr_0x0000000000150000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_313", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 1376256, "type": "region", "version": 1 }, "end_va": 1380351, "entry_point": 0, "filename": null, "id": "region_1235", "name": "private_0x0000000000150000", "norm_filename": null, "region_type": "private_memory", "start_va": 1376256, "timestamp": "00:00:30.692", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 1441792, "type": "region", "version": 1 }, "end_va": 1449983, "entry_point": 0, "filename": null, "id": "region_1236", "name": "pagefile_0x0000000000160000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1441792, "timestamp": "00:00:30.692", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 7471104, "type": "region", "version": 1 }, "end_va": 9048063, "entry_point": 0, "filename": null, "id": "region_1237", "name": "pagefile_0x0000000000720000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 7471104, "timestamp": "00:00:30.692", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20971520, "start_va": 14876672, "type": "region", "version": 1 }, "end_va": 35848191, "entry_point": 0, "filename": null, "id": "region_1238", "name": "pagefile_0x0000000000e30000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 14876672, "timestamp": "00:00:30.692", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1695744, "start_va": 1946877952, "type": "region", "version": 1 }, "end_va": 1948573695, "entry_point": 1947068085, "filename": "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll", "id": "region_1239", "name": "comctl32.dll", "norm_filename": "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll", "region_type": "memory_mapped_file", "start_va": 1946877952, "timestamp": "00:00:30.692", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 356352, "start_va": 1980170240, "type": "region", "version": 1 }, "end_va": 1980526591, "entry_point": 1980275622, "filename": "\\Windows\\SysWOW64\\shlwapi.dll", "id": "region_1240", "name": "shlwapi.dll", "norm_filename": "c:\\windows\\syswow64\\shlwapi.dll", "region_type": "memory_mapped_file", "start_va": 1980170240, "timestamp": "00:00:30.693", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "wevtutil cl Security ", "filename": "c:\\windows\\syswow64\\wevtutil.exe", "id": "proc_15", "image_name": "wevtutil.exe", "monitor_reason": "child_process", "monitored_id": 15, "origin_monitor_id": 12, "ref_parent_process": { "ref_id": "proc_12", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "process_00000015-region_00001246-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_316", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 131072, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_1246", "name": "private_0x0000000000010000", "norm_filename": null, "region_type": "private_memory", "start_va": 65536, "timestamp": "00:00:30.762", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000015-region_00001247-addr_0x0000000000030000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_317", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 204799, "entry_point": 0, "filename": null, "id": "region_1247", "name": "private_0x0000000000030000", "norm_filename": null, "region_type": "private_memory", "start_va": 196608, "timestamp": "00:00:30.762", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 266239, "entry_point": 262144, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_1248", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 262144, "timestamp": "00:00:30.762", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 327680, "type": "region", "version": 1 }, "end_va": 344063, "entry_point": 0, "filename": null, "id": "region_1249", "name": "pagefile_0x0000000000050000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 327680, "timestamp": "00:00:30.765", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 393216, "type": "region", "version": 1 }, "end_va": 397311, "entry_point": 0, "filename": null, "id": "region_1250", "name": "pagefile_0x0000000000060000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 393216, "timestamp": "00:00:30.765", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000015-region_00001251-addr_0x0000000000070000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_318", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 458752, "type": "region", "version": 1 }, "end_va": 720895, "entry_point": 0, "filename": null, "id": "region_1251", "name": "private_0x0000000000070000", "norm_filename": null, "region_type": "private_memory", "start_va": 458752, "timestamp": "00:00:30.765", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000015-region_00001252-addr_0x0000000000230000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_319", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 2293760, "type": "region", "version": 1 }, "end_va": 2555903, "entry_point": 0, "filename": null, "id": "region_1252", "name": "private_0x0000000000230000", "norm_filename": null, "region_type": "private_memory", "start_va": 2293760, "timestamp": "00:00:30.766", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 184320, "start_va": 3407872, "type": "region", "version": 1 }, "end_va": 3592191, "entry_point": 3421677, "filename": "\\Windows\\SysWOW64\\wevtutil.exe", "id": "region_1253", "name": "wevtutil.exe", "norm_filename": "c:\\windows\\syswow64\\wevtutil.exe", "region_type": "memory_mapped_file", "start_va": 3407872, "timestamp": "00:00:30.766", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 1993932800, "type": "region", "version": 1 }, "end_va": 1995673599, "entry_point": 1993932800, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_1254", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 1993932800, "timestamp": "00:00:30.766", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1572864, "start_va": 1995898880, "type": "region", "version": 1 }, "end_va": 1997471743, "entry_point": 1995898880, "filename": "\\Windows\\SysWOW64\\ntdll.dll", "id": "region_1255", "name": "ntdll.dll", "norm_filename": "c:\\windows\\syswow64\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 1995898880, "timestamp": "00:00:30.767", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 2130378752, "type": "region", "version": 1 }, "end_va": 2130522111, "entry_point": 0, "filename": null, "id": "region_1256", "name": "pagefile_0x000000007efb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130378752, "timestamp": "00:00:30.768", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000015-region_00001257-addr_0x000000007efdb000-size_0x0000000000003000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_320", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 12288, "start_va": 2130554880, "type": "region", "version": 1 }, "end_va": 2130567167, "entry_point": 0, "filename": null, "id": "region_1257", "name": "private_0x000000007efdb000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130554880, "timestamp": "00:00:30.768", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000015-region_00001258-addr_0x000000007efde000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_321", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2130567168, "type": "region", "version": 1 }, "end_va": 2130571263, "entry_point": 0, "filename": null, "id": "region_1258", "name": "private_0x000000007efde000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130567168, "timestamp": "00:00:30.768", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000015-region_00001259-addr_0x000000007efdf000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_322", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2130571264, "type": "region", "version": 1 }, "end_va": 2130575359, "entry_point": 0, "filename": null, "id": "region_1259", "name": "private_0x000000007efdf000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130571264, "timestamp": "00:00:30.768", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16777216, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_1260", "name": "private_0x000000007efe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130575360, "timestamp": "00:00:30.769", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000015-region_00001261-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable" ], "ref_process_dump": { "ref_id": "proc_dump_323", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_1261", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:00:30.769", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "ignored_region" ], "info": "No dump was created because this is an ignored region", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8793945538560, "start_va": 2147418112, "type": "region", "version": 1 }, "end_va": 8796092956671, "entry_point": 0, "filename": null, "id": "region_1262", "name": "private_0x000000007fff0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147418112, "timestamp": "00:00:30.769", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000015-region_00001263-addr_0x0000000000140000-size_0x0000000000080000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_324", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 524288, "start_va": 1310720, "type": "region", "version": 1 }, "end_va": 1835007, "entry_point": 0, "filename": null, "id": "region_1263", "name": "private_0x0000000000140000", "norm_filename": null, "region_type": "private_memory", "start_va": 1310720, "timestamp": "00:00:30.779", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1951006720, "type": "region", "version": 1 }, "end_va": 1951039487, "entry_point": 1951015160, "filename": "\\Windows\\System32\\wow64cpu.dll", "id": "region_1264", "name": "wow64cpu.dll", "norm_filename": "c:\\windows\\system32\\wow64cpu.dll", "region_type": "memory_mapped_file", "start_va": 1951006720, "timestamp": "00:00:30.779", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 376832, "start_va": 1951072256, "type": "region", "version": 1 }, "end_va": 1951449087, "entry_point": 1951332248, "filename": "\\Windows\\System32\\wow64win.dll", "id": "region_1265", "name": "wow64win.dll", "norm_filename": "c:\\windows\\system32\\wow64win.dll", "region_type": "memory_mapped_file", "start_va": 1951072256, "timestamp": "00:00:30.780", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 258048, "start_va": 1951465472, "type": "region", "version": 1 }, "end_va": 1951723519, "entry_point": 1951653496, "filename": "\\Windows\\System32\\wow64.dll", "id": "region_1266", "name": "wow64.dll", "norm_filename": "c:\\windows\\system32\\wow64.dll", "region_type": "memory_mapped_file", "start_va": 1951465472, "timestamp": "00:00:30.781", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_1267", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:00:30.800", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_1268", "name": "pagefile_0x0000000000020000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 131072, "timestamp": "00:00:30.800", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 720896, "type": "region", "version": 1 }, "end_va": 1142783, "entry_point": 720896, "filename": "\\Windows\\System32\\locale.nls", "id": "region_1269", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 720896, "timestamp": "00:00:30.800", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000015-region_00001270-addr_0x00000000001e0000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_325", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 1966080, "type": "region", "version": 1 }, "end_va": 2031615, "entry_point": 0, "filename": null, "id": "region_1270", "name": "private_0x00000000001e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1966080, "timestamp": "00:00:30.801", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000015-region_00001271-addr_0x0000000000400000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_326", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 4194304, "type": "region", "version": 1 }, "end_va": 5242879, "entry_point": 0, "filename": null, "id": "region_1271", "name": "private_0x0000000000400000", "norm_filename": null, "region_type": "private_memory", "start_va": 4194304, "timestamp": "00:00:30.801", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 270336, "start_va": 1952645120, "type": "region", "version": 1 }, "end_va": 1952915455, "entry_point": 1952650080, "filename": "\\Windows\\SysWOW64\\wevtapi.dll", "id": "region_1272", "name": "wevtapi.dll", "norm_filename": "c:\\windows\\syswow64\\wevtapi.dll", "region_type": "memory_mapped_file", "start_va": 1952645120, "timestamp": "00:00:30.801", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 176128, "start_va": 1952972800, "type": "region", "version": 1 }, "end_va": 1953148927, "entry_point": 1952978095, "filename": "\\Windows\\SysWOW64\\credui.dll", "id": "region_1273", "name": "credui.dll", "norm_filename": "c:\\windows\\syswow64\\credui.dll", "region_type": "memory_mapped_file", "start_va": 1952972800, "timestamp": "00:00:30.801", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1957429248, "type": "region", "version": 1 }, "end_va": 1957478399, "entry_point": 1957433569, "filename": "\\Windows\\SysWOW64\\cryptbase.dll", "id": "region_1274", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\syswow64\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 1957429248, "timestamp": "00:00:30.802", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1957494784, "type": "region", "version": 1 }, "end_va": 1957887999, "entry_point": 1957602227, "filename": "\\Windows\\SysWOW64\\sspicli.dll", "id": "region_1275", "name": "sspicli.dll", "norm_filename": "c:\\windows\\syswow64\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 1957494784, "timestamp": "00:00:30.803", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1048576, "start_va": 1959395328, "type": "region", "version": 1 }, "end_va": 1960443903, "entry_point": 1959507693, "filename": "\\Windows\\SysWOW64\\user32.dll", "id": "region_1276", "name": "user32.dll", "norm_filename": "c:\\windows\\syswow64\\user32.dll", "region_type": "memory_mapped_file", "start_va": 1959395328, "timestamp": "00:00:30.803", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1960443904, "type": "region", "version": 1 }, "end_va": 1960484863, "entry_point": 1960457888, "filename": "\\Windows\\SysWOW64\\lpk.dll", "id": "region_1277", "name": "lpk.dll", "norm_filename": "c:\\windows\\syswow64\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 1960443904, "timestamp": "00:00:30.804", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 1961361408, "type": "region", "version": 1 }, "end_va": 1961463807, "entry_point": 1961380213, "filename": "\\Windows\\SysWOW64\\sechost.dll", "id": "region_1278", "name": "sechost.dll", "norm_filename": "c:\\windows\\syswow64\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 1961361408, "timestamp": "00:00:30.804", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 655360, "start_va": 1961492480, "type": "region", "version": 1 }, "end_va": 1962147839, "entry_point": 1961576933, "filename": "\\Windows\\SysWOW64\\advapi32.dll", "id": "region_1279", "name": "advapi32.dll", "norm_filename": "c:\\windows\\syswow64\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 1961492480, "timestamp": "00:00:30.805", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 983040, "start_va": 1978531840, "type": "region", "version": 1 }, "end_va": 1979514879, "entry_point": 1978598761, "filename": "\\Windows\\SysWOW64\\rpcrt4.dll", "id": "region_1280", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\syswow64\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 1978531840, "timestamp": "00:00:30.805", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 585728, "start_va": 1979580416, "type": "region", "version": 1 }, "end_va": 1980166143, "entry_point": 1979596721, "filename": "\\Windows\\SysWOW64\\oleaut32.dll", "id": "region_1281", "name": "oleaut32.dll", "norm_filename": "c:\\windows\\syswow64\\oleaut32.dll", "region_type": "memory_mapped_file", "start_va": 1979580416, "timestamp": "00:00:30.806", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 589824, "start_va": 1983840256, "type": "region", "version": 1 }, "end_va": 1984430079, "entry_point": 1983931203, "filename": "\\Windows\\SysWOW64\\gdi32.dll", "id": "region_1282", "name": "gdi32.dll", "norm_filename": "c:\\windows\\syswow64\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 1983840256, "timestamp": "00:00:30.806", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 643072, "start_va": 1985019904, "type": "region", "version": 1 }, "end_va": 1985662975, "entry_point": 1985232855, "filename": "\\Windows\\SysWOW64\\usp10.dll", "id": "region_1283", "name": "usp10.dll", "norm_filename": "c:\\windows\\syswow64\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 1985019904, "timestamp": "00:00:30.807", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 286720, "start_va": 1985675264, "type": "region", "version": 1 }, "end_va": 1985961983, "entry_point": 1985705080, "filename": "\\Windows\\SysWOW64\\KernelBase.dll", "id": "region_1284", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\syswow64\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 1985675264, "timestamp": "00:00:30.808", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1114112, "start_va": 1986002944, "type": "region", "version": 1 }, "end_va": 1987117055, "entry_point": 1986081491, "filename": "\\Windows\\SysWOW64\\kernel32.dll", "id": "region_1285", "name": "kernel32.dll", "norm_filename": "c:\\windows\\syswow64\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1986002944, "timestamp": "00:00:30.808", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1425408, "start_va": 1987117056, "type": "region", "version": 1 }, "end_va": 1988542463, "entry_point": 1987426877, "filename": "\\Windows\\SysWOW64\\ole32.dll", "id": "region_1286", "name": "ole32.dll", "norm_filename": "c:\\windows\\syswow64\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 1987117056, "timestamp": "00:00:30.809", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 704512, "start_va": 1990459392, "type": "region", "version": 1 }, "end_va": 1991163903, "entry_point": 1990501490, "filename": "\\Windows\\SysWOW64\\msvcrt.dll", "id": "region_1287", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\syswow64\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 1990459392, "timestamp": "00:00:30.809", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000015-region_00001288-addr_0x0000000076b70000-size_0x00000000000fa000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_327", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1024000, "start_va": 1991704576, "type": "region", "version": 1 }, "end_va": 1992728575, "entry_point": 0, "filename": null, "id": "region_1288", "name": "private_0x0000000076b70000", "norm_filename": null, "region_type": "private_memory", "start_va": 1991704576, "timestamp": "00:00:30.810", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000015-region_00001289-addr_0x0000000076c70000-size_0x000000000011f000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_328", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1175552, "start_va": 1992753152, "type": "region", "version": 1 }, "end_va": 1993928703, "entry_point": 0, "filename": null, "id": "region_1289", "name": "private_0x0000000076c70000", "norm_filename": null, "region_type": "private_memory", "start_va": 1992753152, "timestamp": "00:00:30.811", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2131623935, "entry_point": 0, "filename": null, "id": "region_1290", "name": "pagefile_0x000000007efe0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130575360, "timestamp": "00:00:30.811", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 15728640, "start_va": 2131623936, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_1291", "name": "private_0x000000007f0e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2131623936, "timestamp": "00:00:30.811", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 5242880, "type": "region", "version": 1 }, "end_va": 6848511, "entry_point": 0, "filename": null, "id": "region_1292", "name": "pagefile_0x0000000000500000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 5242880, "timestamp": "00:00:30.815", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1957888000, "type": "region", "version": 1 }, "end_va": 1958281215, "entry_point": 1957959055, "filename": "\\Windows\\SysWOW64\\imm32.dll", "id": "region_1293", "name": "imm32.dll", "norm_filename": "c:\\windows\\syswow64\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 1957888000, "timestamp": "00:00:30.815", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 835584, "start_va": 1960509440, "type": "region", "version": 1 }, "end_va": 1961345023, "entry_point": 1960515211, "filename": "\\Windows\\SysWOW64\\msctf.dll", "id": "region_1294", "name": "msctf.dll", "norm_filename": "c:\\windows\\syswow64\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 1960509440, "timestamp": "00:00:30.816", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 28672, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 225279, "entry_point": 0, "filename": null, "id": "region_1295", "name": "pagefile_0x0000000000030000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 196608, "timestamp": "00:00:30.826", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 1179648, "type": "region", "version": 1 }, "end_va": 1187839, "entry_point": 0, "filename": null, "id": "region_1296", "name": "pagefile_0x0000000000120000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1179648, "timestamp": "00:00:30.826", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 45056, "start_va": 1245184, "type": "region", "version": 1 }, "end_va": 1290239, "entry_point": 1245184, "filename": "\\Windows\\SysWOW64\\en-US\\wevtutil.exe.mui", "id": "region_1297", "name": "wevtutil.exe.mui", "norm_filename": "c:\\windows\\syswow64\\en-us\\wevtutil.exe.mui", "region_type": "memory_mapped_file", "start_va": 1245184, "timestamp": "00:00:30.826", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000015-region_00001298-addr_0x00000000001c0000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_329", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 1835008, "type": "region", "version": 1 }, "end_va": 1839103, "entry_point": 0, "filename": null, "id": "region_1298", "name": "private_0x00000000001c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1835008, "timestamp": "00:00:30.829", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000015-region_00001299-addr_0x00000000001d0000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_330", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 1900544, "type": "region", "version": 1 }, "end_va": 1904639, "entry_point": 0, "filename": null, "id": "region_1299", "name": "private_0x00000000001d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1900544, "timestamp": "00:00:30.829", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 2031616, "type": "region", "version": 1 }, "end_va": 2039807, "entry_point": 0, "filename": null, "id": "region_1300", "name": "pagefile_0x00000000001f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2031616, "timestamp": "00:00:30.829", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 6881280, "type": "region", "version": 1 }, "end_va": 8458239, "entry_point": 0, "filename": null, "id": "region_1301", "name": "pagefile_0x0000000000690000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 6881280, "timestamp": "00:00:30.829", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20971520, "start_va": 8519680, "type": "region", "version": 1 }, "end_va": 29491199, "entry_point": 0, "filename": null, "id": "region_1302", "name": "pagefile_0x0000000000820000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 8519680, "timestamp": "00:00:30.829", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1695744, "start_va": 1946877952, "type": "region", "version": 1 }, "end_va": 1948573695, "entry_point": 1947068085, "filename": "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll", "id": "region_1303", "name": "comctl32.dll", "norm_filename": "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll", "region_type": "memory_mapped_file", "start_va": 1946877952, "timestamp": "00:00:30.829", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 356352, "start_va": 1980170240, "type": "region", "version": 1 }, "end_va": 1980526591, "entry_point": 1980275622, "filename": "\\Windows\\SysWOW64\\shlwapi.dll", "id": "region_1304", "name": "shlwapi.dll", "norm_filename": "c:\\windows\\syswow64\\shlwapi.dll", "region_type": "memory_mapped_file", "start_va": 1980170240, "timestamp": "00:00:30.830", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "wevtutil cl Application ", "filename": "c:\\windows\\syswow64\\wevtutil.exe", "id": "proc_16", "image_name": "wevtutil.exe", "monitor_reason": "child_process", "monitored_id": 16, "origin_monitor_id": 12, "ref_parent_process": { "ref_id": "proc_12", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "process_00000016-region_00001305-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_331", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 131072, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_1305", "name": "private_0x0000000000010000", "norm_filename": null, "region_type": "private_memory", "start_va": 65536, "timestamp": "00:00:30.876", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000016-region_00001306-addr_0x0000000000030000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_332", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 204799, "entry_point": 0, "filename": null, "id": "region_1306", "name": "private_0x0000000000030000", "norm_filename": null, "region_type": "private_memory", "start_va": 196608, "timestamp": "00:00:30.877", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 266239, "entry_point": 262144, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_1307", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 262144, "timestamp": "00:00:30.877", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 327680, "type": "region", "version": 1 }, "end_va": 344063, "entry_point": 0, "filename": null, "id": "region_1308", "name": "pagefile_0x0000000000050000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 327680, "timestamp": "00:00:30.882", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 393216, "type": "region", "version": 1 }, "end_va": 397311, "entry_point": 0, "filename": null, "id": "region_1309", "name": "pagefile_0x0000000000060000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 393216, "timestamp": "00:00:30.882", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000016-region_00001310-addr_0x0000000000110000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_333", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 1114112, "type": "region", "version": 1 }, "end_va": 1376255, "entry_point": 0, "filename": null, "id": "region_1310", "name": "private_0x0000000000110000", "norm_filename": null, "region_type": "private_memory", "start_va": 1114112, "timestamp": "00:00:30.882", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000016-region_00001311-addr_0x0000000000180000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_334", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 1572864, "type": "region", "version": 1 }, "end_va": 1835007, "entry_point": 0, "filename": null, "id": "region_1311", "name": "private_0x0000000000180000", "norm_filename": null, "region_type": "private_memory", "start_va": 1572864, "timestamp": "00:00:30.882", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 184320, "start_va": 11665408, "type": "region", "version": 1 }, "end_va": 11849727, "entry_point": 11679213, "filename": "\\Windows\\SysWOW64\\wevtutil.exe", "id": "region_1312", "name": "wevtutil.exe", "norm_filename": "c:\\windows\\syswow64\\wevtutil.exe", "region_type": "memory_mapped_file", "start_va": 11665408, "timestamp": "00:00:30.882", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 1993932800, "type": "region", "version": 1 }, "end_va": 1995673599, "entry_point": 1993932800, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_1313", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 1993932800, "timestamp": "00:00:30.883", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1572864, "start_va": 1995898880, "type": "region", "version": 1 }, "end_va": 1997471743, "entry_point": 1995898880, "filename": "\\Windows\\SysWOW64\\ntdll.dll", "id": "region_1314", "name": "ntdll.dll", "norm_filename": "c:\\windows\\syswow64\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 1995898880, "timestamp": "00:00:30.884", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 2130378752, "type": "region", "version": 1 }, "end_va": 2130522111, "entry_point": 0, "filename": null, "id": "region_1315", "name": "pagefile_0x000000007efb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130378752, "timestamp": "00:00:30.884", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000016-region_00001316-addr_0x000000007efdb000-size_0x0000000000003000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_335", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 12288, "start_va": 2130554880, "type": "region", "version": 1 }, "end_va": 2130567167, "entry_point": 0, "filename": null, "id": "region_1316", "name": "private_0x000000007efdb000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130554880, "timestamp": "00:00:30.884", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000016-region_00001317-addr_0x000000007efde000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_336", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2130567168, "type": "region", "version": 1 }, "end_va": 2130571263, "entry_point": 0, "filename": null, "id": "region_1317", "name": "private_0x000000007efde000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130567168, "timestamp": "00:00:30.885", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000016-region_00001318-addr_0x000000007efdf000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_337", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2130571264, "type": "region", "version": 1 }, "end_va": 2130575359, "entry_point": 0, "filename": null, "id": "region_1318", "name": "private_0x000000007efdf000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130571264, "timestamp": "00:00:30.885", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16777216, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_1319", "name": "private_0x000000007efe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130575360, "timestamp": "00:00:30.885", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000016-region_00001320-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable" ], "ref_process_dump": { "ref_id": "proc_dump_338", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_1320", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:00:30.885", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "ignored_region" ], "info": "No dump was created because this is an ignored region", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8793945538560, "start_va": 2147418112, "type": "region", "version": 1 }, "end_va": 8796092956671, "entry_point": 0, "filename": null, "id": "region_1321", "name": "private_0x000000007fff0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147418112, "timestamp": "00:00:30.885", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000016-region_00001322-addr_0x0000000000280000-size_0x0000000000080000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_339", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 524288, "start_va": 2621440, "type": "region", "version": 1 }, "end_va": 3145727, "entry_point": 0, "filename": null, "id": "region_1322", "name": "private_0x0000000000280000", "norm_filename": null, "region_type": "private_memory", "start_va": 2621440, "timestamp": "00:00:30.892", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1951006720, "type": "region", "version": 1 }, "end_va": 1951039487, "entry_point": 1951015160, "filename": "\\Windows\\System32\\wow64cpu.dll", "id": "region_1323", "name": "wow64cpu.dll", "norm_filename": "c:\\windows\\system32\\wow64cpu.dll", "region_type": "memory_mapped_file", "start_va": 1951006720, "timestamp": "00:00:30.892", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 376832, "start_va": 1951072256, "type": "region", "version": 1 }, "end_va": 1951449087, "entry_point": 1951332248, "filename": "\\Windows\\System32\\wow64win.dll", "id": "region_1324", "name": "wow64win.dll", "norm_filename": "c:\\windows\\system32\\wow64win.dll", "region_type": "memory_mapped_file", "start_va": 1951072256, "timestamp": "00:00:30.893", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 258048, "start_va": 1951465472, "type": "region", "version": 1 }, "end_va": 1951723519, "entry_point": 1951653496, "filename": "\\Windows\\System32\\wow64.dll", "id": "region_1325", "name": "wow64.dll", "norm_filename": "c:\\windows\\system32\\wow64.dll", "region_type": "memory_mapped_file", "start_va": 1951465472, "timestamp": "00:00:30.894", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_1326", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:00:30.919", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_1327", "name": "pagefile_0x0000000000020000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 131072, "timestamp": "00:00:30.919", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 458752, "type": "region", "version": 1 }, "end_va": 880639, "entry_point": 458752, "filename": "\\Windows\\System32\\locale.nls", "id": "region_1328", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 458752, "timestamp": "00:00:30.919", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000016-region_00001329-addr_0x00000000003c0000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_340", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 3932160, "type": "region", "version": 1 }, "end_va": 4980735, "entry_point": 0, "filename": null, "id": "region_1329", "name": "private_0x00000000003c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 3932160, "timestamp": "00:00:30.920", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000016-region_00001330-addr_0x0000000000610000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_341", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 6356992, "type": "region", "version": 1 }, "end_va": 6422527, "entry_point": 0, "filename": null, "id": "region_1330", "name": "private_0x0000000000610000", "norm_filename": null, "region_type": "private_memory", "start_va": 6356992, "timestamp": "00:00:30.920", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 270336, "start_va": 1952448512, "type": "region", "version": 1 }, "end_va": 1952718847, "entry_point": 1952453472, "filename": "\\Windows\\SysWOW64\\wevtapi.dll", "id": "region_1331", "name": "wevtapi.dll", "norm_filename": "c:\\windows\\syswow64\\wevtapi.dll", "region_type": "memory_mapped_file", "start_va": 1952448512, "timestamp": "00:00:30.920", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 176128, "start_va": 1952776192, "type": "region", "version": 1 }, "end_va": 1952952319, "entry_point": 1952781487, "filename": "\\Windows\\SysWOW64\\credui.dll", "id": "region_1332", "name": "credui.dll", "norm_filename": "c:\\windows\\syswow64\\credui.dll", "region_type": "memory_mapped_file", "start_va": 1952776192, "timestamp": "00:00:30.921", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1957429248, "type": "region", "version": 1 }, "end_va": 1957478399, "entry_point": 1957433569, "filename": "\\Windows\\SysWOW64\\cryptbase.dll", "id": "region_1333", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\syswow64\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 1957429248, "timestamp": "00:00:30.922", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1957494784, "type": "region", "version": 1 }, "end_va": 1957887999, "entry_point": 1957602227, "filename": "\\Windows\\SysWOW64\\sspicli.dll", "id": "region_1334", "name": "sspicli.dll", "norm_filename": "c:\\windows\\syswow64\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 1957494784, "timestamp": "00:00:30.922", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1048576, "start_va": 1959395328, "type": "region", "version": 1 }, "end_va": 1960443903, "entry_point": 1959507693, "filename": "\\Windows\\SysWOW64\\user32.dll", "id": "region_1335", "name": "user32.dll", "norm_filename": "c:\\windows\\syswow64\\user32.dll", "region_type": "memory_mapped_file", "start_va": 1959395328, "timestamp": "00:00:30.923", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1960443904, "type": "region", "version": 1 }, "end_va": 1960484863, "entry_point": 1960457888, "filename": "\\Windows\\SysWOW64\\lpk.dll", "id": "region_1336", "name": "lpk.dll", "norm_filename": "c:\\windows\\syswow64\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 1960443904, "timestamp": "00:00:30.924", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 1961361408, "type": "region", "version": 1 }, "end_va": 1961463807, "entry_point": 1961380213, "filename": "\\Windows\\SysWOW64\\sechost.dll", "id": "region_1337", "name": "sechost.dll", "norm_filename": "c:\\windows\\syswow64\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 1961361408, "timestamp": "00:00:30.924", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 655360, "start_va": 1961492480, "type": "region", "version": 1 }, "end_va": 1962147839, "entry_point": 1961576933, "filename": "\\Windows\\SysWOW64\\advapi32.dll", "id": "region_1338", "name": "advapi32.dll", "norm_filename": "c:\\windows\\syswow64\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 1961492480, "timestamp": "00:00:30.925", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 983040, "start_va": 1978531840, "type": "region", "version": 1 }, "end_va": 1979514879, "entry_point": 1978598761, "filename": "\\Windows\\SysWOW64\\rpcrt4.dll", "id": "region_1339", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\syswow64\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 1978531840, "timestamp": "00:00:30.926", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 585728, "start_va": 1979580416, "type": "region", "version": 1 }, "end_va": 1980166143, "entry_point": 1979596721, "filename": "\\Windows\\SysWOW64\\oleaut32.dll", "id": "region_1340", "name": "oleaut32.dll", "norm_filename": "c:\\windows\\syswow64\\oleaut32.dll", "region_type": "memory_mapped_file", "start_va": 1979580416, "timestamp": "00:00:30.926", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 589824, "start_va": 1983840256, "type": "region", "version": 1 }, "end_va": 1984430079, "entry_point": 1983931203, "filename": "\\Windows\\SysWOW64\\gdi32.dll", "id": "region_1341", "name": "gdi32.dll", "norm_filename": "c:\\windows\\syswow64\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 1983840256, "timestamp": "00:00:30.927", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 643072, "start_va": 1985019904, "type": "region", "version": 1 }, "end_va": 1985662975, "entry_point": 1985232855, "filename": "\\Windows\\SysWOW64\\usp10.dll", "id": "region_1342", "name": "usp10.dll", "norm_filename": "c:\\windows\\syswow64\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 1985019904, "timestamp": "00:00:30.928", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 286720, "start_va": 1985675264, "type": "region", "version": 1 }, "end_va": 1985961983, "entry_point": 1985705080, "filename": "\\Windows\\SysWOW64\\KernelBase.dll", "id": "region_1343", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\syswow64\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 1985675264, "timestamp": "00:00:30.928", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1114112, "start_va": 1986002944, "type": "region", "version": 1 }, "end_va": 1987117055, "entry_point": 1986081491, "filename": "\\Windows\\SysWOW64\\kernel32.dll", "id": "region_1344", "name": "kernel32.dll", "norm_filename": "c:\\windows\\syswow64\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1986002944, "timestamp": "00:00:30.929", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1425408, "start_va": 1987117056, "type": "region", "version": 1 }, "end_va": 1988542463, "entry_point": 1987426877, "filename": "\\Windows\\SysWOW64\\ole32.dll", "id": "region_1345", "name": "ole32.dll", "norm_filename": "c:\\windows\\syswow64\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 1987117056, "timestamp": "00:00:30.931", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 704512, "start_va": 1990459392, "type": "region", "version": 1 }, "end_va": 1991163903, "entry_point": 1990501490, "filename": "\\Windows\\SysWOW64\\msvcrt.dll", "id": "region_1346", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\syswow64\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 1990459392, "timestamp": "00:00:30.932", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000016-region_00001347-addr_0x0000000076b70000-size_0x00000000000fa000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_342", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1024000, "start_va": 1991704576, "type": "region", "version": 1 }, "end_va": 1992728575, "entry_point": 0, "filename": null, "id": "region_1347", "name": "private_0x0000000076b70000", "norm_filename": null, "region_type": "private_memory", "start_va": 1991704576, "timestamp": "00:00:30.933", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000016-region_00001348-addr_0x0000000076c70000-size_0x000000000011f000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_343", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1175552, "start_va": 1992753152, "type": "region", "version": 1 }, "end_va": 1993928703, "entry_point": 0, "filename": null, "id": "region_1348", "name": "private_0x0000000076c70000", "norm_filename": null, "region_type": "private_memory", "start_va": 1992753152, "timestamp": "00:00:30.933", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2131623935, "entry_point": 0, "filename": null, "id": "region_1349", "name": "pagefile_0x000000007efe0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130575360, "timestamp": "00:00:30.933", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 15728640, "start_va": 2131623936, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_1350", "name": "private_0x000000007f0e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2131623936, "timestamp": "00:00:30.934", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 6422528, "type": "region", "version": 1 }, "end_va": 8028159, "entry_point": 0, "filename": null, "id": "region_1351", "name": "pagefile_0x0000000000620000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 6422528, "timestamp": "00:00:30.938", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1957888000, "type": "region", "version": 1 }, "end_va": 1958281215, "entry_point": 1957959055, "filename": "\\Windows\\SysWOW64\\imm32.dll", "id": "region_1352", "name": "imm32.dll", "norm_filename": "c:\\windows\\syswow64\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 1957888000, "timestamp": "00:00:30.938", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 835584, "start_va": 1960509440, "type": "region", "version": 1 }, "end_va": 1961345023, "entry_point": 1960515211, "filename": "\\Windows\\SysWOW64\\msctf.dll", "id": "region_1353", "name": "msctf.dll", "norm_filename": "c:\\windows\\syswow64\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 1960509440, "timestamp": "00:00:30.939", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 28672, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 225279, "entry_point": 0, "filename": null, "id": "region_1354", "name": "pagefile_0x0000000000030000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 196608, "timestamp": "00:00:30.950", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 917504, "type": "region", "version": 1 }, "end_va": 925695, "entry_point": 0, "filename": null, "id": "region_1355", "name": "pagefile_0x00000000000e0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 917504, "timestamp": "00:00:30.950", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 45056, "start_va": 983040, "type": "region", "version": 1 }, "end_va": 1028095, "entry_point": 983040, "filename": "\\Windows\\SysWOW64\\en-US\\wevtutil.exe.mui", "id": "region_1356", "name": "wevtutil.exe.mui", "norm_filename": "c:\\windows\\syswow64\\en-us\\wevtutil.exe.mui", "region_type": "memory_mapped_file", "start_va": 983040, "timestamp": "00:00:30.950", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000016-region_00001357-addr_0x0000000000100000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_344", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 1048576, "type": "region", "version": 1 }, "end_va": 1052671, "entry_point": 0, "filename": null, "id": "region_1357", "name": "private_0x0000000000100000", "norm_filename": null, "region_type": "private_memory", "start_va": 1048576, "timestamp": "00:00:30.951", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000016-region_00001358-addr_0x0000000000150000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_345", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 1376256, "type": "region", "version": 1 }, "end_va": 1380351, "entry_point": 0, "filename": null, "id": "region_1358", "name": "private_0x0000000000150000", "norm_filename": null, "region_type": "private_memory", "start_va": 1376256, "timestamp": "00:00:30.952", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 1441792, "type": "region", "version": 1 }, "end_va": 1449983, "entry_point": 0, "filename": null, "id": "region_1359", "name": "pagefile_0x0000000000160000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1441792, "timestamp": "00:00:30.952", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 8060928, "type": "region", "version": 1 }, "end_va": 9637887, "entry_point": 0, "filename": null, "id": "region_1360", "name": "pagefile_0x00000000007b0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 8060928, "timestamp": "00:00:30.952", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20971520, "start_va": 11862016, "type": "region", "version": 1 }, "end_va": 32833535, "entry_point": 0, "filename": null, "id": "region_1361", "name": "pagefile_0x0000000000b50000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 11862016, "timestamp": "00:00:30.952", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1695744, "start_va": 1948581888, "type": "region", "version": 1 }, "end_va": 1950277631, "entry_point": 1948772021, "filename": "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll", "id": "region_1362", "name": "comctl32.dll", "norm_filename": "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll", "region_type": "memory_mapped_file", "start_va": 1948581888, "timestamp": "00:00:30.952", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 356352, "start_va": 1980170240, "type": "region", "version": 1 }, "end_va": 1980526591, "entry_point": 1980275622, "filename": "\\Windows\\SysWOW64\\shlwapi.dll", "id": "region_1363", "name": "shlwapi.dll", "norm_filename": "c:\\windows\\syswow64\\shlwapi.dll", "region_type": "memory_mapped_file", "start_va": 1980170240, "timestamp": "00:00:30.955", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "fsutil usn deletejournal /D C:", "filename": "c:\\windows\\syswow64\\fsutil.exe", "id": "proc_17", "image_name": "fsutil.exe", "monitor_reason": "child_process", "monitored_id": 17, "origin_monitor_id": 12, "ref_parent_process": { "ref_id": "proc_12", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "process_00000017-region_00001364-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_346", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 131072, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_1364", "name": "private_0x0000000000010000", "norm_filename": null, "region_type": "private_memory", "start_va": 65536, "timestamp": "00:00:31.013", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000017-region_00001365-addr_0x0000000000030000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_347", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 204799, "entry_point": 0, "filename": null, "id": "region_1365", "name": "private_0x0000000000030000", "norm_filename": null, "region_type": "private_memory", "start_va": 196608, "timestamp": "00:00:31.014", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 266239, "entry_point": 262144, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_1366", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 262144, "timestamp": "00:00:31.014", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 327680, "type": "region", "version": 1 }, "end_va": 344063, "entry_point": 0, "filename": null, "id": "region_1367", "name": "pagefile_0x0000000000050000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 327680, "timestamp": "00:00:31.016", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 393216, "type": "region", "version": 1 }, "end_va": 397311, "entry_point": 0, "filename": null, "id": "region_1368", "name": "pagefile_0x0000000000060000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 393216, "timestamp": "00:00:31.016", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000017-region_00001369-addr_0x00000000001b0000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_348", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 1769472, "type": "region", "version": 1 }, "end_va": 2031615, "entry_point": 0, "filename": null, "id": "region_1369", "name": "private_0x00000000001b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1769472, "timestamp": "00:00:31.016", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000017-region_00001370-addr_0x00000000001f0000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_349", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 2031616, "type": "region", "version": 1 }, "end_va": 2293759, "entry_point": 0, "filename": null, "id": "region_1370", "name": "private_0x00000000001f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2031616, "timestamp": "00:00:31.017", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 81920, "start_va": 15794176, "type": "region", "version": 1 }, "end_va": 15876095, "entry_point": 15794176, "filename": "\\Windows\\SysWOW64\\fsutil.exe", "id": "region_1371", "name": "fsutil.exe", "norm_filename": "c:\\windows\\syswow64\\fsutil.exe", "region_type": "memory_mapped_file", "start_va": 15794176, "timestamp": "00:00:31.017", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 1993932800, "type": "region", "version": 1 }, "end_va": 1995673599, "entry_point": 1993932800, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_1372", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 1993932800, "timestamp": "00:00:31.022", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1572864, "start_va": 1995898880, "type": "region", "version": 1 }, "end_va": 1997471743, "entry_point": 1995898880, "filename": "\\Windows\\SysWOW64\\ntdll.dll", "id": "region_1373", "name": "ntdll.dll", "norm_filename": "c:\\windows\\syswow64\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 1995898880, "timestamp": "00:00:31.023", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 2130378752, "type": "region", "version": 1 }, "end_va": 2130522111, "entry_point": 0, "filename": null, "id": "region_1374", "name": "pagefile_0x000000007efb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130378752, "timestamp": "00:00:31.023", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000017-region_00001375-addr_0x000000007efdb000-size_0x0000000000003000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_350", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 12288, "start_va": 2130554880, "type": "region", "version": 1 }, "end_va": 2130567167, "entry_point": 0, "filename": null, "id": "region_1375", "name": "private_0x000000007efdb000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130554880, "timestamp": "00:00:31.024", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000017-region_00001376-addr_0x000000007efde000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_351", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2130567168, "type": "region", "version": 1 }, "end_va": 2130571263, "entry_point": 0, "filename": null, "id": "region_1376", "name": "private_0x000000007efde000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130567168, "timestamp": "00:00:31.024", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000017-region_00001377-addr_0x000000007efdf000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_352", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2130571264, "type": "region", "version": 1 }, "end_va": 2130575359, "entry_point": 0, "filename": null, "id": "region_1377", "name": "private_0x000000007efdf000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130571264, "timestamp": "00:00:31.024", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16777216, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_1378", "name": "private_0x000000007efe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130575360, "timestamp": "00:00:31.025", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000017-region_00001379-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable" ], "ref_process_dump": { "ref_id": "proc_dump_353", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_1379", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:00:31.025", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "ignored_region" ], "info": "No dump was created because this is an ignored region", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8793945538560, "start_va": 2147418112, "type": "region", "version": 1 }, "end_va": 8796092956671, "entry_point": 0, "filename": null, "id": "region_1380", "name": "private_0x000000007fff0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147418112, "timestamp": "00:00:31.025", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000017-region_00001381-addr_0x0000000000370000-size_0x0000000000080000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_354", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 524288, "start_va": 3604480, "type": "region", "version": 1 }, "end_va": 4128767, "entry_point": 0, "filename": null, "id": "region_1381", "name": "private_0x0000000000370000", "norm_filename": null, "region_type": "private_memory", "start_va": 3604480, "timestamp": "00:00:31.033", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1951006720, "type": "region", "version": 1 }, "end_va": 1951039487, "entry_point": 1951015160, "filename": "\\Windows\\System32\\wow64cpu.dll", "id": "region_1382", "name": "wow64cpu.dll", "norm_filename": "c:\\windows\\system32\\wow64cpu.dll", "region_type": "memory_mapped_file", "start_va": 1951006720, "timestamp": "00:00:31.033", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 376832, "start_va": 1951072256, "type": "region", "version": 1 }, "end_va": 1951449087, "entry_point": 1951332248, "filename": "\\Windows\\System32\\wow64win.dll", "id": "region_1383", "name": "wow64win.dll", "norm_filename": "c:\\windows\\system32\\wow64win.dll", "region_type": "memory_mapped_file", "start_va": 1951072256, "timestamp": "00:00:31.033", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 258048, "start_va": 1951465472, "type": "region", "version": 1 }, "end_va": 1951723519, "entry_point": 1951653496, "filename": "\\Windows\\System32\\wow64.dll", "id": "region_1384", "name": "wow64.dll", "norm_filename": "c:\\windows\\system32\\wow64.dll", "region_type": "memory_mapped_file", "start_va": 1951465472, "timestamp": "00:00:31.034", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_1385", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:00:31.064", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_1386", "name": "pagefile_0x0000000000020000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 131072, "timestamp": "00:00:31.064", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 458752, "type": "region", "version": 1 }, "end_va": 880639, "entry_point": 458752, "filename": "\\Windows\\System32\\locale.nls", "id": "region_1387", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 458752, "timestamp": "00:00:31.064", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000017-region_00001388-addr_0x0000000000360000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_355", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 3538944, "type": "region", "version": 1 }, "end_va": 3604479, "entry_point": 0, "filename": null, "id": "region_1388", "name": "private_0x0000000000360000", "norm_filename": null, "region_type": "private_memory", "start_va": 3538944, "timestamp": "00:00:31.065", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000017-region_00001389-addr_0x0000000000530000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_356", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 5439488, "type": "region", "version": 1 }, "end_va": 6488063, "entry_point": 0, "filename": null, "id": "region_1389", "name": "private_0x0000000000530000", "norm_filename": null, "region_type": "private_memory", "start_va": 5439488, "timestamp": "00:00:31.065", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 36864, "start_va": 1953103872, "type": "region", "version": 1 }, "end_va": 1953140735, "entry_point": 1953110064, "filename": "\\Windows\\SysWOW64\\ktmw32.dll", "id": "region_1390", "name": "ktmw32.dll", "norm_filename": "c:\\windows\\syswow64\\ktmw32.dll", "region_type": "memory_mapped_file", "start_va": 1953103872, "timestamp": "00:00:31.065", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 61440, "start_va": 1955659776, "type": "region", "version": 1 }, "end_va": 1955721215, "entry_point": 1955664545, "filename": "\\Windows\\SysWOW64\\wkscli.dll", "id": "region_1391", "name": "wkscli.dll", "norm_filename": "c:\\windows\\syswow64\\wkscli.dll", "region_type": "memory_mapped_file", "start_va": 1955659776, "timestamp": "00:00:31.066", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 1955725312, "type": "region", "version": 1 }, "end_va": 1955827711, "entry_point": 1955730201, "filename": "\\Windows\\SysWOW64\\srvcli.dll", "id": "region_1392", "name": "srvcli.dll", "norm_filename": "c:\\windows\\syswow64\\srvcli.dll", "region_type": "memory_mapped_file", "start_va": 1955725312, "timestamp": "00:00:31.066", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 36864, "start_va": 1955856384, "type": "region", "version": 1 }, "end_va": 1955893247, "entry_point": 1955861926, "filename": "\\Windows\\SysWOW64\\netutils.dll", "id": "region_1393", "name": "netutils.dll", "norm_filename": "c:\\windows\\syswow64\\netutils.dll", "region_type": "memory_mapped_file", "start_va": 1955856384, "timestamp": "00:00:31.067", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 69632, "start_va": 1955921920, "type": "region", "version": 1 }, "end_va": 1955991551, "entry_point": 1955926784, "filename": "\\Windows\\SysWOW64\\netapi32.dll", "id": "region_1394", "name": "netapi32.dll", "norm_filename": "c:\\windows\\syswow64\\netapi32.dll", "region_type": "memory_mapped_file", "start_va": 1955921920, "timestamp": "00:00:31.067", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1957429248, "type": "region", "version": 1 }, "end_va": 1957478399, "entry_point": 1957433569, "filename": "\\Windows\\SysWOW64\\cryptbase.dll", "id": "region_1395", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\syswow64\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 1957429248, "timestamp": "00:00:31.068", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1957494784, "type": "region", "version": 1 }, "end_va": 1957887999, "entry_point": 1957602227, "filename": "\\Windows\\SysWOW64\\sspicli.dll", "id": "region_1396", "name": "sspicli.dll", "norm_filename": "c:\\windows\\syswow64\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 1957494784, "timestamp": "00:00:31.068", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1048576, "start_va": 1959395328, "type": "region", "version": 1 }, "end_va": 1960443903, "entry_point": 1959507693, "filename": "\\Windows\\SysWOW64\\user32.dll", "id": "region_1397", "name": "user32.dll", "norm_filename": "c:\\windows\\syswow64\\user32.dll", "region_type": "memory_mapped_file", "start_va": 1959395328, "timestamp": "00:00:31.069", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1960443904, "type": "region", "version": 1 }, "end_va": 1960484863, "entry_point": 1960457888, "filename": "\\Windows\\SysWOW64\\lpk.dll", "id": "region_1398", "name": "lpk.dll", "norm_filename": "c:\\windows\\syswow64\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 1960443904, "timestamp": "00:00:31.069", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 1961361408, "type": "region", "version": 1 }, "end_va": 1961463807, "entry_point": 1961380213, "filename": "\\Windows\\SysWOW64\\sechost.dll", "id": "region_1399", "name": "sechost.dll", "norm_filename": "c:\\windows\\syswow64\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 1961361408, "timestamp": "00:00:31.069", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 655360, "start_va": 1961492480, "type": "region", "version": 1 }, "end_va": 1962147839, "entry_point": 1961576933, "filename": "\\Windows\\SysWOW64\\advapi32.dll", "id": "region_1400", "name": "advapi32.dll", "norm_filename": "c:\\windows\\syswow64\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 1961492480, "timestamp": "00:00:31.070", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 983040, "start_va": 1978531840, "type": "region", "version": 1 }, "end_va": 1979514879, "entry_point": 1978598761, "filename": "\\Windows\\SysWOW64\\rpcrt4.dll", "id": "region_1401", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\syswow64\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 1978531840, "timestamp": "00:00:31.070", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 589824, "start_va": 1983840256, "type": "region", "version": 1 }, "end_va": 1984430079, "entry_point": 1983931203, "filename": "\\Windows\\SysWOW64\\gdi32.dll", "id": "region_1402", "name": "gdi32.dll", "norm_filename": "c:\\windows\\syswow64\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 1983840256, "timestamp": "00:00:31.071", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 643072, "start_va": 1985019904, "type": "region", "version": 1 }, "end_va": 1985662975, "entry_point": 1985232855, "filename": "\\Windows\\SysWOW64\\usp10.dll", "id": "region_1403", "name": "usp10.dll", "norm_filename": "c:\\windows\\syswow64\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 1985019904, "timestamp": "00:00:31.071", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 286720, "start_va": 1985675264, "type": "region", "version": 1 }, "end_va": 1985961983, "entry_point": 1985705080, "filename": "\\Windows\\SysWOW64\\KernelBase.dll", "id": "region_1404", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\syswow64\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 1985675264, "timestamp": "00:00:31.072", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1114112, "start_va": 1986002944, "type": "region", "version": 1 }, "end_va": 1987117055, "entry_point": 1986081491, "filename": "\\Windows\\SysWOW64\\kernel32.dll", "id": "region_1405", "name": "kernel32.dll", "norm_filename": "c:\\windows\\syswow64\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1986002944, "timestamp": "00:00:31.072", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1425408, "start_va": 1987117056, "type": "region", "version": 1 }, "end_va": 1988542463, "entry_point": 1987426877, "filename": "\\Windows\\SysWOW64\\ole32.dll", "id": "region_1406", "name": "ole32.dll", "norm_filename": "c:\\windows\\syswow64\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 1987117056, "timestamp": "00:00:31.073", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 704512, "start_va": 1990459392, "type": "region", "version": 1 }, "end_va": 1991163903, "entry_point": 1990501490, "filename": "\\Windows\\SysWOW64\\msvcrt.dll", "id": "region_1407", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\syswow64\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 1990459392, "timestamp": "00:00:31.073", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000017-region_00001408-addr_0x0000000076b70000-size_0x00000000000fa000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_357", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1024000, "start_va": 1991704576, "type": "region", "version": 1 }, "end_va": 1992728575, "entry_point": 0, "filename": null, "id": "region_1408", "name": "private_0x0000000076b70000", "norm_filename": null, "region_type": "private_memory", "start_va": 1991704576, "timestamp": "00:00:31.074", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000017-region_00001409-addr_0x0000000076c70000-size_0x000000000011f000-perm_rwx.bin", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_358", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1175552, "start_va": 1992753152, "type": "region", "version": 1 }, "end_va": 1993928703, "entry_point": 0, "filename": null, "id": "region_1409", "name": "private_0x0000000076c70000", "norm_filename": null, "region_type": "private_memory", "start_va": 1992753152, "timestamp": "00:00:31.074", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2131623935, "entry_point": 0, "filename": null, "id": "region_1410", "name": "pagefile_0x000000007efe0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130575360, "timestamp": "00:00:31.074", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 15728640, "start_va": 2131623936, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_1411", "name": "private_0x000000007f0e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2131623936, "timestamp": "00:00:31.074", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 6488064, "type": "region", "version": 1 }, "end_va": 8093695, "entry_point": 0, "filename": null, "id": "region_1412", "name": "pagefile_0x0000000000630000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 6488064, "timestamp": "00:00:31.079", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1957888000, "type": "region", "version": 1 }, "end_va": 1958281215, "entry_point": 1957959055, "filename": "\\Windows\\SysWOW64\\imm32.dll", "id": "region_1413", "name": "imm32.dll", "norm_filename": "c:\\windows\\syswow64\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 1957888000, "timestamp": "00:00:31.079", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 835584, "start_va": 1960509440, "type": "region", "version": 1 }, "end_va": 1961345023, "entry_point": 1960515211, "filename": "\\Windows\\SysWOW64\\msctf.dll", "id": "region_1414", "name": "msctf.dll", "norm_filename": "c:\\windows\\syswow64\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 1960509440, "timestamp": "00:00:31.080", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "/c schtasks /Delete /F /TN drogon", "filename": "c:\\windows\\syswow64\\cmd.exe", "id": "proc_18", "image_name": "cmd.exe", "monitor_reason": "child_process", "monitored_id": 18, "origin_monitor_id": 2, "ref_parent_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 131072, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_1415", "name": "private_0x0000000000010000", "norm_filename": null, "region_type": "private_memory", "start_va": 65536, "timestamp": "00:00:33.780", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 204799, "entry_point": 0, "filename": null, "id": "region_1416", "name": "private_0x0000000000030000", "norm_filename": null, "region_type": "private_memory", "start_va": 196608, "timestamp": "00:00:33.780", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 266239, "entry_point": 262144, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_1417", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 262144, "timestamp": "00:00:33.780", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 327680, "type": "region", "version": 1 }, "end_va": 344063, "entry_point": 0, "filename": null, "id": "region_1418", "name": "pagefile_0x0000000000050000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 327680, "timestamp": "00:00:33.783", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 393216, "type": "region", "version": 1 }, "end_va": 397311, "entry_point": 0, "filename": null, "id": "region_1419", "name": "pagefile_0x0000000000060000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 393216, "timestamp": "00:00:33.783", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 589824, "type": "region", "version": 1 }, "end_va": 851967, "entry_point": 0, "filename": null, "id": "region_1420", "name": "private_0x0000000000090000", "norm_filename": null, "region_type": "private_memory", "start_va": 589824, "timestamp": "00:00:33.783", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2424832, "type": "region", "version": 1 }, "end_va": 3473407, "entry_point": 0, "filename": null, "id": "region_1421", "name": "private_0x0000000000250000", "norm_filename": null, "region_type": "private_memory", "start_va": 2424832, "timestamp": "00:00:33.784", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 311296, "start_va": 1251213312, "type": "region", "version": 1 }, "end_va": 1251524607, "entry_point": 1251246746, "filename": "\\Windows\\SysWOW64\\cmd.exe", "id": "region_1422", "name": "cmd.exe", "norm_filename": "c:\\windows\\syswow64\\cmd.exe", "region_type": "memory_mapped_file", "start_va": 1251213312, "timestamp": "00:00:33.784", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 1993932800, "type": "region", "version": 1 }, "end_va": 1995673599, "entry_point": 1993932800, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_1423", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 1993932800, "timestamp": "00:00:33.784", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1572864, "start_va": 1995898880, "type": "region", "version": 1 }, "end_va": 1997471743, "entry_point": 1995898880, "filename": "\\Windows\\SysWOW64\\ntdll.dll", "id": "region_1424", "name": "ntdll.dll", "norm_filename": "c:\\windows\\syswow64\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 1995898880, "timestamp": "00:00:33.785", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 2130378752, "type": "region", "version": 1 }, "end_va": 2130522111, "entry_point": 0, "filename": null, "id": "region_1425", "name": "pagefile_0x000000007efb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130378752, "timestamp": "00:00:33.786", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130554880, "type": "region", "version": 1 }, "end_va": 2130567167, "entry_point": 0, "filename": null, "id": "region_1426", "name": "private_0x000000007efdb000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130554880, "timestamp": "00:00:33.786", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2130567168, "type": "region", "version": 1 }, "end_va": 2130571263, "entry_point": 0, "filename": null, "id": "region_1427", "name": "private_0x000000007efde000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130567168, "timestamp": "00:00:33.786", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2130571264, "type": "region", "version": 1 }, "end_va": 2130575359, "entry_point": 0, "filename": null, "id": "region_1428", "name": "private_0x000000007efdf000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130571264, "timestamp": "00:00:33.786", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16777216, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_1429", "name": "private_0x000000007efe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130575360, "timestamp": "00:00:33.787", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable" ], "ref_process_dump": null, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_1430", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:00:33.787", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "ignored_region" ], "info": "No dump was created because this is an ignored region", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8793945538560, "start_va": 2147418112, "type": "region", "version": 1 }, "end_va": 8796092956671, "entry_point": 0, "filename": null, "id": "region_1431", "name": "private_0x000000007fff0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147418112, "timestamp": "00:00:33.787", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 1310720, "type": "region", "version": 1 }, "end_va": 1835007, "entry_point": 0, "filename": null, "id": "region_1432", "name": "private_0x0000000000140000", "norm_filename": null, "region_type": "private_memory", "start_va": 1310720, "timestamp": "00:00:34.182", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1951006720, "type": "region", "version": 1 }, "end_va": 1951039487, "entry_point": 1951015160, "filename": "\\Windows\\System32\\wow64cpu.dll", "id": "region_1433", "name": "wow64cpu.dll", "norm_filename": "c:\\windows\\system32\\wow64cpu.dll", "region_type": "memory_mapped_file", "start_va": 1951006720, "timestamp": "00:00:34.182", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 376832, "start_va": 1951072256, "type": "region", "version": 1 }, "end_va": 1951449087, "entry_point": 1951332248, "filename": "\\Windows\\System32\\wow64win.dll", "id": "region_1434", "name": "wow64win.dll", "norm_filename": "c:\\windows\\system32\\wow64win.dll", "region_type": "memory_mapped_file", "start_va": 1951072256, "timestamp": "00:00:34.183", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 258048, "start_va": 1951465472, "type": "region", "version": 1 }, "end_va": 1951723519, "entry_point": 1951653496, "filename": "\\Windows\\System32\\wow64.dll", "id": "region_1435", "name": "wow64.dll", "norm_filename": "c:\\windows\\system32\\wow64.dll", "region_type": "memory_mapped_file", "start_va": 1951465472, "timestamp": "00:00:34.183", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_1436", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:00:35.527", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_1437", "name": "pagefile_0x0000000000020000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 131072, "timestamp": "00:00:35.527", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 851968, "type": "region", "version": 1 }, "end_va": 1273855, "entry_point": 851968, "filename": "\\Windows\\System32\\locale.nls", "id": "region_1438", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 851968, "timestamp": "00:00:35.527", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 3932160, "type": "region", "version": 1 }, "end_va": 4980735, "entry_point": 0, "filename": null, "id": "region_1439", "name": "private_0x00000000003c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 3932160, "timestamp": "00:00:35.528", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 6488064, "type": "region", "version": 1 }, "end_va": 6553599, "entry_point": 0, "filename": null, "id": "region_1440", "name": "private_0x0000000000630000", "norm_filename": null, "region_type": "private_memory", "start_va": 6488064, "timestamp": "00:00:35.529", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 28672, "start_va": 1953103872, "type": "region", "version": 1 }, "end_va": 1953132543, "entry_point": 1953108528, "filename": "\\Windows\\SysWOW64\\winbrand.dll", "id": "region_1441", "name": "winbrand.dll", "norm_filename": "c:\\windows\\syswow64\\winbrand.dll", "region_type": "memory_mapped_file", "start_va": 1953103872, "timestamp": "00:00:35.529", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1957429248, "type": "region", "version": 1 }, "end_va": 1957478399, "entry_point": 1957433569, "filename": "\\Windows\\SysWOW64\\cryptbase.dll", "id": "region_1442", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\syswow64\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 1957429248, "timestamp": "00:00:35.530", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1957494784, "type": "region", "version": 1 }, "end_va": 1957887999, "entry_point": 1957602227, "filename": "\\Windows\\SysWOW64\\sspicli.dll", "id": "region_1443", "name": "sspicli.dll", "norm_filename": "c:\\windows\\syswow64\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 1957494784, "timestamp": "00:00:35.530", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1048576, "start_va": 1959395328, "type": "region", "version": 1 }, "end_va": 1960443903, "entry_point": 1959507693, "filename": "\\Windows\\SysWOW64\\user32.dll", "id": "region_1444", "name": "user32.dll", "norm_filename": "c:\\windows\\syswow64\\user32.dll", "region_type": "memory_mapped_file", "start_va": 1959395328, "timestamp": "00:00:35.531", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1960443904, "type": "region", "version": 1 }, "end_va": 1960484863, "entry_point": 1960457888, "filename": "\\Windows\\SysWOW64\\lpk.dll", "id": "region_1445", "name": "lpk.dll", "norm_filename": "c:\\windows\\syswow64\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 1960443904, "timestamp": "00:00:35.532", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 1961361408, "type": "region", "version": 1 }, "end_va": 1961463807, "entry_point": 1961380213, "filename": "\\Windows\\SysWOW64\\sechost.dll", "id": "region_1446", "name": "sechost.dll", "norm_filename": "c:\\windows\\syswow64\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 1961361408, "timestamp": "00:00:35.533", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 655360, "start_va": 1961492480, "type": "region", "version": 1 }, "end_va": 1962147839, "entry_point": 1961576933, "filename": "\\Windows\\SysWOW64\\advapi32.dll", "id": "region_1447", "name": "advapi32.dll", "norm_filename": "c:\\windows\\syswow64\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 1961492480, "timestamp": "00:00:35.534", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 983040, "start_va": 1978531840, "type": "region", "version": 1 }, "end_va": 1979514879, "entry_point": 1978598761, "filename": "\\Windows\\SysWOW64\\rpcrt4.dll", "id": "region_1448", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\syswow64\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 1978531840, "timestamp": "00:00:35.534", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 589824, "start_va": 1983840256, "type": "region", "version": 1 }, "end_va": 1984430079, "entry_point": 1983931203, "filename": "\\Windows\\SysWOW64\\gdi32.dll", "id": "region_1449", "name": "gdi32.dll", "norm_filename": "c:\\windows\\syswow64\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 1983840256, "timestamp": "00:00:35.535", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 643072, "start_va": 1985019904, "type": "region", "version": 1 }, "end_va": 1985662975, "entry_point": 1985232855, "filename": "\\Windows\\SysWOW64\\usp10.dll", "id": "region_1450", "name": "usp10.dll", "norm_filename": "c:\\windows\\syswow64\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 1985019904, "timestamp": "00:00:35.536", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 286720, "start_va": 1985675264, "type": "region", "version": 1 }, "end_va": 1985961983, "entry_point": 1985705080, "filename": "\\Windows\\SysWOW64\\KernelBase.dll", "id": "region_1451", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\syswow64\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 1985675264, "timestamp": "00:00:35.537", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1114112, "start_va": 1986002944, "type": "region", "version": 1 }, "end_va": 1987117055, "entry_point": 1986081491, "filename": "\\Windows\\SysWOW64\\kernel32.dll", "id": "region_1452", "name": "kernel32.dll", "norm_filename": "c:\\windows\\syswow64\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1986002944, "timestamp": "00:00:35.538", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 704512, "start_va": 1990459392, "type": "region", "version": 1 }, "end_va": 1991163903, "entry_point": 1990501490, "filename": "\\Windows\\SysWOW64\\msvcrt.dll", "id": "region_1453", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\syswow64\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 1990459392, "timestamp": "00:00:35.538", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1024000, "start_va": 1991704576, "type": "region", "version": 1 }, "end_va": 1992728575, "entry_point": 0, "filename": null, "id": "region_1454", "name": "private_0x0000000076b70000", "norm_filename": null, "region_type": "private_memory", "start_va": 1991704576, "timestamp": "00:00:35.542", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1175552, "start_va": 1992753152, "type": "region", "version": 1 }, "end_va": 1993928703, "entry_point": 0, "filename": null, "id": "region_1455", "name": "private_0x0000000076c70000", "norm_filename": null, "region_type": "private_memory", "start_va": 1992753152, "timestamp": "00:00:35.542", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2131623935, "entry_point": 0, "filename": null, "id": "region_1456", "name": "pagefile_0x000000007efe0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130575360, "timestamp": "00:00:35.542", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 15728640, "start_va": 2131623936, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_1457", "name": "private_0x000000007f0e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2131623936, "timestamp": "00:00:35.543", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 6553600, "type": "region", "version": 1 }, "end_va": 8159231, "entry_point": 0, "filename": null, "id": "region_1458", "name": "pagefile_0x0000000000640000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 6553600, "timestamp": "00:00:36.308", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1957888000, "type": "region", "version": 1 }, "end_va": 1958281215, "entry_point": 1957959055, "filename": "\\Windows\\SysWOW64\\imm32.dll", "id": "region_1459", "name": "imm32.dll", "norm_filename": "c:\\windows\\syswow64\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 1957888000, "timestamp": "00:00:36.308", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 835584, "start_va": 1960509440, "type": "region", "version": 1 }, "end_va": 1961345023, "entry_point": 1960515211, "filename": "\\Windows\\SysWOW64\\msctf.dll", "id": "region_1460", "name": "msctf.dll", "norm_filename": "c:\\windows\\syswow64\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 1960509440, "timestamp": "00:00:36.340", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 28672, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 225279, "entry_point": 0, "filename": null, "id": "region_1461", "name": "pagefile_0x0000000000030000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 196608, "timestamp": "00:00:37.832", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 458752, "type": "region", "version": 1 }, "end_va": 466943, "entry_point": 0, "filename": null, "id": "region_1462", "name": "pagefile_0x0000000000070000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 458752, "timestamp": "00:00:37.832", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 524288, "type": "region", "version": 1 }, "end_va": 528383, "entry_point": 0, "filename": null, "id": "region_1463", "name": "private_0x0000000000080000", "norm_filename": null, "region_type": "private_memory", "start_va": 524288, "timestamp": "00:00:37.832", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 1835008, "type": "region", "version": 1 }, "end_va": 1839103, "entry_point": 0, "filename": null, "id": "region_1464", "name": "private_0x00000000001c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1835008, "timestamp": "00:00:37.833", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 8192000, "type": "region", "version": 1 }, "end_va": 9768959, "entry_point": 0, "filename": null, "id": "region_1465", "name": "pagefile_0x00000000007d0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 8192000, "timestamp": "00:00:37.833", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20971520, "start_va": 9830400, "type": "region", "version": 1 }, "end_va": 30801919, "entry_point": 0, "filename": null, "id": "region_1466", "name": "pagefile_0x0000000000960000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 9830400, "timestamp": "00:00:37.833", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 3420160, "start_va": 30801920, "type": "region", "version": 1 }, "end_va": 34222079, "entry_point": 0, "filename": null, "id": "region_1467", "name": "pagefile_0x0000000001d60000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 30801920, "timestamp": "00:00:37.833", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "taskeng.exe {4222EA2E-0F28-4DC3-9F30-F6A79682CE97} S-1-5-18:NT AUTHORITY\\System:Service:", "filename": "c:\\windows\\system32\\taskeng.exe", "id": "proc_19", "image_name": "taskeng.exe", "monitor_reason": "created_scheduled_job", "monitored_id": 19, "origin_monitor_id": 9, "ref_parent_process": { "ref_id": "proc_9", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 131072, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_1532", "name": "private_0x0000000000010000", "norm_filename": null, "region_type": "private_memory", "start_va": 65536, "timestamp": "00:01:02.684", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 212991, "entry_point": 0, "filename": null, "id": "region_1533", "name": "pagefile_0x0000000000030000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 196608, "timestamp": "00:01:02.684", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 266239, "entry_point": 0, "filename": null, "id": "region_1534", "name": "pagefile_0x0000000000040000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 262144, "timestamp": "00:01:02.684", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unknown" ], "info": "No dump was created for an unknown reason", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 1638400, "type": "region", "version": 1 }, "end_va": 2162687, "entry_point": 0, "filename": null, "id": "region_1535", "name": "private_0x0000000000190000", "norm_filename": null, "region_type": "private_memory", "start_va": 1638400, "timestamp": "00:01:02.685", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 2007695360, "type": "region", "version": 1 }, "end_va": 2009436159, "entry_point": 2007695360, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_1536", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2007695360, "timestamp": "00:01:02.685", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16777216, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_1537", "name": "private_0x000000007efe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130575360, "timestamp": "00:01:02.759", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unknown" ], "info": "No dump was created for an unknown reason", "permissions": [ "readable" ], "ref_process_dump": null, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_1538", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:01:02.760", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 475136, "start_va": 4287692800, "type": "region", "version": 1 }, "end_va": 4288167935, "entry_point": 4287692800, "filename": "\\Windows\\System32\\taskeng.exe", "id": "region_1539", "name": "taskeng.exe", "norm_filename": "c:\\windows\\system32\\taskeng.exe", "region_type": "memory_mapped_file", "start_va": 4287692800, "timestamp": "00:01:02.760", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 8791795761152, "type": "region", "version": 1 }, "end_va": 8791795765247, "entry_point": 8791795761152, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_1540", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 8791795761152, "timestamp": "00:01:02.764", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 8796092694528, "type": "region", "version": 1 }, "end_va": 8796092837887, "entry_point": 0, "filename": null, "id": "region_1541", "name": "pagefile_0x000007fffffb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 8796092694528, "timestamp": "00:01:02.766", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unknown" ], "info": "No dump was created for an unknown reason", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 8796092846080, "type": "region", "version": 1 }, "end_va": 8796092850175, "entry_point": 0, "filename": null, "id": "region_1542", "name": "private_0x000007fffffd5000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092846080, "timestamp": "00:01:02.767", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unknown" ], "info": "No dump was created for an unknown reason", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092882944, "type": "region", "version": 1 }, "end_va": 8796092891135, "entry_point": 0, "filename": null, "id": "region_1543", "name": "private_0x000007fffffde000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092882944, "timestamp": "00:01:02.767", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 3932160, "type": "region", "version": 1 }, "end_va": 4980735, "entry_point": 0, "filename": null, "id": "region_4351", "name": "private_0x00000000003c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 3932160, "timestamp": "00:01:15.074", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1175552, "start_va": 2006515712, "type": "region", "version": 1 }, "end_va": 2007691263, "entry_point": 2006605472, "filename": "\\Windows\\System32\\kernel32.dll", "id": "region_4352", "name": "kernel32.dll", "norm_filename": "c:\\windows\\system32\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 2006515712, "timestamp": "00:01:15.074", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 438272, "start_va": 8791759060992, "type": "region", "version": 1 }, "end_va": 8791759499263, "entry_point": 8791759073504, "filename": "\\Windows\\System32\\KernelBase.dll", "id": "region_4353", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\system32\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 8791759060992, "timestamp": "00:01:15.075", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_4354", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:01:15.077", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2131623935, "entry_point": 0, "filename": null, "id": "region_4355", "name": "pagefile_0x000000007efe0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130575360, "timestamp": "00:01:15.077", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 15728640, "start_va": 2131623936, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_4356", "name": "private_0x000000007f0e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2131623936, "timestamp": "00:01:15.077", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 327680, "type": "region", "version": 1 }, "end_va": 749567, "entry_point": 327680, "filename": "\\Windows\\System32\\locale.nls", "id": "region_4357", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 327680, "timestamp": "00:01:15.081", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1024000, "start_va": 2005467136, "type": "region", "version": 1 }, "end_va": 2006491135, "entry_point": 2005574344, "filename": "\\Windows\\System32\\user32.dll", "id": "region_4358", "name": "user32.dll", "norm_filename": "c:\\windows\\system32\\user32.dll", "region_type": "memory_mapped_file", "start_va": 2005467136, "timestamp": "00:01:15.081", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 421888, "start_va": 8791794778112, "type": "region", "version": 1 }, "end_va": 8791795199999, "entry_point": 8791794823228, "filename": "\\Windows\\System32\\gdi32.dll", "id": "region_4359", "name": "gdi32.dll", "norm_filename": "c:\\windows\\system32\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 8791794778112, "timestamp": "00:01:15.082", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 57344, "start_va": 8791764566016, "type": "region", "version": 1 }, "end_va": 8791764623359, "entry_point": 8791764570240, "filename": "\\Windows\\System32\\lpk.dll", "id": "region_4360", "name": "lpk.dll", "norm_filename": "c:\\windows\\system32\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 8791764566016, "timestamp": "00:01:15.083", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 823296, "start_va": 8791762206720, "type": "region", "version": 1 }, "end_va": 8791763030015, "entry_point": 8791762708596, "filename": "\\Windows\\System32\\usp10.dll", "id": "region_4361", "name": "usp10.dll", "norm_filename": "c:\\windows\\system32\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 8791762206720, "timestamp": "00:01:15.085", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 651264, "start_va": 8791791435776, "type": "region", "version": 1 }, "end_va": 8791792087039, "entry_point": 8791791445408, "filename": "\\Windows\\System32\\msvcrt.dll", "id": "region_4362", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\system32\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 8791791435776, "timestamp": "00:01:15.086", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2109440, "start_va": 8791792091136, "type": "region", "version": 1 }, "end_va": 8791794200575, "entry_point": 8791792235312, "filename": "\\Windows\\System32\\ole32.dll", "id": "region_4363", "name": "ole32.dll", "norm_filename": "c:\\windows\\system32\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 8791792091136, "timestamp": "00:01:15.091", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1232896, "start_va": 8791786520576, "type": "region", "version": 1 }, "end_va": 8791787753471, "entry_point": 8791786843472, "filename": "\\Windows\\System32\\rpcrt4.dll", "id": "region_4364", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\system32\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 8791786520576, "timestamp": "00:01:15.092", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 880640, "start_va": 8791784685568, "type": "region", "version": 1 }, "end_va": 8791785566207, "entry_point": 8791784698484, "filename": "\\Windows\\System32\\oleaut32.dll", "id": "region_4365", "name": "oleaut32.dll", "norm_filename": "c:\\windows\\system32\\oleaut32.dll", "region_type": "memory_mapped_file", "start_va": 8791784685568, "timestamp": "00:01:15.093", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 8791713906688, "type": "region", "version": 1 }, "end_va": 8791713947647, "entry_point": 8791713916428, "filename": "\\Windows\\System32\\ktmw32.dll", "id": "region_4366", "name": "ktmw32.dll", "norm_filename": "c:\\windows\\system32\\ktmw32.dll", "region_type": "memory_mapped_file", "start_va": 8791713906688, "timestamp": "00:01:15.094", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 446464, "start_va": 8791753097216, "type": "region", "version": 1 }, "end_va": 8791753543679, "entry_point": 8791753101328, "filename": "\\Windows\\System32\\wevtapi.dll", "id": "region_4367", "name": "wevtapi.dll", "norm_filename": "c:\\windows\\system32\\wevtapi.dll", "region_type": "memory_mapped_file", "start_va": 8791753097216, "timestamp": "00:01:15.096", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1245184, "start_va": 2162688, "type": "region", "version": 1 }, "end_va": 3407871, "entry_point": 0, "filename": null, "id": "region_4368", "name": "private_0x0000000000210000", "norm_filename": null, "region_type": "private_memory", "start_va": 2162688, "timestamp": "00:01:15.097", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2162688, "type": "region", "version": 1 }, "end_va": 3211263, "entry_point": 0, "filename": null, "id": "region_4369", "name": "private_0x0000000000210000", "norm_filename": null, "region_type": "private_memory", "start_va": 2162688, "timestamp": "00:01:15.097", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 3342336, "type": "region", "version": 1 }, "end_va": 3407871, "entry_point": 0, "filename": null, "id": "region_4370", "name": "private_0x0000000000330000", "norm_filename": null, "region_type": "private_memory", "start_va": 3342336, "timestamp": "00:01:15.097", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 167936, "start_va": 786432, "type": "region", "version": 1 }, "end_va": 954367, "entry_point": 790544, "filename": "\\Windows\\System32\\imm32.dll", "id": "region_4371", "name": "imm32.dll", "norm_filename": "c:\\windows\\system32\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 786432, "timestamp": "00:01:15.100", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 4980736, "type": "region", "version": 1 }, "end_va": 6586367, "entry_point": 0, "filename": null, "id": "region_4372", "name": "pagefile_0x00000000004c0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 4980736, "timestamp": "00:01:15.101", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 188416, "start_va": 8791766007808, "type": "region", "version": 1 }, "end_va": 8791766196223, "entry_point": 8791766011920, "filename": "\\Windows\\System32\\imm32.dll", "id": "region_4374", "name": "imm32.dll", "norm_filename": "c:\\windows\\system32\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 8791766007808, "timestamp": "00:01:15.102", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1085440, "start_va": 8791763451904, "type": "region", "version": 1 }, "end_va": 8791764537343, "entry_point": 8791763456100, "filename": "\\Windows\\System32\\msctf.dll", "id": "region_4375", "name": "msctf.dll", "norm_filename": "c:\\windows\\system32\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 8791763451904, "timestamp": "00:01:15.106", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 786432, "start_va": 786432, "type": "region", "version": 1 }, "end_va": 1572863, "entry_point": 0, "filename": null, "id": "region_4376", "name": "pagefile_0x00000000000c0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 786432, "timestamp": "00:01:15.108", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 6619136, "type": "region", "version": 1 }, "end_va": 8196095, "entry_point": 0, "filename": null, "id": "region_4377", "name": "pagefile_0x0000000000650000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 6619136, "timestamp": "00:01:15.108", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 28672, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 159743, "entry_point": 0, "filename": null, "id": "region_4378", "name": "pagefile_0x0000000000020000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 131072, "timestamp": "00:01:15.111", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 1572864, "type": "region", "version": 1 }, "end_va": 1581055, "entry_point": 0, "filename": null, "id": "region_4379", "name": "pagefile_0x0000000000180000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1572864, "timestamp": "00:01:15.111", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 3211264, "type": "region", "version": 1 }, "end_va": 3215359, "entry_point": 0, "filename": null, "id": "region_4380", "name": "private_0x0000000000310000", "norm_filename": null, "region_type": "private_memory", "start_va": 3211264, "timestamp": "00:01:15.111", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 3276800, "type": "region", "version": 1 }, "end_va": 3280895, "entry_point": 0, "filename": null, "id": "region_4381", "name": "private_0x0000000000320000", "norm_filename": null, "region_type": "private_memory", "start_va": 3276800, "timestamp": "00:01:15.111", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4141056, "start_va": 8257536, "type": "region", "version": 1 }, "end_va": 12398591, "entry_point": 0, "filename": null, "id": "region_4382", "name": "pagefile_0x00000000007e0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 8257536, "timestamp": "00:01:15.111", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1966080, "start_va": 12451840, "type": "region", "version": 1 }, "end_va": 14417919, "entry_point": 0, "filename": null, "id": "region_5132", "name": "private_0x0000000000be0000", "norm_filename": null, "region_type": "private_memory", "start_va": 12451840, "timestamp": "00:01:20.121", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 512000, "start_va": 3407872, "type": "region", "version": 1 }, "end_va": 3919871, "entry_point": 3460808, "filename": "\\Windows\\System32\\rpcss.dll", "id": "region_5133", "name": "rpcss.dll", "norm_filename": "c:\\windows\\system32\\rpcss.dll", "region_type": "memory_mapped_file", "start_va": 3407872, "timestamp": "00:01:20.127", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 61440, "start_va": 8791757094912, "type": "region", "version": 1 }, "end_va": 8791757156351, "entry_point": 8791757099024, "filename": "\\Windows\\System32\\cryptbase.dll", "id": "region_5135", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\system32\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 8791757094912, "timestamp": "00:01:20.130", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 126976, "start_va": 8791765876736, "type": "region", "version": 1 }, "end_va": 8791766003711, "entry_point": 8791765901544, "filename": "\\Windows\\System32\\sechost.dll", "id": "region_5136", "name": "sechost.dll", "norm_filename": "c:\\windows\\system32\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 8791765876736, "timestamp": "00:01:20.134", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 15204352, "type": "region", "version": 1 }, "end_va": 15728639, "entry_point": 0, "filename": null, "id": "region_5512", "name": "private_0x0000000000e80000", "norm_filename": null, "region_type": "private_memory", "start_va": 15204352, "timestamp": "00:01:26.144", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092874752, "type": "region", "version": 1 }, "end_va": 8796092882943, "entry_point": 0, "filename": null, "id": "region_5513", "name": "private_0x000007fffffdc000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092874752, "timestamp": "00:01:26.144", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 897024, "start_va": 8791785603072, "type": "region", "version": 1 }, "end_va": 8791786500095, "entry_point": 8791785736032, "filename": "\\Windows\\System32\\advapi32.dll", "id": "region_5514", "name": "advapi32.dll", "norm_filename": "c:\\windows\\system32\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 8791785603072, "timestamp": "00:01:26.145", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 94208, "start_va": 8791750803456, "type": "region", "version": 1 }, "end_va": 8791750897663, "entry_point": 8791750816440, "filename": "\\Windows\\System32\\cryptsp.dll", "id": "region_5515", "name": "cryptsp.dll", "norm_filename": "c:\\windows\\system32\\cryptsp.dll", "region_type": "memory_mapped_file", "start_va": 8791750803456, "timestamp": "00:01:26.162", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 282624, "start_va": 3407872, "type": "region", "version": 1 }, "end_va": 3690495, "entry_point": 3412068, "filename": "\\Windows\\System32\\rsaenh.dll", "id": "region_5516", "name": "rsaenh.dll", "norm_filename": "c:\\windows\\system32\\rsaenh.dll", "region_type": "memory_mapped_file", "start_va": 3407872, "timestamp": "00:01:26.164", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 290816, "start_va": 8791747657728, "type": "region", "version": 1 }, "end_va": 8791747948543, "entry_point": 8791747661924, "filename": "\\Windows\\System32\\rsaenh.dll", "id": "region_5521", "name": "rsaenh.dll", "norm_filename": "c:\\windows\\system32\\rsaenh.dll", "region_type": "memory_mapped_file", "start_va": 8791747657728, "timestamp": "00:01:26.173", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 462848, "start_va": 8791794253824, "type": "region", "version": 1 }, "end_va": 8791794716671, "entry_point": 8791794327072, "filename": "\\Windows\\System32\\shlwapi.dll", "id": "region_6094", "name": "shlwapi.dll", "norm_filename": "c:\\windows\\system32\\shlwapi.dll", "region_type": "memory_mapped_file", "start_va": 8791794253824, "timestamp": "00:01:30.489", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 16318464, "type": "region", "version": 1 }, "end_va": 16842751, "entry_point": 0, "filename": null, "id": "region_6176", "name": "private_0x0000000000f90000", "norm_filename": null, "region_type": "private_memory", "start_va": 16318464, "timestamp": "00:01:30.890", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 151552, "start_va": 8791756898304, "type": "region", "version": 1 }, "end_va": 8791757049855, "entry_point": 8791756936792, "filename": "\\Windows\\System32\\sspicli.dll", "id": "region_6177", "name": "sspicli.dll", "norm_filename": "c:\\windows\\system32\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 8791756898304, "timestamp": "00:01:30.890", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092866560, "type": "region", "version": 1 }, "end_va": 8796092874751, "entry_point": 0, "filename": null, "id": "region_6178", "name": "private_0x000007fffffda000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092866560, "timestamp": "00:01:30.891", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 12451840, "type": "region", "version": 1 }, "end_va": 13500415, "entry_point": 0, "filename": null, "id": "region_6179", "name": "private_0x0000000000be0000", "norm_filename": null, "region_type": "private_memory", "start_va": 12451840, "timestamp": "00:01:30.894", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 13893632, "type": "region", "version": 1 }, "end_va": 14417919, "entry_point": 0, "filename": null, "id": "region_6180", "name": "private_0x0000000000d40000", "norm_filename": null, "region_type": "private_memory", "start_va": 13893632, "timestamp": "00:01:30.894", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 17235968, "type": "region", "version": 1 }, "end_va": 17760255, "entry_point": 0, "filename": null, "id": "region_6181", "name": "private_0x0000000001070000", "norm_filename": null, "region_type": "private_memory", "start_va": 17235968, "timestamp": "00:01:30.895", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092858368, "type": "region", "version": 1 }, "end_va": 8796092866559, "entry_point": 0, "filename": null, "id": "region_6182", "name": "private_0x000007fffffd8000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092858368, "timestamp": "00:01:30.895", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2945024, "start_va": 17760256, "type": "region", "version": 1 }, "end_va": 20705279, "entry_point": 17760256, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_6183", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 17760256, "timestamp": "00:01:30.896", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 81920, "start_va": 8791758077952, "type": "region", "version": 1 }, "end_va": 8791758159871, "entry_point": 8791758082272, "filename": "\\Windows\\System32\\RpcRtRemote.dll", "id": "region_6184", "name": "rpcrtremote.dll", "norm_filename": "c:\\windows\\system32\\rpcrtremote.dll", "region_type": "memory_mapped_file", "start_va": 8791758077952, "timestamp": "00:01:30.900", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 21233664, "type": "region", "version": 1 }, "end_va": 21757951, "entry_point": 0, "filename": null, "id": "region_6185", "name": "private_0x0000000001440000", "norm_filename": null, "region_type": "private_memory", "start_va": 21233664, "timestamp": "00:01:30.905", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092850176, "type": "region", "version": 1 }, "end_va": 8796092858367, "entry_point": 0, "filename": null, "id": "region_6186", "name": "private_0x000007fffffd6000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092850176, "timestamp": "00:01:30.905", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 20709376, "type": "region", "version": 1 }, "end_va": 21233663, "entry_point": 0, "filename": null, "id": "region_6187", "name": "private_0x00000000013c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 20709376, "timestamp": "00:01:30.906", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092837888, "type": "region", "version": 1 }, "end_va": 8796092846079, "entry_point": 0, "filename": null, "id": "region_6188", "name": "private_0x000007fffffd3000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092837888, "timestamp": "00:01:30.906", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 3407872, "type": "region", "version": 1 }, "end_va": 3411967, "entry_point": 0, "filename": null, "id": "region_6189", "name": "pagefile_0x0000000000340000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 3407872, "timestamp": "00:01:30.907", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 626688, "start_va": 8791790256128, "type": "region", "version": 1 }, "end_va": 8791790882815, "entry_point": 8791790263312, "filename": "\\Windows\\System32\\clbcatq.dll", "id": "region_6190", "name": "clbcatq.dll", "norm_filename": "c:\\windows\\system32\\clbcatq.dll", "region_type": "memory_mapped_file", "start_va": 8791790256128, "timestamp": "00:01:30.908", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 36864, "start_va": 8791646797824, "type": "region", "version": 1 }, "end_va": 8791646834687, "entry_point": 8791646797824, "filename": "\\Windows\\System32\\TSChannel.dll", "id": "region_6191", "name": "tschannel.dll", "norm_filename": "c:\\windows\\system32\\tschannel.dll", "region_type": "memory_mapped_file", "start_va": 8791646797824, "timestamp": "00:01:30.913", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 217088, "start_va": 8791729569792, "type": "region", "version": 1 }, "end_va": 8791729786879, "entry_point": 8791729573988, "filename": "\\Windows\\System32\\xmllite.dll", "id": "region_6193", "name": "xmllite.dll", "norm_filename": "c:\\windows\\system32\\xmllite.dll", "region_type": "memory_mapped_file", "start_va": 8791729569792, "timestamp": "00:01:30.949", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 21954560, "type": "region", "version": 1 }, "end_va": 22478847, "entry_point": 0, "filename": null, "id": "region_6194", "name": "private_0x00000000014f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 21954560, "timestamp": "00:01:30.955", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092686336, "type": "region", "version": 1 }, "end_va": 8796092694527, "entry_point": 0, "filename": null, "id": "region_6195", "name": "private_0x000007fffffae000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092686336, "timestamp": "00:01:30.955", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 23986176, "type": "region", "version": 1 }, "end_va": 24510463, "entry_point": 0, "filename": null, "id": "region_6196", "name": "private_0x00000000016e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 23986176, "timestamp": "00:01:30.958", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092678144, "type": "region", "version": 1 }, "end_va": 8796092686335, "entry_point": 0, "filename": null, "id": "region_6197", "name": "private_0x000007fffffac000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092678144, "timestamp": "00:01:30.958", "type": "region", "version": 1 } ], "terminate_reason": "timeout", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "", "filename": "System", "id": "proc_20", "image_name": "System", "monitor_reason": "kernel_analysis", "monitored_id": 20, "origin_monitor_id": 0, "ref_parent_process": null, "regions": [ { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 143360, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 208895, "entry_point": 0, "filename": null, "id": "region_2188", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:01:06.542", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 131072, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 393215, "entry_point": 0, "filename": null, "id": "region_2189", "name": "pagefile_0x0000000000040000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 262144, "timestamp": "00:01:06.542", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 131072, "start_va": 393216, "type": "region", "version": 1 }, "end_va": 524287, "entry_point": 0, "filename": null, "id": "region_2190", "name": "pagefile_0x0000000000060000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 393216, "timestamp": "00:01:06.542", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 524288, "type": "region", "version": 1 }, "end_va": 528383, "entry_point": 0, "filename": null, "id": "region_2191", "name": "pagefile_0x0000000000080000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 524288, "timestamp": "00:01:06.542", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 2007695360, "type": "region", "version": 1 }, "end_va": 2009436159, "entry_point": 2007695360, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_2192", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2007695360, "timestamp": "00:01:06.542", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1572864, "start_va": 2009661440, "type": "region", "version": 1 }, "end_va": 2011234303, "entry_point": 2009661440, "filename": "\\Windows\\SysWOW64\\ntdll.dll", "id": "region_2193", "name": "ntdll.dll", "norm_filename": "c:\\windows\\syswow64\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2009661440, "timestamp": "00:01:06.543", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable" ], "ref_process_dump": null, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_2194", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:01:06.626", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 196608, "start_va": 8795930296320, "type": "region", "version": 1 }, "end_va": 8795930492927, "entry_point": 0, "filename": null, "id": "region_2195", "name": "pagefile_0x000007fff64d0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 8795930296320, "timestamp": "00:01:06.626", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 196608, "start_va": 8795935539200, "type": "region", "version": 1 }, "end_va": 8795935735807, "entry_point": 0, "filename": null, "id": "region_2196", "name": "pagefile_0x000007fff69d0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 8795935539200, "timestamp": "00:01:06.626", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 196608, "start_va": 8795940782080, "type": "region", "version": 1 }, "end_va": 8795940978687, "entry_point": 0, "filename": null, "id": "region_2197", "name": "pagefile_0x000007fff6ed0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 8795940782080, "timestamp": "00:01:06.626", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 196608, "start_va": 8795946024960, "type": "region", "version": 1 }, "end_va": 8795946221567, "entry_point": 0, "filename": null, "id": "region_2198", "name": "pagefile_0x000007fff73d0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 8795946024960, "timestamp": "00:01:06.626", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 196608, "start_va": 8795951267840, "type": "region", "version": 1 }, "end_va": 8795951464447, "entry_point": 0, "filename": null, "id": "region_2199", "name": "pagefile_0x000007fff78d0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 8795951267840, "timestamp": "00:01:06.626", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 196608, "start_va": 8795956510720, "type": "region", "version": 1 }, "end_va": 8795956707327, "entry_point": 0, "filename": null, "id": "region_2200", "name": "pagefile_0x000007fff7dd0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 8795956510720, "timestamp": "00:01:06.626", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 196608, "start_va": 8795961753600, "type": "region", "version": 1 }, "end_va": 8795961950207, "entry_point": 0, "filename": null, "id": "region_2201", "name": "pagefile_0x000007fff82d0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 8795961753600, "timestamp": "00:01:06.626", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 196608, "start_va": 8795966996480, "type": "region", "version": 1 }, "end_va": 8795967193087, "entry_point": 0, "filename": null, "id": "region_2202", "name": "pagefile_0x000007fff87d0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 8795966996480, "timestamp": "00:01:06.626", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 196608, "start_va": 8795972239360, "type": "region", "version": 1 }, "end_va": 8795972435967, "entry_point": 0, "filename": null, "id": "region_2203", "name": "pagefile_0x000007fff8cd0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 8795972239360, "timestamp": "00:01:06.627", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 196608, "start_va": 8795977482240, "type": "region", "version": 1 }, "end_va": 8795977678847, "entry_point": 0, "filename": null, "id": "region_2204", "name": "pagefile_0x000007fff91d0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 8795977482240, "timestamp": "00:01:06.627", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 196608, "start_va": 8795982725120, "type": "region", "version": 1 }, "end_va": 8795982921727, "entry_point": 0, "filename": null, "id": "region_2205", "name": "pagefile_0x000007fff96d0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 8795982725120, "timestamp": "00:01:06.627", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 196608, "start_va": 8795987968000, "type": "region", "version": 1 }, "end_va": 8795988164607, "entry_point": 0, "filename": null, "id": "region_2206", "name": "pagefile_0x000007fff9bd0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 8795987968000, "timestamp": "00:01:06.627", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 196608, "start_va": 8795993210880, "type": "region", "version": 1 }, "end_va": 8795993407487, "entry_point": 0, "filename": null, "id": "region_2207", "name": "pagefile_0x000007fffa0d0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 8795993210880, "timestamp": "00:01:06.627", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 196608, "start_va": 8795998453760, "type": "region", "version": 1 }, "end_va": 8795998650367, "entry_point": 0, "filename": null, "id": "region_2208", "name": "pagefile_0x000007fffa5d0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 8795998453760, "timestamp": "00:01:06.627", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 196608, "start_va": 8796003696640, "type": "region", "version": 1 }, "end_va": 8796003893247, "entry_point": 0, "filename": null, "id": "region_2209", "name": "pagefile_0x000007fffaad0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 8796003696640, "timestamp": "00:01:06.627", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 196608, "start_va": 8796008939520, "type": "region", "version": 1 }, "end_va": 8796009136127, "entry_point": 0, "filename": null, "id": "region_2210", "name": "pagefile_0x000007fffafd0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 8796008939520, "timestamp": "00:01:06.627", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 196608, "start_va": 8796014182400, "type": "region", "version": 1 }, "end_va": 8796014379007, "entry_point": 0, "filename": null, "id": "region_2211", "name": "pagefile_0x000007fffb4d0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 8796014182400, "timestamp": "00:01:06.627", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 196608, "start_va": 8796019425280, "type": "region", "version": 1 }, "end_va": 8796019621887, "entry_point": 0, "filename": null, "id": "region_2212", "name": "pagefile_0x000007fffb9d0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 8796019425280, "timestamp": "00:01:06.627", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 196608, "start_va": 8796024668160, "type": "region", "version": 1 }, "end_va": 8796024864767, "entry_point": 0, "filename": null, "id": "region_2213", "name": "pagefile_0x000007fffbed0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 8796024668160, "timestamp": "00:01:06.627", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 196608, "start_va": 8796029911040, "type": "region", "version": 1 }, "end_va": 8796030107647, "entry_point": 0, "filename": null, "id": "region_2214", "name": "pagefile_0x000007fffc3d0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 8796029911040, "timestamp": "00:01:06.627", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 196608, "start_va": 8796035153920, "type": "region", "version": 1 }, "end_va": 8796035350527, "entry_point": 0, "filename": null, "id": "region_2215", "name": "pagefile_0x000007fffc8d0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 8796035153920, "timestamp": "00:01:06.627", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 196608, "start_va": 8796040396800, "type": "region", "version": 1 }, "end_va": 8796040593407, "entry_point": 0, "filename": null, "id": "region_2216", "name": "pagefile_0x000007fffcdd0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 8796040396800, "timestamp": "00:01:06.627", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 196608, "start_va": 8796045639680, "type": "region", "version": 1 }, "end_va": 8796045836287, "entry_point": 0, "filename": null, "id": "region_2217", "name": "pagefile_0x000007fffd2d0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 8796045639680, "timestamp": "00:01:06.627", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 196608, "start_va": 8796050882560, "type": "region", "version": 1 }, "end_va": 8796051079167, "entry_point": 0, "filename": null, "id": "region_2218", "name": "pagefile_0x000007fffd7d0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 8796050882560, "timestamp": "00:01:06.627", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 196608, "start_va": 8796056125440, "type": "region", "version": 1 }, "end_va": 8796056322047, "entry_point": 0, "filename": null, "id": "region_2219", "name": "pagefile_0x000007fffdcd0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 8796056125440, "timestamp": "00:01:06.627", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 196608, "start_va": 8796061368320, "type": "region", "version": 1 }, "end_va": 8796061564927, "entry_point": 0, "filename": null, "id": "region_2220", "name": "pagefile_0x000007fffe1d0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 8796061368320, "timestamp": "00:01:06.627", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 196608, "start_va": 8796066611200, "type": "region", "version": 1 }, "end_va": 8796066807807, "entry_point": 0, "filename": null, "id": "region_2221", "name": "pagefile_0x000007fffe6d0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 8796066611200, "timestamp": "00:01:06.627", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 196608, "start_va": 8796071854080, "type": "region", "version": 1 }, "end_va": 8796072050687, "entry_point": 0, "filename": null, "id": "region_2222", "name": "pagefile_0x000007fffebd0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 8796071854080, "timestamp": "00:01:06.627", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 196608, "start_va": 8796077096960, "type": "region", "version": 1 }, "end_va": 8796077293567, "entry_point": 0, "filename": null, "id": "region_2223", "name": "pagefile_0x000007ffff0d0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 8796077096960, "timestamp": "00:01:06.627", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 196608, "start_va": 8796082339840, "type": "region", "version": 1 }, "end_va": 8796082536447, "entry_point": 0, "filename": null, "id": "region_2224", "name": "pagefile_0x000007ffff5d0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 8796082339840, "timestamp": "00:01:06.627", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 196608, "start_va": 8796087582720, "type": "region", "version": 1 }, "end_va": 8796087779327, "entry_point": 0, "filename": null, "id": "region_2225", "name": "pagefile_0x000007ffffad0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 8796087582720, "timestamp": "00:01:06.627", "type": "region", "version": 1 } ], "terminate_reason": "timeout", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "\\SystemRoot\\System32\\smss.exe", "filename": "c:\\windows\\system32\\smss.exe", "id": "proc_21", "image_name": "smss.exe", "monitor_reason": "child_process", "monitored_id": 21, "origin_monitor_id": 20, "ref_parent_process": { "ref_id": "proc_20", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [], "terminate_reason": "timeout", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "%SystemRoot%\\system32\\csrss.exe ObjectDirectory=\\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16", "filename": "c:\\windows\\system32\\csrss.exe", "id": "proc_22", "image_name": "csrss.exe", "monitor_reason": "child_process", "monitored_id": 22, "origin_monitor_id": 21, "ref_parent_process": { "ref_id": "proc_21", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 0, "type": "region", "version": 1 }, "end_va": 1048575, "entry_point": 0, "filename": null, "id": "region_3376", "name": "private_0x (null)", "norm_filename": null, "region_type": "private_memory", "start_va": 0, "timestamp": "00:01:10.014", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 1048576, "type": "region", "version": 1 }, "end_va": 1470463, "entry_point": 1048576, "filename": "\\Windows\\System32\\locale.nls", "id": "region_3377", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 1048576, "timestamp": "00:01:10.015", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 28672, "start_va": 1507328, "type": "region", "version": 1 }, "end_va": 1535999, "entry_point": 0, "filename": null, "id": "region_3378", "name": "pagefile_0x0000000000170000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1507328, "timestamp": "00:01:10.015", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 1572864, "type": "region", "version": 1 }, "end_va": 1581055, "entry_point": 0, "filename": null, "id": "region_3379", "name": "pagefile_0x0000000000180000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1572864, "timestamp": "00:01:10.015", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 1638400, "type": "region", "version": 1 }, "end_va": 1642495, "entry_point": 0, "filename": null, "id": "region_3380", "name": "private_0x0000000000190000", "norm_filename": null, "region_type": "private_memory", "start_va": 1638400, "timestamp": "00:01:10.015", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 1703936, "type": "region", "version": 1 }, "end_va": 1712127, "entry_point": 1703936, "filename": "\\Windows\\Fonts\\vgasys.fon", "id": "region_3381", "name": "vgasys.fon", "norm_filename": "c:\\windows\\fonts\\vgasys.fon", "region_type": "memory_mapped_file", "start_va": 1703936, "timestamp": "00:01:10.015", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 1769472, "type": "region", "version": 1 }, "end_va": 2031615, "entry_point": 0, "filename": null, "id": "region_3382", "name": "private_0x00000000001b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1769472, "timestamp": "00:01:10.016", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2031616, "type": "region", "version": 1 }, "end_va": 2035711, "entry_point": 0, "filename": null, "id": "region_3383", "name": "private_0x00000000001f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2031616, "timestamp": "00:01:10.016", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 2097152, "type": "region", "version": 1 }, "end_va": 2162687, "entry_point": 0, "filename": null, "id": "region_3384", "name": "pagefile_0x0000000000200000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2097152, "timestamp": "00:01:10.016", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 28672, "start_va": 2162688, "type": "region", "version": 1 }, "end_va": 2191359, "entry_point": 2162688, "filename": "\\Windows\\Fonts\\marlett.ttf", "id": "region_3385", "name": "marlett.ttf", "norm_filename": "c:\\windows\\fonts\\marlett.ttf", "region_type": "memory_mapped_file", "start_va": 2162688, "timestamp": "00:01:10.016", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 2228224, "type": "region", "version": 1 }, "end_va": 2293759, "entry_point": 0, "filename": null, "id": "region_3386", "name": "pagefile_0x0000000000220000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2228224, "timestamp": "00:01:10.016", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 2293760, "type": "region", "version": 1 }, "end_va": 2555903, "entry_point": 0, "filename": null, "id": "region_3387", "name": "private_0x0000000000230000", "norm_filename": null, "region_type": "private_memory", "start_va": 2293760, "timestamp": "00:01:10.016", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 520192, "start_va": 2555904, "type": "region", "version": 1 }, "end_va": 3076095, "entry_point": 2555904, "filename": "\\Windows\\Fonts\\segoeui.ttf", "id": "region_3388", "name": "segoeui.ttf", "norm_filename": "c:\\windows\\fonts\\segoeui.ttf", "region_type": "memory_mapped_file", "start_va": 2555904, "timestamp": "00:01:10.016", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 3080192, "type": "region", "version": 1 }, "end_va": 3145727, "entry_point": 0, "filename": null, "id": "region_3389", "name": "private_0x00000000002f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 3080192, "timestamp": "00:01:10.016", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 196608, "start_va": 3145728, "type": "region", "version": 1 }, "end_va": 3342335, "entry_point": 0, "filename": null, "id": "region_3390", "name": "pagefile_0x0000000000300000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 3145728, "timestamp": "00:01:10.016", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 98304, "start_va": 3342336, "type": "region", "version": 1 }, "end_va": 3440639, "entry_point": 0, "filename": null, "id": "region_3391", "name": "pagefile_0x0000000000330000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 3342336, "timestamp": "00:01:10.016", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 3473408, "type": "region", "version": 1 }, "end_va": 3538943, "entry_point": 0, "filename": null, "id": "region_3392", "name": "pagefile_0x0000000000350000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 3473408, "timestamp": "00:01:10.016", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 3538944, "type": "region", "version": 1 }, "end_va": 3604479, "entry_point": 0, "filename": null, "id": "region_3393", "name": "pagefile_0x0000000000360000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 3538944, "timestamp": "00:01:10.016", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 3604480, "type": "region", "version": 1 }, "end_va": 3670015, "entry_point": 0, "filename": null, "id": "region_3394", "name": "pagefile_0x0000000000370000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 3604480, "timestamp": "00:01:10.016", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 3670016, "type": "region", "version": 1 }, "end_va": 3735551, "entry_point": 0, "filename": null, "id": "region_3395", "name": "pagefile_0x0000000000380000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 3670016, "timestamp": "00:01:10.016", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 3735552, "type": "region", "version": 1 }, "end_va": 4784127, "entry_point": 0, "filename": null, "id": "region_3396", "name": "private_0x0000000000390000", "norm_filename": null, "region_type": "private_memory", "start_va": 3735552, "timestamp": "00:01:10.016", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 4784128, "type": "region", "version": 1 }, "end_va": 5832703, "entry_point": 0, "filename": null, "id": "region_3397", "name": "private_0x0000000000490000", "norm_filename": null, "region_type": "private_memory", "start_va": 4784128, "timestamp": "00:01:10.016", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 5832704, "type": "region", "version": 1 }, "end_va": 7409663, "entry_point": 0, "filename": null, "id": "region_3398", "name": "pagefile_0x0000000000590000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 5832704, "timestamp": "00:01:10.016", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4141056, "start_va": 7471104, "type": "region", "version": 1 }, "end_va": 11612159, "entry_point": 0, "filename": null, "id": "region_3399", "name": "pagefile_0x0000000000720000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 7471104, "timestamp": "00:01:10.017", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 11665408, "type": "region", "version": 1 }, "end_va": 11730943, "entry_point": 0, "filename": null, "id": "region_3400", "name": "pagefile_0x0000000000b20000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 11665408, "timestamp": "00:01:10.017", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 11730944, "type": "region", "version": 1 }, "end_va": 11739135, "entry_point": 0, "filename": null, "id": "region_3401", "name": "pagefile_0x0000000000b30000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 11730944, "timestamp": "00:01:10.017", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 11796480, "type": "region", "version": 1 }, "end_va": 11862015, "entry_point": 0, "filename": null, "id": "region_3402", "name": "pagefile_0x0000000000b40000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 11796480, "timestamp": "00:01:10.017", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 11862016, "type": "region", "version": 1 }, "end_va": 12124159, "entry_point": 0, "filename": null, "id": "region_3403", "name": "private_0x0000000000b50000", "norm_filename": null, "region_type": "private_memory", "start_va": 11862016, "timestamp": "00:01:10.017", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 12124160, "type": "region", "version": 1 }, "end_va": 12189695, "entry_point": 0, "filename": null, "id": "region_3404", "name": "pagefile_0x0000000000b90000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 12124160, "timestamp": "00:01:10.017", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 12189696, "type": "region", "version": 1 }, "end_va": 12255231, "entry_point": 0, "filename": null, "id": "region_3405", "name": "pagefile_0x0000000000ba0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 12189696, "timestamp": "00:01:10.017", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 12255232, "type": "region", "version": 1 }, "end_va": 12320767, "entry_point": 0, "filename": null, "id": "region_3406", "name": "pagefile_0x0000000000bb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 12255232, "timestamp": "00:01:10.017", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 12320768, "type": "region", "version": 1 }, "end_va": 12386303, "entry_point": 0, "filename": null, "id": "region_3407", "name": "pagefile_0x0000000000bc0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 12320768, "timestamp": "00:01:10.017", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 12386304, "type": "region", "version": 1 }, "end_va": 12648447, "entry_point": 0, "filename": null, "id": "region_3408", "name": "private_0x0000000000bd0000", "norm_filename": null, "region_type": "private_memory", "start_va": 12386304, "timestamp": "00:01:10.017", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 12648448, "type": "region", "version": 1 }, "end_va": 12713983, "entry_point": 0, "filename": null, "id": "region_3409", "name": "pagefile_0x0000000000c10000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 12648448, "timestamp": "00:01:10.017", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 12713984, "type": "region", "version": 1 }, "end_va": 12779519, "entry_point": 0, "filename": null, "id": "region_3410", "name": "pagefile_0x0000000000c20000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 12713984, "timestamp": "00:01:10.017", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 12779520, "type": "region", "version": 1 }, "end_va": 12845055, "entry_point": 0, "filename": null, "id": "region_3411", "name": "pagefile_0x0000000000c30000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 12779520, "timestamp": "00:01:10.017", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 12845056, "type": "region", "version": 1 }, "end_va": 13107199, "entry_point": 0, "filename": null, "id": "region_3412", "name": "private_0x0000000000c40000", "norm_filename": null, "region_type": "private_memory", "start_va": 12845056, "timestamp": "00:01:10.017", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 13107200, "type": "region", "version": 1 }, "end_va": 14712831, "entry_point": 0, "filename": null, "id": "region_3413", "name": "pagefile_0x0000000000c80000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 13107200, "timestamp": "00:01:10.017", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 15007744, "type": "region", "version": 1 }, "end_va": 15269887, "entry_point": 0, "filename": null, "id": "region_3414", "name": "private_0x0000000000e50000", "norm_filename": null, "region_type": "private_memory", "start_va": 15007744, "timestamp": "00:01:10.017", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 15269888, "type": "region", "version": 1 }, "end_va": 15532031, "entry_point": 0, "filename": null, "id": "region_3415", "name": "private_0x0000000000e90000", "norm_filename": null, "region_type": "private_memory", "start_va": 15269888, "timestamp": "00:01:10.017", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20971520, "start_va": 15532032, "type": "region", "version": 1 }, "end_va": 36503551, "entry_point": 0, "filename": null, "id": "region_3416", "name": "pagefile_0x0000000000ed0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 15532032, "timestamp": "00:01:10.017", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 786432, "start_va": 36503552, "type": "region", "version": 1 }, "end_va": 37289983, "entry_point": 0, "filename": null, "id": "region_3417", "name": "pagefile_0x00000000022d0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 36503552, "timestamp": "00:01:10.017", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 37355520, "type": "region", "version": 1 }, "end_va": 37617663, "entry_point": 0, "filename": null, "id": "region_3418", "name": "private_0x00000000023a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 37355520, "timestamp": "00:01:10.017", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 786432, "start_va": 37617664, "type": "region", "version": 1 }, "end_va": 38404095, "entry_point": 0, "filename": null, "id": "region_3419", "name": "pagefile_0x00000000023e0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 37617664, "timestamp": "00:01:10.017", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 786432, "start_va": 38404096, "type": "region", "version": 1 }, "end_va": 39190527, "entry_point": 0, "filename": null, "id": "region_3420", "name": "pagefile_0x00000000024a0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 38404096, "timestamp": "00:01:10.017", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 24576, "start_va": 1238564864, "type": "region", "version": 1 }, "end_va": 1238589439, "entry_point": 1238570304, "filename": "\\Windows\\System32\\csrss.exe", "id": "region_3421", "name": "csrss.exe", "norm_filename": "c:\\windows\\system32\\csrss.exe", "region_type": "memory_mapped_file", "start_va": 1238564864, "timestamp": "00:01:10.017", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1024000, "start_va": 2005467136, "type": "region", "version": 1 }, "end_va": 2006491135, "entry_point": 2005574344, "filename": "\\Windows\\System32\\user32.dll", "id": "region_3422", "name": "user32.dll", "norm_filename": "c:\\windows\\system32\\user32.dll", "region_type": "memory_mapped_file", "start_va": 2005467136, "timestamp": "00:01:10.018", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1175552, "start_va": 2006515712, "type": "region", "version": 1 }, "end_va": 2007691263, "entry_point": 2006605472, "filename": "\\Windows\\System32\\kernel32.dll", "id": "region_3423", "name": "kernel32.dll", "norm_filename": "c:\\windows\\system32\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 2006515712, "timestamp": "00:01:10.019", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 2007695360, "type": "region", "version": 1 }, "end_va": 2009436159, "entry_point": 2007695360, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_3424", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2007695360, "timestamp": "00:01:10.019", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2131623935, "entry_point": 0, "filename": null, "id": "region_3425", "name": "pagefile_0x000000007efe0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130575360, "timestamp": "00:01:10.020", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 15728640, "start_va": 2131623936, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_3426", "name": "private_0x000000007f0e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2131623936, "timestamp": "00:01:10.020", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable" ], "ref_process_dump": null, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_3427", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:01:10.020", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 61440, "start_va": 8791757094912, "type": "region", "version": 1 }, "end_va": 8791757156351, "entry_point": 8791757099024, "filename": "\\Windows\\System32\\cryptbase.dll", "id": "region_3428", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\system32\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 8791757094912, "timestamp": "00:01:10.020", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 593920, "start_va": 8791757160448, "type": "region", "version": 1 }, "end_va": 8791757754367, "entry_point": 8791757165632, "filename": "\\Windows\\System32\\sxs.dll", "id": "region_3429", "name": "sxs.dll", "norm_filename": "c:\\windows\\system32\\sxs.dll", "region_type": "memory_mapped_file", "start_va": 8791757160448, "timestamp": "00:01:10.021", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 8791758274560, "type": "region", "version": 1 }, "end_va": 8791758323711, "entry_point": 8791758290512, "filename": "\\Windows\\System32\\sxssrv.dll", "id": "region_3430", "name": "sxssrv.dll", "norm_filename": "c:\\windows\\system32\\sxssrv.dll", "region_type": "memory_mapped_file", "start_va": 8791758274560, "timestamp": "00:01:10.021", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 229376, "start_va": 8791758340096, "type": "region", "version": 1 }, "end_va": 8791758569471, "entry_point": 8791758350224, "filename": "\\Windows\\System32\\winsrv.dll", "id": "region_3431", "name": "winsrv.dll", "norm_filename": "c:\\windows\\system32\\winsrv.dll", "region_type": "memory_mapped_file", "start_va": 8791758340096, "timestamp": "00:01:10.022", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 69632, "start_va": 8791758602240, "type": "region", "version": 1 }, "end_va": 8791758671871, "entry_point": 8791758647788, "filename": "\\Windows\\System32\\basesrv.dll", "id": "region_3432", "name": "basesrv.dll", "norm_filename": "c:\\windows\\system32\\basesrv.dll", "region_type": "memory_mapped_file", "start_va": 8791758602240, "timestamp": "00:01:10.022", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 77824, "start_va": 8791758733312, "type": "region", "version": 1 }, "end_va": 8791758811135, "entry_point": 8791758765096, "filename": "\\Windows\\System32\\csrsrv.dll", "id": "region_3433", "name": "csrsrv.dll", "norm_filename": "c:\\windows\\system32\\csrsrv.dll", "region_type": "memory_mapped_file", "start_va": 8791758733312, "timestamp": "00:01:10.023", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 438272, "start_va": 8791759060992, "type": "region", "version": 1 }, "end_va": 8791759499263, "entry_point": 8791759073504, "filename": "\\Windows\\System32\\KernelBase.dll", "id": "region_3434", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\system32\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 8791759060992, "timestamp": "00:01:10.023", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 823296, "start_va": 8791762206720, "type": "region", "version": 1 }, "end_va": 8791763030015, "entry_point": 8791762708596, "filename": "\\Windows\\System32\\usp10.dll", "id": "region_3435", "name": "usp10.dll", "norm_filename": "c:\\windows\\system32\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 8791762206720, "timestamp": "00:01:10.024", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 57344, "start_va": 8791764566016, "type": "region", "version": 1 }, "end_va": 8791764623359, "entry_point": 8791764570240, "filename": "\\Windows\\System32\\lpk.dll", "id": "region_3436", "name": "lpk.dll", "norm_filename": "c:\\windows\\system32\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 8791764566016, "timestamp": "00:01:10.024", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1232896, "start_va": 8791786520576, "type": "region", "version": 1 }, "end_va": 8791787753471, "entry_point": 8791786843472, "filename": "\\Windows\\System32\\rpcrt4.dll", "id": "region_3437", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\system32\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 8791786520576, "timestamp": "00:01:10.025", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 651264, "start_va": 8791791435776, "type": "region", "version": 1 }, "end_va": 8791792087039, "entry_point": 8791791445408, "filename": "\\Windows\\System32\\msvcrt.dll", "id": "region_3438", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\system32\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 8791791435776, "timestamp": "00:01:10.026", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 421888, "start_va": 8791794778112, "type": "region", "version": 1 }, "end_va": 8791795199999, "entry_point": 8791794823228, "filename": "\\Windows\\System32\\gdi32.dll", "id": "region_3439", "name": "gdi32.dll", "norm_filename": "c:\\windows\\system32\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 8791794778112, "timestamp": "00:01:10.026", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 8791795761152, "type": "region", "version": 1 }, "end_va": 8791795765247, "entry_point": 8791795761152, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_3440", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 8791795761152, "timestamp": "00:01:10.027", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092669952, "type": "region", "version": 1 }, "end_va": 8796092678143, "entry_point": 0, "filename": null, "id": "region_3441", "name": "private_0x000007fffffaa000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092669952, "timestamp": "00:01:10.029", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092678144, "type": "region", "version": 1 }, "end_va": 8796092686335, "entry_point": 0, "filename": null, "id": "region_3442", "name": "private_0x000007fffffac000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092678144, "timestamp": "00:01:10.029", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092686336, "type": "region", "version": 1 }, "end_va": 8796092694527, "entry_point": 0, "filename": null, "id": "region_3443", "name": "private_0x000007fffffae000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092686336, "timestamp": "00:01:10.029", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 8796092694528, "type": "region", "version": 1 }, "end_va": 8796092837887, "entry_point": 0, "filename": null, "id": "region_3444", "name": "pagefile_0x000007fffffb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 8796092694528, "timestamp": "00:01:10.029", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092841984, "type": "region", "version": 1 }, "end_va": 8796092850175, "entry_point": 0, "filename": null, "id": "region_3445", "name": "private_0x000007fffffd4000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092841984, "timestamp": "00:01:10.029", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092850176, "type": "region", "version": 1 }, "end_va": 8796092858367, "entry_point": 0, "filename": null, "id": "region_3446", "name": "private_0x000007fffffd6000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092850176, "timestamp": "00:01:10.029", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092858368, "type": "region", "version": 1 }, "end_va": 8796092866559, "entry_point": 0, "filename": null, "id": "region_3447", "name": "private_0x000007fffffd8000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092858368, "timestamp": "00:01:10.029", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092866560, "type": "region", "version": 1 }, "end_va": 8796092874751, "entry_point": 0, "filename": null, "id": "region_3448", "name": "private_0x000007fffffda000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092866560, "timestamp": "00:01:10.029", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092874752, "type": "region", "version": 1 }, "end_va": 8796092882943, "entry_point": 0, "filename": null, "id": "region_3449", "name": "private_0x000007fffffdc000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092874752, "timestamp": "00:01:10.029", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 8796092882944, "type": "region", "version": 1 }, "end_va": 8796092887039, "entry_point": 0, "filename": null, "id": "region_3450", "name": "private_0x000007fffffde000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092882944, "timestamp": "00:01:10.029", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 40960000, "type": "region", "version": 1 }, "end_va": 41222143, "entry_point": 0, "filename": null, "id": "region_3760", "name": "private_0x0000000002710000", "norm_filename": null, "region_type": "private_memory", "start_va": 40960000, "timestamp": "00:01:10.767", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092661760, "type": "region", "version": 1 }, "end_va": 8796092669951, "entry_point": 0, "filename": null, "id": "region_3761", "name": "private_0x000007fffffa8000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092661760, "timestamp": "00:01:10.767", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 14745600, "type": "region", "version": 1 }, "end_va": 14753791, "entry_point": 0, "filename": null, "id": "region_5270", "name": "pagefile_0x0000000000e10000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 14745600, "timestamp": "00:01:22.718", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 14745600, "type": "region", "version": 1 }, "end_va": 14749695, "entry_point": 0, "filename": null, "id": "region_5532", "name": "pagefile_0x0000000000e10000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 14745600, "timestamp": "00:01:26.240", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 14745600, "type": "region", "version": 1 }, "end_va": 14811135, "entry_point": 0, "filename": null, "id": "region_6209", "name": "pagefile_0x0000000000e10000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 14745600, "timestamp": "00:01:30.990", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 14811136, "type": "region", "version": 1 }, "end_va": 14815231, "entry_point": 0, "filename": null, "id": "region_6210", "name": "pagefile_0x0000000000e20000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 14811136, "timestamp": "00:01:30.990", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 14811136, "type": "region", "version": 1 }, "end_va": 14823423, "entry_point": 0, "filename": null, "id": "region_6234", "name": "pagefile_0x0000000000e20000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 14811136, "timestamp": "00:01:31.070", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 14811136, "type": "region", "version": 1 }, "end_va": 14876671, "entry_point": 0, "filename": null, "id": "region_6285", "name": "pagefile_0x0000000000e20000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 14811136, "timestamp": "00:01:31.241", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 14876672, "type": "region", "version": 1 }, "end_va": 14942207, "entry_point": 0, "filename": null, "id": "region_6286", "name": "pagefile_0x0000000000e30000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 14876672, "timestamp": "00:01:31.241", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 14942208, "type": "region", "version": 1 }, "end_va": 14950399, "entry_point": 14942208, "filename": "\\Windows\\Fonts\\vgaoem.fon", "id": "region_6287", "name": "vgaoem.fon", "norm_filename": "c:\\windows\\fonts\\vgaoem.fon", "region_type": "memory_mapped_file", "start_va": 14942208, "timestamp": "00:01:31.241", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 36864, "start_va": 37289984, "type": "region", "version": 1 }, "end_va": 37326847, "entry_point": 37289984, "filename": "\\Windows\\Fonts\\dosapp.fon", "id": "region_6288", "name": "dosapp.fon", "norm_filename": "c:\\windows\\fonts\\dosapp.fon", "region_type": "memory_mapped_file", "start_va": 37289984, "timestamp": "00:01:31.242", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 39190528, "type": "region", "version": 1 }, "end_va": 39198719, "entry_point": 39190528, "filename": "\\Windows\\Fonts\\cga40woa.fon", "id": "region_6289", "name": "cga40woa.fon", "norm_filename": "c:\\windows\\fonts\\cga40woa.fon", "region_type": "memory_mapped_file", "start_va": 39190528, "timestamp": "00:01:31.242", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 39256064, "type": "region", "version": 1 }, "end_va": 39264255, "entry_point": 39256064, "filename": "\\Windows\\Fonts\\cga80woa.fon", "id": "region_6290", "name": "cga80woa.fon", "norm_filename": "c:\\windows\\fonts\\cga80woa.fon", "region_type": "memory_mapped_file", "start_va": 39256064, "timestamp": "00:01:31.243", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 12288, "start_va": 39321600, "type": "region", "version": 1 }, "end_va": 39333887, "entry_point": 39321600, "filename": "\\Windows\\Fonts\\ega40woa.fon", "id": "region_6291", "name": "ega40woa.fon", "norm_filename": "c:\\windows\\fonts\\ega40woa.fon", "region_type": "memory_mapped_file", "start_va": 39321600, "timestamp": "00:01:31.244", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 16384, "start_va": 39387136, "type": "region", "version": 1 }, "end_va": 39403519, "entry_point": 0, "filename": null, "id": "region_6292", "name": "pagefile_0x0000000002590000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 39387136, "timestamp": "00:01:31.246", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 39387136, "type": "region", "version": 1 }, "end_va": 39391231, "entry_point": 0, "filename": null, "id": "region_6346", "name": "pagefile_0x0000000002590000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 39387136, "timestamp": "00:01:31.475", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 14876672, "type": "region", "version": 1 }, "end_va": 14880767, "entry_point": 0, "filename": null, "id": "region_6519", "name": "pagefile_0x0000000000e30000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 14876672, "timestamp": "00:01:32.002", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 39387136, "type": "region", "version": 1 }, "end_va": 39452671, "entry_point": 0, "filename": null, "id": "region_7204", "name": "pagefile_0x0000000002590000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 39387136, "timestamp": "00:01:37.978", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 39452672, "type": "region", "version": 1 }, "end_va": 39518207, "entry_point": 0, "filename": null, "id": "region_7205", "name": "pagefile_0x00000000025a0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 39452672, "timestamp": "00:01:37.978", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 39518208, "type": "region", "version": 1 }, "end_va": 39583743, "entry_point": 0, "filename": null, "id": "region_7206", "name": "pagefile_0x00000000025b0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 39518208, "timestamp": "00:01:37.978", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 39583744, "type": "region", "version": 1 }, "end_va": 39649279, "entry_point": 0, "filename": null, "id": "region_7207", "name": "pagefile_0x00000000025c0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 39583744, "timestamp": "00:01:37.978", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 39649280, "type": "region", "version": 1 }, "end_va": 39714815, "entry_point": 0, "filename": null, "id": "region_7208", "name": "pagefile_0x00000000025d0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 39649280, "timestamp": "00:01:37.978", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 39714816, "type": "region", "version": 1 }, "end_va": 39780351, "entry_point": 0, "filename": null, "id": "region_7209", "name": "pagefile_0x00000000025e0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 39714816, "timestamp": "00:01:37.978", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 39780352, "type": "region", "version": 1 }, "end_va": 39845887, "entry_point": 0, "filename": null, "id": "region_7210", "name": "pagefile_0x00000000025f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 39780352, "timestamp": "00:01:37.978", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 39845888, "type": "region", "version": 1 }, "end_va": 39849983, "entry_point": 0, "filename": null, "id": "region_7211", "name": "pagefile_0x0000000002600000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 39845888, "timestamp": "00:01:37.978", "type": "region", "version": 1 } ], "terminate_reason": "timeout", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "wininit.exe", "filename": "c:\\windows\\system32\\wininit.exe", "id": "proc_23", "image_name": "wininit.exe", "monitor_reason": "child_process", "monitored_id": 23, "origin_monitor_id": 21, "ref_parent_process": { "ref_id": "proc_21", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_4037", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:01:12.778", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 28672, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 159743, "entry_point": 0, "filename": null, "id": "region_4038", "name": "pagefile_0x0000000000020000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 131072, "timestamp": "00:01:12.778", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 204799, "entry_point": 0, "filename": null, "id": "region_4039", "name": "pagefile_0x0000000000030000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 196608, "timestamp": "00:01:12.778", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 1310719, "entry_point": 0, "filename": null, "id": "region_4040", "name": "private_0x0000000000040000", "norm_filename": null, "region_type": "private_memory", "start_va": 262144, "timestamp": "00:01:12.778", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 1310720, "type": "region", "version": 1 }, "end_va": 1732607, "entry_point": 1310720, "filename": "\\Windows\\System32\\locale.nls", "id": "region_4041", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 1310720, "timestamp": "00:01:12.778", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 1769472, "type": "region", "version": 1 }, "end_va": 1773567, "entry_point": 0, "filename": null, "id": "region_4042", "name": "private_0x00000000001b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1769472, "timestamp": "00:01:12.778", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 1835008, "type": "region", "version": 1 }, "end_va": 1839103, "entry_point": 0, "filename": null, "id": "region_4043", "name": "private_0x00000000001c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1835008, "timestamp": "00:01:12.778", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 1900544, "type": "region", "version": 1 }, "end_va": 2424831, "entry_point": 0, "filename": null, "id": "region_4044", "name": "private_0x00000000001d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1900544, "timestamp": "00:01:12.778", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 196608, "start_va": 2424832, "type": "region", "version": 1 }, "end_va": 2621439, "entry_point": 0, "filename": null, "id": "region_4045", "name": "pagefile_0x0000000000250000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2424832, "timestamp": "00:01:12.778", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2621440, "type": "region", "version": 1 }, "end_va": 2625535, "entry_point": 0, "filename": null, "id": "region_4046", "name": "private_0x0000000000280000", "norm_filename": null, "region_type": "private_memory", "start_va": 2621440, "timestamp": "00:01:12.778", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 2883584, "type": "region", "version": 1 }, "end_va": 2949119, "entry_point": 0, "filename": null, "id": "region_4047", "name": "private_0x00000000002c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2883584, "timestamp": "00:01:12.778", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2949120, "type": "region", "version": 1 }, "end_va": 3997695, "entry_point": 0, "filename": null, "id": "region_4048", "name": "private_0x00000000002d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2949120, "timestamp": "00:01:12.778", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 3997696, "type": "region", "version": 1 }, "end_va": 5603327, "entry_point": 0, "filename": null, "id": "region_4049", "name": "pagefile_0x00000000003d0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 3997696, "timestamp": "00:01:12.778", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 5636096, "type": "region", "version": 1 }, "end_va": 7213055, "entry_point": 0, "filename": null, "id": "region_4050", "name": "pagefile_0x0000000000560000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 5636096, "timestamp": "00:01:12.779", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4141056, "start_va": 7274496, "type": "region", "version": 1 }, "end_va": 11415551, "entry_point": 0, "filename": null, "id": "region_4051", "name": "pagefile_0x00000000006f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 7274496, "timestamp": "00:01:12.779", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 11993088, "type": "region", "version": 1 }, "end_va": 12517375, "entry_point": 0, "filename": null, "id": "region_4052", "name": "private_0x0000000000b70000", "norm_filename": null, "region_type": "private_memory", "start_va": 11993088, "timestamp": "00:01:12.779", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 12582912, "type": "region", "version": 1 }, "end_va": 13107199, "entry_point": 0, "filename": null, "id": "region_4053", "name": "private_0x0000000000c00000", "norm_filename": null, "region_type": "private_memory", "start_va": 12582912, "timestamp": "00:01:12.779", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 13303808, "type": "region", "version": 1 }, "end_va": 13828095, "entry_point": 0, "filename": null, "id": "region_4054", "name": "private_0x0000000000cb0000", "norm_filename": null, "region_type": "private_memory", "start_va": 13303808, "timestamp": "00:01:12.779", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 13828096, "type": "region", "version": 1 }, "end_va": 14352383, "entry_point": 0, "filename": null, "id": "region_4055", "name": "private_0x0000000000d30000", "norm_filename": null, "region_type": "private_memory", "start_va": 13828096, "timestamp": "00:01:12.779", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 14548992, "type": "region", "version": 1 }, "end_va": 15073279, "entry_point": 0, "filename": null, "id": "region_4056", "name": "private_0x0000000000de0000", "norm_filename": null, "region_type": "private_memory", "start_va": 14548992, "timestamp": "00:01:12.779", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 15532032, "type": "region", "version": 1 }, "end_va": 16056319, "entry_point": 0, "filename": null, "id": "region_4057", "name": "private_0x0000000000ed0000", "norm_filename": null, "region_type": "private_memory", "start_va": 15532032, "timestamp": "00:01:12.779", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 16711680, "type": "region", "version": 1 }, "end_va": 17235967, "entry_point": 0, "filename": null, "id": "region_4058", "name": "private_0x0000000000ff0000", "norm_filename": null, "region_type": "private_memory", "start_va": 16711680, "timestamp": "00:01:12.779", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20971520, "start_va": 17235968, "type": "region", "version": 1 }, "end_va": 38207487, "entry_point": 0, "filename": null, "id": "region_4059", "name": "pagefile_0x0000000001070000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 17235968, "timestamp": "00:01:12.779", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 39583744, "type": "region", "version": 1 }, "end_va": 40108031, "entry_point": 0, "filename": null, "id": "region_4060", "name": "private_0x00000000025c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 39583744, "timestamp": "00:01:12.779", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2945024, "start_va": 40108032, "type": "region", "version": 1 }, "end_va": 43053055, "entry_point": 40108032, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_4061", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 40108032, "timestamp": "00:01:12.780", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 43188224, "type": "region", "version": 1 }, "end_va": 43712511, "entry_point": 0, "filename": null, "id": "region_4062", "name": "private_0x0000000002930000", "norm_filename": null, "region_type": "private_memory", "start_va": 43188224, "timestamp": "00:01:12.780", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 43843584, "type": "region", "version": 1 }, "end_va": 44367871, "entry_point": 0, "filename": null, "id": "region_4063", "name": "private_0x00000000029d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 43843584, "timestamp": "00:01:12.780", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1024000, "start_va": 2005467136, "type": "region", "version": 1 }, "end_va": 2006491135, "entry_point": 2005574344, "filename": "\\Windows\\System32\\user32.dll", "id": "region_4064", "name": "user32.dll", "norm_filename": "c:\\windows\\system32\\user32.dll", "region_type": "memory_mapped_file", "start_va": 2005467136, "timestamp": "00:01:12.780", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1175552, "start_va": 2006515712, "type": "region", "version": 1 }, "end_va": 2007691263, "entry_point": 2006605472, "filename": "\\Windows\\System32\\kernel32.dll", "id": "region_4065", "name": "kernel32.dll", "norm_filename": "c:\\windows\\system32\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 2006515712, "timestamp": "00:01:12.780", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 2007695360, "type": "region", "version": 1 }, "end_va": 2009436159, "entry_point": 2007695360, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_4066", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2007695360, "timestamp": "00:01:12.781", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2131623935, "entry_point": 0, "filename": null, "id": "region_4067", "name": "pagefile_0x000000007efe0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130575360, "timestamp": "00:01:12.781", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 15728640, "start_va": 2131623936, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_4068", "name": "private_0x000000007f0e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2131623936, "timestamp": "00:01:12.782", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable" ], "ref_process_dump": null, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_4069", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:01:12.782", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 143360, "start_va": 4279500800, "type": "region", "version": 1 }, "end_va": 4279644159, "entry_point": 4279500800, "filename": "\\Windows\\System32\\wininit.exe", "id": "region_4070", "name": "wininit.exe", "norm_filename": "c:\\windows\\system32\\wininit.exe", "region_type": "memory_mapped_file", "start_va": 4279500800, "timestamp": "00:01:12.782", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 28672, "start_va": 8791744118784, "type": "region", "version": 1 }, "end_va": 8791744147455, "entry_point": 8791744124080, "filename": "\\Windows\\System32\\WSHTCPIP.DLL", "id": "region_4071", "name": "wshtcpip.dll", "norm_filename": "c:\\windows\\system32\\wshtcpip.dll", "region_type": "memory_mapped_file", "start_va": 8791744118784, "timestamp": "00:01:12.790", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 8791746609152, "type": "region", "version": 1 }, "end_va": 8791746650111, "entry_point": 8791746624696, "filename": "\\Windows\\System32\\credssp.dll", "id": "region_4072", "name": "credssp.dll", "norm_filename": "c:\\windows\\system32\\credssp.dll", "region_type": "memory_mapped_file", "start_va": 8791746609152, "timestamp": "00:01:12.790", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 28672, "start_va": 8791750344704, "type": "region", "version": 1 }, "end_va": 8791750373375, "entry_point": 8791750349868, "filename": "\\Windows\\System32\\wship6.dll", "id": "region_4073", "name": "wship6.dll", "norm_filename": "c:\\windows\\system32\\wship6.dll", "region_type": "memory_mapped_file", "start_va": 8791750344704, "timestamp": "00:01:12.793", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 348160, "start_va": 8791750410240, "type": "region", "version": 1 }, "end_va": 8791750758399, "entry_point": 8791750414420, "filename": "\\Windows\\System32\\mswsock.dll", "id": "region_4074", "name": "mswsock.dll", "norm_filename": "c:\\windows\\system32\\mswsock.dll", "region_type": "memory_mapped_file", "start_va": 8791750410240, "timestamp": "00:01:12.794", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 45056, "start_va": 8791756701696, "type": "region", "version": 1 }, "end_va": 8791756746751, "entry_point": 8791756705840, "filename": "\\Windows\\System32\\secur32.dll", "id": "region_4075", "name": "secur32.dll", "norm_filename": "c:\\windows\\system32\\secur32.dll", "region_type": "memory_mapped_file", "start_va": 8791756701696, "timestamp": "00:01:12.795", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 151552, "start_va": 8791756898304, "type": "region", "version": 1 }, "end_va": 8791757049855, "entry_point": 8791756936792, "filename": "\\Windows\\System32\\sspicli.dll", "id": "region_4076", "name": "sspicli.dll", "norm_filename": "c:\\windows\\system32\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 8791756898304, "timestamp": "00:01:12.795", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 61440, "start_va": 8791757094912, "type": "region", "version": 1 }, "end_va": 8791757156351, "entry_point": 8791757099024, "filename": "\\Windows\\System32\\cryptbase.dll", "id": "region_4077", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\system32\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 8791757094912, "timestamp": "00:01:12.796", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 81920, "start_va": 8791758077952, "type": "region", "version": 1 }, "end_va": 8791758159871, "entry_point": 8791758082272, "filename": "\\Windows\\System32\\RpcRtRemote.dll", "id": "region_4078", "name": "rpcrtremote.dll", "norm_filename": "c:\\windows\\system32\\rpcrtremote.dll", "region_type": "memory_mapped_file", "start_va": 8791758077952, "timestamp": "00:01:12.796", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 61440, "start_va": 8791758209024, "type": "region", "version": 1 }, "end_va": 8791758270463, "entry_point": 8791758215600, "filename": "\\Windows\\System32\\profapi.dll", "id": "region_4079", "name": "profapi.dll", "norm_filename": "c:\\windows\\system32\\profapi.dll", "region_type": "memory_mapped_file", "start_va": 8791758209024, "timestamp": "00:01:12.797", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 438272, "start_va": 8791759060992, "type": "region", "version": 1 }, "end_va": 8791759499263, "entry_point": 8791759073504, "filename": "\\Windows\\System32\\KernelBase.dll", "id": "region_4080", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\system32\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 8791759060992, "timestamp": "00:01:12.800", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 823296, "start_va": 8791762206720, "type": "region", "version": 1 }, "end_va": 8791763030015, "entry_point": 8791762708596, "filename": "\\Windows\\System32\\usp10.dll", "id": "region_4081", "name": "usp10.dll", "norm_filename": "c:\\windows\\system32\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 8791762206720, "timestamp": "00:01:12.800", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1085440, "start_va": 8791763451904, "type": "region", "version": 1 }, "end_va": 8791764537343, "entry_point": 8791763456100, "filename": "\\Windows\\System32\\msctf.dll", "id": "region_4082", "name": "msctf.dll", "norm_filename": "c:\\windows\\system32\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 8791763451904, "timestamp": "00:01:12.801", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 57344, "start_va": 8791764566016, "type": "region", "version": 1 }, "end_va": 8791764623359, "entry_point": 8791764570240, "filename": "\\Windows\\System32\\lpk.dll", "id": "region_4083", "name": "lpk.dll", "norm_filename": "c:\\windows\\system32\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 8791764566016, "timestamp": "00:01:12.801", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 126976, "start_va": 8791765876736, "type": "region", "version": 1 }, "end_va": 8791766003711, "entry_point": 8791765901544, "filename": "\\Windows\\System32\\sechost.dll", "id": "region_4084", "name": "sechost.dll", "norm_filename": "c:\\windows\\system32\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 8791765876736, "timestamp": "00:01:12.802", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 188416, "start_va": 8791766007808, "type": "region", "version": 1 }, "end_va": 8791766196223, "entry_point": 8791766011920, "filename": "\\Windows\\System32\\imm32.dll", "id": "region_4085", "name": "imm32.dll", "norm_filename": "c:\\windows\\system32\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 8791766007808, "timestamp": "00:01:12.802", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 8791781998592, "type": "region", "version": 1 }, "end_va": 8791782031359, "entry_point": 8791782003972, "filename": "\\Windows\\System32\\nsi.dll", "id": "region_4086", "name": "nsi.dll", "norm_filename": "c:\\windows\\system32\\nsi.dll", "region_type": "memory_mapped_file", "start_va": 8791781998592, "timestamp": "00:01:12.803", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1232896, "start_va": 8791786520576, "type": "region", "version": 1 }, "end_va": 8791787753471, "entry_point": 8791786843472, "filename": "\\Windows\\System32\\rpcrt4.dll", "id": "region_4087", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\system32\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 8791786520576, "timestamp": "00:01:12.803", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 651264, "start_va": 8791791435776, "type": "region", "version": 1 }, "end_va": 8791792087039, "entry_point": 8791791445408, "filename": "\\Windows\\System32\\msvcrt.dll", "id": "region_4088", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\system32\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 8791791435776, "timestamp": "00:01:12.804", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 421888, "start_va": 8791794778112, "type": "region", "version": 1 }, "end_va": 8791795199999, "entry_point": 8791794823228, "filename": "\\Windows\\System32\\gdi32.dll", "id": "region_4089", "name": "gdi32.dll", "norm_filename": "c:\\windows\\system32\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 8791794778112, "timestamp": "00:01:12.805", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 315392, "start_va": 8791795236864, "type": "region", "version": 1 }, "end_va": 8791795552255, "entry_point": 8791795241072, "filename": "\\Windows\\System32\\ws2_32.dll", "id": "region_4090", "name": "ws2_32.dll", "norm_filename": "c:\\windows\\system32\\ws2_32.dll", "region_type": "memory_mapped_file", "start_va": 8791795236864, "timestamp": "00:01:12.805", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 8791795761152, "type": "region", "version": 1 }, "end_va": 8791795765247, "entry_point": 8791795761152, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_4091", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 8791795761152, "timestamp": "00:01:12.806", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092678144, "type": "region", "version": 1 }, "end_va": 8796092686335, "entry_point": 0, "filename": null, "id": "region_4092", "name": "private_0x000007fffffac000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092678144, "timestamp": "00:01:12.809", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092686336, "type": "region", "version": 1 }, "end_va": 8796092694527, "entry_point": 0, "filename": null, "id": "region_4093", "name": "private_0x000007fffffae000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092686336, "timestamp": "00:01:12.809", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 8796092694528, "type": "region", "version": 1 }, "end_va": 8796092837887, "entry_point": 0, "filename": null, "id": "region_4094", "name": "pagefile_0x000007fffffb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 8796092694528, "timestamp": "00:01:12.809", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092841984, "type": "region", "version": 1 }, "end_va": 8796092850175, "entry_point": 0, "filename": null, "id": "region_4095", "name": "private_0x000007fffffd4000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092841984, "timestamp": "00:01:12.809", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092850176, "type": "region", "version": 1 }, "end_va": 8796092858367, "entry_point": 0, "filename": null, "id": "region_4096", "name": "private_0x000007fffffd6000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092850176, "timestamp": "00:01:12.809", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 8796092858368, "type": "region", "version": 1 }, "end_va": 8796092862463, "entry_point": 0, "filename": null, "id": "region_4097", "name": "private_0x000007fffffd8000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092858368, "timestamp": "00:01:12.809", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092866560, "type": "region", "version": 1 }, "end_va": 8796092874751, "entry_point": 0, "filename": null, "id": "region_4098", "name": "private_0x000007fffffda000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092866560, "timestamp": "00:01:12.809", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092874752, "type": "region", "version": 1 }, "end_va": 8796092882943, "entry_point": 0, "filename": null, "id": "region_4099", "name": "private_0x000007fffffdc000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092874752, "timestamp": "00:01:12.809", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092882944, "type": "region", "version": 1 }, "end_va": 8796092891135, "entry_point": 0, "filename": null, "id": "region_4100", "name": "private_0x000007fffffde000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092882944, "timestamp": "00:01:12.809", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 897024, "start_va": 8791785603072, "type": "region", "version": 1 }, "end_va": 8791786500095, "entry_point": 8791785736032, "filename": "\\Windows\\System32\\advapi32.dll", "id": "region_4101", "name": "advapi32.dll", "norm_filename": "c:\\windows\\system32\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 8791785603072, "timestamp": "00:01:12.810", "type": "region", "version": 1 } ], "terminate_reason": "timeout", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "%SystemRoot%\\system32\\csrss.exe ObjectDirectory=\\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16", "filename": "c:\\windows\\system32\\csrss.exe", "id": "proc_24", "image_name": "csrss.exe", "monitor_reason": "child_process", "monitored_id": 24, "origin_monitor_id": 21, "ref_parent_process": { "ref_id": "proc_21", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 0, "type": "region", "version": 1 }, "end_va": 1048575, "entry_point": 0, "filename": null, "id": "region_2123", "name": "private_0x (null)", "norm_filename": null, "region_type": "private_memory", "start_va": 0, "timestamp": "00:01:06.482", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 1048576, "type": "region", "version": 1 }, "end_va": 1470463, "entry_point": 1048576, "filename": "\\Windows\\System32\\locale.nls", "id": "region_2124", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 1048576, "timestamp": "00:01:06.482", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 28672, "start_va": 1507328, "type": "region", "version": 1 }, "end_va": 1535999, "entry_point": 0, "filename": null, "id": "region_2125", "name": "pagefile_0x0000000000170000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1507328, "timestamp": "00:01:06.482", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 1572864, "type": "region", "version": 1 }, "end_va": 1581055, "entry_point": 0, "filename": null, "id": "region_2126", "name": "pagefile_0x0000000000180000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1572864, "timestamp": "00:01:06.482", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 1638400, "type": "region", "version": 1 }, "end_va": 1642495, "entry_point": 0, "filename": null, "id": "region_2127", "name": "private_0x0000000000190000", "norm_filename": null, "region_type": "private_memory", "start_va": 1638400, "timestamp": "00:01:06.482", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 1703936, "type": "region", "version": 1 }, "end_va": 1712127, "entry_point": 1703936, "filename": "\\Windows\\Fonts\\vgasys.fon", "id": "region_2128", "name": "vgasys.fon", "norm_filename": "c:\\windows\\fonts\\vgasys.fon", "region_type": "memory_mapped_file", "start_va": 1703936, "timestamp": "00:01:06.482", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 1769472, "type": "region", "version": 1 }, "end_va": 1835007, "entry_point": 0, "filename": null, "id": "region_2129", "name": "pagefile_0x00000000001b0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1769472, "timestamp": "00:01:06.483", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 28672, "start_va": 1835008, "type": "region", "version": 1 }, "end_va": 1863679, "entry_point": 1835008, "filename": "\\Windows\\Fonts\\marlett.ttf", "id": "region_2130", "name": "marlett.ttf", "norm_filename": "c:\\windows\\fonts\\marlett.ttf", "region_type": "memory_mapped_file", "start_va": 1835008, "timestamp": "00:01:06.483", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 98304, "start_va": 1900544, "type": "region", "version": 1 }, "end_va": 1998847, "entry_point": 0, "filename": null, "id": "region_2131", "name": "pagefile_0x00000000001d0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1900544, "timestamp": "00:01:06.483", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2031616, "type": "region", "version": 1 }, "end_va": 2035711, "entry_point": 0, "filename": null, "id": "region_2132", "name": "private_0x00000000001f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2031616, "timestamp": "00:01:06.483", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 520192, "start_va": 2097152, "type": "region", "version": 1 }, "end_va": 2617343, "entry_point": 2097152, "filename": "\\Windows\\Fonts\\segoeui.ttf", "id": "region_2133", "name": "segoeui.ttf", "norm_filename": "c:\\windows\\fonts\\segoeui.ttf", "region_type": "memory_mapped_file", "start_va": 2097152, "timestamp": "00:01:06.483", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 196608, "start_va": 2621440, "type": "region", "version": 1 }, "end_va": 2818047, "entry_point": 0, "filename": null, "id": "region_2134", "name": "pagefile_0x0000000000280000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2621440, "timestamp": "00:01:06.483", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 2818048, "type": "region", "version": 1 }, "end_va": 2826239, "entry_point": 0, "filename": null, "id": "region_2135", "name": "pagefile_0x00000000002b0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2818048, "timestamp": "00:01:06.483", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 2883584, "type": "region", "version": 1 }, "end_va": 2949119, "entry_point": 0, "filename": null, "id": "region_2136", "name": "pagefile_0x00000000002c0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2883584, "timestamp": "00:01:06.483", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 2949120, "type": "region", "version": 1 }, "end_va": 3014655, "entry_point": 0, "filename": null, "id": "region_2137", "name": "private_0x00000000002d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2949120, "timestamp": "00:01:06.483", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 3014656, "type": "region", "version": 1 }, "end_va": 3080191, "entry_point": 0, "filename": null, "id": "region_2138", "name": "pagefile_0x00000000002e0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 3014656, "timestamp": "00:01:06.483", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 3080192, "type": "region", "version": 1 }, "end_va": 3342335, "entry_point": 0, "filename": null, "id": "region_2139", "name": "private_0x00000000002f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 3080192, "timestamp": "00:01:06.483", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 655360, "start_va": 3342336, "type": "region", "version": 1 }, "end_va": 3997695, "entry_point": 3342336, "filename": "\\Windows\\Fonts\\micross.ttf", "id": "region_2140", "name": "micross.ttf", "norm_filename": "c:\\windows\\fonts\\micross.ttf", "region_type": "memory_mapped_file", "start_va": 3342336, "timestamp": "00:01:06.483", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 3997696, "type": "region", "version": 1 }, "end_va": 5046271, "entry_point": 0, "filename": null, "id": "region_2141", "name": "private_0x00000000003d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 3997696, "timestamp": "00:01:06.484", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 5046272, "type": "region", "version": 1 }, "end_va": 6094847, "entry_point": 0, "filename": null, "id": "region_2142", "name": "private_0x00000000004d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 5046272, "timestamp": "00:01:06.484", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 6094848, "type": "region", "version": 1 }, "end_va": 7671807, "entry_point": 0, "filename": null, "id": "region_2143", "name": "pagefile_0x00000000005d0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 6094848, "timestamp": "00:01:06.484", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4141056, "start_va": 7733248, "type": "region", "version": 1 }, "end_va": 11874303, "entry_point": 0, "filename": null, "id": "region_2144", "name": "pagefile_0x0000000000760000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 7733248, "timestamp": "00:01:06.484", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 11927552, "type": "region", "version": 1 }, "end_va": 12189695, "entry_point": 0, "filename": null, "id": "region_2145", "name": "private_0x0000000000b60000", "norm_filename": null, "region_type": "private_memory", "start_va": 11927552, "timestamp": "00:01:06.484", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 12189696, "type": "region", "version": 1 }, "end_va": 12255231, "entry_point": 0, "filename": null, "id": "region_2146", "name": "pagefile_0x0000000000ba0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 12189696, "timestamp": "00:01:06.484", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 12255232, "type": "region", "version": 1 }, "end_va": 12320767, "entry_point": 0, "filename": null, "id": "region_2147", "name": "pagefile_0x0000000000bb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 12255232, "timestamp": "00:01:06.484", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 12320768, "type": "region", "version": 1 }, "end_va": 12386303, "entry_point": 0, "filename": null, "id": "region_2148", "name": "pagefile_0x0000000000bc0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 12320768, "timestamp": "00:01:06.484", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 12386304, "type": "region", "version": 1 }, "end_va": 12451839, "entry_point": 0, "filename": null, "id": "region_2149", "name": "pagefile_0x0000000000bd0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 12386304, "timestamp": "00:01:06.484", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 12451840, "type": "region", "version": 1 }, "end_va": 12517375, "entry_point": 0, "filename": null, "id": "region_2150", "name": "pagefile_0x0000000000be0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 12451840, "timestamp": "00:01:06.484", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 12582912, "type": "region", "version": 1 }, "end_va": 12845055, "entry_point": 0, "filename": null, "id": "region_2151", "name": "private_0x0000000000c00000", "norm_filename": null, "region_type": "private_memory", "start_va": 12582912, "timestamp": "00:01:06.484", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 13172736, "type": "region", "version": 1 }, "end_va": 13434879, "entry_point": 0, "filename": null, "id": "region_2152", "name": "private_0x0000000000c90000", "norm_filename": null, "region_type": "private_memory", "start_va": 13172736, "timestamp": "00:01:06.484", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 13434880, "type": "region", "version": 1 }, "end_va": 15040511, "entry_point": 0, "filename": null, "id": "region_2153", "name": "pagefile_0x0000000000cd0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 13434880, "timestamp": "00:01:06.484", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 15335424, "type": "region", "version": 1 }, "end_va": 15597567, "entry_point": 0, "filename": null, "id": "region_2154", "name": "private_0x0000000000ea0000", "norm_filename": null, "region_type": "private_memory", "start_va": 15335424, "timestamp": "00:01:06.484", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 389120, "start_va": 15597568, "type": "region", "version": 1 }, "end_va": 15986687, "entry_point": 15597568, "filename": "\\Windows\\Fonts\\segoeuii.ttf", "id": "region_2155", "name": "segoeuii.ttf", "norm_filename": "c:\\windows\\fonts\\segoeuii.ttf", "region_type": "memory_mapped_file", "start_va": 15597568, "timestamp": "00:01:06.484", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 16056320, "type": "region", "version": 1 }, "end_va": 16318463, "entry_point": 0, "filename": null, "id": "region_2156", "name": "private_0x0000000000f50000", "norm_filename": null, "region_type": "private_memory", "start_va": 16056320, "timestamp": "00:01:06.485", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 16515072, "type": "region", "version": 1 }, "end_va": 16777215, "entry_point": 0, "filename": null, "id": "region_2157", "name": "private_0x0000000000fc0000", "norm_filename": null, "region_type": "private_memory", "start_va": 16515072, "timestamp": "00:01:06.485", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20971520, "start_va": 16777216, "type": "region", "version": 1 }, "end_va": 37748735, "entry_point": 0, "filename": null, "id": "region_2158", "name": "pagefile_0x0000000001000000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 16777216, "timestamp": "00:01:06.485", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 24576, "start_va": 1238564864, "type": "region", "version": 1 }, "end_va": 1238589439, "entry_point": 1238564864, "filename": "\\Windows\\System32\\csrss.exe", "id": "region_2159", "name": "csrss.exe", "norm_filename": "c:\\windows\\system32\\csrss.exe", "region_type": "memory_mapped_file", "start_va": 1238564864, "timestamp": "00:01:06.485", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1024000, "start_va": 2005467136, "type": "region", "version": 1 }, "end_va": 2006491135, "entry_point": 2005574344, "filename": "\\Windows\\System32\\user32.dll", "id": "region_2160", "name": "user32.dll", "norm_filename": "c:\\windows\\system32\\user32.dll", "region_type": "memory_mapped_file", "start_va": 2005467136, "timestamp": "00:01:06.492", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1175552, "start_va": 2006515712, "type": "region", "version": 1 }, "end_va": 2007691263, "entry_point": 2006605472, "filename": "\\Windows\\System32\\kernel32.dll", "id": "region_2161", "name": "kernel32.dll", "norm_filename": "c:\\windows\\system32\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 2006515712, "timestamp": "00:01:06.492", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 2007695360, "type": "region", "version": 1 }, "end_va": 2009436159, "entry_point": 2007695360, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_2162", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2007695360, "timestamp": "00:01:06.493", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2131623935, "entry_point": 0, "filename": null, "id": "region_2163", "name": "pagefile_0x000000007efe0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130575360, "timestamp": "00:01:06.493", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 15728640, "start_va": 2131623936, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_2164", "name": "private_0x000000007f0e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2131623936, "timestamp": "00:01:06.494", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable" ], "ref_process_dump": null, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_2165", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:01:06.494", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 61440, "start_va": 8791757094912, "type": "region", "version": 1 }, "end_va": 8791757156351, "entry_point": 8791757099024, "filename": "\\Windows\\System32\\cryptbase.dll", "id": "region_2166", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\system32\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 8791757094912, "timestamp": "00:01:06.494", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 593920, "start_va": 8791757160448, "type": "region", "version": 1 }, "end_va": 8791757754367, "entry_point": 8791757165632, "filename": "\\Windows\\System32\\sxs.dll", "id": "region_2167", "name": "sxs.dll", "norm_filename": "c:\\windows\\system32\\sxs.dll", "region_type": "memory_mapped_file", "start_va": 8791757160448, "timestamp": "00:01:06.494", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 8791758274560, "type": "region", "version": 1 }, "end_va": 8791758323711, "entry_point": 8791758274560, "filename": "\\Windows\\System32\\sxssrv.dll", "id": "region_2168", "name": "sxssrv.dll", "norm_filename": "c:\\windows\\system32\\sxssrv.dll", "region_type": "memory_mapped_file", "start_va": 8791758274560, "timestamp": "00:01:06.495", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 229376, "start_va": 8791758340096, "type": "region", "version": 1 }, "end_va": 8791758569471, "entry_point": 8791758340096, "filename": "\\Windows\\System32\\winsrv.dll", "id": "region_2169", "name": "winsrv.dll", "norm_filename": "c:\\windows\\system32\\winsrv.dll", "region_type": "memory_mapped_file", "start_va": 8791758340096, "timestamp": "00:01:06.504", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 69632, "start_va": 8791758602240, "type": "region", "version": 1 }, "end_va": 8791758671871, "entry_point": 8791758602240, "filename": "\\Windows\\System32\\basesrv.dll", "id": "region_2170", "name": "basesrv.dll", "norm_filename": "c:\\windows\\system32\\basesrv.dll", "region_type": "memory_mapped_file", "start_va": 8791758602240, "timestamp": "00:01:06.515", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 77824, "start_va": 8791758733312, "type": "region", "version": 1 }, "end_va": 8791758811135, "entry_point": 8791758733312, "filename": "\\Windows\\System32\\csrsrv.dll", "id": "region_2171", "name": "csrsrv.dll", "norm_filename": "c:\\windows\\system32\\csrsrv.dll", "region_type": "memory_mapped_file", "start_va": 8791758733312, "timestamp": "00:01:06.524", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 438272, "start_va": 8791759060992, "type": "region", "version": 1 }, "end_va": 8791759499263, "entry_point": 8791759073504, "filename": "\\Windows\\System32\\KernelBase.dll", "id": "region_2172", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\system32\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 8791759060992, "timestamp": "00:01:06.535", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 823296, "start_va": 8791762206720, "type": "region", "version": 1 }, "end_va": 8791763030015, "entry_point": 8791762708596, "filename": "\\Windows\\System32\\usp10.dll", "id": "region_2173", "name": "usp10.dll", "norm_filename": "c:\\windows\\system32\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 8791762206720, "timestamp": "00:01:06.536", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 57344, "start_va": 8791764566016, "type": "region", "version": 1 }, "end_va": 8791764623359, "entry_point": 8791764570240, "filename": "\\Windows\\System32\\lpk.dll", "id": "region_2174", "name": "lpk.dll", "norm_filename": "c:\\windows\\system32\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 8791764566016, "timestamp": "00:01:06.536", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1232896, "start_va": 8791786520576, "type": "region", "version": 1 }, "end_va": 8791787753471, "entry_point": 8791786843472, "filename": "\\Windows\\System32\\rpcrt4.dll", "id": "region_2175", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\system32\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 8791786520576, "timestamp": "00:01:06.537", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 651264, "start_va": 8791791435776, "type": "region", "version": 1 }, "end_va": 8791792087039, "entry_point": 8791791445408, "filename": "\\Windows\\System32\\msvcrt.dll", "id": "region_2176", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\system32\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 8791791435776, "timestamp": "00:01:06.538", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 421888, "start_va": 8791794778112, "type": "region", "version": 1 }, "end_va": 8791795199999, "entry_point": 8791794823228, "filename": "\\Windows\\System32\\gdi32.dll", "id": "region_2177", "name": "gdi32.dll", "norm_filename": "c:\\windows\\system32\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 8791794778112, "timestamp": "00:01:06.538", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 8791795761152, "type": "region", "version": 1 }, "end_va": 8791795765247, "entry_point": 8791795761152, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_2178", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 8791795761152, "timestamp": "00:01:06.539", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092678144, "type": "region", "version": 1 }, "end_va": 8796092686335, "entry_point": 0, "filename": null, "id": "region_2179", "name": "private_0x000007fffffac000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092678144, "timestamp": "00:01:06.542", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092686336, "type": "region", "version": 1 }, "end_va": 8796092694527, "entry_point": 0, "filename": null, "id": "region_2180", "name": "private_0x000007fffffae000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092686336, "timestamp": "00:01:06.542", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 8796092694528, "type": "region", "version": 1 }, "end_va": 8796092837887, "entry_point": 0, "filename": null, "id": "region_2181", "name": "pagefile_0x000007fffffb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 8796092694528, "timestamp": "00:01:06.542", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 8796092841984, "type": "region", "version": 1 }, "end_va": 8796092846079, "entry_point": 0, "filename": null, "id": "region_2182", "name": "private_0x000007fffffd4000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092841984, "timestamp": "00:01:06.542", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092850176, "type": "region", "version": 1 }, "end_va": 8796092858367, "entry_point": 0, "filename": null, "id": "region_2183", "name": "private_0x000007fffffd6000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092850176, "timestamp": "00:01:06.542", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092858368, "type": "region", "version": 1 }, "end_va": 8796092866559, "entry_point": 0, "filename": null, "id": "region_2184", "name": "private_0x000007fffffd8000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092858368, "timestamp": "00:01:06.542", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092866560, "type": "region", "version": 1 }, "end_va": 8796092874751, "entry_point": 0, "filename": null, "id": "region_2185", "name": "private_0x000007fffffda000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092866560, "timestamp": "00:01:06.542", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092874752, "type": "region", "version": 1 }, "end_va": 8796092882943, "entry_point": 0, "filename": null, "id": "region_2186", "name": "private_0x000007fffffdc000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092874752, "timestamp": "00:01:06.542", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092882944, "type": "region", "version": 1 }, "end_va": 8796092891135, "entry_point": 0, "filename": null, "id": "region_2187", "name": "private_0x000007fffffde000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092882944, "timestamp": "00:01:06.542", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 12517376, "type": "region", "version": 1 }, "end_va": 12525567, "entry_point": 0, "filename": null, "id": "region_3662", "name": "pagefile_0x0000000000bf0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 12517376, "timestamp": "00:01:10.513", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 12386304, "type": "region", "version": 1 }, "end_va": 12398591, "entry_point": 0, "filename": null, "id": "region_4032", "name": "pagefile_0x0000000000bd0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 12386304, "timestamp": "00:01:12.646", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 12386304, "type": "region", "version": 1 }, "end_va": 12394495, "entry_point": 0, "filename": null, "id": "region_4195", "name": "pagefile_0x0000000000bd0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 12386304, "timestamp": "00:01:13.425", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 12386304, "type": "region", "version": 1 }, "end_va": 12390399, "entry_point": 0, "filename": null, "id": "region_4487", "name": "pagefile_0x0000000000bd0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 12386304, "timestamp": "00:01:16.007", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 12517376, "type": "region", "version": 1 }, "end_va": 12582911, "entry_point": 0, "filename": null, "id": "region_4617", "name": "pagefile_0x0000000000bf0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 12517376, "timestamp": "00:01:16.642", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 12845056, "type": "region", "version": 1 }, "end_va": 12849151, "entry_point": 0, "filename": null, "id": "region_4618", "name": "pagefile_0x0000000000c40000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 12845056, "timestamp": "00:01:16.642", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 12845056, "type": "region", "version": 1 }, "end_va": 12910591, "entry_point": 0, "filename": null, "id": "region_4738", "name": "pagefile_0x0000000000c40000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 12845056, "timestamp": "00:01:17.134", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 12910592, "type": "region", "version": 1 }, "end_va": 12918783, "entry_point": 0, "filename": null, "id": "region_4739", "name": "pagefile_0x0000000000c50000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 12910592, "timestamp": "00:01:17.134", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 12451840, "type": "region", "version": 1 }, "end_va": 12460031, "entry_point": 0, "filename": null, "id": "region_5087", "name": "pagefile_0x0000000000be0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 12451840, "timestamp": "00:01:19.762", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 12451840, "type": "region", "version": 1 }, "end_va": 12455935, "entry_point": 0, "filename": null, "id": "region_5169", "name": "pagefile_0x0000000000be0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 12451840, "timestamp": "00:01:20.725", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 2883584, "type": "region", "version": 1 }, "end_va": 2891775, "entry_point": 0, "filename": null, "id": "region_5880", "name": "pagefile_0x00000000002c0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2883584, "timestamp": "00:01:28.968", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2883584, "type": "region", "version": 1 }, "end_va": 2895871, "entry_point": 0, "filename": null, "id": "region_6160", "name": "pagefile_0x00000000002c0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2883584, "timestamp": "00:01:30.707", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 12451840, "type": "region", "version": 1 }, "end_va": 12464127, "entry_point": 0, "filename": null, "id": "region_6958", "name": "pagefile_0x0000000000be0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 12451840, "timestamp": "00:01:34.562", "type": "region", "version": 1 } ], "terminate_reason": "timeout", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "winlogon.exe", "filename": "c:\\windows\\system32\\winlogon.exe", "id": "proc_25", "image_name": "winlogon.exe", "monitor_reason": "child_process", "monitored_id": 25, "origin_monitor_id": 21, "ref_parent_process": { "ref_id": "proc_21", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_4102", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:01:12.823", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 552959, "entry_point": 131072, "filename": "\\Windows\\System32\\locale.nls", "id": "region_4103", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 131072, "timestamp": "00:01:12.823", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 28672, "start_va": 589824, "type": "region", "version": 1 }, "end_va": 618495, "entry_point": 0, "filename": null, "id": "region_4104", "name": "pagefile_0x0000000000090000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 589824, "timestamp": "00:01:12.827", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 655360, "type": "region", "version": 1 }, "end_va": 663551, "entry_point": 0, "filename": null, "id": "region_4105", "name": "pagefile_0x00000000000a0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 655360, "timestamp": "00:01:12.827", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 720896, "type": "region", "version": 1 }, "end_va": 724991, "entry_point": 0, "filename": null, "id": "region_4106", "name": "private_0x00000000000b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 720896, "timestamp": "00:01:12.827", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 786432, "type": "region", "version": 1 }, "end_va": 790527, "entry_point": 0, "filename": null, "id": "region_4107", "name": "private_0x00000000000c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 786432, "timestamp": "00:01:12.827", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 851968, "type": "region", "version": 1 }, "end_va": 856063, "entry_point": 0, "filename": null, "id": "region_4108", "name": "private_0x00000000000d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 851968, "timestamp": "00:01:12.827", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 917504, "type": "region", "version": 1 }, "end_va": 921599, "entry_point": 0, "filename": null, "id": "region_4109", "name": "private_0x00000000000e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 917504, "timestamp": "00:01:12.827", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 983040, "type": "region", "version": 1 }, "end_va": 1048575, "entry_point": 0, "filename": null, "id": "region_4110", "name": "private_0x00000000000f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 983040, "timestamp": "00:01:12.827", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 196608, "start_va": 1048576, "type": "region", "version": 1 }, "end_va": 1245183, "entry_point": 0, "filename": null, "id": "region_4111", "name": "pagefile_0x0000000000100000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1048576, "timestamp": "00:01:12.827", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 98304, "start_va": 1245184, "type": "region", "version": 1 }, "end_va": 1343487, "entry_point": 0, "filename": null, "id": "region_4112", "name": "pagefile_0x0000000000130000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1245184, "timestamp": "00:01:12.827", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 1441792, "type": "region", "version": 1 }, "end_va": 1445887, "entry_point": 0, "filename": null, "id": "region_4113", "name": "private_0x0000000000160000", "norm_filename": null, "region_type": "private_memory", "start_va": 1441792, "timestamp": "00:01:12.827", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 1507328, "type": "region", "version": 1 }, "end_va": 2031615, "entry_point": 0, "filename": null, "id": "region_4114", "name": "private_0x0000000000170000", "norm_filename": null, "region_type": "private_memory", "start_va": 1507328, "timestamp": "00:01:12.827", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 2031616, "type": "region", "version": 1 }, "end_va": 2555903, "entry_point": 0, "filename": null, "id": "region_4115", "name": "private_0x00000000001f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2031616, "timestamp": "00:01:12.827", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 3014656, "type": "region", "version": 1 }, "end_va": 4063231, "entry_point": 0, "filename": null, "id": "region_4116", "name": "private_0x00000000002e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 3014656, "timestamp": "00:01:12.827", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 4063232, "type": "region", "version": 1 }, "end_va": 5111807, "entry_point": 0, "filename": null, "id": "region_4117", "name": "private_0x00000000003e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 4063232, "timestamp": "00:01:12.827", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 5111808, "type": "region", "version": 1 }, "end_va": 6717439, "entry_point": 0, "filename": null, "id": "region_4118", "name": "pagefile_0x00000000004e0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 5111808, "timestamp": "00:01:12.827", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 6750208, "type": "region", "version": 1 }, "end_va": 8327167, "entry_point": 0, "filename": null, "id": "region_4119", "name": "pagefile_0x0000000000670000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 6750208, "timestamp": "00:01:12.827", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4141056, "start_va": 8388608, "type": "region", "version": 1 }, "end_va": 12529663, "entry_point": 0, "filename": null, "id": "region_4120", "name": "pagefile_0x0000000000800000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 8388608, "timestamp": "00:01:12.827", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 12845056, "type": "region", "version": 1 }, "end_va": 13369343, "entry_point": 0, "filename": null, "id": "region_4121", "name": "private_0x0000000000c40000", "norm_filename": null, "region_type": "private_memory", "start_va": 12845056, "timestamp": "00:01:12.827", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 13828096, "type": "region", "version": 1 }, "end_va": 14352383, "entry_point": 0, "filename": null, "id": "region_4122", "name": "private_0x0000000000d30000", "norm_filename": null, "region_type": "private_memory", "start_va": 13828096, "timestamp": "00:01:12.827", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 14352384, "type": "region", "version": 1 }, "end_va": 14876671, "entry_point": 0, "filename": null, "id": "region_4123", "name": "private_0x0000000000db0000", "norm_filename": null, "region_type": "private_memory", "start_va": 14352384, "timestamp": "00:01:12.827", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 15335424, "type": "region", "version": 1 }, "end_va": 15859711, "entry_point": 0, "filename": null, "id": "region_4124", "name": "private_0x0000000000ea0000", "norm_filename": null, "region_type": "private_memory", "start_va": 15335424, "timestamp": "00:01:12.827", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 15990784, "type": "region", "version": 1 }, "end_va": 16515071, "entry_point": 0, "filename": null, "id": "region_4125", "name": "private_0x0000000000f40000", "norm_filename": null, "region_type": "private_memory", "start_va": 15990784, "timestamp": "00:01:12.827", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 16646144, "type": "region", "version": 1 }, "end_va": 17170431, "entry_point": 0, "filename": null, "id": "region_4126", "name": "private_0x0000000000fe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 16646144, "timestamp": "00:01:12.827", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 17301504, "type": "region", "version": 1 }, "end_va": 17825791, "entry_point": 0, "filename": null, "id": "region_4127", "name": "private_0x0000000001080000", "norm_filename": null, "region_type": "private_memory", "start_va": 17301504, "timestamp": "00:01:12.827", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 17956864, "type": "region", "version": 1 }, "end_va": 18481151, "entry_point": 0, "filename": null, "id": "region_4128", "name": "private_0x0000000001120000", "norm_filename": null, "region_type": "private_memory", "start_va": 17956864, "timestamp": "00:01:12.827", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 18481152, "type": "region", "version": 1 }, "end_va": 19529727, "entry_point": 0, "filename": null, "id": "region_4129", "name": "private_0x00000000011a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 18481152, "timestamp": "00:01:12.827", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 19529728, "type": "region", "version": 1 }, "end_va": 20054015, "entry_point": 0, "filename": null, "id": "region_4130", "name": "private_0x00000000012a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 19529728, "timestamp": "00:01:12.827", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 20316160, "type": "region", "version": 1 }, "end_va": 20840447, "entry_point": 0, "filename": null, "id": "region_4131", "name": "private_0x0000000001360000", "norm_filename": null, "region_type": "private_memory", "start_va": 20316160, "timestamp": "00:01:12.827", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 20840448, "type": "region", "version": 1 }, "end_va": 21364735, "entry_point": 0, "filename": null, "id": "region_4132", "name": "private_0x00000000013e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 20840448, "timestamp": "00:01:12.827", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 22020096, "type": "region", "version": 1 }, "end_va": 22544383, "entry_point": 0, "filename": null, "id": "region_4133", "name": "private_0x0000000001500000", "norm_filename": null, "region_type": "private_memory", "start_va": 22020096, "timestamp": "00:01:12.827", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2945024, "start_va": 22544384, "type": "region", "version": 1 }, "end_va": 25489407, "entry_point": 22544384, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_4134", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 22544384, "timestamp": "00:01:12.828", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20971520, "start_va": 25493504, "type": "region", "version": 1 }, "end_va": 46465023, "entry_point": 0, "filename": null, "id": "region_4135", "name": "pagefile_0x0000000001850000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 25493504, "timestamp": "00:01:12.829", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 46465024, "type": "region", "version": 1 }, "end_va": 47513599, "entry_point": 0, "filename": null, "id": "region_4136", "name": "private_0x0000000002c50000", "norm_filename": null, "region_type": "private_memory", "start_va": 46465024, "timestamp": "00:01:12.829", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 48103424, "type": "region", "version": 1 }, "end_va": 48627711, "entry_point": 0, "filename": null, "id": "region_4137", "name": "private_0x0000000002de0000", "norm_filename": null, "region_type": "private_memory", "start_va": 48103424, "timestamp": "00:01:12.829", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 49348608, "type": "region", "version": 1 }, "end_va": 49872895, "entry_point": 0, "filename": null, "id": "region_4138", "name": "private_0x0000000002f10000", "norm_filename": null, "region_type": "private_memory", "start_va": 49348608, "timestamp": "00:01:12.829", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1024000, "start_va": 2005467136, "type": "region", "version": 1 }, "end_va": 2006491135, "entry_point": 2005574344, "filename": "\\Windows\\System32\\user32.dll", "id": "region_4139", "name": "user32.dll", "norm_filename": "c:\\windows\\system32\\user32.dll", "region_type": "memory_mapped_file", "start_va": 2005467136, "timestamp": "00:01:12.829", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1175552, "start_va": 2006515712, "type": "region", "version": 1 }, "end_va": 2007691263, "entry_point": 2006605472, "filename": "\\Windows\\System32\\kernel32.dll", "id": "region_4140", "name": "kernel32.dll", "norm_filename": "c:\\windows\\system32\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 2006515712, "timestamp": "00:01:12.829", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 2007695360, "type": "region", "version": 1 }, "end_va": 2009436159, "entry_point": 2007695360, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_4141", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2007695360, "timestamp": "00:01:12.830", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2131623935, "entry_point": 0, "filename": null, "id": "region_4142", "name": "pagefile_0x000000007efe0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130575360, "timestamp": "00:01:12.831", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 15728640, "start_va": 2131623936, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_4143", "name": "private_0x000000007f0e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2131623936, "timestamp": "00:01:12.831", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable" ], "ref_process_dump": null, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_4144", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:01:12.831", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 401408, "start_va": 4291231744, "type": "region", "version": 1 }, "end_va": 4291633151, "entry_point": 4291299544, "filename": "\\Windows\\System32\\winlogon.exe", "id": "region_4145", "name": "winlogon.exe", "norm_filename": "c:\\windows\\system32\\winlogon.exe", "region_type": "memory_mapped_file", "start_va": 4291231744, "timestamp": "00:01:12.831", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 98304, "start_va": 8791711744000, "type": "region", "version": 1 }, "end_va": 8791711842303, "entry_point": 8791711744000, "filename": "\\Windows\\System32\\mpr.dll", "id": "region_4146", "name": "mpr.dll", "norm_filename": "c:\\windows\\system32\\mpr.dll", "region_type": "memory_mapped_file", "start_va": 8791711744000, "timestamp": "00:01:12.832", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 8791715741696, "type": "region", "version": 1 }, "end_va": 8791715782655, "entry_point": 8791715741696, "filename": "\\Windows\\System32\\UXInit.dll", "id": "region_4147", "name": "uxinit.dll", "norm_filename": "c:\\windows\\system32\\uxinit.dll", "region_type": "memory_mapped_file", "start_va": 8791715741696, "timestamp": "00:01:12.842", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 45056, "start_va": 8791718887424, "type": "region", "version": 1 }, "end_va": 8791718932479, "entry_point": 8791718907788, "filename": "\\Windows\\System32\\slc.dll", "id": "region_4148", "name": "slc.dll", "norm_filename": "c:\\windows\\system32\\slc.dll", "region_type": "memory_mapped_file", "start_va": 8791718887424, "timestamp": "00:01:12.845", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 86016, "start_va": 8791726686208, "type": "region", "version": 1 }, "end_va": 8791726772223, "entry_point": 8791726690384, "filename": "\\Windows\\System32\\wkscli.dll", "id": "region_4149", "name": "wkscli.dll", "norm_filename": "c:\\windows\\system32\\wkscli.dll", "region_type": "memory_mapped_file", "start_va": 8791726686208, "timestamp": "00:01:12.845", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 8791726817280, "type": "region", "version": 1 }, "end_va": 8791726866431, "entry_point": 8791726823588, "filename": "\\Windows\\System32\\netutils.dll", "id": "region_4150", "name": "netutils.dll", "norm_filename": "c:\\windows\\system32\\netutils.dll", "region_type": "memory_mapped_file", "start_va": 8791726817280, "timestamp": "00:01:12.846", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1220608, "start_va": 8791728324608, "type": "region", "version": 1 }, "end_va": 8791729545215, "entry_point": 8791728338960, "filename": "\\Windows\\System32\\WindowsCodecs.dll", "id": "region_4151", "name": "windowscodecs.dll", "norm_filename": "c:\\windows\\system32\\windowscodecs.dll", "region_type": "memory_mapped_file", "start_va": 8791728324608, "timestamp": "00:01:12.846", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 352256, "start_va": 8791734222848, "type": "region", "version": 1 }, "end_va": 8791734575103, "entry_point": 8791734270912, "filename": "\\Windows\\System32\\uxtheme.dll", "id": "region_4152", "name": "uxtheme.dll", "norm_filename": "c:\\windows\\system32\\uxtheme.dll", "region_type": "memory_mapped_file", "start_va": 8791734222848, "timestamp": "00:01:12.847", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 290816, "start_va": 8791747657728, "type": "region", "version": 1 }, "end_va": 8791747948543, "entry_point": 8791747661924, "filename": "\\Windows\\System32\\rsaenh.dll", "id": "region_4153", "name": "rsaenh.dll", "norm_filename": "c:\\windows\\system32\\rsaenh.dll", "region_type": "memory_mapped_file", "start_va": 8791747657728, "timestamp": "00:01:12.847", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 94208, "start_va": 8791750803456, "type": "region", "version": 1 }, "end_va": 8791750897663, "entry_point": 8791750816440, "filename": "\\Windows\\System32\\cryptsp.dll", "id": "region_4154", "name": "cryptsp.dll", "norm_filename": "c:\\windows\\system32\\cryptsp.dll", "region_type": "memory_mapped_file", "start_va": 8791750803456, "timestamp": "00:01:12.848", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 204800, "start_va": 8791751917568, "type": "region", "version": 1 }, "end_va": 8791752122367, "entry_point": 8791751922764, "filename": "\\Windows\\System32\\netjoin.dll", "id": "region_4155", "name": "netjoin.dll", "norm_filename": "c:\\windows\\system32\\netjoin.dll", "region_type": "memory_mapped_file", "start_va": 8791751917568, "timestamp": "00:01:12.848", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 151552, "start_va": 8791756898304, "type": "region", "version": 1 }, "end_va": 8791757049855, "entry_point": 8791756936792, "filename": "\\Windows\\System32\\sspicli.dll", "id": "region_4156", "name": "sspicli.dll", "norm_filename": "c:\\windows\\system32\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 8791756898304, "timestamp": "00:01:12.849", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 61440, "start_va": 8791757094912, "type": "region", "version": 1 }, "end_va": 8791757156351, "entry_point": 8791757099024, "filename": "\\Windows\\System32\\cryptbase.dll", "id": "region_4157", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\system32\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 8791757094912, "timestamp": "00:01:12.849", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 249856, "start_va": 8791757815808, "type": "region", "version": 1 }, "end_va": 8791758065663, "entry_point": 8791757822196, "filename": "\\Windows\\System32\\winsta.dll", "id": "region_4158", "name": "winsta.dll", "norm_filename": "c:\\windows\\system32\\winsta.dll", "region_type": "memory_mapped_file", "start_va": 8791757815808, "timestamp": "00:01:12.850", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 81920, "start_va": 8791758077952, "type": "region", "version": 1 }, "end_va": 8791758159871, "entry_point": 8791758082272, "filename": "\\Windows\\System32\\RpcRtRemote.dll", "id": "region_4159", "name": "rpcrtremote.dll", "norm_filename": "c:\\windows\\system32\\rpcrtremote.dll", "region_type": "memory_mapped_file", "start_va": 8791758077952, "timestamp": "00:01:12.851", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 61440, "start_va": 8791758209024, "type": "region", "version": 1 }, "end_va": 8791758270463, "entry_point": 8791758215600, "filename": "\\Windows\\System32\\profapi.dll", "id": "region_4160", "name": "profapi.dll", "norm_filename": "c:\\windows\\system32\\profapi.dll", "region_type": "memory_mapped_file", "start_va": 8791758209024, "timestamp": "00:01:12.851", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 438272, "start_va": 8791759060992, "type": "region", "version": 1 }, "end_va": 8791759499263, "entry_point": 8791759073504, "filename": "\\Windows\\System32\\KernelBase.dll", "id": "region_4161", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\system32\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 8791759060992, "timestamp": "00:01:12.854", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 823296, "start_va": 8791762206720, "type": "region", "version": 1 }, "end_va": 8791763030015, "entry_point": 8791762708596, "filename": "\\Windows\\System32\\usp10.dll", "id": "region_4162", "name": "usp10.dll", "norm_filename": "c:\\windows\\system32\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 8791762206720, "timestamp": "00:01:12.854", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1085440, "start_va": 8791763451904, "type": "region", "version": 1 }, "end_va": 8791764537343, "entry_point": 8791763456100, "filename": "\\Windows\\System32\\msctf.dll", "id": "region_4163", "name": "msctf.dll", "norm_filename": "c:\\windows\\system32\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 8791763451904, "timestamp": "00:01:12.854", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 57344, "start_va": 8791764566016, "type": "region", "version": 1 }, "end_va": 8791764623359, "entry_point": 8791764570240, "filename": "\\Windows\\System32\\lpk.dll", "id": "region_4164", "name": "lpk.dll", "norm_filename": "c:\\windows\\system32\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 8791764566016, "timestamp": "00:01:12.855", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 126976, "start_va": 8791765876736, "type": "region", "version": 1 }, "end_va": 8791766003711, "entry_point": 8791765901544, "filename": "\\Windows\\System32\\sechost.dll", "id": "region_4165", "name": "sechost.dll", "norm_filename": "c:\\windows\\system32\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 8791765876736, "timestamp": "00:01:12.856", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 188416, "start_va": 8791766007808, "type": "region", "version": 1 }, "end_va": 8791766196223, "entry_point": 8791766011920, "filename": "\\Windows\\System32\\imm32.dll", "id": "region_4166", "name": "imm32.dll", "norm_filename": "c:\\windows\\system32\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 8791766007808, "timestamp": "00:01:12.861", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 897024, "start_va": 8791785603072, "type": "region", "version": 1 }, "end_va": 8791786500095, "entry_point": 8791785736032, "filename": "\\Windows\\System32\\advapi32.dll", "id": "region_4167", "name": "advapi32.dll", "norm_filename": "c:\\windows\\system32\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 8791785603072, "timestamp": "00:01:12.862", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1232896, "start_va": 8791786520576, "type": "region", "version": 1 }, "end_va": 8791787753471, "entry_point": 8791786843472, "filename": "\\Windows\\System32\\rpcrt4.dll", "id": "region_4168", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\system32\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 8791786520576, "timestamp": "00:01:12.862", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 651264, "start_va": 8791791435776, "type": "region", "version": 1 }, "end_va": 8791792087039, "entry_point": 8791791445408, "filename": "\\Windows\\System32\\msvcrt.dll", "id": "region_4169", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\system32\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 8791791435776, "timestamp": "00:01:12.863", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2109440, "start_va": 8791792091136, "type": "region", "version": 1 }, "end_va": 8791794200575, "entry_point": 8791792235312, "filename": "\\Windows\\System32\\ole32.dll", "id": "region_4170", "name": "ole32.dll", "norm_filename": "c:\\windows\\system32\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 8791792091136, "timestamp": "00:01:12.866", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 421888, "start_va": 8791794778112, "type": "region", "version": 1 }, "end_va": 8791795199999, "entry_point": 8791794823228, "filename": "\\Windows\\System32\\gdi32.dll", "id": "region_4171", "name": "gdi32.dll", "norm_filename": "c:\\windows\\system32\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 8791794778112, "timestamp": "00:01:12.866", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 8791795761152, "type": "region", "version": 1 }, "end_va": 8791795765247, "entry_point": 8791795761152, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_4172", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 8791795761152, "timestamp": "00:01:12.867", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092686336, "type": "region", "version": 1 }, "end_va": 8796092694527, "entry_point": 0, "filename": null, "id": "region_4173", "name": "private_0x000007fffffae000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092686336, "timestamp": "00:01:12.870", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 8796092694528, "type": "region", "version": 1 }, "end_va": 8796092837887, "entry_point": 0, "filename": null, "id": "region_4174", "name": "pagefile_0x000007fffffb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 8796092694528, "timestamp": "00:01:12.870", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092841984, "type": "region", "version": 1 }, "end_va": 8796092850175, "entry_point": 0, "filename": null, "id": "region_4175", "name": "private_0x000007fffffd4000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092841984, "timestamp": "00:01:12.870", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092850176, "type": "region", "version": 1 }, "end_va": 8796092858367, "entry_point": 0, "filename": null, "id": "region_4176", "name": "private_0x000007fffffd6000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092850176, "timestamp": "00:01:12.870", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092858368, "type": "region", "version": 1 }, "end_va": 8796092866559, "entry_point": 0, "filename": null, "id": "region_4177", "name": "private_0x000007fffffd8000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092858368, "timestamp": "00:01:12.870", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092866560, "type": "region", "version": 1 }, "end_va": 8796092874751, "entry_point": 0, "filename": null, "id": "region_4178", "name": "private_0x000007fffffda000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092866560, "timestamp": "00:01:12.870", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 8796092874752, "type": "region", "version": 1 }, "end_va": 8796092878847, "entry_point": 0, "filename": null, "id": "region_4179", "name": "private_0x000007fffffdc000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092874752, "timestamp": "00:01:12.870", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092882944, "type": "region", "version": 1 }, "end_va": 8796092891135, "entry_point": 0, "filename": null, "id": "region_4180", "name": "private_0x000007fffffde000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092882944, "timestamp": "00:01:12.870", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 1376256, "type": "region", "version": 1 }, "end_va": 1380351, "entry_point": 0, "filename": null, "id": "region_4181", "name": "private_0x0000000000150000", "norm_filename": null, "region_type": "private_memory", "start_va": 1376256, "timestamp": "00:01:12.873", "type": "region", "version": 1 } ], "terminate_reason": "timeout", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "C:\\Windows\\system32\\services.exe", "filename": "c:\\windows\\system32\\services.exe", "id": "proc_26", "image_name": "services.exe", "monitor_reason": "child_process", "monitored_id": 26, "origin_monitor_id": 23, "ref_parent_process": { "ref_id": "proc_23", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_2350", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:01:06.810", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 28672, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 159743, "entry_point": 0, "filename": null, "id": "region_2351", "name": "pagefile_0x0000000000020000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 131072, "timestamp": "00:01:06.810", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 212991, "entry_point": 0, "filename": null, "id": "region_2352", "name": "pagefile_0x0000000000030000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 196608, "timestamp": "00:01:06.810", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 266239, "entry_point": 0, "filename": null, "id": "region_2353", "name": "pagefile_0x0000000000040000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 262144, "timestamp": "00:01:06.810", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 327680, "type": "region", "version": 1 }, "end_va": 749567, "entry_point": 327680, "filename": "\\Windows\\System32\\locale.nls", "id": "region_2354", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 327680, "timestamp": "00:01:06.810", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 786432, "type": "region", "version": 1 }, "end_va": 794623, "entry_point": 0, "filename": null, "id": "region_2355", "name": "pagefile_0x00000000000c0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 786432, "timestamp": "00:01:06.811", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 851968, "type": "region", "version": 1 }, "end_va": 856063, "entry_point": 0, "filename": null, "id": "region_2356", "name": "private_0x00000000000d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 851968, "timestamp": "00:01:06.811", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 917504, "type": "region", "version": 1 }, "end_va": 921599, "entry_point": 0, "filename": null, "id": "region_2357", "name": "private_0x00000000000e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 917504, "timestamp": "00:01:06.811", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 983040, "type": "region", "version": 1 }, "end_va": 1507327, "entry_point": 0, "filename": null, "id": "region_2358", "name": "private_0x00000000000f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 983040, "timestamp": "00:01:06.811", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 786432, "start_va": 1507328, "type": "region", "version": 1 }, "end_va": 2293759, "entry_point": 0, "filename": null, "id": "region_2359", "name": "pagefile_0x0000000000170000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1507328, "timestamp": "00:01:06.811", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 32768, "start_va": 2293760, "type": "region", "version": 1 }, "end_va": 2326527, "entry_point": 0, "filename": null, "id": "region_2360", "name": "pagefile_0x0000000000230000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2293760, "timestamp": "00:01:06.811", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2424832, "type": "region", "version": 1 }, "end_va": 3473407, "entry_point": 0, "filename": null, "id": "region_2361", "name": "private_0x0000000000250000", "norm_filename": null, "region_type": "private_memory", "start_va": 2424832, "timestamp": "00:01:06.811", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 3473408, "type": "region", "version": 1 }, "end_va": 4521983, "entry_point": 0, "filename": null, "id": "region_2362", "name": "private_0x0000000000350000", "norm_filename": null, "region_type": "private_memory", "start_va": 3473408, "timestamp": "00:01:06.811", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 4653056, "type": "region", "version": 1 }, "end_va": 4915199, "entry_point": 0, "filename": null, "id": "region_2363", "name": "private_0x0000000000470000", "norm_filename": null, "region_type": "private_memory", "start_va": 4653056, "timestamp": "00:01:06.811", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 4980736, "type": "region", "version": 1 }, "end_va": 5046271, "entry_point": 0, "filename": null, "id": "region_2364", "name": "private_0x00000000004c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 4980736, "timestamp": "00:01:06.811", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 5046272, "type": "region", "version": 1 }, "end_va": 6651903, "entry_point": 0, "filename": null, "id": "region_2365", "name": "pagefile_0x00000000004d0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 5046272, "timestamp": "00:01:06.811", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 6684672, "type": "region", "version": 1 }, "end_va": 8261631, "entry_point": 0, "filename": null, "id": "region_2366", "name": "pagefile_0x0000000000660000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 6684672, "timestamp": "00:01:06.811", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4141056, "start_va": 8323072, "type": "region", "version": 1 }, "end_va": 12464127, "entry_point": 0, "filename": null, "id": "region_2367", "name": "pagefile_0x00000000007f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 8323072, "timestamp": "00:01:06.811", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 12779520, "type": "region", "version": 1 }, "end_va": 13303807, "entry_point": 0, "filename": null, "id": "region_2368", "name": "private_0x0000000000c30000", "norm_filename": null, "region_type": "private_memory", "start_va": 12779520, "timestamp": "00:01:06.811", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 13565952, "type": "region", "version": 1 }, "end_va": 14090239, "entry_point": 0, "filename": null, "id": "region_2369", "name": "private_0x0000000000cf0000", "norm_filename": null, "region_type": "private_memory", "start_va": 13565952, "timestamp": "00:01:06.811", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 14090240, "type": "region", "version": 1 }, "end_va": 14614527, "entry_point": 0, "filename": null, "id": "region_2370", "name": "private_0x0000000000d70000", "norm_filename": null, "region_type": "private_memory", "start_va": 14090240, "timestamp": "00:01:06.811", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 14942208, "type": "region", "version": 1 }, "end_va": 15466495, "entry_point": 0, "filename": null, "id": "region_2371", "name": "private_0x0000000000e40000", "norm_filename": null, "region_type": "private_memory", "start_va": 14942208, "timestamp": "00:01:06.811", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 15466496, "type": "region", "version": 1 }, "end_va": 15990783, "entry_point": 0, "filename": null, "id": "region_2372", "name": "private_0x0000000000ec0000", "norm_filename": null, "region_type": "private_memory", "start_va": 15466496, "timestamp": "00:01:06.811", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 16056320, "type": "region", "version": 1 }, "end_va": 16580607, "entry_point": 0, "filename": null, "id": "region_2373", "name": "private_0x0000000000f50000", "norm_filename": null, "region_type": "private_memory", "start_va": 16056320, "timestamp": "00:01:06.811", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 16711680, "type": "region", "version": 1 }, "end_va": 17235967, "entry_point": 0, "filename": null, "id": "region_2374", "name": "private_0x0000000000ff0000", "norm_filename": null, "region_type": "private_memory", "start_va": 16711680, "timestamp": "00:01:06.811", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 17367040, "type": "region", "version": 1 }, "end_va": 17891327, "entry_point": 0, "filename": null, "id": "region_2375", "name": "private_0x0000000001090000", "norm_filename": null, "region_type": "private_memory", "start_va": 17367040, "timestamp": "00:01:06.811", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 17891328, "type": "region", "version": 1 }, "end_va": 18415615, "entry_point": 0, "filename": null, "id": "region_2376", "name": "private_0x0000000001110000", "norm_filename": null, "region_type": "private_memory", "start_va": 17891328, "timestamp": "00:01:06.811", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 19005440, "type": "region", "version": 1 }, "end_va": 19529727, "entry_point": 0, "filename": null, "id": "region_2377", "name": "private_0x0000000001220000", "norm_filename": null, "region_type": "private_memory", "start_va": 19005440, "timestamp": "00:01:06.811", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 19529728, "type": "region", "version": 1 }, "end_va": 20054015, "entry_point": 0, "filename": null, "id": "region_2378", "name": "private_0x00000000012a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 19529728, "timestamp": "00:01:06.811", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 20250624, "type": "region", "version": 1 }, "end_va": 20774911, "entry_point": 0, "filename": null, "id": "region_2379", "name": "private_0x0000000001350000", "norm_filename": null, "region_type": "private_memory", "start_va": 20250624, "timestamp": "00:01:06.811", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 21299200, "type": "region", "version": 1 }, "end_va": 21823487, "entry_point": 0, "filename": null, "id": "region_2380", "name": "private_0x0000000001450000", "norm_filename": null, "region_type": "private_memory", "start_va": 21299200, "timestamp": "00:01:06.811", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 21889024, "type": "region", "version": 1 }, "end_va": 22413311, "entry_point": 0, "filename": null, "id": "region_2381", "name": "private_0x00000000014e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 21889024, "timestamp": "00:01:06.811", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 22544384, "type": "region", "version": 1 }, "end_va": 23068671, "entry_point": 0, "filename": null, "id": "region_2382", "name": "private_0x0000000001580000", "norm_filename": null, "region_type": "private_memory", "start_va": 22544384, "timestamp": "00:01:06.811", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 23199744, "type": "region", "version": 1 }, "end_va": 23724031, "entry_point": 0, "filename": null, "id": "region_2383", "name": "private_0x0000000001620000", "norm_filename": null, "region_type": "private_memory", "start_va": 23199744, "timestamp": "00:01:06.811", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 24444928, "type": "region", "version": 1 }, "end_va": 24969215, "entry_point": 0, "filename": null, "id": "region_2384", "name": "private_0x0000000001750000", "norm_filename": null, "region_type": "private_memory", "start_va": 24444928, "timestamp": "00:01:06.811", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 24969216, "type": "region", "version": 1 }, "end_va": 26017791, "entry_point": 0, "filename": null, "id": "region_2385", "name": "private_0x00000000017d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 24969216, "timestamp": "00:01:06.811", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 26869760, "type": "region", "version": 1 }, "end_va": 27394047, "entry_point": 0, "filename": null, "id": "region_2386", "name": "private_0x00000000019a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 26869760, "timestamp": "00:01:06.811", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1024000, "start_va": 2005467136, "type": "region", "version": 1 }, "end_va": 2006491135, "entry_point": 2005574344, "filename": "\\Windows\\System32\\user32.dll", "id": "region_2387", "name": "user32.dll", "norm_filename": "c:\\windows\\system32\\user32.dll", "region_type": "memory_mapped_file", "start_va": 2005467136, "timestamp": "00:01:06.811", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1175552, "start_va": 2006515712, "type": "region", "version": 1 }, "end_va": 2007691263, "entry_point": 2006605472, "filename": "\\Windows\\System32\\kernel32.dll", "id": "region_2388", "name": "kernel32.dll", "norm_filename": "c:\\windows\\system32\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 2006515712, "timestamp": "00:01:06.812", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 2007695360, "type": "region", "version": 1 }, "end_va": 2009436159, "entry_point": 2007695360, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_2389", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2007695360, "timestamp": "00:01:06.813", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2131623935, "entry_point": 0, "filename": null, "id": "region_2390", "name": "pagefile_0x000000007efe0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130575360, "timestamp": "00:01:06.813", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 15728640, "start_va": 2131623936, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_2391", "name": "private_0x000000007f0e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2131623936, "timestamp": "00:01:06.814", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable" ], "ref_process_dump": null, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_2392", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:01:06.814", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 339968, "start_va": 4292018176, "type": "region", "version": 1 }, "end_va": 4292358143, "entry_point": 4292096784, "filename": "\\Windows\\System32\\services.exe", "id": "region_2393", "name": "services.exe", "norm_filename": "c:\\windows\\system32\\services.exe", "region_type": "memory_mapped_file", "start_va": 4292018176, "timestamp": "00:01:06.814", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 69632, "start_va": 8791728128000, "type": "region", "version": 1 }, "end_va": 8791728197631, "entry_point": 8791728132208, "filename": "\\Windows\\System32\\wtsapi32.dll", "id": "region_2394", "name": "wtsapi32.dll", "norm_filename": "c:\\windows\\system32\\wtsapi32.dll", "region_type": "memory_mapped_file", "start_va": 8791728128000, "timestamp": "00:01:06.815", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 233472, "start_va": 8791746347008, "type": "region", "version": 1 }, "end_va": 8791746580479, "entry_point": 8791746396400, "filename": "\\Windows\\System32\\ubpm.dll", "id": "region_2395", "name": "ubpm.dll", "norm_filename": "c:\\windows\\system32\\ubpm.dll", "region_type": "memory_mapped_file", "start_va": 8791746347008, "timestamp": "00:01:06.815", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 8791746609152, "type": "region", "version": 1 }, "end_va": 8791746650111, "entry_point": 8791746624696, "filename": "\\Windows\\System32\\credssp.dll", "id": "region_2396", "name": "credssp.dll", "norm_filename": "c:\\windows\\system32\\credssp.dll", "region_type": "memory_mapped_file", "start_va": 8791746609152, "timestamp": "00:01:06.816", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 192512, "start_va": 8791752835072, "type": "region", "version": 1 }, "end_va": 8791753027583, "entry_point": 8791752839268, "filename": "\\Windows\\System32\\authz.dll", "id": "region_2397", "name": "authz.dll", "norm_filename": "c:\\windows\\system32\\authz.dll", "region_type": "memory_mapped_file", "start_va": 8791752835072, "timestamp": "00:01:06.816", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 143360, "start_va": 8791756046336, "type": "region", "version": 1 }, "end_va": 8791756189695, "entry_point": 8791756050840, "filename": "\\Windows\\System32\\srvcli.dll", "id": "region_2398", "name": "srvcli.dll", "norm_filename": "c:\\windows\\system32\\srvcli.dll", "region_type": "memory_mapped_file", "start_va": 8791756046336, "timestamp": "00:01:06.817", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 421888, "start_va": 8791756242944, "type": "region", "version": 1 }, "end_va": 8791756664831, "entry_point": 8791756242944, "filename": "\\Windows\\System32\\scesrv.dll", "id": "region_2399", "name": "scesrv.dll", "norm_filename": "c:\\windows\\system32\\scesrv.dll", "region_type": "memory_mapped_file", "start_va": 8791756242944, "timestamp": "00:01:06.818", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 45056, "start_va": 8791756701696, "type": "region", "version": 1 }, "end_va": 8791756746751, "entry_point": 8791756705840, "filename": "\\Windows\\System32\\secur32.dll", "id": "region_2400", "name": "secur32.dll", "norm_filename": "c:\\windows\\system32\\secur32.dll", "region_type": "memory_mapped_file", "start_va": 8791756701696, "timestamp": "00:01:06.828", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 8791756767232, "type": "region", "version": 1 }, "end_va": 8791756869631, "entry_point": 8791756767232, "filename": "\\Windows\\System32\\scext.dll", "id": "region_2401", "name": "scext.dll", "norm_filename": "c:\\windows\\system32\\scext.dll", "region_type": "memory_mapped_file", "start_va": 8791756767232, "timestamp": "00:01:06.829", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 151552, "start_va": 8791756898304, "type": "region", "version": 1 }, "end_va": 8791757049855, "entry_point": 8791756936792, "filename": "\\Windows\\System32\\sspicli.dll", "id": "region_2402", "name": "sspicli.dll", "norm_filename": "c:\\windows\\system32\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 8791756898304, "timestamp": "00:01:06.839", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 61440, "start_va": 8791757094912, "type": "region", "version": 1 }, "end_va": 8791757156351, "entry_point": 8791757099024, "filename": "\\Windows\\System32\\cryptbase.dll", "id": "region_2403", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\system32\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 8791757094912, "timestamp": "00:01:06.839", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 249856, "start_va": 8791757815808, "type": "region", "version": 1 }, "end_va": 8791758065663, "entry_point": 8791757822196, "filename": "\\Windows\\System32\\winsta.dll", "id": "region_2404", "name": "winsta.dll", "norm_filename": "c:\\windows\\system32\\winsta.dll", "region_type": "memory_mapped_file", "start_va": 8791757815808, "timestamp": "00:01:06.840", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 81920, "start_va": 8791758077952, "type": "region", "version": 1 }, "end_va": 8791758159871, "entry_point": 8791758082272, "filename": "\\Windows\\System32\\RpcRtRemote.dll", "id": "region_2405", "name": "rpcrtremote.dll", "norm_filename": "c:\\windows\\system32\\rpcrtremote.dll", "region_type": "memory_mapped_file", "start_va": 8791758077952, "timestamp": "00:01:06.841", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 61440, "start_va": 8791758209024, "type": "region", "version": 1 }, "end_va": 8791758270463, "entry_point": 8791758215600, "filename": "\\Windows\\System32\\profapi.dll", "id": "region_2406", "name": "profapi.dll", "norm_filename": "c:\\windows\\system32\\profapi.dll", "region_type": "memory_mapped_file", "start_va": 8791758209024, "timestamp": "00:01:06.841", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 438272, "start_va": 8791759060992, "type": "region", "version": 1 }, "end_va": 8791759499263, "entry_point": 8791759073504, "filename": "\\Windows\\System32\\KernelBase.dll", "id": "region_2407", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\system32\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 8791759060992, "timestamp": "00:01:06.844", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 823296, "start_va": 8791762206720, "type": "region", "version": 1 }, "end_va": 8791763030015, "entry_point": 8791762708596, "filename": "\\Windows\\System32\\usp10.dll", "id": "region_2408", "name": "usp10.dll", "norm_filename": "c:\\windows\\system32\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 8791762206720, "timestamp": "00:01:06.845", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1085440, "start_va": 8791763451904, "type": "region", "version": 1 }, "end_va": 8791764537343, "entry_point": 8791763456100, "filename": "\\Windows\\System32\\msctf.dll", "id": "region_2409", "name": "msctf.dll", "norm_filename": "c:\\windows\\system32\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 8791763451904, "timestamp": "00:01:06.845", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 57344, "start_va": 8791764566016, "type": "region", "version": 1 }, "end_va": 8791764623359, "entry_point": 8791764570240, "filename": "\\Windows\\System32\\lpk.dll", "id": "region_2410", "name": "lpk.dll", "norm_filename": "c:\\windows\\system32\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 8791764566016, "timestamp": "00:01:06.846", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 126976, "start_va": 8791765876736, "type": "region", "version": 1 }, "end_va": 8791766003711, "entry_point": 8791765901544, "filename": "\\Windows\\System32\\sechost.dll", "id": "region_2411", "name": "sechost.dll", "norm_filename": "c:\\windows\\system32\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 8791765876736, "timestamp": "00:01:06.846", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 188416, "start_va": 8791766007808, "type": "region", "version": 1 }, "end_va": 8791766196223, "entry_point": 8791766011920, "filename": "\\Windows\\System32\\imm32.dll", "id": "region_2412", "name": "imm32.dll", "norm_filename": "c:\\windows\\system32\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 8791766007808, "timestamp": "00:01:06.847", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 897024, "start_va": 8791785603072, "type": "region", "version": 1 }, "end_va": 8791786500095, "entry_point": 8791785736032, "filename": "\\Windows\\System32\\advapi32.dll", "id": "region_2413", "name": "advapi32.dll", "norm_filename": "c:\\windows\\system32\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 8791785603072, "timestamp": "00:01:06.848", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1232896, "start_va": 8791786520576, "type": "region", "version": 1 }, "end_va": 8791787753471, "entry_point": 8791786843472, "filename": "\\Windows\\System32\\rpcrt4.dll", "id": "region_2414", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\system32\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 8791786520576, "timestamp": "00:01:06.848", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 651264, "start_va": 8791791435776, "type": "region", "version": 1 }, "end_va": 8791792087039, "entry_point": 8791791445408, "filename": "\\Windows\\System32\\msvcrt.dll", "id": "region_2415", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\system32\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 8791791435776, "timestamp": "00:01:06.849", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 421888, "start_va": 8791794778112, "type": "region", "version": 1 }, "end_va": 8791795199999, "entry_point": 8791794823228, "filename": "\\Windows\\System32\\gdi32.dll", "id": "region_2416", "name": "gdi32.dll", "norm_filename": "c:\\windows\\system32\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 8791794778112, "timestamp": "00:01:06.849", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 8791795761152, "type": "region", "version": 1 }, "end_va": 8791795765247, "entry_point": 8791795761152, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_2417", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 8791795761152, "timestamp": "00:01:06.850", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092596224, "type": "region", "version": 1 }, "end_va": 8796092604415, "entry_point": 0, "filename": null, "id": "region_2418", "name": "private_0x000007fffff98000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092596224, "timestamp": "00:01:06.853", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092604416, "type": "region", "version": 1 }, "end_va": 8796092612607, "entry_point": 0, "filename": null, "id": "region_2419", "name": "private_0x000007fffff9a000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092604416, "timestamp": "00:01:06.853", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092612608, "type": "region", "version": 1 }, "end_va": 8796092620799, "entry_point": 0, "filename": null, "id": "region_2420", "name": "private_0x000007fffff9c000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092612608, "timestamp": "00:01:06.853", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092620800, "type": "region", "version": 1 }, "end_va": 8796092628991, "entry_point": 0, "filename": null, "id": "region_2421", "name": "private_0x000007fffff9e000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092620800, "timestamp": "00:01:06.853", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092628992, "type": "region", "version": 1 }, "end_va": 8796092637183, "entry_point": 0, "filename": null, "id": "region_2422", "name": "private_0x000007fffffa0000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092628992, "timestamp": "00:01:06.853", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092637184, "type": "region", "version": 1 }, "end_va": 8796092645375, "entry_point": 0, "filename": null, "id": "region_2423", "name": "private_0x000007fffffa2000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092637184, "timestamp": "00:01:06.853", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092645376, "type": "region", "version": 1 }, "end_va": 8796092653567, "entry_point": 0, "filename": null, "id": "region_2424", "name": "private_0x000007fffffa4000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092645376, "timestamp": "00:01:06.853", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092653568, "type": "region", "version": 1 }, "end_va": 8796092661759, "entry_point": 0, "filename": null, "id": "region_2425", "name": "private_0x000007fffffa6000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092653568, "timestamp": "00:01:06.853", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092661760, "type": "region", "version": 1 }, "end_va": 8796092669951, "entry_point": 0, "filename": null, "id": "region_2426", "name": "private_0x000007fffffa8000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092661760, "timestamp": "00:01:06.853", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092669952, "type": "region", "version": 1 }, "end_va": 8796092678143, "entry_point": 0, "filename": null, "id": "region_2427", "name": "private_0x000007fffffaa000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092669952, "timestamp": "00:01:06.853", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092678144, "type": "region", "version": 1 }, "end_va": 8796092686335, "entry_point": 0, "filename": null, "id": "region_2428", "name": "private_0x000007fffffac000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092678144, "timestamp": "00:01:06.853", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092686336, "type": "region", "version": 1 }, "end_va": 8796092694527, "entry_point": 0, "filename": null, "id": "region_2429", "name": "private_0x000007fffffae000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092686336, "timestamp": "00:01:06.853", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 8796092694528, "type": "region", "version": 1 }, "end_va": 8796092837887, "entry_point": 0, "filename": null, "id": "region_2430", "name": "pagefile_0x000007fffffb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 8796092694528, "timestamp": "00:01:06.853", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092837888, "type": "region", "version": 1 }, "end_va": 8796092846079, "entry_point": 0, "filename": null, "id": "region_2431", "name": "private_0x000007fffffd3000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092837888, "timestamp": "00:01:06.853", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092846080, "type": "region", "version": 1 }, "end_va": 8796092854271, "entry_point": 0, "filename": null, "id": "region_2432", "name": "private_0x000007fffffd5000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092846080, "timestamp": "00:01:06.853", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 8796092854272, "type": "region", "version": 1 }, "end_va": 8796092858367, "entry_point": 0, "filename": null, "id": "region_2433", "name": "private_0x000007fffffd7000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092854272, "timestamp": "00:01:06.853", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092858368, "type": "region", "version": 1 }, "end_va": 8796092866559, "entry_point": 0, "filename": null, "id": "region_2434", "name": "private_0x000007fffffd8000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092858368, "timestamp": "00:01:06.853", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092866560, "type": "region", "version": 1 }, "end_va": 8796092874751, "entry_point": 0, "filename": null, "id": "region_2435", "name": "private_0x000007fffffda000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092866560, "timestamp": "00:01:06.853", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092874752, "type": "region", "version": 1 }, "end_va": 8796092882943, "entry_point": 0, "filename": null, "id": "region_2436", "name": "private_0x000007fffffdc000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092874752, "timestamp": "00:01:06.853", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092882944, "type": "region", "version": 1 }, "end_va": 8796092891135, "entry_point": 0, "filename": null, "id": "region_2437", "name": "private_0x000007fffffde000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092882944, "timestamp": "00:01:06.853", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 315392, "start_va": 8791795236864, "type": "region", "version": 1 }, "end_va": 8791795552255, "entry_point": 8791795241072, "filename": "\\Windows\\System32\\ws2_32.dll", "id": "region_5447", "name": "ws2_32.dll", "norm_filename": "c:\\windows\\system32\\ws2_32.dll", "region_type": "memory_mapped_file", "start_va": 8791795236864, "timestamp": "00:01:25.852", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 8791781998592, "type": "region", "version": 1 }, "end_va": 8791782031359, "entry_point": 8791782003972, "filename": "\\Windows\\System32\\nsi.dll", "id": "region_5448", "name": "nsi.dll", "norm_filename": "c:\\windows\\system32\\nsi.dll", "region_type": "memory_mapped_file", "start_va": 8791781998592, "timestamp": "00:01:25.853", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2945024, "start_va": 27394048, "type": "region", "version": 1 }, "end_va": 30339071, "entry_point": 27394048, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_5449", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 27394048, "timestamp": "00:01:25.855", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 348160, "start_va": 8791750410240, "type": "region", "version": 1 }, "end_va": 8791750758399, "entry_point": 8791750414420, "filename": "\\Windows\\System32\\mswsock.dll", "id": "region_5450", "name": "mswsock.dll", "norm_filename": "c:\\windows\\system32\\mswsock.dll", "region_type": "memory_mapped_file", "start_va": 8791750410240, "timestamp": "00:01:25.860", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 28672, "start_va": 8791744118784, "type": "region", "version": 1 }, "end_va": 8791744147455, "entry_point": 8791744124080, "filename": "\\Windows\\System32\\WSHTCPIP.DLL", "id": "region_5451", "name": "wshtcpip.dll", "norm_filename": "c:\\windows\\system32\\wshtcpip.dll", "region_type": "memory_mapped_file", "start_va": 8791744118784, "timestamp": "00:01:25.862", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 28672, "start_va": 8791750344704, "type": "region", "version": 1 }, "end_va": 8791750373375, "entry_point": 8791750349868, "filename": "\\Windows\\System32\\wship6.dll", "id": "region_5472", "name": "wship6.dll", "norm_filename": "c:\\windows\\system32\\wship6.dll", "region_type": "memory_mapped_file", "start_va": 8791750344704, "timestamp": "00:01:25.923", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2359296, "type": "region", "version": 1 }, "end_va": 2363391, "entry_point": 0, "filename": null, "id": "region_5473", "name": "private_0x0000000000240000", "norm_filename": null, "region_type": "private_memory", "start_va": 2359296, "timestamp": "00:01:25.929", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 4521984, "type": "region", "version": 1 }, "end_va": 4526079, "entry_point": 0, "filename": null, "id": "region_5474", "name": "private_0x0000000000450000", "norm_filename": null, "region_type": "private_memory", "start_va": 4521984, "timestamp": "00:01:25.931", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 4587520, "type": "region", "version": 1 }, "end_va": 4591615, "entry_point": 0, "filename": null, "id": "region_5476", "name": "private_0x0000000000460000", "norm_filename": null, "region_type": "private_memory", "start_va": 4587520, "timestamp": "00:01:25.936", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 4915200, "type": "region", "version": 1 }, "end_va": 4919295, "entry_point": 0, "filename": null, "id": "region_5477", "name": "private_0x00000000004b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 4915200, "timestamp": "00:01:25.936", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 12517376, "type": "region", "version": 1 }, "end_va": 12521471, "entry_point": 0, "filename": null, "id": "region_5478", "name": "private_0x0000000000bf0000", "norm_filename": null, "region_type": "private_memory", "start_va": 12517376, "timestamp": "00:01:25.936", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 12582912, "type": "region", "version": 1 }, "end_va": 12587007, "entry_point": 0, "filename": null, "id": "region_5479", "name": "private_0x0000000000c00000", "norm_filename": null, "region_type": "private_memory", "start_va": 12582912, "timestamp": "00:01:25.936", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 12648448, "type": "region", "version": 1 }, "end_va": 12652543, "entry_point": 0, "filename": null, "id": "region_5480", "name": "private_0x0000000000c10000", "norm_filename": null, "region_type": "private_memory", "start_va": 12648448, "timestamp": "00:01:25.936", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 12713984, "type": "region", "version": 1 }, "end_va": 12718079, "entry_point": 0, "filename": null, "id": "region_5481", "name": "private_0x0000000000c20000", "norm_filename": null, "region_type": "private_memory", "start_va": 12713984, "timestamp": "00:01:25.936", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 13303808, "type": "region", "version": 1 }, "end_va": 13307903, "entry_point": 0, "filename": null, "id": "region_5482", "name": "private_0x0000000000cb0000", "norm_filename": null, "region_type": "private_memory", "start_va": 13303808, "timestamp": "00:01:25.936", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 13369344, "type": "region", "version": 1 }, "end_va": 13373439, "entry_point": 0, "filename": null, "id": "region_5483", "name": "private_0x0000000000cc0000", "norm_filename": null, "region_type": "private_memory", "start_va": 13369344, "timestamp": "00:01:25.936", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 13434880, "type": "region", "version": 1 }, "end_va": 13438975, "entry_point": 0, "filename": null, "id": "region_5484", "name": "private_0x0000000000cd0000", "norm_filename": null, "region_type": "private_memory", "start_va": 13434880, "timestamp": "00:01:25.936", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 13500416, "type": "region", "version": 1 }, "end_va": 13504511, "entry_point": 0, "filename": null, "id": "region_5485", "name": "private_0x0000000000ce0000", "norm_filename": null, "region_type": "private_memory", "start_va": 13500416, "timestamp": "00:01:25.936", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 14614528, "type": "region", "version": 1 }, "end_va": 14618623, "entry_point": 0, "filename": null, "id": "region_5486", "name": "private_0x0000000000df0000", "norm_filename": null, "region_type": "private_memory", "start_va": 14614528, "timestamp": "00:01:25.936", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 14680064, "type": "region", "version": 1 }, "end_va": 14684159, "entry_point": 0, "filename": null, "id": "region_5487", "name": "private_0x0000000000e00000", "norm_filename": null, "region_type": "private_memory", "start_va": 14680064, "timestamp": "00:01:25.936", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 14745600, "type": "region", "version": 1 }, "end_va": 14749695, "entry_point": 0, "filename": null, "id": "region_5488", "name": "private_0x0000000000e10000", "norm_filename": null, "region_type": "private_memory", "start_va": 14745600, "timestamp": "00:01:25.936", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 14811136, "type": "region", "version": 1 }, "end_va": 14815231, "entry_point": 0, "filename": null, "id": "region_5489", "name": "private_0x0000000000e20000", "norm_filename": null, "region_type": "private_memory", "start_va": 14811136, "timestamp": "00:01:25.936", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 14876672, "type": "region", "version": 1 }, "end_va": 14880767, "entry_point": 0, "filename": null, "id": "region_5490", "name": "private_0x0000000000e30000", "norm_filename": null, "region_type": "private_memory", "start_va": 14876672, "timestamp": "00:01:25.936", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 15990784, "type": "region", "version": 1 }, "end_va": 15994879, "entry_point": 0, "filename": null, "id": "region_5491", "name": "private_0x0000000000f40000", "norm_filename": null, "region_type": "private_memory", "start_va": 15990784, "timestamp": "00:01:25.936", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 16580608, "type": "region", "version": 1 }, "end_va": 16584703, "entry_point": 0, "filename": null, "id": "region_5492", "name": "private_0x0000000000fd0000", "norm_filename": null, "region_type": "private_memory", "start_va": 16580608, "timestamp": "00:01:25.936", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 16646144, "type": "region", "version": 1 }, "end_va": 16650239, "entry_point": 0, "filename": null, "id": "region_5493", "name": "private_0x0000000000fe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 16646144, "timestamp": "00:01:25.936", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 17235968, "type": "region", "version": 1 }, "end_va": 17240063, "entry_point": 0, "filename": null, "id": "region_5494", "name": "private_0x0000000001070000", "norm_filename": null, "region_type": "private_memory", "start_va": 17235968, "timestamp": "00:01:25.936", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 17301504, "type": "region", "version": 1 }, "end_va": 17305599, "entry_point": 0, "filename": null, "id": "region_5495", "name": "private_0x0000000001080000", "norm_filename": null, "region_type": "private_memory", "start_va": 17301504, "timestamp": "00:01:25.936", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 18415616, "type": "region", "version": 1 }, "end_va": 18419711, "entry_point": 0, "filename": null, "id": "region_5496", "name": "private_0x0000000001190000", "norm_filename": null, "region_type": "private_memory", "start_va": 18415616, "timestamp": "00:01:25.936", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 18481152, "type": "region", "version": 1 }, "end_va": 18485247, "entry_point": 0, "filename": null, "id": "region_5497", "name": "private_0x00000000011a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 18481152, "timestamp": "00:01:25.936", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 18546688, "type": "region", "version": 1 }, "end_va": 18550783, "entry_point": 0, "filename": null, "id": "region_5498", "name": "private_0x00000000011b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 18546688, "timestamp": "00:01:25.936", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 18612224, "type": "region", "version": 1 }, "end_va": 18616319, "entry_point": 0, "filename": null, "id": "region_5499", "name": "private_0x00000000011c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 18612224, "timestamp": "00:01:25.936", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 18677760, "type": "region", "version": 1 }, "end_va": 18681855, "entry_point": 0, "filename": null, "id": "region_5500", "name": "private_0x00000000011d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 18677760, "timestamp": "00:01:25.936", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 18743296, "type": "region", "version": 1 }, "end_va": 18747391, "entry_point": 0, "filename": null, "id": "region_5501", "name": "private_0x00000000011e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 18743296, "timestamp": "00:01:25.936", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 18808832, "type": "region", "version": 1 }, "end_va": 18812927, "entry_point": 0, "filename": null, "id": "region_5502", "name": "private_0x00000000011f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 18808832, "timestamp": "00:01:25.936", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 18874368, "type": "region", "version": 1 }, "end_va": 18878463, "entry_point": 0, "filename": null, "id": "region_5503", "name": "private_0x0000000001200000", "norm_filename": null, "region_type": "private_memory", "start_va": 18874368, "timestamp": "00:01:25.936", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 18939904, "type": "region", "version": 1 }, "end_va": 18943999, "entry_point": 0, "filename": null, "id": "region_5504", "name": "private_0x0000000001210000", "norm_filename": null, "region_type": "private_memory", "start_va": 18939904, "timestamp": "00:01:25.936", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 20054016, "type": "region", "version": 1 }, "end_va": 20058111, "entry_point": 0, "filename": null, "id": "region_5505", "name": "private_0x0000000001320000", "norm_filename": null, "region_type": "private_memory", "start_va": 20054016, "timestamp": "00:01:25.936", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 20119552, "type": "region", "version": 1 }, "end_va": 20123647, "entry_point": 0, "filename": null, "id": "region_5506", "name": "private_0x0000000001330000", "norm_filename": null, "region_type": "private_memory", "start_va": 20119552, "timestamp": "00:01:25.936", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 30343168, "type": "region", "version": 1 }, "end_va": 31391743, "entry_point": 0, "filename": null, "id": "region_5507", "name": "private_0x0000000001cf0000", "norm_filename": null, "region_type": "private_memory", "start_va": 30343168, "timestamp": "00:01:25.946", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 2097152, "start_va": 31391744, "type": "region", "version": 1 }, "end_va": 33488895, "entry_point": 0, "filename": null, "id": "region_5508", "name": "private_0x0000000001df0000", "norm_filename": null, "region_type": "private_memory", "start_va": 31391744, "timestamp": "00:01:26.010", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 2097152, "start_va": 33488896, "type": "region", "version": 1 }, "end_va": 35586047, "entry_point": 0, "filename": null, "id": "region_5509", "name": "private_0x0000000001ff0000", "norm_filename": null, "region_type": "private_memory", "start_va": 33488896, "timestamp": "00:01:26.034", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 81920, "start_va": 4287889408, "type": "region", "version": 1 }, "end_va": 4287971327, "entry_point": 4287900896, "filename": "\\Windows\\System32\\taskhost.exe", "id": "region_5558", "name": "taskhost.exe", "norm_filename": "c:\\windows\\system32\\taskhost.exe", "region_type": "memory_mapped_file", "start_va": 4287889408, "timestamp": "00:01:26.415", "type": "region", "version": 1 } ], "terminate_reason": "timeout", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "C:\\Windows\\system32\\lsass.exe", "filename": "c:\\windows\\system32\\lsass.exe", "id": "proc_27", "image_name": "lsass.exe", "monitor_reason": "child_process", "monitored_id": 27, "origin_monitor_id": 23, "ref_parent_process": { "ref_id": "proc_23", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_3186", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:01:09.596", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 135167, "entry_point": 0, "filename": null, "id": "region_3187", "name": "pagefile_0x0000000000020000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 131072, "timestamp": "00:01:09.596", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 212991, "entry_point": 0, "filename": null, "id": "region_3188", "name": "pagefile_0x0000000000030000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 196608, "timestamp": "00:01:09.596", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 266239, "entry_point": 0, "filename": null, "id": "region_3189", "name": "pagefile_0x0000000000040000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 262144, "timestamp": "00:01:09.596", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 327680, "type": "region", "version": 1 }, "end_va": 749567, "entry_point": 327680, "filename": "\\Windows\\System32\\locale.nls", "id": "region_3190", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 327680, "timestamp": "00:01:09.596", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 786432, "type": "region", "version": 1 }, "end_va": 790527, "entry_point": 0, "filename": null, "id": "region_3191", "name": "private_0x00000000000c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 786432, "timestamp": "00:01:09.596", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 851968, "type": "region", "version": 1 }, "end_va": 856063, "entry_point": 0, "filename": null, "id": "region_3192", "name": "private_0x00000000000d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 851968, "timestamp": "00:01:09.596", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 917504, "type": "region", "version": 1 }, "end_va": 983039, "entry_point": 0, "filename": null, "id": "region_3193", "name": "pagefile_0x00000000000e0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 917504, "timestamp": "00:01:09.596", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 983040, "type": "region", "version": 1 }, "end_va": 1048575, "entry_point": 0, "filename": null, "id": "region_3194", "name": "pagefile_0x00000000000f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 983040, "timestamp": "00:01:09.596", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 28672, "start_va": 1048576, "type": "region", "version": 1 }, "end_va": 1077247, "entry_point": 0, "filename": null, "id": "region_3195", "name": "pagefile_0x0000000000100000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1048576, "timestamp": "00:01:09.596", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 1114112, "type": "region", "version": 1 }, "end_va": 1122303, "entry_point": 0, "filename": null, "id": "region_3196", "name": "pagefile_0x0000000000110000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1114112, "timestamp": "00:01:09.596", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 1179648, "type": "region", "version": 1 }, "end_va": 1245183, "entry_point": 0, "filename": null, "id": "region_3197", "name": "pagefile_0x0000000000120000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1179648, "timestamp": "00:01:09.596", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 69632, "start_va": 1245184, "type": "region", "version": 1 }, "end_va": 1314815, "entry_point": 1245184, "filename": "\\Windows\\System32\\C_28591.NLS", "id": "region_3198", "name": "c_28591.nls", "norm_filename": "c:\\windows\\system32\\c_28591.nls", "region_type": "memory_mapped_file", "start_va": 1245184, "timestamp": "00:01:09.597", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 1376256, "type": "region", "version": 1 }, "end_va": 1380351, "entry_point": 0, "filename": null, "id": "region_3199", "name": "private_0x0000000000150000", "norm_filename": null, "region_type": "private_memory", "start_va": 1376256, "timestamp": "00:01:09.597", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 1441792, "type": "region", "version": 1 }, "end_va": 1445887, "entry_point": 0, "filename": null, "id": "region_3200", "name": "private_0x0000000000160000", "norm_filename": null, "region_type": "private_memory", "start_va": 1441792, "timestamp": "00:01:09.597", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 2031616, "type": "region", "version": 1 }, "end_va": 2555903, "entry_point": 0, "filename": null, "id": "region_3201", "name": "private_0x00000000001f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2031616, "timestamp": "00:01:09.597", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2555904, "type": "region", "version": 1 }, "end_va": 3604479, "entry_point": 0, "filename": null, "id": "region_3202", "name": "private_0x0000000000270000", "norm_filename": null, "region_type": "private_memory", "start_va": 2555904, "timestamp": "00:01:09.597", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 3604480, "type": "region", "version": 1 }, "end_va": 4653055, "entry_point": 0, "filename": null, "id": "region_3203", "name": "private_0x0000000000370000", "norm_filename": null, "region_type": "private_memory", "start_va": 3604480, "timestamp": "00:01:09.597", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 786432, "start_va": 4653056, "type": "region", "version": 1 }, "end_va": 5439487, "entry_point": 0, "filename": null, "id": "region_3204", "name": "pagefile_0x0000000000470000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 4653056, "timestamp": "00:01:09.597", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 5439488, "type": "region", "version": 1 }, "end_va": 5443583, "entry_point": 0, "filename": null, "id": "region_3205", "name": "private_0x0000000000530000", "norm_filename": null, "region_type": "private_memory", "start_va": 5439488, "timestamp": "00:01:09.597", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 5505024, "type": "region", "version": 1 }, "end_va": 5570559, "entry_point": 0, "filename": null, "id": "region_3206", "name": "private_0x0000000000540000", "norm_filename": null, "region_type": "private_memory", "start_va": 5505024, "timestamp": "00:01:09.597", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 5570560, "type": "region", "version": 1 }, "end_va": 5574655, "entry_point": 0, "filename": null, "id": "region_3207", "name": "private_0x0000000000550000", "norm_filename": null, "region_type": "private_memory", "start_va": 5570560, "timestamp": "00:01:09.597", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 5636096, "type": "region", "version": 1 }, "end_va": 5640191, "entry_point": 0, "filename": null, "id": "region_3208", "name": "private_0x0000000000560000", "norm_filename": null, "region_type": "private_memory", "start_va": 5636096, "timestamp": "00:01:09.597", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 5701632, "type": "region", "version": 1 }, "end_va": 5705727, "entry_point": 0, "filename": null, "id": "region_3209", "name": "private_0x0000000000570000", "norm_filename": null, "region_type": "private_memory", "start_va": 5701632, "timestamp": "00:01:09.597", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 5767168, "type": "region", "version": 1 }, "end_va": 5771263, "entry_point": 0, "filename": null, "id": "region_3210", "name": "private_0x0000000000580000", "norm_filename": null, "region_type": "private_memory", "start_va": 5767168, "timestamp": "00:01:09.597", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 5832704, "type": "region", "version": 1 }, "end_va": 5836799, "entry_point": 0, "filename": null, "id": "region_3211", "name": "private_0x0000000000590000", "norm_filename": null, "region_type": "private_memory", "start_va": 5832704, "timestamp": "00:01:09.597", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 5898240, "type": "region", "version": 1 }, "end_va": 5902335, "entry_point": 0, "filename": null, "id": "region_3212", "name": "private_0x00000000005a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 5898240, "timestamp": "00:01:09.597", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 6684672, "type": "region", "version": 1 }, "end_va": 7208959, "entry_point": 0, "filename": null, "id": "region_3213", "name": "private_0x0000000000660000", "norm_filename": null, "region_type": "private_memory", "start_va": 6684672, "timestamp": "00:01:09.597", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 7208960, "type": "region", "version": 1 }, "end_va": 8814591, "entry_point": 0, "filename": null, "id": "region_3214", "name": "pagefile_0x00000000006e0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 7208960, "timestamp": "00:01:09.597", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 8847360, "type": "region", "version": 1 }, "end_va": 10424319, "entry_point": 0, "filename": null, "id": "region_3215", "name": "pagefile_0x0000000000870000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 8847360, "timestamp": "00:01:09.597", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 11075584, "type": "region", "version": 1 }, "end_va": 11599871, "entry_point": 0, "filename": null, "id": "region_3216", "name": "private_0x0000000000a90000", "norm_filename": null, "region_type": "private_memory", "start_va": 11075584, "timestamp": "00:01:09.597", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 11993088, "type": "region", "version": 1 }, "end_va": 12517375, "entry_point": 0, "filename": null, "id": "region_3217", "name": "private_0x0000000000b70000", "norm_filename": null, "region_type": "private_memory", "start_va": 11993088, "timestamp": "00:01:09.597", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 12517376, "type": "region", "version": 1 }, "end_va": 13041663, "entry_point": 0, "filename": null, "id": "region_3218", "name": "private_0x0000000000bf0000", "norm_filename": null, "region_type": "private_memory", "start_va": 12517376, "timestamp": "00:01:09.598", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4141056, "start_va": 13041664, "type": "region", "version": 1 }, "end_va": 17182719, "entry_point": 0, "filename": null, "id": "region_3219", "name": "pagefile_0x0000000000c70000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 13041664, "timestamp": "00:01:09.598", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 17301504, "type": "region", "version": 1 }, "end_va": 17825791, "entry_point": 0, "filename": null, "id": "region_3220", "name": "private_0x0000000001080000", "norm_filename": null, "region_type": "private_memory", "start_va": 17301504, "timestamp": "00:01:09.598", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2945024, "start_va": 17825792, "type": "region", "version": 1 }, "end_va": 20770815, "entry_point": 17825792, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_3221", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 17825792, "timestamp": "00:01:09.598", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 21430272, "type": "region", "version": 1 }, "end_va": 21954559, "entry_point": 0, "filename": null, "id": "region_3222", "name": "private_0x0000000001470000", "norm_filename": null, "region_type": "private_memory", "start_va": 21430272, "timestamp": "00:01:09.598", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 22413312, "type": "region", "version": 1 }, "end_va": 22937599, "entry_point": 0, "filename": null, "id": "region_3223", "name": "private_0x0000000001560000", "norm_filename": null, "region_type": "private_memory", "start_va": 22413312, "timestamp": "00:01:09.598", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 23592960, "type": "region", "version": 1 }, "end_va": 24117247, "entry_point": 0, "filename": null, "id": "region_3224", "name": "private_0x0000000001680000", "norm_filename": null, "region_type": "private_memory", "start_va": 23592960, "timestamp": "00:01:09.598", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 24838144, "type": "region", "version": 1 }, "end_va": 25362431, "entry_point": 0, "filename": null, "id": "region_3225", "name": "private_0x00000000017b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 24838144, "timestamp": "00:01:09.598", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 25362432, "type": "region", "version": 1 }, "end_va": 26411007, "entry_point": 0, "filename": null, "id": "region_3226", "name": "private_0x0000000001830000", "norm_filename": null, "region_type": "private_memory", "start_va": 25362432, "timestamp": "00:01:09.598", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 8192, "start_va": 1971126272, "type": "region", "version": 1 }, "end_va": 1971134463, "entry_point": 1971126272, "filename": "\\Windows\\System32\\msprivs.dll", "id": "region_3227", "name": "msprivs.dll", "norm_filename": "c:\\windows\\system32\\msprivs.dll", "region_type": "memory_mapped_file", "start_va": 1971126272, "timestamp": "00:01:09.599", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1024000, "start_va": 2005467136, "type": "region", "version": 1 }, "end_va": 2006491135, "entry_point": 2005574344, "filename": "\\Windows\\System32\\user32.dll", "id": "region_3228", "name": "user32.dll", "norm_filename": "c:\\windows\\system32\\user32.dll", "region_type": "memory_mapped_file", "start_va": 2005467136, "timestamp": "00:01:09.605", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1175552, "start_va": 2006515712, "type": "region", "version": 1 }, "end_va": 2007691263, "entry_point": 2006605472, "filename": "\\Windows\\System32\\kernel32.dll", "id": "region_3229", "name": "kernel32.dll", "norm_filename": "c:\\windows\\system32\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 2006515712, "timestamp": "00:01:09.606", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 2007695360, "type": "region", "version": 1 }, "end_va": 2009436159, "entry_point": 2007695360, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_3230", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2007695360, "timestamp": "00:01:09.607", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2131623935, "entry_point": 0, "filename": null, "id": "region_3231", "name": "pagefile_0x000000007efe0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130575360, "timestamp": "00:01:09.607", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 15728640, "start_va": 2131623936, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_3232", "name": "private_0x000000007f0e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2131623936, "timestamp": "00:01:09.608", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable" ], "ref_process_dump": null, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_3233", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:01:09.608", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 4288282624, "type": "region", "version": 1 }, "end_va": 4288331775, "entry_point": 4288282624, "filename": "\\Windows\\System32\\lsass.exe", "id": "region_3234", "name": "lsass.exe", "norm_filename": "c:\\windows\\system32\\lsass.exe", "region_type": "memory_mapped_file", "start_va": 4288282624, "timestamp": "00:01:09.608", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 45056, "start_va": 8791717904384, "type": "region", "version": 1 }, "end_va": 8791717949439, "entry_point": 8791717908888, "filename": "\\Windows\\System32\\winnsi.dll", "id": "region_3235", "name": "winnsi.dll", "norm_filename": "c:\\windows\\system32\\winnsi.dll", "region_type": "memory_mapped_file", "start_va": 8791717904384, "timestamp": "00:01:09.617", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 159744, "start_va": 8791717969920, "type": "region", "version": 1 }, "end_va": 8791718129663, "entry_point": 8791718009020, "filename": "\\Windows\\System32\\IPHLPAPI.DLL", "id": "region_3236", "name": "iphlpapi.dll", "norm_filename": "c:\\windows\\system32\\iphlpapi.dll", "region_type": "memory_mapped_file", "start_va": 8791717969920, "timestamp": "00:01:09.617", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 8791726817280, "type": "region", "version": 1 }, "end_va": 8791726866431, "entry_point": 8791726823588, "filename": "\\Windows\\System32\\netutils.dll", "id": "region_3237", "name": "netutils.dll", "norm_filename": "c:\\windows\\system32\\netutils.dll", "region_type": "memory_mapped_file", "start_va": 8791726817280, "timestamp": "00:01:09.618", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 122880, "start_va": 8791745232896, "type": "region", "version": 1 }, "end_va": 8791745355775, "entry_point": 8791745237944, "filename": "\\Windows\\System32\\userenv.dll", "id": "region_3238", "name": "userenv.dll", "norm_filename": "c:\\windows\\system32\\userenv.dll", "region_type": "memory_mapped_file", "start_va": 8791745232896, "timestamp": "00:01:09.620", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 253952, "start_va": 8791746084864, "type": "region", "version": 1 }, "end_va": 8791746338815, "entry_point": 8791746084864, "filename": "\\Windows\\System32\\scecli.dll", "id": "region_3239", "name": "scecli.dll", "norm_filename": "c:\\windows\\system32\\scecli.dll", "region_type": "memory_mapped_file", "start_va": 8791746084864, "timestamp": "00:01:09.621", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 8791746609152, "type": "region", "version": 1 }, "end_va": 8791746650111, "entry_point": 8791746624696, "filename": "\\Windows\\System32\\credssp.dll", "id": "region_3240", "name": "credssp.dll", "norm_filename": "c:\\windows\\system32\\credssp.dll", "region_type": "memory_mapped_file", "start_va": 8791746609152, "timestamp": "00:01:09.634", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 73728, "start_va": 8791746740224, "type": "region", "version": 1 }, "end_va": 8791746813951, "entry_point": 8791746740224, "filename": "\\Windows\\System32\\efslsaext.dll", "id": "region_3241", "name": "efslsaext.dll", "norm_filename": "c:\\windows\\system32\\efslsaext.dll", "region_type": "memory_mapped_file", "start_va": 8791746740224, "timestamp": "00:01:09.634", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 311296, "start_va": 8791746871296, "type": "region", "version": 1 }, "end_va": 8791747182591, "entry_point": 8791746871296, "filename": "\\Windows\\System32\\bcryptprimitives.dll", "id": "region_3242", "name": "bcryptprimitives.dll", "norm_filename": "c:\\windows\\system32\\bcryptprimitives.dll", "region_type": "memory_mapped_file", "start_va": 8791746871296, "timestamp": "00:01:09.642", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 282624, "start_va": 8791747198976, "type": "region", "version": 1 }, "end_va": 8791747481599, "entry_point": 8791747198976, "filename": "\\Windows\\System32\\pku2u.dll", "id": "region_3243", "name": "pku2u.dll", "norm_filename": "c:\\windows\\system32\\pku2u.dll", "region_type": "memory_mapped_file", "start_va": 8791747198976, "timestamp": "00:01:09.647", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 98304, "start_va": 8791747526656, "type": "region", "version": 1 }, "end_va": 8791747624959, "entry_point": 8791747526656, "filename": "\\Windows\\System32\\TSpkg.dll", "id": "region_3244", "name": "tspkg.dll", "norm_filename": "c:\\windows\\system32\\tspkg.dll", "region_type": "memory_mapped_file", "start_va": 8791747526656, "timestamp": "00:01:09.659", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 290816, "start_va": 8791747657728, "type": "region", "version": 1 }, "end_va": 8791747948543, "entry_point": 8791747661924, "filename": "\\Windows\\System32\\rsaenh.dll", "id": "region_3245", "name": "rsaenh.dll", "norm_filename": "c:\\windows\\system32\\rsaenh.dll", "region_type": "memory_mapped_file", "start_va": 8791747657728, "timestamp": "00:01:09.669", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 221184, "start_va": 8791747985408, "type": "region", "version": 1 }, "end_va": 8791748206591, "entry_point": 8791747985408, "filename": "\\Windows\\System32\\wdigest.dll", "id": "region_3246", "name": "wdigest.dll", "norm_filename": "c:\\windows\\system32\\wdigest.dll", "region_type": "memory_mapped_file", "start_va": 8791747985408, "timestamp": "00:01:09.669", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 356352, "start_va": 8791748247552, "type": "region", "version": 1 }, "end_va": 8791748603903, "entry_point": 8791748247552, "filename": "\\Windows\\System32\\schannel.dll", "id": "region_3247", "name": "schannel.dll", "norm_filename": "c:\\windows\\system32\\schannel.dll", "region_type": "memory_mapped_file", "start_va": 8791748247552, "timestamp": "00:01:09.681", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 196608, "start_va": 8791748640768, "type": "region", "version": 1 }, "end_va": 8791748837375, "entry_point": 8791748647244, "filename": "\\Windows\\System32\\logoncli.dll", "id": "region_3248", "name": "logoncli.dll", "norm_filename": "c:\\windows\\system32\\logoncli.dll", "region_type": "memory_mapped_file", "start_va": 8791748640768, "timestamp": "00:01:09.691", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 372736, "start_va": 8791748837376, "type": "region", "version": 1 }, "end_va": 8791749210111, "entry_point": 8791748864320, "filename": "\\Windows\\System32\\dnsapi.dll", "id": "region_3249", "name": "dnsapi.dll", "norm_filename": "c:\\windows\\system32\\dnsapi.dll", "region_type": "memory_mapped_file", "start_va": 8791748837376, "timestamp": "00:01:09.692", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 712704, "start_va": 8791749230592, "type": "region", "version": 1 }, "end_va": 8791749943295, "entry_point": 8791749230592, "filename": "\\Windows\\System32\\netlogon.dll", "id": "region_3250", "name": "netlogon.dll", "norm_filename": "c:\\windows\\system32\\netlogon.dll", "region_type": "memory_mapped_file", "start_va": 8791749230592, "timestamp": "00:01:09.693", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 331776, "start_va": 8791749951488, "type": "region", "version": 1 }, "end_va": 8791750283263, "entry_point": 8791749951488, "filename": "\\Windows\\System32\\msv1_0.dll", "id": "region_3251", "name": "msv1_0.dll", "norm_filename": "c:\\windows\\system32\\msv1_0.dll", "region_type": "memory_mapped_file", "start_va": 8791749951488, "timestamp": "00:01:09.707", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 28672, "start_va": 8791750344704, "type": "region", "version": 1 }, "end_va": 8791750373375, "entry_point": 8791750349868, "filename": "\\Windows\\System32\\wship6.dll", "id": "region_3252", "name": "wship6.dll", "norm_filename": "c:\\windows\\system32\\wship6.dll", "region_type": "memory_mapped_file", "start_va": 8791750344704, "timestamp": "00:01:09.728", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 348160, "start_va": 8791750410240, "type": "region", "version": 1 }, "end_va": 8791750758399, "entry_point": 8791750414420, "filename": "\\Windows\\System32\\mswsock.dll", "id": "region_3253", "name": "mswsock.dll", "norm_filename": "c:\\windows\\system32\\mswsock.dll", "region_type": "memory_mapped_file", "start_va": 8791750410240, "timestamp": "00:01:09.729", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 94208, "start_va": 8791750803456, "type": "region", "version": 1 }, "end_va": 8791750897663, "entry_point": 8791750816440, "filename": "\\Windows\\System32\\cryptsp.dll", "id": "region_3254", "name": "cryptsp.dll", "norm_filename": "c:\\windows\\system32\\cryptsp.dll", "region_type": "memory_mapped_file", "start_va": 8791750803456, "timestamp": "00:01:09.729", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 737280, "start_va": 8791750934528, "type": "region", "version": 1 }, "end_va": 8791751671807, "entry_point": 8791750934528, "filename": "\\Windows\\System32\\kerberos.dll", "id": "region_3255", "name": "kerberos.dll", "norm_filename": "c:\\windows\\system32\\kerberos.dll", "region_type": "memory_mapped_file", "start_va": 8791750934528, "timestamp": "00:01:09.730", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 147456, "start_va": 8791751720960, "type": "region", "version": 1 }, "end_va": 8791751868415, "entry_point": 8791751720960, "filename": "\\Windows\\System32\\negoexts.dll", "id": "region_3256", "name": "negoexts.dll", "norm_filename": "c:\\windows\\system32\\negoexts.dll", "region_type": "memory_mapped_file", "start_va": 8791751720960, "timestamp": "00:01:09.740", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 204800, "start_va": 8791751917568, "type": "region", "version": 1 }, "end_va": 8791752122367, "entry_point": 8791751922764, "filename": "\\Windows\\System32\\netjoin.dll", "id": "region_3257", "name": "netjoin.dll", "norm_filename": "c:\\windows\\system32\\netjoin.dll", "region_type": "memory_mapped_file", "start_va": 8791751917568, "timestamp": "00:01:09.749", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 139264, "start_va": 8791752310784, "type": "region", "version": 1 }, "end_va": 8791752450047, "entry_point": 8791752310784, "filename": "\\Windows\\System32\\bcrypt.dll", "id": "region_3258", "name": "bcrypt.dll", "norm_filename": "c:\\windows\\system32\\bcrypt.dll", "region_type": "memory_mapped_file", "start_va": 8791752310784, "timestamp": "00:01:09.749", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 319488, "start_va": 8791752507392, "type": "region", "version": 1 }, "end_va": 8791752826879, "entry_point": 8791752507392, "filename": "\\Windows\\System32\\ncrypt.dll", "id": "region_3259", "name": "ncrypt.dll", "norm_filename": "c:\\windows\\system32\\ncrypt.dll", "region_type": "memory_mapped_file", "start_va": 8791752507392, "timestamp": "00:01:09.755", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 192512, "start_va": 8791752835072, "type": "region", "version": 1 }, "end_va": 8791753027583, "entry_point": 8791752839268, "filename": "\\Windows\\System32\\authz.dll", "id": "region_3260", "name": "authz.dll", "norm_filename": "c:\\windows\\system32\\authz.dll", "region_type": "memory_mapped_file", "start_va": 8791752835072, "timestamp": "00:01:09.769", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 36864, "start_va": 8791753031680, "type": "region", "version": 1 }, "end_va": 8791753068543, "entry_point": 8791753031680, "filename": "\\Windows\\System32\\cngaudit.dll", "id": "region_3261", "name": "cngaudit.dll", "norm_filename": "c:\\windows\\system32\\cngaudit.dll", "region_type": "memory_mapped_file", "start_va": 8791753031680, "timestamp": "00:01:09.770", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 446464, "start_va": 8791753097216, "type": "region", "version": 1 }, "end_va": 8791753543679, "entry_point": 8791753101328, "filename": "\\Windows\\System32\\wevtapi.dll", "id": "region_3262", "name": "wevtapi.dll", "norm_filename": "c:\\windows\\system32\\wevtapi.dll", "region_type": "memory_mapped_file", "start_va": 8791753097216, "timestamp": "00:01:09.785", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 81920, "start_va": 8791753555968, "type": "region", "version": 1 }, "end_va": 8791753637887, "entry_point": 8791753555968, "filename": "\\Windows\\System32\\cryptdll.dll", "id": "region_3263", "name": "cryptdll.dll", "norm_filename": "c:\\windows\\system32\\cryptdll.dll", "region_type": "memory_mapped_file", "start_va": 8791753555968, "timestamp": "00:01:09.785", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 774144, "start_va": 8791753687040, "type": "region", "version": 1 }, "end_va": 8791754461183, "entry_point": 8791753687040, "filename": "\\Windows\\System32\\samsrv.dll", "id": "region_3264", "name": "samsrv.dll", "norm_filename": "c:\\windows\\system32\\samsrv.dll", "region_type": "memory_mapped_file", "start_va": 8791753687040, "timestamp": "00:01:09.795", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1470464, "start_va": 8791754473472, "type": "region", "version": 1 }, "end_va": 8791755943935, "entry_point": 8791754473472, "filename": "\\Windows\\System32\\lsasrv.dll", "id": "region_3265", "name": "lsasrv.dll", "norm_filename": "c:\\windows\\system32\\lsasrv.dll", "region_type": "memory_mapped_file", "start_va": 8791754473472, "timestamp": "00:01:09.807", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 45056, "start_va": 8791755980800, "type": "region", "version": 1 }, "end_va": 8791756025855, "entry_point": 8791755980800, "filename": "\\Windows\\System32\\sspisrv.dll", "id": "region_3266", "name": "sspisrv.dll", "norm_filename": "c:\\windows\\system32\\sspisrv.dll", "region_type": "memory_mapped_file", "start_va": 8791755980800, "timestamp": "00:01:09.821", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 45056, "start_va": 8791756701696, "type": "region", "version": 1 }, "end_va": 8791756746751, "entry_point": 8791756705840, "filename": "\\Windows\\System32\\secur32.dll", "id": "region_3267", "name": "secur32.dll", "norm_filename": "c:\\windows\\system32\\secur32.dll", "region_type": "memory_mapped_file", "start_va": 8791756701696, "timestamp": "00:01:09.832", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 151552, "start_va": 8791756898304, "type": "region", "version": 1 }, "end_va": 8791757049855, "entry_point": 8791756936792, "filename": "\\Windows\\System32\\sspicli.dll", "id": "region_3268", "name": "sspicli.dll", "norm_filename": "c:\\windows\\system32\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 8791756898304, "timestamp": "00:01:09.833", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 61440, "start_va": 8791757094912, "type": "region", "version": 1 }, "end_va": 8791757156351, "entry_point": 8791757099024, "filename": "\\Windows\\System32\\cryptbase.dll", "id": "region_3269", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\system32\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 8791757094912, "timestamp": "00:01:09.833", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 249856, "start_va": 8791757815808, "type": "region", "version": 1 }, "end_va": 8791758065663, "entry_point": 8791757822196, "filename": "\\Windows\\System32\\winsta.dll", "id": "region_3270", "name": "winsta.dll", "norm_filename": "c:\\windows\\system32\\winsta.dll", "region_type": "memory_mapped_file", "start_va": 8791757815808, "timestamp": "00:01:09.834", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 81920, "start_va": 8791758077952, "type": "region", "version": 1 }, "end_va": 8791758159871, "entry_point": 8791758082272, "filename": "\\Windows\\System32\\RpcRtRemote.dll", "id": "region_3271", "name": "rpcrtremote.dll", "norm_filename": "c:\\windows\\system32\\rpcrtremote.dll", "region_type": "memory_mapped_file", "start_va": 8791758077952, "timestamp": "00:01:09.835", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 61440, "start_va": 8791758209024, "type": "region", "version": 1 }, "end_va": 8791758270463, "entry_point": 8791758215600, "filename": "\\Windows\\System32\\profapi.dll", "id": "region_3272", "name": "profapi.dll", "norm_filename": "c:\\windows\\system32\\profapi.dll", "region_type": "memory_mapped_file", "start_va": 8791758209024, "timestamp": "00:01:09.835", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 61440, "start_va": 8791758864384, "type": "region", "version": 1 }, "end_va": 8791758925823, "entry_point": 8791758868512, "filename": "\\Windows\\System32\\msasn1.dll", "id": "region_3273", "name": "msasn1.dll", "norm_filename": "c:\\windows\\system32\\msasn1.dll", "region_type": "memory_mapped_file", "start_va": 8791758864384, "timestamp": "00:01:09.838", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 438272, "start_va": 8791759060992, "type": "region", "version": 1 }, "end_va": 8791759499263, "entry_point": 8791759073504, "filename": "\\Windows\\System32\\KernelBase.dll", "id": "region_3274", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\system32\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 8791759060992, "timestamp": "00:01:09.839", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1470464, "start_va": 8791760044032, "type": "region", "version": 1 }, "end_va": 8791761514495, "entry_point": 8791760048320, "filename": "\\Windows\\System32\\crypt32.dll", "id": "region_3275", "name": "crypt32.dll", "norm_filename": "c:\\windows\\system32\\crypt32.dll", "region_type": "memory_mapped_file", "start_va": 8791760044032, "timestamp": "00:01:09.839", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 823296, "start_va": 8791762206720, "type": "region", "version": 1 }, "end_va": 8791763030015, "entry_point": 8791762708596, "filename": "\\Windows\\System32\\usp10.dll", "id": "region_3276", "name": "usp10.dll", "norm_filename": "c:\\windows\\system32\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 8791762206720, "timestamp": "00:01:09.840", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1085440, "start_va": 8791763451904, "type": "region", "version": 1 }, "end_va": 8791764537343, "entry_point": 8791763456100, "filename": "\\Windows\\System32\\msctf.dll", "id": "region_3277", "name": "msctf.dll", "norm_filename": "c:\\windows\\system32\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 8791763451904, "timestamp": "00:01:09.841", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 57344, "start_va": 8791764566016, "type": "region", "version": 1 }, "end_va": 8791764623359, "entry_point": 8791764570240, "filename": "\\Windows\\System32\\lpk.dll", "id": "region_3278", "name": "lpk.dll", "norm_filename": "c:\\windows\\system32\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 8791764566016, "timestamp": "00:01:09.841", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 126976, "start_va": 8791765876736, "type": "region", "version": 1 }, "end_va": 8791766003711, "entry_point": 8791765901544, "filename": "\\Windows\\System32\\sechost.dll", "id": "region_3279", "name": "sechost.dll", "norm_filename": "c:\\windows\\system32\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 8791765876736, "timestamp": "00:01:09.842", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 188416, "start_va": 8791766007808, "type": "region", "version": 1 }, "end_va": 8791766196223, "entry_point": 8791766011920, "filename": "\\Windows\\System32\\imm32.dll", "id": "region_3280", "name": "imm32.dll", "norm_filename": "c:\\windows\\system32\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 8791766007808, "timestamp": "00:01:09.842", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 8791781998592, "type": "region", "version": 1 }, "end_va": 8791782031359, "entry_point": 8791782003972, "filename": "\\Windows\\System32\\nsi.dll", "id": "region_3281", "name": "nsi.dll", "norm_filename": "c:\\windows\\system32\\nsi.dll", "region_type": "memory_mapped_file", "start_va": 8791781998592, "timestamp": "00:01:09.843", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 897024, "start_va": 8791785603072, "type": "region", "version": 1 }, "end_va": 8791786500095, "entry_point": 8791785736032, "filename": "\\Windows\\System32\\advapi32.dll", "id": "region_3282", "name": "advapi32.dll", "norm_filename": "c:\\windows\\system32\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 8791785603072, "timestamp": "00:01:09.844", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1232896, "start_va": 8791786520576, "type": "region", "version": 1 }, "end_va": 8791787753471, "entry_point": 8791786843472, "filename": "\\Windows\\System32\\rpcrt4.dll", "id": "region_3283", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\system32\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 8791786520576, "timestamp": "00:01:09.844", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 651264, "start_va": 8791791435776, "type": "region", "version": 1 }, "end_va": 8791792087039, "entry_point": 8791791445408, "filename": "\\Windows\\System32\\msvcrt.dll", "id": "region_3284", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\system32\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 8791791435776, "timestamp": "00:01:09.845", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 421888, "start_va": 8791794778112, "type": "region", "version": 1 }, "end_va": 8791795199999, "entry_point": 8791794823228, "filename": "\\Windows\\System32\\gdi32.dll", "id": "region_3285", "name": "gdi32.dll", "norm_filename": "c:\\windows\\system32\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 8791794778112, "timestamp": "00:01:09.845", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 315392, "start_va": 8791795236864, "type": "region", "version": 1 }, "end_va": 8791795552255, "entry_point": 8791795241072, "filename": "\\Windows\\System32\\ws2_32.dll", "id": "region_3286", "name": "ws2_32.dll", "norm_filename": "c:\\windows\\system32\\ws2_32.dll", "region_type": "memory_mapped_file", "start_va": 8791795236864, "timestamp": "00:01:09.851", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 8791795761152, "type": "region", "version": 1 }, "end_va": 8791795765247, "entry_point": 8791795761152, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_3287", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 8791795761152, "timestamp": "00:01:09.851", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092669952, "type": "region", "version": 1 }, "end_va": 8796092678143, "entry_point": 0, "filename": null, "id": "region_3288", "name": "private_0x000007fffffaa000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092669952, "timestamp": "00:01:09.854", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092678144, "type": "region", "version": 1 }, "end_va": 8796092686335, "entry_point": 0, "filename": null, "id": "region_3289", "name": "private_0x000007fffffac000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092678144, "timestamp": "00:01:09.854", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092686336, "type": "region", "version": 1 }, "end_va": 8796092694527, "entry_point": 0, "filename": null, "id": "region_3290", "name": "private_0x000007fffffae000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092686336, "timestamp": "00:01:09.854", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 8796092694528, "type": "region", "version": 1 }, "end_va": 8796092837887, "entry_point": 0, "filename": null, "id": "region_3291", "name": "pagefile_0x000007fffffb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 8796092694528, "timestamp": "00:01:09.854", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092837888, "type": "region", "version": 1 }, "end_va": 8796092846079, "entry_point": 0, "filename": null, "id": "region_3292", "name": "private_0x000007fffffd3000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092837888, "timestamp": "00:01:09.854", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092846080, "type": "region", "version": 1 }, "end_va": 8796092854271, "entry_point": 0, "filename": null, "id": "region_3293", "name": "private_0x000007fffffd5000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092846080, "timestamp": "00:01:09.854", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092854272, "type": "region", "version": 1 }, "end_va": 8796092862463, "entry_point": 0, "filename": null, "id": "region_3294", "name": "private_0x000007fffffd7000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092854272, "timestamp": "00:01:09.854", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092862464, "type": "region", "version": 1 }, "end_va": 8796092870655, "entry_point": 0, "filename": null, "id": "region_3295", "name": "private_0x000007fffffd9000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092862464, "timestamp": "00:01:09.854", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092870656, "type": "region", "version": 1 }, "end_va": 8796092878847, "entry_point": 0, "filename": null, "id": "region_3296", "name": "private_0x000007fffffdb000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092870656, "timestamp": "00:01:09.854", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092878848, "type": "region", "version": 1 }, "end_va": 8796092887039, "entry_point": 0, "filename": null, "id": "region_3297", "name": "private_0x000007fffffdd000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092878848, "timestamp": "00:01:09.854", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 8796092887040, "type": "region", "version": 1 }, "end_va": 8796092891135, "entry_point": 0, "filename": null, "id": "region_3298", "name": "private_0x000007fffffdf000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092887040, "timestamp": "00:01:09.854", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 28672, "start_va": 8791744118784, "type": "region", "version": 1 }, "end_va": 8791744147455, "entry_point": 8791744124080, "filename": "\\Windows\\System32\\WSHTCPIP.DLL", "id": "region_4227", "name": "wshtcpip.dll", "norm_filename": "c:\\windows\\system32\\wshtcpip.dll", "region_type": "memory_mapped_file", "start_va": 8791744118784, "timestamp": "00:01:14.014", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 1507328, "type": "region", "version": 1 }, "end_va": 1511423, "entry_point": 1507328, "filename": "\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\2be989a0-16a1-424b-9211-51aa3bb43e5d", "id": "region_4780", "name": "2be989a0-16a1-424b-9211-51aa3bb43e5d", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3388679973-3930757225-3770151564-1000\\2be989a0-16a1-424b-9211-51aa3bb43e5d", "region_type": "memory_mapped_file", "start_va": 1507328, "timestamp": "00:01:17.406", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 1507328, "type": "region", "version": 1 }, "end_va": 1511423, "entry_point": 1507328, "filename": "\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\CREDHIST", "id": "region_4781", "name": "credhist", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\credhist", "region_type": "memory_mapped_file", "start_va": 1507328, "timestamp": "00:01:17.408", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 1572864, "type": "region", "version": 1 }, "end_va": 1576959, "entry_point": 0, "filename": null, "id": "region_4782", "name": "private_0x0000000000180000", "norm_filename": null, "region_type": "private_memory", "start_va": 1572864, "timestamp": "00:01:17.409", "type": "region", "version": 1 } ], "terminate_reason": "timeout", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "C:\\Windows\\system32\\lsm.exe", "filename": "c:\\windows\\system32\\lsm.exe", "id": "proc_28", "image_name": "lsm.exe", "monitor_reason": "child_process", "monitored_id": 28, "origin_monitor_id": 23, "ref_parent_process": { "ref_id": "proc_23", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_2838", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:01:08.993", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 135167, "entry_point": 0, "filename": null, "id": "region_2839", "name": "private_0x0000000000020000", "norm_filename": null, "region_type": "private_memory", "start_va": 131072, "timestamp": "00:01:08.993", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 212991, "entry_point": 0, "filename": null, "id": "region_2840", "name": "pagefile_0x0000000000030000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 196608, "timestamp": "00:01:08.993", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 266239, "entry_point": 0, "filename": null, "id": "region_2841", "name": "pagefile_0x0000000000040000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 262144, "timestamp": "00:01:08.993", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 327680, "type": "region", "version": 1 }, "end_va": 749567, "entry_point": 327680, "filename": "\\Windows\\System32\\locale.nls", "id": "region_2842", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 327680, "timestamp": "00:01:08.993", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 786432, "type": "region", "version": 1 }, "end_va": 794623, "entry_point": 0, "filename": null, "id": "region_2843", "name": "pagefile_0x00000000000c0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 786432, "timestamp": "00:01:08.993", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 851968, "type": "region", "version": 1 }, "end_va": 860159, "entry_point": 0, "filename": null, "id": "region_2844", "name": "pagefile_0x00000000000d0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 851968, "timestamp": "00:01:08.993", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 28672, "start_va": 917504, "type": "region", "version": 1 }, "end_va": 946175, "entry_point": 0, "filename": null, "id": "region_2845", "name": "pagefile_0x00000000000e0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 917504, "timestamp": "00:01:08.993", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 983040, "type": "region", "version": 1 }, "end_va": 991231, "entry_point": 0, "filename": null, "id": "region_2846", "name": "pagefile_0x00000000000f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 983040, "timestamp": "00:01:08.993", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 1048576, "type": "region", "version": 1 }, "end_va": 1572863, "entry_point": 0, "filename": null, "id": "region_2847", "name": "private_0x0000000000100000", "norm_filename": null, "region_type": "private_memory", "start_va": 1048576, "timestamp": "00:01:08.993", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 1572864, "type": "region", "version": 1 }, "end_va": 1581055, "entry_point": 1572864, "filename": "\\Windows\\System32\\en-US\\lsm.exe.mui", "id": "region_2848", "name": "lsm.exe.mui", "norm_filename": "c:\\windows\\system32\\en-us\\lsm.exe.mui", "region_type": "memory_mapped_file", "start_va": 1572864, "timestamp": "00:01:08.993", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 1638400, "type": "region", "version": 1 }, "end_va": 1703935, "entry_point": 0, "filename": null, "id": "region_2849", "name": "private_0x0000000000190000", "norm_filename": null, "region_type": "private_memory", "start_va": 1638400, "timestamp": "00:01:08.999", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 2031616, "type": "region", "version": 1 }, "end_va": 2555903, "entry_point": 0, "filename": null, "id": "region_2850", "name": "private_0x00000000001f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2031616, "timestamp": "00:01:08.999", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2555904, "type": "region", "version": 1 }, "end_va": 3604479, "entry_point": 0, "filename": null, "id": "region_2851", "name": "private_0x0000000000270000", "norm_filename": null, "region_type": "private_memory", "start_va": 2555904, "timestamp": "00:01:08.999", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 3801088, "type": "region", "version": 1 }, "end_va": 4849663, "entry_point": 0, "filename": null, "id": "region_2852", "name": "private_0x00000000003a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 3801088, "timestamp": "00:01:08.999", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 5111808, "type": "region", "version": 1 }, "end_va": 5636095, "entry_point": 0, "filename": null, "id": "region_2853", "name": "private_0x00000000004e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 5111808, "timestamp": "00:01:08.999", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2945024, "start_va": 5636096, "type": "region", "version": 1 }, "end_va": 8581119, "entry_point": 5636096, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_2854", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 5636096, "timestamp": "00:01:09.000", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 8716288, "type": "region", "version": 1 }, "end_va": 9240575, "entry_point": 0, "filename": null, "id": "region_2855", "name": "private_0x0000000000850000", "norm_filename": null, "region_type": "private_memory", "start_va": 8716288, "timestamp": "00:01:09.000", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 9633792, "type": "region", "version": 1 }, "end_va": 10158079, "entry_point": 0, "filename": null, "id": "region_2856", "name": "private_0x0000000000930000", "norm_filename": null, "region_type": "private_memory", "start_va": 9633792, "timestamp": "00:01:09.000", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 10289152, "type": "region", "version": 1 }, "end_va": 10813439, "entry_point": 0, "filename": null, "id": "region_2857", "name": "private_0x00000000009d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 10289152, "timestamp": "00:01:09.000", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 11010048, "type": "region", "version": 1 }, "end_va": 11534335, "entry_point": 0, "filename": null, "id": "region_2858", "name": "private_0x0000000000a80000", "norm_filename": null, "region_type": "private_memory", "start_va": 11010048, "timestamp": "00:01:09.000", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 11796480, "type": "region", "version": 1 }, "end_va": 12320767, "entry_point": 0, "filename": null, "id": "region_2859", "name": "private_0x0000000000b40000", "norm_filename": null, "region_type": "private_memory", "start_va": 11796480, "timestamp": "00:01:09.000", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 12582912, "type": "region", "version": 1 }, "end_va": 13107199, "entry_point": 0, "filename": null, "id": "region_2860", "name": "private_0x0000000000c00000", "norm_filename": null, "region_type": "private_memory", "start_va": 12582912, "timestamp": "00:01:09.000", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 13107200, "type": "region", "version": 1 }, "end_va": 13631487, "entry_point": 0, "filename": null, "id": "region_2861", "name": "private_0x0000000000c80000", "norm_filename": null, "region_type": "private_memory", "start_va": 13107200, "timestamp": "00:01:09.000", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 14352384, "type": "region", "version": 1 }, "end_va": 14876671, "entry_point": 0, "filename": null, "id": "region_2862", "name": "private_0x0000000000db0000", "norm_filename": null, "region_type": "private_memory", "start_va": 14352384, "timestamp": "00:01:09.000", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 15400960, "type": "region", "version": 1 }, "end_va": 15925247, "entry_point": 0, "filename": null, "id": "region_2863", "name": "private_0x0000000000eb0000", "norm_filename": null, "region_type": "private_memory", "start_va": 15400960, "timestamp": "00:01:09.000", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1175552, "start_va": 2006515712, "type": "region", "version": 1 }, "end_va": 2007691263, "entry_point": 2006605472, "filename": "\\Windows\\System32\\kernel32.dll", "id": "region_2864", "name": "kernel32.dll", "norm_filename": "c:\\windows\\system32\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 2006515712, "timestamp": "00:01:09.000", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 2007695360, "type": "region", "version": 1 }, "end_va": 2009436159, "entry_point": 2007695360, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_2865", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2007695360, "timestamp": "00:01:09.001", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2131623935, "entry_point": 0, "filename": null, "id": "region_2866", "name": "pagefile_0x000000007efe0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130575360, "timestamp": "00:01:09.001", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 15728640, "start_va": 2131623936, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_2867", "name": "private_0x000000007f0e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2131623936, "timestamp": "00:01:09.002", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable" ], "ref_process_dump": null, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_2868", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:01:09.002", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 356352, "start_va": 4282318848, "type": "region", "version": 1 }, "end_va": 4282675199, "entry_point": 4282318848, "filename": "\\Windows\\System32\\lsm.exe", "id": "region_2869", "name": "lsm.exe", "norm_filename": "c:\\windows\\system32\\lsm.exe", "region_type": "memory_mapped_file", "start_va": 4282318848, "timestamp": "00:01:09.002", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 8791746609152, "type": "region", "version": 1 }, "end_va": 8791746650111, "entry_point": 8791746624696, "filename": "\\Windows\\System32\\credssp.dll", "id": "region_2870", "name": "credssp.dll", "norm_filename": "c:\\windows\\system32\\credssp.dll", "region_type": "memory_mapped_file", "start_va": 8791746609152, "timestamp": "00:01:09.012", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 53248, "start_va": 8791746674688, "type": "region", "version": 1 }, "end_va": 8791746727935, "entry_point": 8791746679624, "filename": "\\Windows\\System32\\pcwum.dll", "id": "region_2871", "name": "pcwum.dll", "norm_filename": "c:\\windows\\system32\\pcwum.dll", "region_type": "memory_mapped_file", "start_va": 8791746674688, "timestamp": "00:01:09.013", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 8791752179712, "type": "region", "version": 1 }, "end_va": 8791752212479, "entry_point": 8791752179712, "filename": "\\Windows\\System32\\wmsgapi.dll", "id": "region_2872", "name": "wmsgapi.dll", "norm_filename": "c:\\windows\\system32\\wmsgapi.dll", "region_type": "memory_mapped_file", "start_va": 8791752179712, "timestamp": "00:01:09.013", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 8791752245248, "type": "region", "version": 1 }, "end_va": 8791752286207, "entry_point": 8791752260416, "filename": "\\Windows\\System32\\sysntfy.dll", "id": "region_2873", "name": "sysntfy.dll", "norm_filename": "c:\\windows\\system32\\sysntfy.dll", "region_type": "memory_mapped_file", "start_va": 8791752245248, "timestamp": "00:01:09.021", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 45056, "start_va": 8791756701696, "type": "region", "version": 1 }, "end_va": 8791756746751, "entry_point": 8791756705840, "filename": "\\Windows\\System32\\secur32.dll", "id": "region_2874", "name": "secur32.dll", "norm_filename": "c:\\windows\\system32\\secur32.dll", "region_type": "memory_mapped_file", "start_va": 8791756701696, "timestamp": "00:01:09.022", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 151552, "start_va": 8791756898304, "type": "region", "version": 1 }, "end_va": 8791757049855, "entry_point": 8791756936792, "filename": "\\Windows\\System32\\sspicli.dll", "id": "region_2875", "name": "sspicli.dll", "norm_filename": "c:\\windows\\system32\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 8791756898304, "timestamp": "00:01:09.022", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 61440, "start_va": 8791757094912, "type": "region", "version": 1 }, "end_va": 8791757156351, "entry_point": 8791757099024, "filename": "\\Windows\\System32\\cryptbase.dll", "id": "region_2876", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\system32\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 8791757094912, "timestamp": "00:01:09.023", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 81920, "start_va": 8791758077952, "type": "region", "version": 1 }, "end_va": 8791758159871, "entry_point": 8791758082272, "filename": "\\Windows\\System32\\RpcRtRemote.dll", "id": "region_2877", "name": "rpcrtremote.dll", "norm_filename": "c:\\windows\\system32\\rpcrtremote.dll", "region_type": "memory_mapped_file", "start_va": 8791758077952, "timestamp": "00:01:09.023", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 438272, "start_va": 8791759060992, "type": "region", "version": 1 }, "end_va": 8791759499263, "entry_point": 8791759073504, "filename": "\\Windows\\System32\\KernelBase.dll", "id": "region_2878", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\system32\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 8791759060992, "timestamp": "00:01:09.024", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 126976, "start_va": 8791765876736, "type": "region", "version": 1 }, "end_va": 8791766003711, "entry_point": 8791765901544, "filename": "\\Windows\\System32\\sechost.dll", "id": "region_2879", "name": "sechost.dll", "norm_filename": "c:\\windows\\system32\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 8791765876736, "timestamp": "00:01:09.024", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 897024, "start_va": 8791785603072, "type": "region", "version": 1 }, "end_va": 8791786500095, "entry_point": 8791785736032, "filename": "\\Windows\\System32\\advapi32.dll", "id": "region_2880", "name": "advapi32.dll", "norm_filename": "c:\\windows\\system32\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 8791785603072, "timestamp": "00:01:09.025", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1232896, "start_va": 8791786520576, "type": "region", "version": 1 }, "end_va": 8791787753471, "entry_point": 8791786843472, "filename": "\\Windows\\System32\\rpcrt4.dll", "id": "region_2881", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\system32\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 8791786520576, "timestamp": "00:01:09.026", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 651264, "start_va": 8791791435776, "type": "region", "version": 1 }, "end_va": 8791792087039, "entry_point": 8791791445408, "filename": "\\Windows\\System32\\msvcrt.dll", "id": "region_2882", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\system32\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 8791791435776, "timestamp": "00:01:09.026", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 8791795761152, "type": "region", "version": 1 }, "end_va": 8791795765247, "entry_point": 8791795761152, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_2883", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 8791795761152, "timestamp": "00:01:09.027", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092653568, "type": "region", "version": 1 }, "end_va": 8796092661759, "entry_point": 0, "filename": null, "id": "region_2884", "name": "private_0x000007fffffa6000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092653568, "timestamp": "00:01:09.030", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092661760, "type": "region", "version": 1 }, "end_va": 8796092669951, "entry_point": 0, "filename": null, "id": "region_2885", "name": "private_0x000007fffffa8000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092661760, "timestamp": "00:01:09.030", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092669952, "type": "region", "version": 1 }, "end_va": 8796092678143, "entry_point": 0, "filename": null, "id": "region_2886", "name": "private_0x000007fffffaa000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092669952, "timestamp": "00:01:09.030", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092678144, "type": "region", "version": 1 }, "end_va": 8796092686335, "entry_point": 0, "filename": null, "id": "region_2887", "name": "private_0x000007fffffac000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092678144, "timestamp": "00:01:09.030", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092686336, "type": "region", "version": 1 }, "end_va": 8796092694527, "entry_point": 0, "filename": null, "id": "region_2888", "name": "private_0x000007fffffae000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092686336, "timestamp": "00:01:09.030", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 8796092694528, "type": "region", "version": 1 }, "end_va": 8796092837887, "entry_point": 0, "filename": null, "id": "region_2889", "name": "pagefile_0x000007fffffb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 8796092694528, "timestamp": "00:01:09.030", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092837888, "type": "region", "version": 1 }, "end_va": 8796092846079, "entry_point": 0, "filename": null, "id": "region_2890", "name": "private_0x000007fffffd3000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092837888, "timestamp": "00:01:09.030", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092846080, "type": "region", "version": 1 }, "end_va": 8796092854271, "entry_point": 0, "filename": null, "id": "region_2891", "name": "private_0x000007fffffd5000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092846080, "timestamp": "00:01:09.030", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092854272, "type": "region", "version": 1 }, "end_va": 8796092862463, "entry_point": 0, "filename": null, "id": "region_2892", "name": "private_0x000007fffffd7000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092854272, "timestamp": "00:01:09.030", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092862464, "type": "region", "version": 1 }, "end_va": 8796092870655, "entry_point": 0, "filename": null, "id": "region_2893", "name": "private_0x000007fffffd9000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092862464, "timestamp": "00:01:09.030", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092870656, "type": "region", "version": 1 }, "end_va": 8796092878847, "entry_point": 0, "filename": null, "id": "region_2894", "name": "private_0x000007fffffdb000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092870656, "timestamp": "00:01:09.030", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092878848, "type": "region", "version": 1 }, "end_va": 8796092887039, "entry_point": 0, "filename": null, "id": "region_2895", "name": "private_0x000007fffffdd000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092878848, "timestamp": "00:01:09.030", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 8796092887040, "type": "region", "version": 1 }, "end_va": 8796092891135, "entry_point": 0, "filename": null, "id": "region_2896", "name": "private_0x000007fffffdf000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092887040, "timestamp": "00:01:09.030", "type": "region", "version": 1 } ], "terminate_reason": "timeout", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "C:\\Windows\\system32\\svchost.exe -k DcomLaunch", "filename": "c:\\windows\\system32\\svchost.exe", "id": "proc_29", "image_name": "svchost.exe", "monitor_reason": "child_process", "monitored_id": 29, "origin_monitor_id": 26, "ref_parent_process": { "ref_id": "proc_26", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_2743", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:01:08.918", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 28672, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 159743, "entry_point": 0, "filename": null, "id": "region_2744", "name": "pagefile_0x0000000000020000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 131072, "timestamp": "00:01:08.918", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 212991, "entry_point": 0, "filename": null, "id": "region_2745", "name": "pagefile_0x0000000000030000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 196608, "timestamp": "00:01:08.918", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 266239, "entry_point": 0, "filename": null, "id": "region_2746", "name": "pagefile_0x0000000000040000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 262144, "timestamp": "00:01:08.918", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 327680, "type": "region", "version": 1 }, "end_va": 851967, "entry_point": 0, "filename": null, "id": "region_2747", "name": "private_0x0000000000050000", "norm_filename": null, "region_type": "private_memory", "start_va": 327680, "timestamp": "00:01:08.918", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 851968, "type": "region", "version": 1 }, "end_va": 1273855, "entry_point": 851968, "filename": "\\Windows\\System32\\locale.nls", "id": "region_2748", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 851968, "timestamp": "00:01:08.919", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 1310720, "type": "region", "version": 1 }, "end_va": 2359295, "entry_point": 0, "filename": null, "id": "region_2749", "name": "private_0x0000000000140000", "norm_filename": null, "region_type": "private_memory", "start_va": 1310720, "timestamp": "00:01:08.919", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 2359296, "type": "region", "version": 1 }, "end_va": 2367487, "entry_point": 0, "filename": null, "id": "region_2750", "name": "pagefile_0x0000000000240000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2359296, "timestamp": "00:01:08.919", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 2424832, "type": "region", "version": 1 }, "end_va": 2490367, "entry_point": 0, "filename": null, "id": "region_2751", "name": "private_0x0000000000250000", "norm_filename": null, "region_type": "private_memory", "start_va": 2424832, "timestamp": "00:01:08.919", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2490368, "type": "region", "version": 1 }, "end_va": 2494463, "entry_point": 0, "filename": null, "id": "region_2752", "name": "private_0x0000000000260000", "norm_filename": null, "region_type": "private_memory", "start_va": 2490368, "timestamp": "00:01:08.919", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2555904, "type": "region", "version": 1 }, "end_va": 2559999, "entry_point": 0, "filename": null, "id": "region_2753", "name": "private_0x0000000000270000", "norm_filename": null, "region_type": "private_memory", "start_va": 2555904, "timestamp": "00:01:08.919", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2621440, "type": "region", "version": 1 }, "end_va": 2625535, "entry_point": 0, "filename": null, "id": "region_2754", "name": "pagefile_0x0000000000280000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2621440, "timestamp": "00:01:08.919", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2686976, "type": "region", "version": 1 }, "end_va": 2691071, "entry_point": 0, "filename": null, "id": "region_2755", "name": "pagefile_0x0000000000290000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2686976, "timestamp": "00:01:08.919", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 2752512, "type": "region", "version": 1 }, "end_va": 2756607, "entry_point": 0, "filename": null, "id": "region_2756", "name": "pagefile_0x00000000002a0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2752512, "timestamp": "00:01:08.919", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 2818048, "type": "region", "version": 1 }, "end_va": 2822143, "entry_point": 0, "filename": null, "id": "region_2757", "name": "pagefile_0x00000000002b0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2818048, "timestamp": "00:01:08.919", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2883584, "type": "region", "version": 1 }, "end_va": 3932159, "entry_point": 0, "filename": null, "id": "region_2758", "name": "private_0x00000000002c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2883584, "timestamp": "00:01:08.919", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 4063232, "type": "region", "version": 1 }, "end_va": 4587519, "entry_point": 0, "filename": null, "id": "region_2759", "name": "private_0x00000000003e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 4063232, "timestamp": "00:01:08.919", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 4587520, "type": "region", "version": 1 }, "end_va": 5111807, "entry_point": 0, "filename": null, "id": "region_2760", "name": "private_0x0000000000460000", "norm_filename": null, "region_type": "private_memory", "start_va": 4587520, "timestamp": "00:01:08.919", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 5373952, "type": "region", "version": 1 }, "end_va": 5439487, "entry_point": 0, "filename": null, "id": "region_2761", "name": "private_0x0000000000520000", "norm_filename": null, "region_type": "private_memory", "start_va": 5373952, "timestamp": "00:01:08.919", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 5636096, "type": "region", "version": 1 }, "end_va": 6160383, "entry_point": 0, "filename": null, "id": "region_2762", "name": "private_0x0000000000560000", "norm_filename": null, "region_type": "private_memory", "start_va": 5636096, "timestamp": "00:01:08.919", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2945024, "start_va": 6160384, "type": "region", "version": 1 }, "end_va": 9105407, "entry_point": 6160384, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_2763", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 6160384, "timestamp": "00:01:08.919", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 9109504, "type": "region", "version": 1 }, "end_va": 10715135, "entry_point": 0, "filename": null, "id": "region_2764", "name": "pagefile_0x00000000008b0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 9109504, "timestamp": "00:01:08.919", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 10747904, "type": "region", "version": 1 }, "end_va": 12324863, "entry_point": 0, "filename": null, "id": "region_2765", "name": "pagefile_0x0000000000a40000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 10747904, "timestamp": "00:01:08.919", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 786432, "start_va": 12386304, "type": "region", "version": 1 }, "end_va": 13172735, "entry_point": 0, "filename": null, "id": "region_2766", "name": "pagefile_0x0000000000bd0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 12386304, "timestamp": "00:01:08.919", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4141056, "start_va": 13172736, "type": "region", "version": 1 }, "end_va": 17313791, "entry_point": 0, "filename": null, "id": "region_2767", "name": "pagefile_0x0000000000c90000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 13172736, "timestamp": "00:01:08.920", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 17760256, "type": "region", "version": 1 }, "end_va": 18284543, "entry_point": 0, "filename": null, "id": "region_2768", "name": "private_0x00000000010f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 17760256, "timestamp": "00:01:08.920", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 18677760, "type": "region", "version": 1 }, "end_va": 19202047, "entry_point": 0, "filename": null, "id": "region_2769", "name": "private_0x00000000011d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 18677760, "timestamp": "00:01:08.920", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 19398656, "type": "region", "version": 1 }, "end_va": 19922943, "entry_point": 0, "filename": null, "id": "region_2770", "name": "private_0x0000000001280000", "norm_filename": null, "region_type": "private_memory", "start_va": 19398656, "timestamp": "00:01:08.920", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 20709376, "type": "region", "version": 1 }, "end_va": 21233663, "entry_point": 0, "filename": null, "id": "region_2771", "name": "private_0x00000000013c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 20709376, "timestamp": "00:01:08.920", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 21233664, "type": "region", "version": 1 }, "end_va": 22282239, "entry_point": 0, "filename": null, "id": "region_2772", "name": "private_0x0000000001440000", "norm_filename": null, "region_type": "private_memory", "start_va": 21233664, "timestamp": "00:01:08.920", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 22282240, "type": "region", "version": 1 }, "end_va": 22806527, "entry_point": 0, "filename": null, "id": "region_2773", "name": "private_0x0000000001540000", "norm_filename": null, "region_type": "private_memory", "start_va": 22282240, "timestamp": "00:01:08.920", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 23068672, "type": "region", "version": 1 }, "end_va": 23592959, "entry_point": 0, "filename": null, "id": "region_2774", "name": "private_0x0000000001600000", "norm_filename": null, "region_type": "private_memory", "start_va": 23068672, "timestamp": "00:01:08.920", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 23592960, "type": "region", "version": 1 }, "end_va": 24117247, "entry_point": 0, "filename": null, "id": "region_2775", "name": "private_0x0000000001680000", "norm_filename": null, "region_type": "private_memory", "start_va": 23592960, "timestamp": "00:01:08.920", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 24182784, "type": "region", "version": 1 }, "end_va": 24707071, "entry_point": 0, "filename": null, "id": "region_2776", "name": "private_0x0000000001710000", "norm_filename": null, "region_type": "private_memory", "start_va": 24182784, "timestamp": "00:01:08.920", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 25296896, "type": "region", "version": 1 }, "end_va": 25821183, "entry_point": 0, "filename": null, "id": "region_2777", "name": "private_0x0000000001820000", "norm_filename": null, "region_type": "private_memory", "start_va": 25296896, "timestamp": "00:01:08.920", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 25886720, "type": "region", "version": 1 }, "end_va": 26411007, "entry_point": 0, "filename": null, "id": "region_2778", "name": "private_0x00000000018b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 25886720, "timestamp": "00:01:08.920", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 27000832, "type": "region", "version": 1 }, "end_va": 27525119, "entry_point": 0, "filename": null, "id": "region_2779", "name": "private_0x00000000019c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 27000832, "timestamp": "00:01:08.920", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 28049408, "type": "region", "version": 1 }, "end_va": 28573695, "entry_point": 0, "filename": null, "id": "region_2780", "name": "private_0x0000000001ac0000", "norm_filename": null, "region_type": "private_memory", "start_va": 28049408, "timestamp": "00:01:08.920", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 28573696, "type": "region", "version": 1 }, "end_va": 29622271, "entry_point": 0, "filename": null, "id": "region_2781", "name": "private_0x0000000001b40000", "norm_filename": null, "region_type": "private_memory", "start_va": 28573696, "timestamp": "00:01:08.920", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1024000, "start_va": 2005467136, "type": "region", "version": 1 }, "end_va": 2006491135, "entry_point": 2005574344, "filename": "\\Windows\\System32\\user32.dll", "id": "region_2782", "name": "user32.dll", "norm_filename": "c:\\windows\\system32\\user32.dll", "region_type": "memory_mapped_file", "start_va": 2005467136, "timestamp": "00:01:08.920", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1175552, "start_va": 2006515712, "type": "region", "version": 1 }, "end_va": 2007691263, "entry_point": 2006605472, "filename": "\\Windows\\System32\\kernel32.dll", "id": "region_2783", "name": "kernel32.dll", "norm_filename": "c:\\windows\\system32\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 2006515712, "timestamp": "00:01:08.920", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 2007695360, "type": "region", "version": 1 }, "end_va": 2009436159, "entry_point": 2007695360, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_2784", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2007695360, "timestamp": "00:01:08.921", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2131623935, "entry_point": 0, "filename": null, "id": "region_2785", "name": "pagefile_0x000000007efe0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130575360, "timestamp": "00:01:08.922", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 15728640, "start_va": 2131623936, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_2786", "name": "private_0x000000007f0e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2131623936, "timestamp": "00:01:08.922", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable" ], "ref_process_dump": null, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_2787", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:01:08.922", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 45056, "start_va": 4282056704, "type": "region", "version": 1 }, "end_va": 4282101759, "entry_point": 4282066028, "filename": "\\Windows\\System32\\svchost.exe", "id": "region_2788", "name": "svchost.exe", "norm_filename": "c:\\windows\\system32\\svchost.exe", "region_type": "memory_mapped_file", "start_va": 4282056704, "timestamp": "00:01:08.922", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 69632, "start_va": 8791728128000, "type": "region", "version": 1 }, "end_va": 8791728197631, "entry_point": 8791728132208, "filename": "\\Windows\\System32\\wtsapi32.dll", "id": "region_2789", "name": "wtsapi32.dll", "norm_filename": "c:\\windows\\system32\\wtsapi32.dll", "region_type": "memory_mapped_file", "start_va": 8791728128000, "timestamp": "00:01:08.923", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 528384, "start_va": 8791744315392, "type": "region", "version": 1 }, "end_va": 8791744843775, "entry_point": 8791744315392, "filename": "\\Windows\\System32\\rpcss.dll", "id": "region_2790", "name": "rpcss.dll", "norm_filename": "c:\\windows\\system32\\rpcss.dll", "region_type": "memory_mapped_file", "start_va": 8791744315392, "timestamp": "00:01:08.923", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 180224, "start_va": 8791744905216, "type": "region", "version": 1 }, "end_va": 8791745085439, "entry_point": 8791744905216, "filename": "\\Windows\\System32\\umpo.dll", "id": "region_2791", "name": "umpo.dll", "norm_filename": "c:\\windows\\system32\\umpo.dll", "region_type": "memory_mapped_file", "start_va": 8791744905216, "timestamp": "00:01:08.932", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 110592, "start_va": 8791745101824, "type": "region", "version": 1 }, "end_va": 8791745212415, "entry_point": 8791745110120, "filename": "\\Windows\\System32\\gpapi.dll", "id": "region_2792", "name": "gpapi.dll", "norm_filename": "c:\\windows\\system32\\gpapi.dll", "region_type": "memory_mapped_file", "start_va": 8791745101824, "timestamp": "00:01:08.943", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 122880, "start_va": 8791745232896, "type": "region", "version": 1 }, "end_va": 8791745355775, "entry_point": 8791745237944, "filename": "\\Windows\\System32\\userenv.dll", "id": "region_2793", "name": "userenv.dll", "norm_filename": "c:\\windows\\system32\\userenv.dll", "region_type": "memory_mapped_file", "start_va": 8791745232896, "timestamp": "00:01:08.943", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 73728, "start_va": 8791745363968, "type": "region", "version": 1 }, "end_va": 8791745437695, "entry_point": 8791745363968, "filename": "\\Windows\\System32\\devrtl.dll", "id": "region_2794", "name": "devrtl.dll", "norm_filename": "c:\\windows\\system32\\devrtl.dll", "region_type": "memory_mapped_file", "start_va": 8791745363968, "timestamp": "00:01:08.944", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 126976, "start_va": 8791745495040, "type": "region", "version": 1 }, "end_va": 8791745622015, "entry_point": 8791745495040, "filename": "\\Windows\\System32\\SPInf.dll", "id": "region_2795", "name": "spinf.dll", "norm_filename": "c:\\windows\\system32\\spinf.dll", "region_type": "memory_mapped_file", "start_va": 8791745495040, "timestamp": "00:01:08.953", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 421888, "start_va": 8791745626112, "type": "region", "version": 1 }, "end_va": 8791746047999, "entry_point": 8791745626112, "filename": "\\Windows\\System32\\umpnpmgr.dll", "id": "region_2796", "name": "umpnpmgr.dll", "norm_filename": "c:\\windows\\system32\\umpnpmgr.dll", "region_type": "memory_mapped_file", "start_va": 8791745626112, "timestamp": "00:01:08.962", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 8791746609152, "type": "region", "version": 1 }, "end_va": 8791746650111, "entry_point": 8791746624696, "filename": "\\Windows\\System32\\credssp.dll", "id": "region_2797", "name": "credssp.dll", "norm_filename": "c:\\windows\\system32\\credssp.dll", "region_type": "memory_mapped_file", "start_va": 8791746609152, "timestamp": "00:01:08.971", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 53248, "start_va": 8791746674688, "type": "region", "version": 1 }, "end_va": 8791746727935, "entry_point": 8791746679624, "filename": "\\Windows\\System32\\pcwum.dll", "id": "region_2798", "name": "pcwum.dll", "norm_filename": "c:\\windows\\system32\\pcwum.dll", "region_type": "memory_mapped_file", "start_va": 8791746674688, "timestamp": "00:01:08.972", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 151552, "start_va": 8791756898304, "type": "region", "version": 1 }, "end_va": 8791757049855, "entry_point": 8791756936792, "filename": "\\Windows\\System32\\sspicli.dll", "id": "region_2799", "name": "sspicli.dll", "norm_filename": "c:\\windows\\system32\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 8791756898304, "timestamp": "00:01:08.973", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 61440, "start_va": 8791757094912, "type": "region", "version": 1 }, "end_va": 8791757156351, "entry_point": 8791757099024, "filename": "\\Windows\\System32\\cryptbase.dll", "id": "region_2800", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\system32\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 8791757094912, "timestamp": "00:01:08.973", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 249856, "start_va": 8791757815808, "type": "region", "version": 1 }, "end_va": 8791758065663, "entry_point": 8791757822196, "filename": "\\Windows\\System32\\winsta.dll", "id": "region_2801", "name": "winsta.dll", "norm_filename": "c:\\windows\\system32\\winsta.dll", "region_type": "memory_mapped_file", "start_va": 8791757815808, "timestamp": "00:01:08.974", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 81920, "start_va": 8791758077952, "type": "region", "version": 1 }, "end_va": 8791758159871, "entry_point": 8791758082272, "filename": "\\Windows\\System32\\RpcRtRemote.dll", "id": "region_2802", "name": "rpcrtremote.dll", "norm_filename": "c:\\windows\\system32\\rpcrtremote.dll", "region_type": "memory_mapped_file", "start_va": 8791758077952, "timestamp": "00:01:08.974", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 61440, "start_va": 8791758209024, "type": "region", "version": 1 }, "end_va": 8791758270463, "entry_point": 8791758215600, "filename": "\\Windows\\System32\\profapi.dll", "id": "region_2803", "name": "profapi.dll", "norm_filename": "c:\\windows\\system32\\profapi.dll", "region_type": "memory_mapped_file", "start_va": 8791758209024, "timestamp": "00:01:08.975", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 106496, "start_va": 8791758929920, "type": "region", "version": 1 }, "end_va": 8791759036415, "entry_point": 8791758935384, "filename": "\\Windows\\System32\\devobj.dll", "id": "region_2804", "name": "devobj.dll", "norm_filename": "c:\\windows\\system32\\devobj.dll", "region_type": "memory_mapped_file", "start_va": 8791758929920, "timestamp": "00:01:08.978", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 438272, "start_va": 8791759060992, "type": "region", "version": 1 }, "end_va": 8791759499263, "entry_point": 8791759073504, "filename": "\\Windows\\System32\\KernelBase.dll", "id": "region_2805", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\system32\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 8791759060992, "timestamp": "00:01:08.978", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 221184, "start_va": 8791759519744, "type": "region", "version": 1 }, "end_va": 8791759740927, "entry_point": 8791759524980, "filename": "\\Windows\\System32\\cfgmgr32.dll", "id": "region_2806", "name": "cfgmgr32.dll", "norm_filename": "c:\\windows\\system32\\cfgmgr32.dll", "region_type": "memory_mapped_file", "start_va": 8791759519744, "timestamp": "00:01:08.979", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 823296, "start_va": 8791762206720, "type": "region", "version": 1 }, "end_va": 8791763030015, "entry_point": 8791762708596, "filename": "\\Windows\\System32\\usp10.dll", "id": "region_2807", "name": "usp10.dll", "norm_filename": "c:\\windows\\system32\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 8791762206720, "timestamp": "00:01:08.979", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1085440, "start_va": 8791763451904, "type": "region", "version": 1 }, "end_va": 8791764537343, "entry_point": 8791763456100, "filename": "\\Windows\\System32\\msctf.dll", "id": "region_2808", "name": "msctf.dll", "norm_filename": "c:\\windows\\system32\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 8791763451904, "timestamp": "00:01:08.980", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 57344, "start_va": 8791764566016, "type": "region", "version": 1 }, "end_va": 8791764623359, "entry_point": 8791764570240, "filename": "\\Windows\\System32\\lpk.dll", "id": "region_2809", "name": "lpk.dll", "norm_filename": "c:\\windows\\system32\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 8791764566016, "timestamp": "00:01:08.982", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 126976, "start_va": 8791765876736, "type": "region", "version": 1 }, "end_va": 8791766003711, "entry_point": 8791765901544, "filename": "\\Windows\\System32\\sechost.dll", "id": "region_2810", "name": "sechost.dll", "norm_filename": "c:\\windows\\system32\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 8791765876736, "timestamp": "00:01:08.983", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 188416, "start_va": 8791766007808, "type": "region", "version": 1 }, "end_va": 8791766196223, "entry_point": 8791766011920, "filename": "\\Windows\\System32\\imm32.dll", "id": "region_2811", "name": "imm32.dll", "norm_filename": "c:\\windows\\system32\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 8791766007808, "timestamp": "00:01:08.983", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1929216, "start_va": 8791782064128, "type": "region", "version": 1 }, "end_va": 8791783993343, "entry_point": 8791782068240, "filename": "\\Windows\\System32\\setupapi.dll", "id": "region_2812", "name": "setupapi.dll", "norm_filename": "c:\\windows\\system32\\setupapi.dll", "region_type": "memory_mapped_file", "start_va": 8791782064128, "timestamp": "00:01:08.984", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 880640, "start_va": 8791784685568, "type": "region", "version": 1 }, "end_va": 8791785566207, "entry_point": 8791784698484, "filename": "\\Windows\\System32\\oleaut32.dll", "id": "region_2813", "name": "oleaut32.dll", "norm_filename": "c:\\windows\\system32\\oleaut32.dll", "region_type": "memory_mapped_file", "start_va": 8791784685568, "timestamp": "00:01:08.984", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 897024, "start_va": 8791785603072, "type": "region", "version": 1 }, "end_va": 8791786500095, "entry_point": 8791785736032, "filename": "\\Windows\\System32\\advapi32.dll", "id": "region_2814", "name": "advapi32.dll", "norm_filename": "c:\\windows\\system32\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 8791785603072, "timestamp": "00:01:08.985", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1232896, "start_va": 8791786520576, "type": "region", "version": 1 }, "end_va": 8791787753471, "entry_point": 8791786843472, "filename": "\\Windows\\System32\\rpcrt4.dll", "id": "region_2815", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\system32\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 8791786520576, "timestamp": "00:01:08.985", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 626688, "start_va": 8791790256128, "type": "region", "version": 1 }, "end_va": 8791790882815, "entry_point": 8791790263312, "filename": "\\Windows\\System32\\clbcatq.dll", "id": "region_2816", "name": "clbcatq.dll", "norm_filename": "c:\\windows\\system32\\clbcatq.dll", "region_type": "memory_mapped_file", "start_va": 8791790256128, "timestamp": "00:01:08.986", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 651264, "start_va": 8791791435776, "type": "region", "version": 1 }, "end_va": 8791792087039, "entry_point": 8791791445408, "filename": "\\Windows\\System32\\msvcrt.dll", "id": "region_2817", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\system32\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 8791791435776, "timestamp": "00:01:08.987", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2109440, "start_va": 8791792091136, "type": "region", "version": 1 }, "end_va": 8791794200575, "entry_point": 8791792235312, "filename": "\\Windows\\System32\\ole32.dll", "id": "region_2818", "name": "ole32.dll", "norm_filename": "c:\\windows\\system32\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 8791792091136, "timestamp": "00:01:08.987", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 421888, "start_va": 8791794778112, "type": "region", "version": 1 }, "end_va": 8791795199999, "entry_point": 8791794823228, "filename": "\\Windows\\System32\\gdi32.dll", "id": "region_2819", "name": "gdi32.dll", "norm_filename": "c:\\windows\\system32\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 8791794778112, "timestamp": "00:01:08.988", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 8791795761152, "type": "region", "version": 1 }, "end_va": 8791795765247, "entry_point": 8791795761152, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_2820", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 8791795761152, "timestamp": "00:01:08.988", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092612608, "type": "region", "version": 1 }, "end_va": 8796092620799, "entry_point": 0, "filename": null, "id": "region_2821", "name": "private_0x000007fffff9c000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092612608, "timestamp": "00:01:08.991", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092620800, "type": "region", "version": 1 }, "end_va": 8796092628991, "entry_point": 0, "filename": null, "id": "region_2822", "name": "private_0x000007fffff9e000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092620800, "timestamp": "00:01:08.991", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092628992, "type": "region", "version": 1 }, "end_va": 8796092637183, "entry_point": 0, "filename": null, "id": "region_2823", "name": "private_0x000007fffffa0000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092628992, "timestamp": "00:01:08.991", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092637184, "type": "region", "version": 1 }, "end_va": 8796092645375, "entry_point": 0, "filename": null, "id": "region_2824", "name": "private_0x000007fffffa2000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092637184, "timestamp": "00:01:08.991", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092645376, "type": "region", "version": 1 }, "end_va": 8796092653567, "entry_point": 0, "filename": null, "id": "region_2825", "name": "private_0x000007fffffa4000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092645376, "timestamp": "00:01:08.991", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092653568, "type": "region", "version": 1 }, "end_va": 8796092661759, "entry_point": 0, "filename": null, "id": "region_2826", "name": "private_0x000007fffffa6000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092653568, "timestamp": "00:01:08.991", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092661760, "type": "region", "version": 1 }, "end_va": 8796092669951, "entry_point": 0, "filename": null, "id": "region_2827", "name": "private_0x000007fffffa8000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092661760, "timestamp": "00:01:08.991", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092669952, "type": "region", "version": 1 }, "end_va": 8796092678143, "entry_point": 0, "filename": null, "id": "region_2828", "name": "private_0x000007fffffaa000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092669952, "timestamp": "00:01:08.991", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092678144, "type": "region", "version": 1 }, "end_va": 8796092686335, "entry_point": 0, "filename": null, "id": "region_2829", "name": "private_0x000007fffffac000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092678144, "timestamp": "00:01:08.991", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092686336, "type": "region", "version": 1 }, "end_va": 8796092694527, "entry_point": 0, "filename": null, "id": "region_2830", "name": "private_0x000007fffffae000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092686336, "timestamp": "00:01:08.991", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 8796092694528, "type": "region", "version": 1 }, "end_va": 8796092837887, "entry_point": 0, "filename": null, "id": "region_2831", "name": "pagefile_0x000007fffffb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 8796092694528, "timestamp": "00:01:08.991", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092846080, "type": "region", "version": 1 }, "end_va": 8796092854271, "entry_point": 0, "filename": null, "id": "region_2832", "name": "private_0x000007fffffd5000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092846080, "timestamp": "00:01:08.991", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092854272, "type": "region", "version": 1 }, "end_va": 8796092862463, "entry_point": 0, "filename": null, "id": "region_2833", "name": "private_0x000007fffffd7000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092854272, "timestamp": "00:01:08.991", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092862464, "type": "region", "version": 1 }, "end_va": 8796092870655, "entry_point": 0, "filename": null, "id": "region_2834", "name": "private_0x000007fffffd9000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092862464, "timestamp": "00:01:08.991", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092870656, "type": "region", "version": 1 }, "end_va": 8796092878847, "entry_point": 0, "filename": null, "id": "region_2835", "name": "private_0x000007fffffdb000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092870656, "timestamp": "00:01:08.991", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092878848, "type": "region", "version": 1 }, "end_va": 8796092887039, "entry_point": 0, "filename": null, "id": "region_2836", "name": "private_0x000007fffffdd000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092878848, "timestamp": "00:01:08.991", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 8796092887040, "type": "region", "version": 1 }, "end_va": 8796092891135, "entry_point": 0, "filename": null, "id": "region_2837", "name": "private_0x000007fffffdf000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092887040, "timestamp": "00:01:08.991", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 28672, "start_va": 4283301888, "type": "region", "version": 1 }, "end_va": 4283330559, "entry_point": 4283306572, "filename": "\\Windows\\System32\\dllhost.exe", "id": "region_4282", "name": "dllhost.exe", "norm_filename": "c:\\windows\\system32\\dllhost.exe", "region_type": "memory_mapped_file", "start_va": 4283301888, "timestamp": "00:01:14.545", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 237568, "start_va": 8791759781888, "type": "region", "version": 1 }, "end_va": 8791760019455, "entry_point": 8791759786784, "filename": "\\Windows\\System32\\wintrust.dll", "id": "region_4404", "name": "wintrust.dll", "norm_filename": "c:\\windows\\system32\\wintrust.dll", "region_type": "memory_mapped_file", "start_va": 8791759781888, "timestamp": "00:01:15.210", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1470464, "start_va": 8791760044032, "type": "region", "version": 1 }, "end_va": 8791761514495, "entry_point": 8791760048320, "filename": "\\Windows\\System32\\crypt32.dll", "id": "region_4405", "name": "crypt32.dll", "norm_filename": "c:\\windows\\system32\\crypt32.dll", "region_type": "memory_mapped_file", "start_va": 8791760044032, "timestamp": "00:01:15.211", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 61440, "start_va": 8791758864384, "type": "region", "version": 1 }, "end_va": 8791758925823, "entry_point": 8791758868512, "filename": "\\Windows\\System32\\msasn1.dll", "id": "region_4406", "name": "msasn1.dll", "norm_filename": "c:\\windows\\system32\\msasn1.dll", "region_type": "memory_mapped_file", "start_va": 8791758864384, "timestamp": "00:01:15.212", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 172032, "start_va": 5111808, "type": "region", "version": 1 }, "end_va": 5283839, "entry_point": 5111808, "filename": "\\Windows\\inf\\hdaudio.PNF", "id": "region_4416", "name": "hdaudio.pnf", "norm_filename": "c:\\windows\\inf\\hdaudio.pnf", "region_type": "memory_mapped_file", "start_va": 5111808, "timestamp": "00:01:15.251", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 184320, "start_va": 8791741366272, "type": "region", "version": 1 }, "end_va": 8791741550591, "entry_point": 8791741370384, "filename": "\\Windows\\System32\\ntmarta.dll", "id": "region_5302", "name": "ntmarta.dll", "norm_filename": "c:\\windows\\system32\\ntmarta.dll", "region_type": "memory_mapped_file", "start_va": 8791741366272, "timestamp": "00:01:23.650", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 335872, "start_va": 8791763058688, "type": "region", "version": 1 }, "end_va": 8791763394559, "entry_point": 8791763062996, "filename": "\\Windows\\System32\\Wldap32.dll", "id": "region_5303", "name": "wldap32.dll", "norm_filename": "c:\\windows\\system32\\wldap32.dll", "region_type": "memory_mapped_file", "start_va": 8791763058688, "timestamp": "00:01:23.654", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 3932160, "type": "region", "version": 1 }, "end_va": 3936255, "entry_point": 0, "filename": null, "id": "region_5311", "name": "pagefile_0x00000000003c0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 3932160, "timestamp": "00:01:23.884", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 204800, "start_va": 8791631134720, "type": "region", "version": 1 }, "end_va": 8791631339519, "entry_point": 8791631134720, "filename": "\\Windows\\System32\\wbem\\WmiDcPrv.dll", "id": "region_5312", "name": "wmidcprv.dll", "norm_filename": "c:\\windows\\system32\\wbem\\wmidcprv.dll", "region_type": "memory_mapped_file", "start_va": 8791631134720, "timestamp": "00:01:23.889", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 925696, "start_va": 8791630151680, "type": "region", "version": 1 }, "end_va": 8791631077375, "entry_point": 8791630151680, "filename": "\\Windows\\System32\\wbem\\fastprox.dll", "id": "region_5313", "name": "fastprox.dll", "norm_filename": "c:\\windows\\system32\\wbem\\fastprox.dll", "region_type": "memory_mapped_file", "start_va": 8791630151680, "timestamp": "00:01:23.926", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 548864, "start_va": 8791632576512, "type": "region", "version": 1 }, "end_va": 8791633125375, "entry_point": 8791632642000, "filename": "\\Windows\\System32\\wbemcomn.dll", "id": "region_5325", "name": "wbemcomn.dll", "norm_filename": "c:\\windows\\system32\\wbemcomn.dll", "region_type": "memory_mapped_file", "start_va": 8791632576512, "timestamp": "00:01:24.008", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 315392, "start_va": 8791795236864, "type": "region", "version": 1 }, "end_va": 8791795552255, "entry_point": 8791795241072, "filename": "\\Windows\\System32\\ws2_32.dll", "id": "region_5326", "name": "ws2_32.dll", "norm_filename": "c:\\windows\\system32\\ws2_32.dll", "region_type": "memory_mapped_file", "start_va": 8791795236864, "timestamp": "00:01:24.009", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 8791781998592, "type": "region", "version": 1 }, "end_va": 8791782031359, "entry_point": 8791782003972, "filename": "\\Windows\\System32\\nsi.dll", "id": "region_5327", "name": "nsi.dll", "norm_filename": "c:\\windows\\system32\\nsi.dll", "region_type": "memory_mapped_file", "start_va": 8791781998592, "timestamp": "00:01:24.010", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 159744, "start_va": 8791628840960, "type": "region", "version": 1 }, "end_va": 8791629000703, "entry_point": 8791628840960, "filename": "\\Windows\\System32\\ntdsapi.dll", "id": "region_5328", "name": "ntdsapi.dll", "norm_filename": "c:\\windows\\system32\\ntdsapi.dll", "region_type": "memory_mapped_file", "start_va": 8791628840960, "timestamp": "00:01:24.014", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 655360, "start_va": 19922944, "type": "region", "version": 1 }, "end_va": 20578303, "entry_point": 0, "filename": null, "id": "region_5329", "name": "private_0x0000000001300000", "norm_filename": null, "region_type": "private_memory", "start_va": 19922944, "timestamp": "00:01:24.036", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 61440, "start_va": 8791628775424, "type": "region", "version": 1 }, "end_va": 8791628836863, "entry_point": 8791628775424, "filename": "\\Windows\\System32\\wbem\\wbemprox.dll", "id": "region_5330", "name": "wbemprox.dll", "norm_filename": "c:\\windows\\system32\\wbem\\wbemprox.dll", "region_type": "memory_mapped_file", "start_va": 8791628775424, "timestamp": "00:01:24.070", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 94208, "start_va": 8791750803456, "type": "region", "version": 1 }, "end_va": 8791750897663, "entry_point": 8791750816440, "filename": "\\Windows\\System32\\cryptsp.dll", "id": "region_5336", "name": "cryptsp.dll", "norm_filename": "c:\\windows\\system32\\cryptsp.dll", "region_type": "memory_mapped_file", "start_va": 8791750803456, "timestamp": "00:01:24.199", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 282624, "start_va": 17367040, "type": "region", "version": 1 }, "end_va": 17649663, "entry_point": 17371236, "filename": "\\Windows\\System32\\rsaenh.dll", "id": "region_5337", "name": "rsaenh.dll", "norm_filename": "c:\\windows\\system32\\rsaenh.dll", "region_type": "memory_mapped_file", "start_va": 17367040, "timestamp": "00:01:24.201", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 290816, "start_va": 8791747657728, "type": "region", "version": 1 }, "end_va": 8791747948543, "entry_point": 8791747661924, "filename": "\\Windows\\System32\\rsaenh.dll", "id": "region_5342", "name": "rsaenh.dll", "norm_filename": "c:\\windows\\system32\\rsaenh.dll", "region_type": "memory_mapped_file", "start_va": 8791747657728, "timestamp": "00:01:24.216", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 26411008, "type": "region", "version": 1 }, "end_va": 26935295, "entry_point": 0, "filename": null, "id": "region_5344", "name": "private_0x0000000001930000", "norm_filename": null, "region_type": "private_memory", "start_va": 26411008, "timestamp": "00:01:24.276", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092837888, "type": "region", "version": 1 }, "end_va": 8796092846079, "entry_point": 0, "filename": null, "id": "region_5345", "name": "private_0x000007fffffd3000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092837888, "timestamp": "00:01:24.276", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 81920, "start_va": 8791624056832, "type": "region", "version": 1 }, "end_va": 8791624138751, "entry_point": 8791624061040, "filename": "\\Windows\\System32\\wbem\\wbemsvc.dll", "id": "region_5412", "name": "wbemsvc.dll", "norm_filename": "c:\\windows\\system32\\wbem\\wbemsvc.dll", "region_type": "memory_mapped_file", "start_va": 8791624056832, "timestamp": "00:01:25.032", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 155648, "start_va": 8791623729152, "type": "region", "version": 1 }, "end_va": 8791623884799, "entry_point": 8791623760200, "filename": "\\Windows\\System32\\wbem\\wmiutils.dll", "id": "region_5443", "name": "wmiutils.dll", "norm_filename": "c:\\windows\\system32\\wbem\\wmiutils.dll", "region_type": "memory_mapped_file", "start_va": 8791623729152, "timestamp": "00:01:25.829", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 18284544, "type": "region", "version": 1 }, "end_va": 19333119, "entry_point": 0, "filename": null, "id": "region_5539", "name": "private_0x0000000001170000", "norm_filename": null, "region_type": "private_memory", "start_va": 18284544, "timestamp": "00:01:26.277", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 49152, "start_va": 3997696, "type": "region", "version": 1 }, "end_va": 4046847, "entry_point": 0, "filename": null, "id": "region_5610", "name": "pagefile_0x00000000003d0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 3997696, "timestamp": "00:01:26.722", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 28672, "start_va": 4288872448, "type": "region", "version": 1 }, "end_va": 4288901119, "entry_point": 4288877132, "filename": "\\Windows\\System32\\dllhost.exe", "id": "region_6926", "name": "dllhost.exe", "norm_filename": "c:\\windows\\system32\\dllhost.exe", "region_type": "memory_mapped_file", "start_va": 4288872448, "timestamp": "00:01:34.457", "type": "region", "version": 1 } ], "terminate_reason": "timeout", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "C:\\Windows\\system32\\svchost.exe -k RPCSS", "filename": "c:\\windows\\system32\\svchost.exe", "id": "proc_30", "image_name": "svchost.exe", "monitor_reason": "child_process", "monitored_id": 30, "origin_monitor_id": 26, "ref_parent_process": { "ref_id": "proc_26", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_3583", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:01:10.365", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 28672, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 159743, "entry_point": 0, "filename": null, "id": "region_3584", "name": "pagefile_0x0000000000020000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 131072, "timestamp": "00:01:10.365", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 212991, "entry_point": 0, "filename": null, "id": "region_3585", "name": "pagefile_0x0000000000030000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 196608, "timestamp": "00:01:10.365", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 266239, "entry_point": 0, "filename": null, "id": "region_3586", "name": "pagefile_0x0000000000040000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 262144, "timestamp": "00:01:10.365", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 327680, "type": "region", "version": 1 }, "end_va": 749567, "entry_point": 327680, "filename": "\\Windows\\System32\\locale.nls", "id": "region_3587", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 327680, "timestamp": "00:01:10.365", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 786432, "type": "region", "version": 1 }, "end_va": 794623, "entry_point": 0, "filename": null, "id": "region_3588", "name": "pagefile_0x00000000000c0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 786432, "timestamp": "00:01:10.365", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 851968, "type": "region", "version": 1 }, "end_va": 856063, "entry_point": 0, "filename": null, "id": "region_3589", "name": "private_0x00000000000d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 851968, "timestamp": "00:01:10.365", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 917504, "type": "region", "version": 1 }, "end_va": 921599, "entry_point": 0, "filename": null, "id": "region_3590", "name": "private_0x00000000000e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 917504, "timestamp": "00:01:10.365", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 983040, "type": "region", "version": 1 }, "end_va": 987135, "entry_point": 0, "filename": null, "id": "region_3591", "name": "pagefile_0x00000000000f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 983040, "timestamp": "00:01:10.365", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 1048576, "type": "region", "version": 1 }, "end_va": 1052671, "entry_point": 0, "filename": null, "id": "region_3592", "name": "pagefile_0x0000000000100000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1048576, "timestamp": "00:01:10.365", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 1376256, "type": "region", "version": 1 }, "end_va": 1900543, "entry_point": 0, "filename": null, "id": "region_3593", "name": "private_0x0000000000150000", "norm_filename": null, "region_type": "private_memory", "start_va": 1376256, "timestamp": "00:01:10.365", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 1900544, "type": "region", "version": 1 }, "end_va": 2949119, "entry_point": 0, "filename": null, "id": "region_3594", "name": "private_0x00000000001d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1900544, "timestamp": "00:01:10.365", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 3538944, "type": "region", "version": 1 }, "end_va": 3604479, "entry_point": 0, "filename": null, "id": "region_3595", "name": "private_0x0000000000360000", "norm_filename": null, "region_type": "private_memory", "start_va": 3538944, "timestamp": "00:01:10.365", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 3604480, "type": "region", "version": 1 }, "end_va": 4653055, "entry_point": 0, "filename": null, "id": "region_3596", "name": "private_0x0000000000370000", "norm_filename": null, "region_type": "private_memory", "start_va": 3604480, "timestamp": "00:01:10.365", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 4653056, "type": "region", "version": 1 }, "end_va": 5177343, "entry_point": 0, "filename": null, "id": "region_3597", "name": "private_0x0000000000470000", "norm_filename": null, "region_type": "private_memory", "start_va": 4653056, "timestamp": "00:01:10.365", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 5439488, "type": "region", "version": 1 }, "end_va": 5963775, "entry_point": 0, "filename": null, "id": "region_3598", "name": "private_0x0000000000530000", "norm_filename": null, "region_type": "private_memory", "start_va": 5439488, "timestamp": "00:01:10.365", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 6094848, "type": "region", "version": 1 }, "end_va": 6619135, "entry_point": 0, "filename": null, "id": "region_3599", "name": "private_0x00000000005d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 6094848, "timestamp": "00:01:10.365", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 6619136, "type": "region", "version": 1 }, "end_va": 7143423, "entry_point": 0, "filename": null, "id": "region_3600", "name": "private_0x0000000000650000", "norm_filename": null, "region_type": "private_memory", "start_va": 6619136, "timestamp": "00:01:10.365", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2945024, "start_va": 7143424, "type": "region", "version": 1 }, "end_va": 10088447, "entry_point": 7143424, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_3601", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 7143424, "timestamp": "00:01:10.366", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 10420224, "type": "region", "version": 1 }, "end_va": 10944511, "entry_point": 0, "filename": null, "id": "region_3602", "name": "private_0x00000000009f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 10420224, "timestamp": "00:01:10.366", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 11403264, "type": "region", "version": 1 }, "end_va": 11927551, "entry_point": 0, "filename": null, "id": "region_3603", "name": "private_0x0000000000ae0000", "norm_filename": null, "region_type": "private_memory", "start_va": 11403264, "timestamp": "00:01:10.366", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 11927552, "type": "region", "version": 1 }, "end_va": 13533183, "entry_point": 0, "filename": null, "id": "region_3604", "name": "pagefile_0x0000000000b60000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 11927552, "timestamp": "00:01:10.366", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 13565952, "type": "region", "version": 1 }, "end_va": 15142911, "entry_point": 0, "filename": null, "id": "region_3605", "name": "pagefile_0x0000000000cf0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 13565952, "timestamp": "00:01:10.366", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 786432, "start_va": 15204352, "type": "region", "version": 1 }, "end_va": 15990783, "entry_point": 0, "filename": null, "id": "region_3606", "name": "pagefile_0x0000000000e80000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 15204352, "timestamp": "00:01:10.366", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4141056, "start_va": 15990784, "type": "region", "version": 1 }, "end_va": 20131839, "entry_point": 0, "filename": null, "id": "region_3607", "name": "pagefile_0x0000000000f40000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 15990784, "timestamp": "00:01:10.366", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 20185088, "type": "region", "version": 1 }, "end_va": 21233663, "entry_point": 0, "filename": null, "id": "region_3608", "name": "private_0x0000000001340000", "norm_filename": null, "region_type": "private_memory", "start_va": 20185088, "timestamp": "00:01:10.366", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 21495808, "type": "region", "version": 1 }, "end_va": 22020095, "entry_point": 0, "filename": null, "id": "region_3609", "name": "private_0x0000000001480000", "norm_filename": null, "region_type": "private_memory", "start_va": 21495808, "timestamp": "00:01:10.366", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 23134208, "type": "region", "version": 1 }, "end_va": 23658495, "entry_point": 0, "filename": null, "id": "region_3610", "name": "private_0x0000000001610000", "norm_filename": null, "region_type": "private_memory", "start_va": 23134208, "timestamp": "00:01:10.366", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1024000, "start_va": 2005467136, "type": "region", "version": 1 }, "end_va": 2006491135, "entry_point": 2005574344, "filename": "\\Windows\\System32\\user32.dll", "id": "region_3611", "name": "user32.dll", "norm_filename": "c:\\windows\\system32\\user32.dll", "region_type": "memory_mapped_file", "start_va": 2005467136, "timestamp": "00:01:10.366", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1175552, "start_va": 2006515712, "type": "region", "version": 1 }, "end_va": 2007691263, "entry_point": 2006605472, "filename": "\\Windows\\System32\\kernel32.dll", "id": "region_3612", "name": "kernel32.dll", "norm_filename": "c:\\windows\\system32\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 2006515712, "timestamp": "00:01:10.367", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 2007695360, "type": "region", "version": 1 }, "end_va": 2009436159, "entry_point": 2007695360, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_3613", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2007695360, "timestamp": "00:01:10.367", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2131623935, "entry_point": 0, "filename": null, "id": "region_3614", "name": "pagefile_0x000000007efe0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130575360, "timestamp": "00:01:10.368", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 15728640, "start_va": 2131623936, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_3615", "name": "private_0x000000007f0e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2131623936, "timestamp": "00:01:10.368", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable" ], "ref_process_dump": null, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_3616", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:01:10.368", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 45056, "start_va": 4282056704, "type": "region", "version": 1 }, "end_va": 4282101759, "entry_point": 4282066028, "filename": "\\Windows\\System32\\svchost.exe", "id": "region_3617", "name": "svchost.exe", "norm_filename": "c:\\windows\\system32\\svchost.exe", "region_type": "memory_mapped_file", "start_va": 4282056704, "timestamp": "00:01:10.368", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 339968, "start_va": 8791716528128, "type": "region", "version": 1 }, "end_va": 8791716868095, "entry_point": 8791716539288, "filename": "\\Windows\\System32\\FWPUCLNT.DLL", "id": "region_3618", "name": "fwpuclnt.dll", "norm_filename": "c:\\windows\\system32\\fwpuclnt.dll", "region_type": "memory_mapped_file", "start_va": 8791716528128, "timestamp": "00:01:10.369", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 8791743266816, "type": "region", "version": 1 }, "end_va": 8791743315967, "entry_point": 8791743271012, "filename": "\\Windows\\System32\\version.dll", "id": "region_3619", "name": "version.dll", "norm_filename": "c:\\windows\\system32\\version.dll", "region_type": "memory_mapped_file", "start_va": 8791743266816, "timestamp": "00:01:10.369", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 765952, "start_va": 8791743332352, "type": "region", "version": 1 }, "end_va": 8791744098303, "entry_point": 8791743360480, "filename": "\\Windows\\System32\\FirewallAPI.dll", "id": "region_3620", "name": "firewallapi.dll", "norm_filename": "c:\\windows\\system32\\firewallapi.dll", "region_type": "memory_mapped_file", "start_va": 8791743332352, "timestamp": "00:01:10.370", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 28672, "start_va": 8791744118784, "type": "region", "version": 1 }, "end_va": 8791744147455, "entry_point": 8791744124080, "filename": "\\Windows\\System32\\WSHTCPIP.DLL", "id": "region_3621", "name": "wshtcpip.dll", "norm_filename": "c:\\windows\\system32\\wshtcpip.dll", "region_type": "memory_mapped_file", "start_va": 8791744118784, "timestamp": "00:01:10.371", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 81920, "start_va": 8791744184320, "type": "region", "version": 1 }, "end_va": 8791744266239, "entry_point": 8791744184320, "filename": "\\Windows\\System32\\RpcEpMap.dll", "id": "region_3622", "name": "rpcepmap.dll", "norm_filename": "c:\\windows\\system32\\rpcepmap.dll", "region_type": "memory_mapped_file", "start_va": 8791744184320, "timestamp": "00:01:10.371", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 528384, "start_va": 8791744315392, "type": "region", "version": 1 }, "end_va": 8791744843775, "entry_point": 8791744368328, "filename": "\\Windows\\System32\\rpcss.dll", "id": "region_3623", "name": "rpcss.dll", "norm_filename": "c:\\windows\\system32\\rpcss.dll", "region_type": "memory_mapped_file", "start_va": 8791744315392, "timestamp": "00:01:10.382", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 8791746609152, "type": "region", "version": 1 }, "end_va": 8791746650111, "entry_point": 8791746624696, "filename": "\\Windows\\System32\\credssp.dll", "id": "region_3624", "name": "credssp.dll", "norm_filename": "c:\\windows\\system32\\credssp.dll", "region_type": "memory_mapped_file", "start_va": 8791746609152, "timestamp": "00:01:10.385", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 290816, "start_va": 8791747657728, "type": "region", "version": 1 }, "end_va": 8791747948543, "entry_point": 8791747661924, "filename": "\\Windows\\System32\\rsaenh.dll", "id": "region_3625", "name": "rsaenh.dll", "norm_filename": "c:\\windows\\system32\\rsaenh.dll", "region_type": "memory_mapped_file", "start_va": 8791747657728, "timestamp": "00:01:10.386", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 28672, "start_va": 8791750344704, "type": "region", "version": 1 }, "end_va": 8791750373375, "entry_point": 8791750349868, "filename": "\\Windows\\System32\\wship6.dll", "id": "region_3626", "name": "wship6.dll", "norm_filename": "c:\\windows\\system32\\wship6.dll", "region_type": "memory_mapped_file", "start_va": 8791750344704, "timestamp": "00:01:10.386", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 348160, "start_va": 8791750410240, "type": "region", "version": 1 }, "end_va": 8791750758399, "entry_point": 8791750414420, "filename": "\\Windows\\System32\\mswsock.dll", "id": "region_3627", "name": "mswsock.dll", "norm_filename": "c:\\windows\\system32\\mswsock.dll", "region_type": "memory_mapped_file", "start_va": 8791750410240, "timestamp": "00:01:10.387", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 94208, "start_va": 8791750803456, "type": "region", "version": 1 }, "end_va": 8791750897663, "entry_point": 8791750816440, "filename": "\\Windows\\System32\\cryptsp.dll", "id": "region_3628", "name": "cryptsp.dll", "norm_filename": "c:\\windows\\system32\\cryptsp.dll", "region_type": "memory_mapped_file", "start_va": 8791750803456, "timestamp": "00:01:10.387", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 45056, "start_va": 8791756701696, "type": "region", "version": 1 }, "end_va": 8791756746751, "entry_point": 8791756705840, "filename": "\\Windows\\System32\\secur32.dll", "id": "region_3629", "name": "secur32.dll", "norm_filename": "c:\\windows\\system32\\secur32.dll", "region_type": "memory_mapped_file", "start_va": 8791756701696, "timestamp": "00:01:10.388", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 151552, "start_va": 8791756898304, "type": "region", "version": 1 }, "end_va": 8791757049855, "entry_point": 8791756936792, "filename": "\\Windows\\System32\\sspicli.dll", "id": "region_3630", "name": "sspicli.dll", "norm_filename": "c:\\windows\\system32\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 8791756898304, "timestamp": "00:01:10.388", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 61440, "start_va": 8791757094912, "type": "region", "version": 1 }, "end_va": 8791757156351, "entry_point": 8791757099024, "filename": "\\Windows\\System32\\cryptbase.dll", "id": "region_3631", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\system32\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 8791757094912, "timestamp": "00:01:10.389", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 81920, "start_va": 8791758077952, "type": "region", "version": 1 }, "end_va": 8791758159871, "entry_point": 8791758082272, "filename": "\\Windows\\System32\\RpcRtRemote.dll", "id": "region_3632", "name": "rpcrtremote.dll", "norm_filename": "c:\\windows\\system32\\rpcrtremote.dll", "region_type": "memory_mapped_file", "start_va": 8791758077952, "timestamp": "00:01:10.390", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 438272, "start_va": 8791759060992, "type": "region", "version": 1 }, "end_va": 8791759499263, "entry_point": 8791759073504, "filename": "\\Windows\\System32\\KernelBase.dll", "id": "region_3633", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\system32\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 8791759060992, "timestamp": "00:01:10.390", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 823296, "start_va": 8791762206720, "type": "region", "version": 1 }, "end_va": 8791763030015, "entry_point": 8791762708596, "filename": "\\Windows\\System32\\usp10.dll", "id": "region_3634", "name": "usp10.dll", "norm_filename": "c:\\windows\\system32\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 8791762206720, "timestamp": "00:01:10.391", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1085440, "start_va": 8791763451904, "type": "region", "version": 1 }, "end_va": 8791764537343, "entry_point": 8791763456100, "filename": "\\Windows\\System32\\msctf.dll", "id": "region_3635", "name": "msctf.dll", "norm_filename": "c:\\windows\\system32\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 8791763451904, "timestamp": "00:01:10.391", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 57344, "start_va": 8791764566016, "type": "region", "version": 1 }, "end_va": 8791764623359, "entry_point": 8791764570240, "filename": "\\Windows\\System32\\lpk.dll", "id": "region_3636", "name": "lpk.dll", "norm_filename": "c:\\windows\\system32\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 8791764566016, "timestamp": "00:01:10.392", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 126976, "start_va": 8791765876736, "type": "region", "version": 1 }, "end_va": 8791766003711, "entry_point": 8791765901544, "filename": "\\Windows\\System32\\sechost.dll", "id": "region_3637", "name": "sechost.dll", "norm_filename": "c:\\windows\\system32\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 8791765876736, "timestamp": "00:01:10.392", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 188416, "start_va": 8791766007808, "type": "region", "version": 1 }, "end_va": 8791766196223, "entry_point": 8791766011920, "filename": "\\Windows\\System32\\imm32.dll", "id": "region_3638", "name": "imm32.dll", "norm_filename": "c:\\windows\\system32\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 8791766007808, "timestamp": "00:01:10.393", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 8791781998592, "type": "region", "version": 1 }, "end_va": 8791782031359, "entry_point": 8791782003972, "filename": "\\Windows\\System32\\nsi.dll", "id": "region_3639", "name": "nsi.dll", "norm_filename": "c:\\windows\\system32\\nsi.dll", "region_type": "memory_mapped_file", "start_va": 8791781998592, "timestamp": "00:01:10.393", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 880640, "start_va": 8791784685568, "type": "region", "version": 1 }, "end_va": 8791785566207, "entry_point": 8791784698484, "filename": "\\Windows\\System32\\oleaut32.dll", "id": "region_3640", "name": "oleaut32.dll", "norm_filename": "c:\\windows\\system32\\oleaut32.dll", "region_type": "memory_mapped_file", "start_va": 8791784685568, "timestamp": "00:01:10.394", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 897024, "start_va": 8791785603072, "type": "region", "version": 1 }, "end_va": 8791786500095, "entry_point": 8791785736032, "filename": "\\Windows\\System32\\advapi32.dll", "id": "region_3641", "name": "advapi32.dll", "norm_filename": "c:\\windows\\system32\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 8791785603072, "timestamp": "00:01:10.394", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1232896, "start_va": 8791786520576, "type": "region", "version": 1 }, "end_va": 8791787753471, "entry_point": 8791786843472, "filename": "\\Windows\\System32\\rpcrt4.dll", "id": "region_3642", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\system32\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 8791786520576, "timestamp": "00:01:10.395", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 626688, "start_va": 8791790256128, "type": "region", "version": 1 }, "end_va": 8791790882815, "entry_point": 8791790263312, "filename": "\\Windows\\System32\\clbcatq.dll", "id": "region_3643", "name": "clbcatq.dll", "norm_filename": "c:\\windows\\system32\\clbcatq.dll", "region_type": "memory_mapped_file", "start_va": 8791790256128, "timestamp": "00:01:10.396", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 651264, "start_va": 8791791435776, "type": "region", "version": 1 }, "end_va": 8791792087039, "entry_point": 8791791445408, "filename": "\\Windows\\System32\\msvcrt.dll", "id": "region_3644", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\system32\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 8791791435776, "timestamp": "00:01:10.396", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2109440, "start_va": 8791792091136, "type": "region", "version": 1 }, "end_va": 8791794200575, "entry_point": 8791792235312, "filename": "\\Windows\\System32\\ole32.dll", "id": "region_3645", "name": "ole32.dll", "norm_filename": "c:\\windows\\system32\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 8791792091136, "timestamp": "00:01:10.397", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 421888, "start_va": 8791794778112, "type": "region", "version": 1 }, "end_va": 8791795199999, "entry_point": 8791794823228, "filename": "\\Windows\\System32\\gdi32.dll", "id": "region_3646", "name": "gdi32.dll", "norm_filename": "c:\\windows\\system32\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 8791794778112, "timestamp": "00:01:10.397", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 315392, "start_va": 8791795236864, "type": "region", "version": 1 }, "end_va": 8791795552255, "entry_point": 8791795241072, "filename": "\\Windows\\System32\\ws2_32.dll", "id": "region_3647", "name": "ws2_32.dll", "norm_filename": "c:\\windows\\system32\\ws2_32.dll", "region_type": "memory_mapped_file", "start_va": 8791795236864, "timestamp": "00:01:10.398", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 8791795761152, "type": "region", "version": 1 }, "end_va": 8791795765247, "entry_point": 8791795761152, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_3648", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 8791795761152, "timestamp": "00:01:10.399", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092678144, "type": "region", "version": 1 }, "end_va": 8796092686335, "entry_point": 0, "filename": null, "id": "region_3649", "name": "private_0x000007fffffac000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092678144, "timestamp": "00:01:10.401", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092686336, "type": "region", "version": 1 }, "end_va": 8796092694527, "entry_point": 0, "filename": null, "id": "region_3650", "name": "private_0x000007fffffae000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092686336, "timestamp": "00:01:10.401", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 8796092694528, "type": "region", "version": 1 }, "end_va": 8796092837887, "entry_point": 0, "filename": null, "id": "region_3651", "name": "pagefile_0x000007fffffb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 8796092694528, "timestamp": "00:01:10.401", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092837888, "type": "region", "version": 1 }, "end_va": 8796092846079, "entry_point": 0, "filename": null, "id": "region_3652", "name": "private_0x000007fffffd3000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092837888, "timestamp": "00:01:10.401", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092846080, "type": "region", "version": 1 }, "end_va": 8796092854271, "entry_point": 0, "filename": null, "id": "region_3653", "name": "private_0x000007fffffd5000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092846080, "timestamp": "00:01:10.401", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092854272, "type": "region", "version": 1 }, "end_va": 8796092862463, "entry_point": 0, "filename": null, "id": "region_3654", "name": "private_0x000007fffffd7000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092854272, "timestamp": "00:01:10.401", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092862464, "type": "region", "version": 1 }, "end_va": 8796092870655, "entry_point": 0, "filename": null, "id": "region_3655", "name": "private_0x000007fffffd9000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092862464, "timestamp": "00:01:10.401", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092870656, "type": "region", "version": 1 }, "end_va": 8796092878847, "entry_point": 0, "filename": null, "id": "region_3656", "name": "private_0x000007fffffdb000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092870656, "timestamp": "00:01:10.401", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 8796092878848, "type": "region", "version": 1 }, "end_va": 8796092882943, "entry_point": 0, "filename": null, "id": "region_3657", "name": "private_0x000007fffffdd000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092878848, "timestamp": "00:01:10.401", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092882944, "type": "region", "version": 1 }, "end_va": 8796092891135, "entry_point": 0, "filename": null, "id": "region_3658", "name": "private_0x000007fffffde000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092882944, "timestamp": "00:01:10.401", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2875392, "start_va": 23658496, "type": "region", "version": 1 }, "end_va": 26533887, "entry_point": 23836560, "filename": "\\Windows\\explorer.exe", "id": "region_4001", "name": "explorer.exe", "norm_filename": "c:\\windows\\explorer.exe", "region_type": "memory_mapped_file", "start_va": 23658496, "timestamp": "00:01:12.258", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 2949120, "type": "region", "version": 1 }, "end_va": 3473407, "entry_point": 0, "filename": null, "id": "region_5308", "name": "private_0x00000000002d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2949120, "timestamp": "00:01:23.744", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092669952, "type": "region", "version": 1 }, "end_va": 8796092678143, "entry_point": 0, "filename": null, "id": "region_5309", "name": "private_0x000007fffffaa000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092669952, "timestamp": "00:01:23.744", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 24576000, "type": "region", "version": 1 }, "end_va": 25100287, "entry_point": 0, "filename": null, "id": "region_5438", "name": "private_0x0000000001770000", "norm_filename": null, "region_type": "private_memory", "start_va": 24576000, "timestamp": "00:01:25.725", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092661760, "type": "region", "version": 1 }, "end_va": 8796092669951, "entry_point": 0, "filename": null, "id": "region_5439", "name": "private_0x000007fffffa8000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092661760, "timestamp": "00:01:25.725", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 22282240, "type": "region", "version": 1 }, "end_va": 22806527, "entry_point": 0, "filename": null, "id": "region_5562", "name": "private_0x0000000001540000", "norm_filename": null, "region_type": "private_memory", "start_va": 22282240, "timestamp": "00:01:26.462", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092653568, "type": "region", "version": 1 }, "end_va": 8796092661759, "entry_point": 0, "filename": null, "id": "region_5563", "name": "private_0x000007fffffa6000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092653568, "timestamp": "00:01:26.462", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 25952256, "type": "region", "version": 1 }, "end_va": 26476543, "entry_point": 0, "filename": null, "id": "region_5604", "name": "private_0x00000000018c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 25952256, "timestamp": "00:01:26.677", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092645376, "type": "region", "version": 1 }, "end_va": 8796092653567, "entry_point": 0, "filename": null, "id": "region_5605", "name": "private_0x000007fffffa4000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092645376, "timestamp": "00:01:26.677", "type": "region", "version": 1 } ], "terminate_reason": "timeout", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "C:\\Windows\\System32\\svchost.exe -k LocalServiceNetworkRestricted", "filename": "c:\\windows\\system32\\svchost.exe", "id": "proc_31", "image_name": "svchost.exe", "monitor_reason": "child_process", "monitored_id": 31, "origin_monitor_id": 26, "ref_parent_process": { "ref_id": "proc_26", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_2226", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:01:06.628", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 28672, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 159743, "entry_point": 0, "filename": null, "id": "region_2227", "name": "pagefile_0x0000000000020000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 131072, "timestamp": "00:01:06.628", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 212991, "entry_point": 0, "filename": null, "id": "region_2228", "name": "pagefile_0x0000000000030000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 196608, "timestamp": "00:01:06.628", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 266239, "entry_point": 0, "filename": null, "id": "region_2229", "name": "pagefile_0x0000000000040000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 262144, "timestamp": "00:01:06.628", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 327680, "type": "region", "version": 1 }, "end_va": 335871, "entry_point": 0, "filename": null, "id": "region_2230", "name": "pagefile_0x0000000000050000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 327680, "timestamp": "00:01:06.628", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 393216, "type": "region", "version": 1 }, "end_va": 397311, "entry_point": 0, "filename": null, "id": "region_2231", "name": "private_0x0000000000060000", "norm_filename": null, "region_type": "private_memory", "start_va": 393216, "timestamp": "00:01:06.628", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 458752, "type": "region", "version": 1 }, "end_va": 462847, "entry_point": 0, "filename": null, "id": "region_2232", "name": "private_0x0000000000070000", "norm_filename": null, "region_type": "private_memory", "start_va": 458752, "timestamp": "00:01:06.628", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 131072, "start_va": 524288, "type": "region", "version": 1 }, "end_va": 655359, "entry_point": 0, "filename": null, "id": "region_2233", "name": "private_0x0000000000080000", "norm_filename": null, "region_type": "private_memory", "start_va": 524288, "timestamp": "00:01:06.628", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 655360, "type": "region", "version": 1 }, "end_va": 659455, "entry_point": 0, "filename": null, "id": "region_2234", "name": "pagefile_0x00000000000a0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 655360, "timestamp": "00:01:06.628", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 720896, "type": "region", "version": 1 }, "end_va": 1245183, "entry_point": 0, "filename": null, "id": "region_2235", "name": "private_0x00000000000b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 720896, "timestamp": "00:01:06.628", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 1245184, "type": "region", "version": 1 }, "end_va": 1667071, "entry_point": 1245184, "filename": "\\Windows\\System32\\locale.nls", "id": "region_2236", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 1245184, "timestamp": "00:01:06.628", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 1703936, "type": "region", "version": 1 }, "end_va": 2752511, "entry_point": 0, "filename": null, "id": "region_2237", "name": "private_0x00000000001a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1703936, "timestamp": "00:01:06.628", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 2752512, "type": "region", "version": 1 }, "end_va": 3014655, "entry_point": 0, "filename": null, "id": "region_2238", "name": "private_0x00000000002a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2752512, "timestamp": "00:01:06.628", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 131072, "start_va": 3014656, "type": "region", "version": 1 }, "end_va": 3145727, "entry_point": 0, "filename": null, "id": "region_2239", "name": "private_0x00000000002e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 3014656, "timestamp": "00:01:06.628", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 32768, "start_va": 3145728, "type": "region", "version": 1 }, "end_va": 3178495, "entry_point": 0, "filename": null, "id": "region_2240", "name": "private_0x0000000000300000", "norm_filename": null, "region_type": "private_memory", "start_va": 3145728, "timestamp": "00:01:06.628", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 3211264, "type": "region", "version": 1 }, "end_va": 3215359, "entry_point": 0, "filename": null, "id": "region_2241", "name": "pagefile_0x0000000000310000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 3211264, "timestamp": "00:01:06.628", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 3276800, "type": "region", "version": 1 }, "end_va": 4325375, "entry_point": 0, "filename": null, "id": "region_2242", "name": "private_0x0000000000320000", "norm_filename": null, "region_type": "private_memory", "start_va": 3276800, "timestamp": "00:01:06.628", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 4325376, "type": "region", "version": 1 }, "end_va": 5931007, "entry_point": 0, "filename": null, "id": "region_2243", "name": "pagefile_0x0000000000420000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 4325376, "timestamp": "00:01:06.628", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 5963776, "type": "region", "version": 1 }, "end_va": 6029311, "entry_point": 0, "filename": null, "id": "region_2244", "name": "private_0x00000000005b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 5963776, "timestamp": "00:01:06.628", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 6029312, "type": "region", "version": 1 }, "end_va": 7606271, "entry_point": 0, "filename": null, "id": "region_2245", "name": "pagefile_0x00000000005c0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 6029312, "timestamp": "00:01:06.629", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 786432, "start_va": 7667712, "type": "region", "version": 1 }, "end_va": 8454143, "entry_point": 0, "filename": null, "id": "region_2246", "name": "pagefile_0x0000000000750000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 7667712, "timestamp": "00:01:06.629", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4141056, "start_va": 8454144, "type": "region", "version": 1 }, "end_va": 12595199, "entry_point": 0, "filename": null, "id": "region_2247", "name": "pagefile_0x0000000000810000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 8454144, "timestamp": "00:01:06.629", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 131072, "start_va": 12648448, "type": "region", "version": 1 }, "end_va": 12779519, "entry_point": 0, "filename": null, "id": "region_2248", "name": "private_0x0000000000c10000", "norm_filename": null, "region_type": "private_memory", "start_va": 12648448, "timestamp": "00:01:06.629", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 12779520, "type": "region", "version": 1 }, "end_va": 12783615, "entry_point": 0, "filename": null, "id": "region_2249", "name": "private_0x0000000000c30000", "norm_filename": null, "region_type": "private_memory", "start_va": 12779520, "timestamp": "00:01:06.629", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 12845056, "type": "region", "version": 1 }, "end_va": 12849151, "entry_point": 0, "filename": null, "id": "region_2250", "name": "private_0x0000000000c40000", "norm_filename": null, "region_type": "private_memory", "start_va": 12845056, "timestamp": "00:01:06.629", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 12910592, "type": "region", "version": 1 }, "end_va": 12914687, "entry_point": 0, "filename": null, "id": "region_2251", "name": "pagefile_0x0000000000c50000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 12910592, "timestamp": "00:01:06.629", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 13107200, "type": "region", "version": 1 }, "end_va": 13631487, "entry_point": 0, "filename": null, "id": "region_2252", "name": "private_0x0000000000c80000", "norm_filename": null, "region_type": "private_memory", "start_va": 13107200, "timestamp": "00:01:06.629", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 13631488, "type": "region", "version": 1 }, "end_va": 14155775, "entry_point": 0, "filename": null, "id": "region_2253", "name": "private_0x0000000000d00000", "norm_filename": null, "region_type": "private_memory", "start_va": 13631488, "timestamp": "00:01:06.629", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 14155776, "type": "region", "version": 1 }, "end_va": 14680063, "entry_point": 0, "filename": null, "id": "region_2254", "name": "private_0x0000000000d80000", "norm_filename": null, "region_type": "private_memory", "start_va": 14155776, "timestamp": "00:01:06.629", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 14680064, "type": "region", "version": 1 }, "end_va": 15728639, "entry_point": 0, "filename": null, "id": "region_2255", "name": "private_0x0000000000e00000", "norm_filename": null, "region_type": "private_memory", "start_va": 14680064, "timestamp": "00:01:06.629", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 15990784, "type": "region", "version": 1 }, "end_va": 16515071, "entry_point": 0, "filename": null, "id": "region_2256", "name": "private_0x0000000000f40000", "norm_filename": null, "region_type": "private_memory", "start_va": 15990784, "timestamp": "00:01:06.629", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 16580608, "type": "region", "version": 1 }, "end_va": 17104895, "entry_point": 0, "filename": null, "id": "region_2257", "name": "private_0x0000000000fd0000", "norm_filename": null, "region_type": "private_memory", "start_va": 16580608, "timestamp": "00:01:06.629", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2945024, "start_va": 17104896, "type": "region", "version": 1 }, "end_va": 20049919, "entry_point": 17104896, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_2258", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 17104896, "timestamp": "00:01:06.629", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 20185088, "type": "region", "version": 1 }, "end_va": 20709375, "entry_point": 0, "filename": null, "id": "region_2259", "name": "private_0x0000000001340000", "norm_filename": null, "region_type": "private_memory", "start_va": 20185088, "timestamp": "00:01:06.629", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 20774912, "type": "region", "version": 1 }, "end_va": 21299199, "entry_point": 0, "filename": null, "id": "region_2260", "name": "private_0x00000000013d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 20774912, "timestamp": "00:01:06.629", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 21299200, "type": "region", "version": 1 }, "end_va": 21823487, "entry_point": 0, "filename": null, "id": "region_2261", "name": "private_0x0000000001450000", "norm_filename": null, "region_type": "private_memory", "start_va": 21299200, "timestamp": "00:01:06.629", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 401408, "start_va": 22544384, "type": "region", "version": 1 }, "end_va": 22945791, "entry_point": 22544384, "filename": "\\Windows\\System32\\winlogon.exe", "id": "region_2262", "name": "winlogon.exe", "norm_filename": "c:\\windows\\system32\\winlogon.exe", "region_type": "memory_mapped_file", "start_va": 22544384, "timestamp": "00:01:06.629", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 23265280, "type": "region", "version": 1 }, "end_va": 23789567, "entry_point": 0, "filename": null, "id": "region_2263", "name": "private_0x0000000001630000", "norm_filename": null, "region_type": "private_memory", "start_va": 23265280, "timestamp": "00:01:06.639", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 24444928, "type": "region", "version": 1 }, "end_va": 24969215, "entry_point": 0, "filename": null, "id": "region_2264", "name": "private_0x0000000001750000", "norm_filename": null, "region_type": "private_memory", "start_va": 24444928, "timestamp": "00:01:06.639", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 24969216, "type": "region", "version": 1 }, "end_va": 26017791, "entry_point": 0, "filename": null, "id": "region_2265", "name": "private_0x00000000017d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 24969216, "timestamp": "00:01:06.639", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 26017792, "type": "region", "version": 1 }, "end_va": 26542079, "entry_point": 0, "filename": null, "id": "region_2266", "name": "private_0x00000000018d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 26017792, "timestamp": "00:01:06.639", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 26542080, "type": "region", "version": 1 }, "end_va": 27066367, "entry_point": 0, "filename": null, "id": "region_2267", "name": "private_0x0000000001950000", "norm_filename": null, "region_type": "private_memory", "start_va": 26542080, "timestamp": "00:01:06.639", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 27066368, "type": "region", "version": 1 }, "end_va": 27590655, "entry_point": 0, "filename": null, "id": "region_2268", "name": "private_0x00000000019d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 27066368, "timestamp": "00:01:06.639", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 28311552, "type": "region", "version": 1 }, "end_va": 28835839, "entry_point": 0, "filename": null, "id": "region_2269", "name": "private_0x0000000001b00000", "norm_filename": null, "region_type": "private_memory", "start_va": 28311552, "timestamp": "00:01:06.639", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 29097984, "type": "region", "version": 1 }, "end_va": 29622271, "entry_point": 0, "filename": null, "id": "region_2270", "name": "private_0x0000000001bc0000", "norm_filename": null, "region_type": "private_memory", "start_va": 29097984, "timestamp": "00:01:06.639", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 2097152, "start_va": 29622272, "type": "region", "version": 1 }, "end_va": 31719423, "entry_point": 0, "filename": null, "id": "region_2271", "name": "private_0x0000000001c40000", "norm_filename": null, "region_type": "private_memory", "start_va": 29622272, "timestamp": "00:01:06.639", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 32178176, "type": "region", "version": 1 }, "end_va": 32702463, "entry_point": 0, "filename": null, "id": "region_2272", "name": "private_0x0000000001eb0000", "norm_filename": null, "region_type": "private_memory", "start_va": 32178176, "timestamp": "00:01:06.639", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 32833536, "type": "region", "version": 1 }, "end_va": 33357823, "entry_point": 0, "filename": null, "id": "region_2273", "name": "private_0x0000000001f50000", "norm_filename": null, "region_type": "private_memory", "start_va": 32833536, "timestamp": "00:01:06.639", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4194304, "start_va": 33357824, "type": "region", "version": 1 }, "end_va": 37552127, "entry_point": 0, "filename": null, "id": "region_2274", "name": "private_0x0000000001fd0000", "norm_filename": null, "region_type": "private_memory", "start_va": 33357824, "timestamp": "00:01:06.639", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1024000, "start_va": 2005467136, "type": "region", "version": 1 }, "end_va": 2006491135, "entry_point": 2005574344, "filename": "\\Windows\\System32\\user32.dll", "id": "region_2275", "name": "user32.dll", "norm_filename": "c:\\windows\\system32\\user32.dll", "region_type": "memory_mapped_file", "start_va": 2005467136, "timestamp": "00:01:06.639", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1175552, "start_va": 2006515712, "type": "region", "version": 1 }, "end_va": 2007691263, "entry_point": 2006605472, "filename": "\\Windows\\System32\\kernel32.dll", "id": "region_2276", "name": "kernel32.dll", "norm_filename": "c:\\windows\\system32\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 2006515712, "timestamp": "00:01:06.640", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 2007695360, "type": "region", "version": 1 }, "end_va": 2009436159, "entry_point": 2007695360, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_2277", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2007695360, "timestamp": "00:01:06.640", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2131623935, "entry_point": 0, "filename": null, "id": "region_2278", "name": "pagefile_0x000000007efe0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130575360, "timestamp": "00:01:06.641", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 15728640, "start_va": 2131623936, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_2279", "name": "private_0x000000007f0e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2131623936, "timestamp": "00:01:06.641", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable" ], "ref_process_dump": null, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_2280", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:01:06.641", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 45056, "start_va": 4282056704, "type": "region", "version": 1 }, "end_va": 4282101759, "entry_point": 4282066028, "filename": "\\Windows\\System32\\svchost.exe", "id": "region_2281", "name": "svchost.exe", "norm_filename": "c:\\windows\\system32\\svchost.exe", "region_type": "memory_mapped_file", "start_va": 4282056704, "timestamp": "00:01:06.641", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 401408, "start_va": 4291231744, "type": "region", "version": 1 }, "end_va": 4291633151, "entry_point": 4291299544, "filename": "\\Windows\\System32\\winlogon.exe", "id": "region_2282", "name": "winlogon.exe", "norm_filename": "c:\\windows\\system32\\winlogon.exe", "region_type": "memory_mapped_file", "start_va": 4291231744, "timestamp": "00:01:06.642", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 339968, "start_va": 4292018176, "type": "region", "version": 1 }, "end_va": 4292358143, "entry_point": 4292018176, "filename": "\\Windows\\System32\\services.exe", "id": "region_2283", "name": "services.exe", "norm_filename": "c:\\windows\\system32\\services.exe", "region_type": "memory_mapped_file", "start_va": 4292018176, "timestamp": "00:01:06.642", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 241664, "start_va": 8791717117952, "type": "region", "version": 1 }, "end_va": 8791717359615, "entry_point": 8791717117952, "filename": "\\Windows\\System32\\dhcpcore6.dll", "id": "region_2284", "name": "dhcpcore6.dll", "norm_filename": "c:\\windows\\system32\\dhcpcore6.dll", "region_type": "memory_mapped_file", "start_va": 8791717117952, "timestamp": "00:01:06.652", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 331776, "start_va": 8791717380096, "type": "region", "version": 1 }, "end_va": 8791717711871, "entry_point": 8791717380096, "filename": "\\Windows\\System32\\dhcpcore.dll", "id": "region_2285", "name": "dhcpcore.dll", "norm_filename": "c:\\windows\\system32\\dhcpcore.dll", "region_type": "memory_mapped_file", "start_va": 8791717380096, "timestamp": "00:01:06.662", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 8791717838848, "type": "region", "version": 1 }, "end_va": 8791717871615, "entry_point": 8791717838848, "filename": "\\Windows\\System32\\nrpsrv.dll", "id": "region_2286", "name": "nrpsrv.dll", "norm_filename": "c:\\windows\\system32\\nrpsrv.dll", "region_type": "memory_mapped_file", "start_va": 8791717838848, "timestamp": "00:01:06.673", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 45056, "start_va": 8791717904384, "type": "region", "version": 1 }, "end_va": 8791717949439, "entry_point": 8791717904384, "filename": "\\Windows\\System32\\winnsi.dll", "id": "region_2287", "name": "winnsi.dll", "norm_filename": "c:\\windows\\system32\\winnsi.dll", "region_type": "memory_mapped_file", "start_va": 8791717904384, "timestamp": "00:01:06.681", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 159744, "start_va": 8791717969920, "type": "region", "version": 1 }, "end_va": 8791718129663, "entry_point": 8791717969920, "filename": "\\Windows\\System32\\IPHLPAPI.DLL", "id": "region_2288", "name": "iphlpapi.dll", "norm_filename": "c:\\windows\\system32\\iphlpapi.dll", "region_type": "memory_mapped_file", "start_va": 8791717969920, "timestamp": "00:01:06.691", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 8791718166528, "type": "region", "version": 1 }, "end_va": 8791718207487, "entry_point": 8791718166528, "filename": "\\Windows\\System32\\lmhsvc.dll", "id": "region_2289", "name": "lmhsvc.dll", "norm_filename": "c:\\windows\\system32\\lmhsvc.dll", "region_type": "memory_mapped_file", "start_va": 8791718166528, "timestamp": "00:01:06.702", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 36864, "start_va": 8791723016192, "type": "region", "version": 1 }, "end_va": 8791723053055, "entry_point": 8791723020304, "filename": "\\Windows\\System32\\avrt.dll", "id": "region_2290", "name": "avrt.dll", "norm_filename": "c:\\windows\\system32\\avrt.dll", "region_type": "memory_mapped_file", "start_va": 8791723016192, "timestamp": "00:01:06.711", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 180224, "start_va": 8791723081728, "type": "region", "version": 1 }, "end_va": 8791723261951, "entry_point": 8791723081728, "filename": "\\Windows\\System32\\powrprof.dll", "id": "region_2291", "name": "powrprof.dll", "norm_filename": "c:\\windows\\system32\\powrprof.dll", "region_type": "memory_mapped_file", "start_va": 8791723081728, "timestamp": "00:01:06.712", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 704512, "start_va": 8791723278336, "type": "region", "version": 1 }, "end_va": 8791723982847, "entry_point": 8791723278336, "filename": "\\Windows\\System32\\audiosrv.dll", "id": "region_2292", "name": "audiosrv.dll", "norm_filename": "c:\\windows\\system32\\audiosrv.dll", "region_type": "memory_mapped_file", "start_va": 8791723278336, "timestamp": "00:01:06.725", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 307200, "start_va": 8791729963008, "type": "region", "version": 1 }, "end_va": 8791730270207, "entry_point": 8791730024396, "filename": "\\Windows\\System32\\MMDevAPI.dll", "id": "region_2293", "name": "mmdevapi.dll", "norm_filename": "c:\\windows\\system32\\mmdevapi.dll", "region_type": "memory_mapped_file", "start_va": 8791729963008, "timestamp": "00:01:06.736", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1228800, "start_va": 8791734616064, "type": "region", "version": 1 }, "end_va": 8791735844863, "entry_point": 8791734654140, "filename": "\\Windows\\System32\\propsys.dll", "id": "region_2294", "name": "propsys.dll", "norm_filename": "c:\\windows\\system32\\propsys.dll", "region_type": "memory_mapped_file", "start_va": 8791734616064, "timestamp": "00:01:06.736", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 184320, "start_va": 8791741366272, "type": "region", "version": 1 }, "end_va": 8791741550591, "entry_point": 8791741370384, "filename": "\\Windows\\System32\\ntmarta.dll", "id": "region_2295", "name": "ntmarta.dll", "norm_filename": "c:\\windows\\system32\\ntmarta.dll", "region_type": "memory_mapped_file", "start_va": 8791741366272, "timestamp": "00:01:06.737", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1662976, "start_va": 8791741562880, "type": "region", "version": 1 }, "end_va": 8791743225855, "entry_point": 8791741562880, "filename": "\\Windows\\System32\\wevtsvc.dll", "id": "region_2296", "name": "wevtsvc.dll", "norm_filename": "c:\\windows\\system32\\wevtsvc.dll", "region_type": "memory_mapped_file", "start_va": 8791741562880, "timestamp": "00:01:06.738", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 8791743266816, "type": "region", "version": 1 }, "end_va": 8791743315967, "entry_point": 8791743271012, "filename": "\\Windows\\System32\\version.dll", "id": "region_2297", "name": "version.dll", "norm_filename": "c:\\windows\\system32\\version.dll", "region_type": "memory_mapped_file", "start_va": 8791743266816, "timestamp": "00:01:06.751", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 765952, "start_va": 8791743332352, "type": "region", "version": 1 }, "end_va": 8791744098303, "entry_point": 8791743332352, "filename": "\\Windows\\System32\\FirewallAPI.dll", "id": "region_2298", "name": "firewallapi.dll", "norm_filename": "c:\\windows\\system32\\firewallapi.dll", "region_type": "memory_mapped_file", "start_va": 8791743332352, "timestamp": "00:01:06.751", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 28672, "start_va": 8791744118784, "type": "region", "version": 1 }, "end_va": 8791744147455, "entry_point": 8791744124080, "filename": "\\Windows\\System32\\WSHTCPIP.DLL", "id": "region_2299", "name": "wshtcpip.dll", "norm_filename": "c:\\windows\\system32\\wshtcpip.dll", "region_type": "memory_mapped_file", "start_va": 8791744118784, "timestamp": "00:01:06.766", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 110592, "start_va": 8791745101824, "type": "region", "version": 1 }, "end_va": 8791745212415, "entry_point": 8791745110120, "filename": "\\Windows\\System32\\gpapi.dll", "id": "region_2300", "name": "gpapi.dll", "norm_filename": "c:\\windows\\system32\\gpapi.dll", "region_type": "memory_mapped_file", "start_va": 8791745101824, "timestamp": "00:01:06.767", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 8791746609152, "type": "region", "version": 1 }, "end_va": 8791746650111, "entry_point": 8791746624696, "filename": "\\Windows\\System32\\credssp.dll", "id": "region_2301", "name": "credssp.dll", "norm_filename": "c:\\windows\\system32\\credssp.dll", "region_type": "memory_mapped_file", "start_va": 8791746609152, "timestamp": "00:01:06.767", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 372736, "start_va": 8791748837376, "type": "region", "version": 1 }, "end_va": 8791749210111, "entry_point": 8791748837376, "filename": "\\Windows\\System32\\dnsapi.dll", "id": "region_2302", "name": "dnsapi.dll", "norm_filename": "c:\\windows\\system32\\dnsapi.dll", "region_type": "memory_mapped_file", "start_va": 8791748837376, "timestamp": "00:01:06.768", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 28672, "start_va": 8791750344704, "type": "region", "version": 1 }, "end_va": 8791750373375, "entry_point": 8791750349868, "filename": "\\Windows\\System32\\wship6.dll", "id": "region_2303", "name": "wship6.dll", "norm_filename": "c:\\windows\\system32\\wship6.dll", "region_type": "memory_mapped_file", "start_va": 8791750344704, "timestamp": "00:01:06.783", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 348160, "start_va": 8791750410240, "type": "region", "version": 1 }, "end_va": 8791750758399, "entry_point": 8791750414420, "filename": "\\Windows\\System32\\mswsock.dll", "id": "region_2304", "name": "mswsock.dll", "norm_filename": "c:\\windows\\system32\\mswsock.dll", "region_type": "memory_mapped_file", "start_va": 8791750410240, "timestamp": "00:01:06.783", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 446464, "start_va": 8791753097216, "type": "region", "version": 1 }, "end_va": 8791753543679, "entry_point": 8791753101328, "filename": "\\Windows\\System32\\wevtapi.dll", "id": "region_2305", "name": "wevtapi.dll", "norm_filename": "c:\\windows\\system32\\wevtapi.dll", "region_type": "memory_mapped_file", "start_va": 8791753097216, "timestamp": "00:01:06.785", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 45056, "start_va": 8791756701696, "type": "region", "version": 1 }, "end_va": 8791756746751, "entry_point": 8791756705840, "filename": "\\Windows\\System32\\secur32.dll", "id": "region_2306", "name": "secur32.dll", "norm_filename": "c:\\windows\\system32\\secur32.dll", "region_type": "memory_mapped_file", "start_va": 8791756701696, "timestamp": "00:01:06.785", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 151552, "start_va": 8791756898304, "type": "region", "version": 1 }, "end_va": 8791757049855, "entry_point": 8791756936792, "filename": "\\Windows\\System32\\sspicli.dll", "id": "region_2307", "name": "sspicli.dll", "norm_filename": "c:\\windows\\system32\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 8791756898304, "timestamp": "00:01:06.786", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 61440, "start_va": 8791757094912, "type": "region", "version": 1 }, "end_va": 8791757156351, "entry_point": 8791757099024, "filename": "\\Windows\\System32\\cryptbase.dll", "id": "region_2308", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\system32\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 8791757094912, "timestamp": "00:01:06.786", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 249856, "start_va": 8791757815808, "type": "region", "version": 1 }, "end_va": 8791758065663, "entry_point": 8791757822196, "filename": "\\Windows\\System32\\winsta.dll", "id": "region_2309", "name": "winsta.dll", "norm_filename": "c:\\windows\\system32\\winsta.dll", "region_type": "memory_mapped_file", "start_va": 8791757815808, "timestamp": "00:01:06.787", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 81920, "start_va": 8791758077952, "type": "region", "version": 1 }, "end_va": 8791758159871, "entry_point": 8791758082272, "filename": "\\Windows\\System32\\RpcRtRemote.dll", "id": "region_2310", "name": "rpcrtremote.dll", "norm_filename": "c:\\windows\\system32\\rpcrtremote.dll", "region_type": "memory_mapped_file", "start_va": 8791758077952, "timestamp": "00:01:06.788", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 106496, "start_va": 8791758929920, "type": "region", "version": 1 }, "end_va": 8791759036415, "entry_point": 8791758935384, "filename": "\\Windows\\System32\\devobj.dll", "id": "region_2311", "name": "devobj.dll", "norm_filename": "c:\\windows\\system32\\devobj.dll", "region_type": "memory_mapped_file", "start_va": 8791758929920, "timestamp": "00:01:06.788", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 438272, "start_va": 8791759060992, "type": "region", "version": 1 }, "end_va": 8791759499263, "entry_point": 8791759073504, "filename": "\\Windows\\System32\\KernelBase.dll", "id": "region_2312", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\system32\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 8791759060992, "timestamp": "00:01:06.789", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 221184, "start_va": 8791759519744, "type": "region", "version": 1 }, "end_va": 8791759740927, "entry_point": 8791759524980, "filename": "\\Windows\\System32\\cfgmgr32.dll", "id": "region_2313", "name": "cfgmgr32.dll", "norm_filename": "c:\\windows\\system32\\cfgmgr32.dll", "region_type": "memory_mapped_file", "start_va": 8791759519744, "timestamp": "00:01:06.789", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 823296, "start_va": 8791762206720, "type": "region", "version": 1 }, "end_va": 8791763030015, "entry_point": 8791762708596, "filename": "\\Windows\\System32\\usp10.dll", "id": "region_2314", "name": "usp10.dll", "norm_filename": "c:\\windows\\system32\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 8791762206720, "timestamp": "00:01:06.790", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 335872, "start_va": 8791763058688, "type": "region", "version": 1 }, "end_va": 8791763394559, "entry_point": 8791763062996, "filename": "\\Windows\\System32\\Wldap32.dll", "id": "region_2315", "name": "wldap32.dll", "norm_filename": "c:\\windows\\system32\\wldap32.dll", "region_type": "memory_mapped_file", "start_va": 8791763058688, "timestamp": "00:01:06.791", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1085440, "start_va": 8791763451904, "type": "region", "version": 1 }, "end_va": 8791764537343, "entry_point": 8791763456100, "filename": "\\Windows\\System32\\msctf.dll", "id": "region_2316", "name": "msctf.dll", "norm_filename": "c:\\windows\\system32\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 8791763451904, "timestamp": "00:01:06.791", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 57344, "start_va": 8791764566016, "type": "region", "version": 1 }, "end_va": 8791764623359, "entry_point": 8791764570240, "filename": "\\Windows\\System32\\lpk.dll", "id": "region_2317", "name": "lpk.dll", "norm_filename": "c:\\windows\\system32\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 8791764566016, "timestamp": "00:01:06.792", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 126976, "start_va": 8791765876736, "type": "region", "version": 1 }, "end_va": 8791766003711, "entry_point": 8791765901544, "filename": "\\Windows\\System32\\sechost.dll", "id": "region_2318", "name": "sechost.dll", "norm_filename": "c:\\windows\\system32\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 8791765876736, "timestamp": "00:01:06.792", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 188416, "start_va": 8791766007808, "type": "region", "version": 1 }, "end_va": 8791766196223, "entry_point": 8791766011920, "filename": "\\Windows\\System32\\imm32.dll", "id": "region_2319", "name": "imm32.dll", "norm_filename": "c:\\windows\\system32\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 8791766007808, "timestamp": "00:01:06.793", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 8791781998592, "type": "region", "version": 1 }, "end_va": 8791782031359, "entry_point": 8791782003972, "filename": "\\Windows\\System32\\nsi.dll", "id": "region_2320", "name": "nsi.dll", "norm_filename": "c:\\windows\\system32\\nsi.dll", "region_type": "memory_mapped_file", "start_va": 8791781998592, "timestamp": "00:01:06.794", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1929216, "start_va": 8791782064128, "type": "region", "version": 1 }, "end_va": 8791783993343, "entry_point": 8791782068240, "filename": "\\Windows\\System32\\setupapi.dll", "id": "region_2321", "name": "setupapi.dll", "norm_filename": "c:\\windows\\system32\\setupapi.dll", "region_type": "memory_mapped_file", "start_va": 8791782064128, "timestamp": "00:01:06.794", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 880640, "start_va": 8791784685568, "type": "region", "version": 1 }, "end_va": 8791785566207, "entry_point": 8791784698484, "filename": "\\Windows\\System32\\oleaut32.dll", "id": "region_2322", "name": "oleaut32.dll", "norm_filename": "c:\\windows\\system32\\oleaut32.dll", "region_type": "memory_mapped_file", "start_va": 8791784685568, "timestamp": "00:01:06.795", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 897024, "start_va": 8791785603072, "type": "region", "version": 1 }, "end_va": 8791786500095, "entry_point": 8791785736032, "filename": "\\Windows\\System32\\advapi32.dll", "id": "region_2323", "name": "advapi32.dll", "norm_filename": "c:\\windows\\system32\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 8791785603072, "timestamp": "00:01:06.795", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1232896, "start_va": 8791786520576, "type": "region", "version": 1 }, "end_va": 8791787753471, "entry_point": 8791786843472, "filename": "\\Windows\\System32\\rpcrt4.dll", "id": "region_2324", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\system32\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 8791786520576, "timestamp": "00:01:06.796", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 626688, "start_va": 8791790256128, "type": "region", "version": 1 }, "end_va": 8791790882815, "entry_point": 8791790263312, "filename": "\\Windows\\System32\\clbcatq.dll", "id": "region_2325", "name": "clbcatq.dll", "norm_filename": "c:\\windows\\system32\\clbcatq.dll", "region_type": "memory_mapped_file", "start_va": 8791790256128, "timestamp": "00:01:06.797", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 651264, "start_va": 8791791435776, "type": "region", "version": 1 }, "end_va": 8791792087039, "entry_point": 8791791445408, "filename": "\\Windows\\System32\\msvcrt.dll", "id": "region_2326", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\system32\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 8791791435776, "timestamp": "00:01:06.797", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2109440, "start_va": 8791792091136, "type": "region", "version": 1 }, "end_va": 8791794200575, "entry_point": 8791792235312, "filename": "\\Windows\\System32\\ole32.dll", "id": "region_2327", "name": "ole32.dll", "norm_filename": "c:\\windows\\system32\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 8791792091136, "timestamp": "00:01:06.798", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 421888, "start_va": 8791794778112, "type": "region", "version": 1 }, "end_va": 8791795199999, "entry_point": 8791794823228, "filename": "\\Windows\\System32\\gdi32.dll", "id": "region_2328", "name": "gdi32.dll", "norm_filename": "c:\\windows\\system32\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 8791794778112, "timestamp": "00:01:06.798", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 315392, "start_va": 8791795236864, "type": "region", "version": 1 }, "end_va": 8791795552255, "entry_point": 8791795241072, "filename": "\\Windows\\System32\\ws2_32.dll", "id": "region_2329", "name": "ws2_32.dll", "norm_filename": "c:\\windows\\system32\\ws2_32.dll", "region_type": "memory_mapped_file", "start_va": 8791795236864, "timestamp": "00:01:06.799", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 8791795761152, "type": "region", "version": 1 }, "end_va": 8791795765247, "entry_point": 8791795761152, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_2330", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 8791795761152, "timestamp": "00:01:06.800", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092588032, "type": "region", "version": 1 }, "end_va": 8796092596223, "entry_point": 0, "filename": null, "id": "region_2331", "name": "private_0x000007fffff96000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092588032, "timestamp": "00:01:06.802", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092604416, "type": "region", "version": 1 }, "end_va": 8796092612607, "entry_point": 0, "filename": null, "id": "region_2332", "name": "private_0x000007fffff9a000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092604416, "timestamp": "00:01:06.802", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092612608, "type": "region", "version": 1 }, "end_va": 8796092620799, "entry_point": 0, "filename": null, "id": "region_2333", "name": "private_0x000007fffff9c000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092612608, "timestamp": "00:01:06.802", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092620800, "type": "region", "version": 1 }, "end_va": 8796092628991, "entry_point": 0, "filename": null, "id": "region_2334", "name": "private_0x000007fffff9e000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092620800, "timestamp": "00:01:06.802", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092628992, "type": "region", "version": 1 }, "end_va": 8796092637183, "entry_point": 0, "filename": null, "id": "region_2335", "name": "private_0x000007fffffa0000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092628992, "timestamp": "00:01:06.802", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092637184, "type": "region", "version": 1 }, "end_va": 8796092645375, "entry_point": 0, "filename": null, "id": "region_2336", "name": "private_0x000007fffffa2000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092637184, "timestamp": "00:01:06.802", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092645376, "type": "region", "version": 1 }, "end_va": 8796092653567, "entry_point": 0, "filename": null, "id": "region_2337", "name": "private_0x000007fffffa4000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092645376, "timestamp": "00:01:06.802", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092653568, "type": "region", "version": 1 }, "end_va": 8796092661759, "entry_point": 0, "filename": null, "id": "region_2338", "name": "private_0x000007fffffa6000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092653568, "timestamp": "00:01:06.802", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092661760, "type": "region", "version": 1 }, "end_va": 8796092669951, "entry_point": 0, "filename": null, "id": "region_2339", "name": "private_0x000007fffffa8000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092661760, "timestamp": "00:01:06.802", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092669952, "type": "region", "version": 1 }, "end_va": 8796092678143, "entry_point": 0, "filename": null, "id": "region_2340", "name": "private_0x000007fffffaa000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092669952, "timestamp": "00:01:06.802", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092678144, "type": "region", "version": 1 }, "end_va": 8796092686335, "entry_point": 0, "filename": null, "id": "region_2341", "name": "private_0x000007fffffac000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092678144, "timestamp": "00:01:06.802", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092686336, "type": "region", "version": 1 }, "end_va": 8796092694527, "entry_point": 0, "filename": null, "id": "region_2342", "name": "private_0x000007fffffae000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092686336, "timestamp": "00:01:06.802", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 8796092694528, "type": "region", "version": 1 }, "end_va": 8796092837887, "entry_point": 0, "filename": null, "id": "region_2343", "name": "pagefile_0x000007fffffb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 8796092694528, "timestamp": "00:01:06.802", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092841984, "type": "region", "version": 1 }, "end_va": 8796092850175, "entry_point": 0, "filename": null, "id": "region_2344", "name": "private_0x000007fffffd4000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092841984, "timestamp": "00:01:06.802", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 8796092850176, "type": "region", "version": 1 }, "end_va": 8796092854271, "entry_point": 0, "filename": null, "id": "region_2345", "name": "private_0x000007fffffd6000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092850176, "timestamp": "00:01:06.802", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092858368, "type": "region", "version": 1 }, "end_va": 8796092866559, "entry_point": 0, "filename": null, "id": "region_2346", "name": "private_0x000007fffffd8000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092858368, "timestamp": "00:01:06.802", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092866560, "type": "region", "version": 1 }, "end_va": 8796092874751, "entry_point": 0, "filename": null, "id": "region_2347", "name": "private_0x000007fffffda000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092866560, "timestamp": "00:01:06.802", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092874752, "type": "region", "version": 1 }, "end_va": 8796092882943, "entry_point": 0, "filename": null, "id": "region_2348", "name": "private_0x000007fffffdc000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092874752, "timestamp": "00:01:06.802", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092882944, "type": "region", "version": 1 }, "end_va": 8796092891135, "entry_point": 0, "filename": null, "id": "region_2349", "name": "private_0x000007fffffde000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092882944, "timestamp": "00:01:06.802", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 3014656, "type": "region", "version": 1 }, "end_va": 3018751, "entry_point": 0, "filename": null, "id": "region_4004", "name": "private_0x00000000002e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 3014656, "timestamp": "00:01:12.306", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 32309248, "type": "region", "version": 1 }, "end_va": 32833535, "entry_point": 0, "filename": null, "id": "region_4025", "name": "private_0x0000000001ed0000", "norm_filename": null, "region_type": "private_memory", "start_va": 32309248, "timestamp": "00:01:12.493", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 12648448, "type": "region", "version": 1 }, "end_va": 12652543, "entry_point": 0, "filename": null, "id": "region_4304", "name": "private_0x0000000000c10000", "norm_filename": null, "region_type": "private_memory", "start_va": 12648448, "timestamp": "00:01:14.798", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 37683200, "type": "region", "version": 1 }, "end_va": 38207487, "entry_point": 0, "filename": null, "id": "region_4305", "name": "private_0x00000000023f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 37683200, "timestamp": "00:01:14.801", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 524288, "type": "region", "version": 1 }, "end_va": 528383, "entry_point": 0, "filename": null, "id": "region_4345", "name": "private_0x0000000000080000", "norm_filename": null, "region_type": "private_memory", "start_va": 524288, "timestamp": "00:01:14.996", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 24313856, "type": "region", "version": 1 }, "end_va": 24838143, "entry_point": 0, "filename": null, "id": "region_4726", "name": "private_0x0000000001730000", "norm_filename": null, "region_type": "private_memory", "start_va": 24313856, "timestamp": "00:01:17.017", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 462848, "start_va": 8791794253824, "type": "region", "version": 1 }, "end_va": 8791794716671, "entry_point": 8791794327072, "filename": "\\Windows\\System32\\shlwapi.dll", "id": "region_4727", "name": "shlwapi.dll", "norm_filename": "c:\\windows\\system32\\shlwapi.dll", "region_type": "memory_mapped_file", "start_va": 8791794253824, "timestamp": "00:01:17.017", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092596224, "type": "region", "version": 1 }, "end_va": 8796092604415, "entry_point": 0, "filename": null, "id": "region_4728", "name": "private_0x000007fffff98000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092596224, "timestamp": "00:01:17.018", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 94208, "start_va": 8791750803456, "type": "region", "version": 1 }, "end_va": 8791750897663, "entry_point": 8791750816440, "filename": "\\Windows\\System32\\cryptsp.dll", "id": "region_4729", "name": "cryptsp.dll", "norm_filename": "c:\\windows\\system32\\cryptsp.dll", "region_type": "memory_mapped_file", "start_va": 8791750803456, "timestamp": "00:01:17.025", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 282624, "start_va": 21823488, "type": "region", "version": 1 }, "end_va": 22106111, "entry_point": 21827684, "filename": "\\Windows\\System32\\rsaenh.dll", "id": "region_4730", "name": "rsaenh.dll", "norm_filename": "c:\\windows\\system32\\rsaenh.dll", "region_type": "memory_mapped_file", "start_va": 21823488, "timestamp": "00:01:17.027", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 290816, "start_va": 8791747657728, "type": "region", "version": 1 }, "end_va": 8791747948543, "entry_point": 8791747661924, "filename": "\\Windows\\System32\\rsaenh.dll", "id": "region_4783", "name": "rsaenh.dll", "norm_filename": "c:\\windows\\system32\\rsaenh.dll", "region_type": "memory_mapped_file", "start_va": 8791747657728, "timestamp": "00:01:17.466", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 38338560, "type": "region", "version": 1 }, "end_va": 38862847, "entry_point": 0, "filename": null, "id": "region_4838", "name": "private_0x0000000002490000", "norm_filename": null, "region_type": "private_memory", "start_va": 38338560, "timestamp": "00:01:17.935", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 38993920, "type": "region", "version": 1 }, "end_va": 39518207, "entry_point": 0, "filename": null, "id": "region_4839", "name": "private_0x0000000002530000", "norm_filename": null, "region_type": "private_memory", "start_va": 38993920, "timestamp": "00:01:17.935", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092579840, "type": "region", "version": 1 }, "end_va": 8796092588031, "entry_point": 0, "filename": null, "id": "region_4840", "name": "private_0x000007fffff94000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092579840, "timestamp": "00:01:17.935", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 323584, "start_va": 8791727603712, "type": "region", "version": 1 }, "end_va": 8791727927295, "entry_point": 8791727613796, "filename": "\\Windows\\System32\\AudioSes.dll", "id": "region_4895", "name": "audioses.dll", "norm_filename": "c:\\windows\\system32\\audioses.dll", "region_type": "memory_mapped_file", "start_va": 8791727603712, "timestamp": "00:01:18.315", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 12976128, "type": "region", "version": 1 }, "end_va": 12984319, "entry_point": 0, "filename": null, "id": "region_4896", "name": "private_0x0000000000c60000", "norm_filename": null, "region_type": "private_memory", "start_va": 12976128, "timestamp": "00:01:18.317", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4206592, "start_va": 39518208, "type": "region", "version": 1 }, "end_va": 43724799, "entry_point": 0, "filename": null, "id": "region_4897", "name": "private_0x00000000025b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 39518208, "timestamp": "00:01:18.317", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 69632, "start_va": 8791716331520, "type": "region", "version": 1 }, "end_va": 8791716401151, "entry_point": 8791716337324, "filename": "\\Windows\\System32\\dhcpcsvc6.dll", "id": "region_5237", "name": "dhcpcsvc6.dll", "norm_filename": "c:\\windows\\system32\\dhcpcsvc6.dll", "region_type": "memory_mapped_file", "start_va": 8791716331520, "timestamp": "00:01:21.696", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 98304, "start_va": 8791716200448, "type": "region", "version": 1 }, "end_va": 8791716298751, "entry_point": 8791716207608, "filename": "\\Windows\\System32\\dhcpcsvc.dll", "id": "region_5242", "name": "dhcpcsvc.dll", "norm_filename": "c:\\windows\\system32\\dhcpcsvc.dll", "region_type": "memory_mapped_file", "start_va": 8791716200448, "timestamp": "00:01:21.742", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 12288, "start_va": 1970995200, "type": "region", "version": 1 }, "end_va": 1971007487, "entry_point": 1970995200, "filename": "\\Windows\\System32\\wbem\\WinMgmtR.dll", "id": "region_5343", "name": "winmgmtr.dll", "norm_filename": "c:\\windows\\system32\\wbem\\winmgmtr.dll", "region_type": "memory_mapped_file", "start_va": 1970995200, "timestamp": "00:01:24.239", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 28672, "start_va": 1970995200, "type": "region", "version": 1 }, "end_va": 1971023871, "entry_point": 1970995200, "filename": "\\Windows\\System32\\aeevts.dll", "id": "region_5426", "name": "aeevts.dll", "norm_filename": "c:\\windows\\system32\\aeevts.dll", "region_type": "memory_mapped_file", "start_va": 1970995200, "timestamp": "00:01:25.376", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 12288, "start_va": 1970929664, "type": "region", "version": 1 }, "end_va": 1970941951, "entry_point": 1970929664, "filename": "\\Windows\\System32\\wbem\\WinMgmtR.dll", "id": "region_5444", "name": "winmgmtr.dll", "norm_filename": "c:\\windows\\system32\\wbem\\winmgmtr.dll", "region_type": "memory_mapped_file", "start_va": 1970929664, "timestamp": "00:01:25.839", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 118784, "start_va": 8791618617344, "type": "region", "version": 1 }, "end_va": 8791618736127, "entry_point": 8791618624040, "filename": "\\Windows\\System32\\radardt.dll", "id": "region_5704", "name": "radardt.dll", "norm_filename": "c:\\windows\\system32\\radardt.dll", "region_type": "memory_mapped_file", "start_va": 8791618617344, "timestamp": "00:01:27.591", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 180224, "start_va": 8791727407104, "type": "region", "version": 1 }, "end_va": 8791727587327, "entry_point": 8791727429368, "filename": "\\Windows\\System32\\dps.dll", "id": "region_5707", "name": "dps.dll", "norm_filename": "c:\\windows\\system32\\dps.dll", "region_type": "memory_mapped_file", "start_va": 8791727407104, "timestamp": "00:01:27.718", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 843776, "start_va": 8791683301376, "type": "region", "version": 1 }, "end_va": 8791684145151, "entry_point": 8791683309080, "filename": "\\Windows\\System32\\MPSSVC.dll", "id": "region_6843", "name": "mpssvc.dll", "norm_filename": "c:\\windows\\system32\\mpssvc.dll", "region_type": "memory_mapped_file", "start_va": 8791683301376, "timestamp": "00:01:33.577", "type": "region", "version": 1 } ], "terminate_reason": "timeout", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "\"LogonUI.exe\" /flags:0x0", "filename": "c:\\windows\\system32\\logonui.exe", "id": "proc_32", "image_name": "logonui.exe", "monitor_reason": "child_process", "monitored_id": 32, "origin_monitor_id": 25, "ref_parent_process": { "ref_id": "proc_25", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_1828", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:01:06.112", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 135167, "entry_point": 0, "filename": null, "id": "region_1829", "name": "private_0x0000000000020000", "norm_filename": null, "region_type": "private_memory", "start_va": 131072, "timestamp": "00:01:06.112", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 212991, "entry_point": 0, "filename": null, "id": "region_1830", "name": "pagefile_0x0000000000030000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 196608, "timestamp": "00:01:06.112", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 270335, "entry_point": 0, "filename": null, "id": "region_1831", "name": "pagefile_0x0000000000040000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 262144, "timestamp": "00:01:06.112", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 327680, "type": "region", "version": 1 }, "end_va": 749567, "entry_point": 327680, "filename": "\\Windows\\System32\\locale.nls", "id": "region_1832", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 327680, "timestamp": "00:01:06.112", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 196608, "start_va": 786432, "type": "region", "version": 1 }, "end_va": 983039, "entry_point": 0, "filename": null, "id": "region_1833", "name": "pagefile_0x00000000000c0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 786432, "timestamp": "00:01:06.113", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 983040, "type": "region", "version": 1 }, "end_va": 987135, "entry_point": 0, "filename": null, "id": "region_1834", "name": "private_0x00000000000f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 983040, "timestamp": "00:01:06.113", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 1048576, "type": "region", "version": 1 }, "end_va": 1052671, "entry_point": 0, "filename": null, "id": "region_1835", "name": "pagefile_0x0000000000100000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1048576, "timestamp": "00:01:06.113", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 1114112, "type": "region", "version": 1 }, "end_va": 1118207, "entry_point": 0, "filename": null, "id": "region_1836", "name": "pagefile_0x0000000000110000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1114112, "timestamp": "00:01:06.113", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 1179648, "type": "region", "version": 1 }, "end_va": 1187839, "entry_point": 0, "filename": null, "id": "region_1837", "name": "pagefile_0x0000000000120000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1179648, "timestamp": "00:01:06.113", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 1245184, "type": "region", "version": 1 }, "end_va": 1253375, "entry_point": 0, "filename": null, "id": "region_1838", "name": "pagefile_0x0000000000130000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1245184, "timestamp": "00:01:06.113", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 1310720, "type": "region", "version": 1 }, "end_va": 1318911, "entry_point": 0, "filename": null, "id": "region_1839", "name": "pagefile_0x0000000000140000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1310720, "timestamp": "00:01:06.113", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 1376256, "type": "region", "version": 1 }, "end_va": 1384447, "entry_point": 0, "filename": null, "id": "region_1840", "name": "pagefile_0x0000000000150000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1376256, "timestamp": "00:01:06.113", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 28672, "start_va": 1441792, "type": "region", "version": 1 }, "end_va": 1470463, "entry_point": 0, "filename": null, "id": "region_1841", "name": "pagefile_0x0000000000160000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1441792, "timestamp": "00:01:06.113", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 1507328, "type": "region", "version": 1 }, "end_va": 2031615, "entry_point": 0, "filename": null, "id": "region_1842", "name": "private_0x0000000000170000", "norm_filename": null, "region_type": "private_memory", "start_va": 1507328, "timestamp": "00:01:06.113", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2031616, "type": "region", "version": 1 }, "end_va": 3080191, "entry_point": 0, "filename": null, "id": "region_1843", "name": "private_0x00000000001f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2031616, "timestamp": "00:01:06.113", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 3080192, "type": "region", "version": 1 }, "end_va": 3342335, "entry_point": 0, "filename": null, "id": "region_1844", "name": "private_0x00000000002f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 3080192, "timestamp": "00:01:06.114", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 3342336, "type": "region", "version": 1 }, "end_va": 3350527, "entry_point": 0, "filename": null, "id": "region_1845", "name": "pagefile_0x0000000000330000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 3342336, "timestamp": "00:01:06.114", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 3407872, "type": "region", "version": 1 }, "end_va": 3416063, "entry_point": 0, "filename": null, "id": "region_1846", "name": "pagefile_0x0000000000340000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 3407872, "timestamp": "00:01:06.114", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 3473408, "type": "region", "version": 1 }, "end_va": 3477503, "entry_point": 0, "filename": null, "id": "region_1847", "name": "private_0x0000000000350000", "norm_filename": null, "region_type": "private_memory", "start_va": 3473408, "timestamp": "00:01:06.114", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 3538944, "type": "region", "version": 1 }, "end_va": 3604479, "entry_point": 0, "filename": null, "id": "region_1848", "name": "private_0x0000000000360000", "norm_filename": null, "region_type": "private_memory", "start_va": 3538944, "timestamp": "00:01:06.114", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 3604480, "type": "region", "version": 1 }, "end_va": 4653055, "entry_point": 0, "filename": null, "id": "region_1849", "name": "private_0x0000000000370000", "norm_filename": null, "region_type": "private_memory", "start_va": 3604480, "timestamp": "00:01:06.114", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 4653056, "type": "region", "version": 1 }, "end_va": 6258687, "entry_point": 0, "filename": null, "id": "region_1850", "name": "pagefile_0x0000000000470000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 4653056, "timestamp": "00:01:06.114", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 6291456, "type": "region", "version": 1 }, "end_va": 7868415, "entry_point": 0, "filename": null, "id": "region_1851", "name": "pagefile_0x0000000000600000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 6291456, "timestamp": "00:01:06.114", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 7929856, "type": "region", "version": 1 }, "end_va": 7933951, "entry_point": 0, "filename": null, "id": "region_1852", "name": "private_0x0000000000790000", "norm_filename": null, "region_type": "private_memory", "start_va": 7929856, "timestamp": "00:01:06.115", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 7995392, "type": "region", "version": 1 }, "end_va": 7999487, "entry_point": 0, "filename": null, "id": "region_1853", "name": "private_0x00000000007a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 7995392, "timestamp": "00:01:06.115", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 8060928, "type": "region", "version": 1 }, "end_va": 8065023, "entry_point": 0, "filename": null, "id": "region_1854", "name": "private_0x00000000007b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 8060928, "timestamp": "00:01:06.115", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 8126464, "type": "region", "version": 1 }, "end_va": 8130559, "entry_point": 0, "filename": null, "id": "region_1855", "name": "private_0x00000000007c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 8126464, "timestamp": "00:01:06.115", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 8192000, "type": "region", "version": 1 }, "end_va": 8716287, "entry_point": 0, "filename": null, "id": "region_1856", "name": "private_0x00000000007d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 8192000, "timestamp": "00:01:06.115", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 8716288, "type": "region", "version": 1 }, "end_va": 9240575, "entry_point": 0, "filename": null, "id": "region_1857", "name": "private_0x0000000000850000", "norm_filename": null, "region_type": "private_memory", "start_va": 8716288, "timestamp": "00:01:06.116", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 9240576, "type": "region", "version": 1 }, "end_va": 9244671, "entry_point": 0, "filename": null, "id": "region_1858", "name": "private_0x00000000008d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 9240576, "timestamp": "00:01:06.116", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 9306112, "type": "region", "version": 1 }, "end_va": 9310207, "entry_point": 0, "filename": null, "id": "region_1859", "name": "private_0x00000000008e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 9306112, "timestamp": "00:01:06.116", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 9371648, "type": "region", "version": 1 }, "end_va": 9375743, "entry_point": 0, "filename": null, "id": "region_1860", "name": "private_0x00000000008f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 9371648, "timestamp": "00:01:06.116", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 9437184, "type": "region", "version": 1 }, "end_va": 9441279, "entry_point": 0, "filename": null, "id": "region_1861", "name": "private_0x0000000000900000", "norm_filename": null, "region_type": "private_memory", "start_va": 9437184, "timestamp": "00:01:06.117", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 9502720, "type": "region", "version": 1 }, "end_va": 9506815, "entry_point": 0, "filename": null, "id": "region_1862", "name": "private_0x0000000000910000", "norm_filename": null, "region_type": "private_memory", "start_va": 9502720, "timestamp": "00:01:06.117", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 9568256, "type": "region", "version": 1 }, "end_va": 9572351, "entry_point": 0, "filename": null, "id": "region_1863", "name": "private_0x0000000000920000", "norm_filename": null, "region_type": "private_memory", "start_va": 9568256, "timestamp": "00:01:06.118", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 9633792, "type": "region", "version": 1 }, "end_va": 9637887, "entry_point": 0, "filename": null, "id": "region_1864", "name": "private_0x0000000000930000", "norm_filename": null, "region_type": "private_memory", "start_va": 9633792, "timestamp": "00:01:06.118", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 9699328, "type": "region", "version": 1 }, "end_va": 9703423, "entry_point": 0, "filename": null, "id": "region_1865", "name": "private_0x0000000000940000", "norm_filename": null, "region_type": "private_memory", "start_va": 9699328, "timestamp": "00:01:06.119", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 9764864, "type": "region", "version": 1 }, "end_va": 9768959, "entry_point": 0, "filename": null, "id": "region_1866", "name": "private_0x0000000000950000", "norm_filename": null, "region_type": "private_memory", "start_va": 9764864, "timestamp": "00:01:06.119", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 9830400, "type": "region", "version": 1 }, "end_va": 9834495, "entry_point": 0, "filename": null, "id": "region_1867", "name": "private_0x0000000000960000", "norm_filename": null, "region_type": "private_memory", "start_va": 9830400, "timestamp": "00:01:06.119", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 9895936, "type": "region", "version": 1 }, "end_va": 10420223, "entry_point": 0, "filename": null, "id": "region_1868", "name": "private_0x0000000000970000", "norm_filename": null, "region_type": "private_memory", "start_va": 9895936, "timestamp": "00:01:06.119", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 10420224, "type": "region", "version": 1 }, "end_va": 10424319, "entry_point": 0, "filename": null, "id": "region_1869", "name": "private_0x00000000009f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 10420224, "timestamp": "00:01:06.119", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 10485760, "type": "region", "version": 1 }, "end_va": 10489855, "entry_point": 0, "filename": null, "id": "region_1870", "name": "private_0x0000000000a00000", "norm_filename": null, "region_type": "private_memory", "start_va": 10485760, "timestamp": "00:01:06.119", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 10551296, "type": "region", "version": 1 }, "end_va": 10555391, "entry_point": 0, "filename": null, "id": "region_1871", "name": "private_0x0000000000a10000", "norm_filename": null, "region_type": "private_memory", "start_va": 10551296, "timestamp": "00:01:06.119", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 10616832, "type": "region", "version": 1 }, "end_va": 11141119, "entry_point": 0, "filename": null, "id": "region_1872", "name": "private_0x0000000000a20000", "norm_filename": null, "region_type": "private_memory", "start_va": 10616832, "timestamp": "00:01:06.119", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2945024, "start_va": 11141120, "type": "region", "version": 1 }, "end_va": 14086143, "entry_point": 11141120, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_1873", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 11141120, "timestamp": "00:01:06.119", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 14090240, "type": "region", "version": 1 }, "end_va": 14094335, "entry_point": 0, "filename": null, "id": "region_1874", "name": "private_0x0000000000d70000", "norm_filename": null, "region_type": "private_memory", "start_va": 14090240, "timestamp": "00:01:06.119", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 14155776, "type": "region", "version": 1 }, "end_va": 14159871, "entry_point": 0, "filename": null, "id": "region_1875", "name": "private_0x0000000000d80000", "norm_filename": null, "region_type": "private_memory", "start_va": 14155776, "timestamp": "00:01:06.119", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 14221312, "type": "region", "version": 1 }, "end_va": 14225407, "entry_point": 0, "filename": null, "id": "region_1876", "name": "private_0x0000000000d90000", "norm_filename": null, "region_type": "private_memory", "start_va": 14221312, "timestamp": "00:01:06.119", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 14286848, "type": "region", "version": 1 }, "end_va": 14290943, "entry_point": 0, "filename": null, "id": "region_1877", "name": "private_0x0000000000da0000", "norm_filename": null, "region_type": "private_memory", "start_va": 14286848, "timestamp": "00:01:06.119", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 14352384, "type": "region", "version": 1 }, "end_va": 14356479, "entry_point": 0, "filename": null, "id": "region_1878", "name": "private_0x0000000000db0000", "norm_filename": null, "region_type": "private_memory", "start_va": 14352384, "timestamp": "00:01:06.119", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 14417920, "type": "region", "version": 1 }, "end_va": 14422015, "entry_point": 0, "filename": null, "id": "region_1879", "name": "private_0x0000000000dc0000", "norm_filename": null, "region_type": "private_memory", "start_va": 14417920, "timestamp": "00:01:06.119", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 14483456, "type": "region", "version": 1 }, "end_va": 14487551, "entry_point": 0, "filename": null, "id": "region_1880", "name": "private_0x0000000000dd0000", "norm_filename": null, "region_type": "private_memory", "start_va": 14483456, "timestamp": "00:01:06.119", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 14548992, "type": "region", "version": 1 }, "end_va": 14553087, "entry_point": 0, "filename": null, "id": "region_1881", "name": "private_0x0000000000de0000", "norm_filename": null, "region_type": "private_memory", "start_va": 14548992, "timestamp": "00:01:06.119", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 14614528, "type": "region", "version": 1 }, "end_va": 14618623, "entry_point": 0, "filename": null, "id": "region_1882", "name": "private_0x0000000000df0000", "norm_filename": null, "region_type": "private_memory", "start_va": 14614528, "timestamp": "00:01:06.119", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 14680064, "type": "region", "version": 1 }, "end_va": 14684159, "entry_point": 0, "filename": null, "id": "region_1883", "name": "private_0x0000000000e00000", "norm_filename": null, "region_type": "private_memory", "start_va": 14680064, "timestamp": "00:01:06.119", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 14745600, "type": "region", "version": 1 }, "end_va": 14749695, "entry_point": 0, "filename": null, "id": "region_1884", "name": "private_0x0000000000e10000", "norm_filename": null, "region_type": "private_memory", "start_va": 14745600, "timestamp": "00:01:06.119", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 14811136, "type": "region", "version": 1 }, "end_va": 14815231, "entry_point": 0, "filename": null, "id": "region_1885", "name": "private_0x0000000000e20000", "norm_filename": null, "region_type": "private_memory", "start_va": 14811136, "timestamp": "00:01:06.119", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 14876672, "type": "region", "version": 1 }, "end_va": 14880767, "entry_point": 0, "filename": null, "id": "region_1886", "name": "private_0x0000000000e30000", "norm_filename": null, "region_type": "private_memory", "start_va": 14876672, "timestamp": "00:01:06.119", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 14942208, "type": "region", "version": 1 }, "end_va": 14946303, "entry_point": 0, "filename": null, "id": "region_1887", "name": "private_0x0000000000e40000", "norm_filename": null, "region_type": "private_memory", "start_va": 14942208, "timestamp": "00:01:06.119", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 15007744, "type": "region", "version": 1 }, "end_va": 15011839, "entry_point": 0, "filename": null, "id": "region_1888", "name": "private_0x0000000000e50000", "norm_filename": null, "region_type": "private_memory", "start_va": 15007744, "timestamp": "00:01:06.119", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 15073280, "type": "region", "version": 1 }, "end_va": 15138815, "entry_point": 0, "filename": null, "id": "region_1889", "name": "private_0x0000000000e60000", "norm_filename": null, "region_type": "private_memory", "start_va": 15073280, "timestamp": "00:01:06.119", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4141056, "start_va": 15138816, "type": "region", "version": 1 }, "end_va": 19279871, "entry_point": 0, "filename": null, "id": "region_1890", "name": "pagefile_0x0000000000e70000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 15138816, "timestamp": "00:01:06.119", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 19333120, "type": "region", "version": 1 }, "end_va": 20381695, "entry_point": 0, "filename": null, "id": "region_1891", "name": "private_0x0000000001270000", "norm_filename": null, "region_type": "private_memory", "start_va": 19333120, "timestamp": "00:01:06.119", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 20381696, "type": "region", "version": 1 }, "end_va": 20385791, "entry_point": 0, "filename": null, "id": "region_1892", "name": "private_0x0000000001370000", "norm_filename": null, "region_type": "private_memory", "start_va": 20381696, "timestamp": "00:01:06.119", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 20447232, "type": "region", "version": 1 }, "end_va": 20451327, "entry_point": 0, "filename": null, "id": "region_1893", "name": "private_0x0000000001380000", "norm_filename": null, "region_type": "private_memory", "start_va": 20447232, "timestamp": "00:01:06.119", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 20512768, "type": "region", "version": 1 }, "end_va": 20516863, "entry_point": 0, "filename": null, "id": "region_1894", "name": "private_0x0000000001390000", "norm_filename": null, "region_type": "private_memory", "start_va": 20512768, "timestamp": "00:01:06.119", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 20578304, "type": "region", "version": 1 }, "end_va": 20582399, "entry_point": 0, "filename": null, "id": "region_1895", "name": "private_0x00000000013a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 20578304, "timestamp": "00:01:06.119", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 28672, "start_va": 20643840, "type": "region", "version": 1 }, "end_va": 20672511, "entry_point": 0, "filename": null, "id": "region_1896", "name": "private_0x00000000013b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 20643840, "timestamp": "00:01:06.119", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 40960, "start_va": 20709376, "type": "region", "version": 1 }, "end_va": 20750335, "entry_point": 0, "filename": null, "id": "region_1897", "name": "private_0x00000000013c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 20709376, "timestamp": "00:01:06.119", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 28672, "start_va": 20774912, "type": "region", "version": 1 }, "end_va": 20803583, "entry_point": 0, "filename": null, "id": "region_1898", "name": "private_0x00000000013d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 20774912, "timestamp": "00:01:06.119", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 147456, "start_va": 20840448, "type": "region", "version": 1 }, "end_va": 20987903, "entry_point": 0, "filename": null, "id": "region_1899", "name": "private_0x00000000013e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 20840448, "timestamp": "00:01:06.119", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 40960, "start_va": 21037056, "type": "region", "version": 1 }, "end_va": 21078015, "entry_point": 0, "filename": null, "id": "region_1900", "name": "private_0x0000000001410000", "norm_filename": null, "region_type": "private_memory", "start_va": 21037056, "timestamp": "00:01:06.119", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 28672, "start_va": 21102592, "type": "region", "version": 1 }, "end_va": 21131263, "entry_point": 0, "filename": null, "id": "region_1901", "name": "private_0x0000000001420000", "norm_filename": null, "region_type": "private_memory", "start_va": 21102592, "timestamp": "00:01:06.119", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 40960, "start_va": 21168128, "type": "region", "version": 1 }, "end_va": 21209087, "entry_point": 0, "filename": null, "id": "region_1902", "name": "private_0x0000000001430000", "norm_filename": null, "region_type": "private_memory", "start_va": 21168128, "timestamp": "00:01:06.119", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 28672, "start_va": 21233664, "type": "region", "version": 1 }, "end_va": 21262335, "entry_point": 0, "filename": null, "id": "region_1903", "name": "private_0x0000000001440000", "norm_filename": null, "region_type": "private_memory", "start_va": 21233664, "timestamp": "00:01:06.119", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 229376, "start_va": 21299200, "type": "region", "version": 1 }, "end_va": 21528575, "entry_point": 0, "filename": null, "id": "region_1904", "name": "private_0x0000000001450000", "norm_filename": null, "region_type": "private_memory", "start_va": 21299200, "timestamp": "00:01:06.119", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 40960, "start_va": 21561344, "type": "region", "version": 1 }, "end_va": 21602303, "entry_point": 0, "filename": null, "id": "region_1905", "name": "private_0x0000000001490000", "norm_filename": null, "region_type": "private_memory", "start_va": 21561344, "timestamp": "00:01:06.119", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 21626880, "type": "region", "version": 1 }, "end_va": 21630975, "entry_point": 0, "filename": null, "id": "region_1906", "name": "private_0x00000000014a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 21626880, "timestamp": "00:01:06.119", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 21692416, "type": "region", "version": 1 }, "end_va": 21696511, "entry_point": 0, "filename": null, "id": "region_1907", "name": "private_0x00000000014b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 21692416, "timestamp": "00:01:06.119", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 21757952, "type": "region", "version": 1 }, "end_va": 21762047, "entry_point": 0, "filename": null, "id": "region_1908", "name": "private_0x00000000014c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 21757952, "timestamp": "00:01:06.119", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 21823488, "type": "region", "version": 1 }, "end_va": 21827583, "entry_point": 0, "filename": null, "id": "region_1909", "name": "private_0x00000000014d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 21823488, "timestamp": "00:01:06.119", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 21889024, "type": "region", "version": 1 }, "end_va": 21893119, "entry_point": 0, "filename": null, "id": "region_1910", "name": "private_0x00000000014e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 21889024, "timestamp": "00:01:06.119", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 21954560, "type": "region", "version": 1 }, "end_va": 21962751, "entry_point": 0, "filename": null, "id": "region_1911", "name": "private_0x00000000014f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 21954560, "timestamp": "00:01:06.119", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 22020096, "type": "region", "version": 1 }, "end_va": 22024191, "entry_point": 0, "filename": null, "id": "region_1912", "name": "private_0x0000000001500000", "norm_filename": null, "region_type": "private_memory", "start_va": 22020096, "timestamp": "00:01:06.119", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 22085632, "type": "region", "version": 1 }, "end_va": 22093823, "entry_point": 0, "filename": null, "id": "region_1913", "name": "private_0x0000000001510000", "norm_filename": null, "region_type": "private_memory", "start_va": 22085632, "timestamp": "00:01:06.119", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 22151168, "type": "region", "version": 1 }, "end_va": 22155263, "entry_point": 0, "filename": null, "id": "region_1914", "name": "private_0x0000000001520000", "norm_filename": null, "region_type": "private_memory", "start_va": 22151168, "timestamp": "00:01:06.119", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 22216704, "type": "region", "version": 1 }, "end_va": 22224895, "entry_point": 0, "filename": null, "id": "region_1915", "name": "private_0x0000000001530000", "norm_filename": null, "region_type": "private_memory", "start_va": 22216704, "timestamp": "00:01:06.119", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 22282240, "type": "region", "version": 1 }, "end_va": 22286335, "entry_point": 0, "filename": null, "id": "region_1916", "name": "private_0x0000000001540000", "norm_filename": null, "region_type": "private_memory", "start_va": 22282240, "timestamp": "00:01:06.119", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 22347776, "type": "region", "version": 1 }, "end_va": 22355967, "entry_point": 0, "filename": null, "id": "region_1917", "name": "private_0x0000000001550000", "norm_filename": null, "region_type": "private_memory", "start_va": 22347776, "timestamp": "00:01:06.119", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 22413312, "type": "region", "version": 1 }, "end_va": 22417407, "entry_point": 0, "filename": null, "id": "region_1918", "name": "private_0x0000000001560000", "norm_filename": null, "region_type": "private_memory", "start_va": 22413312, "timestamp": "00:01:06.119", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 22478848, "type": "region", "version": 1 }, "end_va": 22482943, "entry_point": 0, "filename": null, "id": "region_1919", "name": "private_0x0000000001570000", "norm_filename": null, "region_type": "private_memory", "start_va": 22478848, "timestamp": "00:01:06.119", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 22544384, "type": "region", "version": 1 }, "end_va": 22548479, "entry_point": 0, "filename": null, "id": "region_1920", "name": "private_0x0000000001580000", "norm_filename": null, "region_type": "private_memory", "start_va": 22544384, "timestamp": "00:01:06.119", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 22609920, "type": "region", "version": 1 }, "end_va": 22614015, "entry_point": 0, "filename": null, "id": "region_1921", "name": "private_0x0000000001590000", "norm_filename": null, "region_type": "private_memory", "start_va": 22609920, "timestamp": "00:01:06.119", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 22675456, "type": "region", "version": 1 }, "end_va": 22679551, "entry_point": 0, "filename": null, "id": "region_1922", "name": "private_0x00000000015a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 22675456, "timestamp": "00:01:06.119", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 22740992, "type": "region", "version": 1 }, "end_va": 22745087, "entry_point": 0, "filename": null, "id": "region_1923", "name": "private_0x00000000015b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 22740992, "timestamp": "00:01:06.119", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 22806528, "type": "region", "version": 1 }, "end_va": 22810623, "entry_point": 0, "filename": null, "id": "region_1924", "name": "private_0x00000000015c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 22806528, "timestamp": "00:01:06.119", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 22872064, "type": "region", "version": 1 }, "end_va": 22876159, "entry_point": 0, "filename": null, "id": "region_1925", "name": "private_0x00000000015d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 22872064, "timestamp": "00:01:06.119", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 22937600, "type": "region", "version": 1 }, "end_va": 22941695, "entry_point": 0, "filename": null, "id": "region_1926", "name": "private_0x00000000015e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 22937600, "timestamp": "00:01:06.119", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 23003136, "type": "region", "version": 1 }, "end_va": 23007231, "entry_point": 0, "filename": null, "id": "region_1927", "name": "private_0x00000000015f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 23003136, "timestamp": "00:01:06.119", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 23068672, "type": "region", "version": 1 }, "end_va": 23072767, "entry_point": 0, "filename": null, "id": "region_1928", "name": "private_0x0000000001600000", "norm_filename": null, "region_type": "private_memory", "start_va": 23068672, "timestamp": "00:01:06.119", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 23134208, "type": "region", "version": 1 }, "end_va": 23138303, "entry_point": 0, "filename": null, "id": "region_1929", "name": "private_0x0000000001610000", "norm_filename": null, "region_type": "private_memory", "start_va": 23134208, "timestamp": "00:01:06.119", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 23199744, "type": "region", "version": 1 }, "end_va": 23203839, "entry_point": 0, "filename": null, "id": "region_1930", "name": "private_0x0000000001620000", "norm_filename": null, "region_type": "private_memory", "start_va": 23199744, "timestamp": "00:01:06.119", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 23265280, "type": "region", "version": 1 }, "end_va": 23269375, "entry_point": 0, "filename": null, "id": "region_1931", "name": "private_0x0000000001630000", "norm_filename": null, "region_type": "private_memory", "start_va": 23265280, "timestamp": "00:01:06.119", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 23330816, "type": "region", "version": 1 }, "end_va": 23334911, "entry_point": 0, "filename": null, "id": "region_1932", "name": "private_0x0000000001640000", "norm_filename": null, "region_type": "private_memory", "start_va": 23330816, "timestamp": "00:01:06.119", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 23396352, "type": "region", "version": 1 }, "end_va": 23400447, "entry_point": 0, "filename": null, "id": "region_1933", "name": "private_0x0000000001650000", "norm_filename": null, "region_type": "private_memory", "start_va": 23396352, "timestamp": "00:01:06.119", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 23461888, "type": "region", "version": 1 }, "end_va": 23465983, "entry_point": 0, "filename": null, "id": "region_1934", "name": "private_0x0000000001660000", "norm_filename": null, "region_type": "private_memory", "start_va": 23461888, "timestamp": "00:01:06.119", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 23527424, "type": "region", "version": 1 }, "end_va": 23531519, "entry_point": 0, "filename": null, "id": "region_1935", "name": "private_0x0000000001670000", "norm_filename": null, "region_type": "private_memory", "start_va": 23527424, "timestamp": "00:01:06.119", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 23592960, "type": "region", "version": 1 }, "end_va": 24641535, "entry_point": 0, "filename": null, "id": "region_1936", "name": "private_0x0000000001680000", "norm_filename": null, "region_type": "private_memory", "start_va": 23592960, "timestamp": "00:01:06.119", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20271104, "start_va": 24641536, "type": "region", "version": 1 }, "end_va": 44912639, "entry_point": 24641536, "filename": "\\Windows\\System32\\imageres.dll", "id": "region_1937", "name": "imageres.dll", "norm_filename": "c:\\windows\\system32\\imageres.dll", "region_type": "memory_mapped_file", "start_va": 24641536, "timestamp": "00:01:06.120", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 44957696, "type": "region", "version": 1 }, "end_va": 44961791, "entry_point": 0, "filename": null, "id": "region_1938", "name": "private_0x0000000002ae0000", "norm_filename": null, "region_type": "private_memory", "start_va": 44957696, "timestamp": "00:01:06.127", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 73728, "start_va": 45023232, "type": "region", "version": 1 }, "end_va": 45096959, "entry_point": 0, "filename": null, "id": "region_1939", "name": "private_0x0000000002af0000", "norm_filename": null, "region_type": "private_memory", "start_va": 45023232, "timestamp": "00:01:06.127", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 45154304, "type": "region", "version": 1 }, "end_va": 45162495, "entry_point": 0, "filename": null, "id": "region_1940", "name": "pagefile_0x0000000002b10000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 45154304, "timestamp": "00:01:06.127", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 45219840, "type": "region", "version": 1 }, "end_va": 45228031, "entry_point": 0, "filename": null, "id": "region_1941", "name": "pagefile_0x0000000002b20000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 45219840, "timestamp": "00:01:06.127", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 12288, "start_va": 45285376, "type": "region", "version": 1 }, "end_va": 45297663, "entry_point": 0, "filename": null, "id": "region_1942", "name": "pagefile_0x0000000002b30000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 45285376, "timestamp": "00:01:06.127", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 45350912, "type": "region", "version": 1 }, "end_va": 45416447, "entry_point": 0, "filename": null, "id": "region_1943", "name": "pagefile_0x0000000002b40000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 45350912, "timestamp": "00:01:06.127", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 45416448, "type": "region", "version": 1 }, "end_va": 45424639, "entry_point": 0, "filename": null, "id": "region_1944", "name": "pagefile_0x0000000002b50000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 45416448, "timestamp": "00:01:06.127", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 45481984, "type": "region", "version": 1 }, "end_va": 45486079, "entry_point": 0, "filename": null, "id": "region_1945", "name": "private_0x0000000002b60000", "norm_filename": null, "region_type": "private_memory", "start_va": 45481984, "timestamp": "00:01:06.127", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 45547520, "type": "region", "version": 1 }, "end_va": 45551615, "entry_point": 0, "filename": null, "id": "region_1946", "name": "private_0x0000000002b70000", "norm_filename": null, "region_type": "private_memory", "start_va": 45547520, "timestamp": "00:01:06.127", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 45613056, "type": "region", "version": 1 }, "end_va": 45617151, "entry_point": 45613056, "filename": "\\Windows\\System32\\en-US\\msctf.dll.mui", "id": "region_1947", "name": "msctf.dll.mui", "norm_filename": "c:\\windows\\system32\\en-us\\msctf.dll.mui", "region_type": "memory_mapped_file", "start_va": 45613056, "timestamp": "00:01:06.127", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 45678592, "type": "region", "version": 1 }, "end_va": 45682687, "entry_point": 45678592, "filename": "\\Windows\\System32\\oleaccrc.dll", "id": "region_1948", "name": "oleaccrc.dll", "norm_filename": "c:\\windows\\system32\\oleaccrc.dll", "region_type": "memory_mapped_file", "start_va": 45678592, "timestamp": "00:01:06.133", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 24576, "start_va": 45744128, "type": "region", "version": 1 }, "end_va": 45768703, "entry_point": 0, "filename": null, "id": "region_1949", "name": "private_0x0000000002ba0000", "norm_filename": null, "region_type": "private_memory", "start_va": 45744128, "timestamp": "00:01:06.139", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 32768, "start_va": 45809664, "type": "region", "version": 1 }, "end_va": 45842431, "entry_point": 0, "filename": null, "id": "region_1950", "name": "private_0x0000000002bb0000", "norm_filename": null, "region_type": "private_memory", "start_va": 45809664, "timestamp": "00:01:06.139", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 45940736, "type": "region", "version": 1 }, "end_va": 45944831, "entry_point": 0, "filename": null, "id": "region_1951", "name": "private_0x0000000002bd0000", "norm_filename": null, "region_type": "private_memory", "start_va": 45940736, "timestamp": "00:01:06.139", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 46268416, "type": "region", "version": 1 }, "end_va": 46792703, "entry_point": 0, "filename": null, "id": "region_1952", "name": "private_0x0000000002c20000", "norm_filename": null, "region_type": "private_memory", "start_va": 46268416, "timestamp": "00:01:06.139", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 46858240, "type": "region", "version": 1 }, "end_va": 47382527, "entry_point": 0, "filename": null, "id": "region_1953", "name": "private_0x0000000002cb0000", "norm_filename": null, "region_type": "private_memory", "start_va": 46858240, "timestamp": "00:01:06.139", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 786432, "start_va": 47382528, "type": "region", "version": 1 }, "end_va": 48168959, "entry_point": 47382528, "filename": "\\Windows\\System32\\en-US\\KernelBase.dll.mui", "id": "region_1954", "name": "kernelbase.dll.mui", "norm_filename": "c:\\windows\\system32\\en-us\\kernelbase.dll.mui", "region_type": "memory_mapped_file", "start_va": 47382528, "timestamp": "00:01:06.139", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 48365568, "type": "region", "version": 1 }, "end_va": 48889855, "entry_point": 0, "filename": null, "id": "region_1955", "name": "private_0x0000000002e20000", "norm_filename": null, "region_type": "private_memory", "start_va": 48365568, "timestamp": "00:01:06.145", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 49545216, "type": "region", "version": 1 }, "end_va": 50069503, "entry_point": 0, "filename": null, "id": "region_1956", "name": "private_0x0000000002f40000", "norm_filename": null, "region_type": "private_memory", "start_va": 49545216, "timestamp": "00:01:06.145", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 50200576, "type": "region", "version": 1 }, "end_va": 50724863, "entry_point": 0, "filename": null, "id": "region_1957", "name": "private_0x0000000002fe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 50200576, "timestamp": "00:01:06.145", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 51183616, "type": "region", "version": 1 }, "end_va": 51707903, "entry_point": 0, "filename": null, "id": "region_1958", "name": "private_0x00000000030d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 51183616, "timestamp": "00:01:06.145", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 913408, "start_va": 51707904, "type": "region", "version": 1 }, "end_va": 52621311, "entry_point": 0, "filename": null, "id": "region_1959", "name": "pagefile_0x0000000003150000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 51707904, "timestamp": "00:01:06.145", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 52887552, "type": "region", "version": 1 }, "end_va": 53411839, "entry_point": 0, "filename": null, "id": "region_1960", "name": "private_0x0000000003270000", "norm_filename": null, "region_type": "private_memory", "start_va": 52887552, "timestamp": "00:01:06.145", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 55508992, "type": "region", "version": 1 }, "end_va": 56557567, "entry_point": 0, "filename": null, "id": "region_1961", "name": "private_0x00000000034f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 55508992, "timestamp": "00:01:06.145", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 56557568, "type": "region", "version": 1 }, "end_va": 56565759, "entry_point": 0, "filename": null, "id": "region_1962", "name": "private_0x00000000035f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 56557568, "timestamp": "00:01:06.145", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 5185536, "start_va": 56623104, "type": "region", "version": 1 }, "end_va": 61808639, "entry_point": 0, "filename": null, "id": "region_1963", "name": "private_0x0000000003600000", "norm_filename": null, "region_type": "private_memory", "start_va": 56623104, "timestamp": "00:01:06.145", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 9633792, "start_va": 61865984, "type": "region", "version": 1 }, "end_va": 71499775, "entry_point": 61865984, "filename": "\\Windows\\Fonts\\StaticCache.dat", "id": "region_1964", "name": "staticcache.dat", "norm_filename": "c:\\windows\\fonts\\staticcache.dat", "region_type": "memory_mapped_file", "start_va": 61865984, "timestamp": "00:01:06.145", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 72155136, "type": "region", "version": 1 }, "end_va": 72159231, "entry_point": 0, "filename": null, "id": "region_1965", "name": "private_0x00000000044d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 72155136, "timestamp": "00:01:06.146", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 72220672, "type": "region", "version": 1 }, "end_va": 72224767, "entry_point": 0, "filename": null, "id": "region_1966", "name": "private_0x00000000044e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 72220672, "timestamp": "00:01:06.146", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 72286208, "type": "region", "version": 1 }, "end_va": 72290303, "entry_point": 0, "filename": null, "id": "region_1967", "name": "private_0x00000000044f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 72286208, "timestamp": "00:01:06.146", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 72351744, "type": "region", "version": 1 }, "end_va": 72355839, "entry_point": 0, "filename": null, "id": "region_1968", "name": "private_0x0000000004500000", "norm_filename": null, "region_type": "private_memory", "start_va": 72351744, "timestamp": "00:01:06.146", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 72417280, "type": "region", "version": 1 }, "end_va": 72421375, "entry_point": 0, "filename": null, "id": "region_1969", "name": "private_0x0000000004510000", "norm_filename": null, "region_type": "private_memory", "start_va": 72417280, "timestamp": "00:01:06.146", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 72482816, "type": "region", "version": 1 }, "end_va": 72486911, "entry_point": 0, "filename": null, "id": "region_1970", "name": "private_0x0000000004520000", "norm_filename": null, "region_type": "private_memory", "start_va": 72482816, "timestamp": "00:01:06.146", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 72548352, "type": "region", "version": 1 }, "end_va": 72552447, "entry_point": 0, "filename": null, "id": "region_1971", "name": "private_0x0000000004530000", "norm_filename": null, "region_type": "private_memory", "start_va": 72548352, "timestamp": "00:01:06.146", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 2097152, "start_va": 72613888, "type": "region", "version": 1 }, "end_va": 74711039, "entry_point": 0, "filename": null, "id": "region_1972", "name": "private_0x0000000004540000", "norm_filename": null, "region_type": "private_memory", "start_va": 72613888, "timestamp": "00:01:06.146", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 74711040, "type": "region", "version": 1 }, "end_va": 74715135, "entry_point": 0, "filename": null, "id": "region_1973", "name": "private_0x0000000004740000", "norm_filename": null, "region_type": "private_memory", "start_va": 74711040, "timestamp": "00:01:06.146", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 74776576, "type": "region", "version": 1 }, "end_va": 74780671, "entry_point": 0, "filename": null, "id": "region_1974", "name": "private_0x0000000004750000", "norm_filename": null, "region_type": "private_memory", "start_va": 74776576, "timestamp": "00:01:06.146", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 74842112, "type": "region", "version": 1 }, "end_va": 74846207, "entry_point": 0, "filename": null, "id": "region_1975", "name": "private_0x0000000004760000", "norm_filename": null, "region_type": "private_memory", "start_va": 74842112, "timestamp": "00:01:06.146", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 74907648, "type": "region", "version": 1 }, "end_va": 74911743, "entry_point": 0, "filename": null, "id": "region_1976", "name": "private_0x0000000004770000", "norm_filename": null, "region_type": "private_memory", "start_va": 74907648, "timestamp": "00:01:06.146", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 74973184, "type": "region", "version": 1 }, "end_va": 74977279, "entry_point": 0, "filename": null, "id": "region_1977", "name": "private_0x0000000004780000", "norm_filename": null, "region_type": "private_memory", "start_va": 74973184, "timestamp": "00:01:06.146", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "C:\\Windows\\System32\\svchost.exe -k LocalSystemNetworkRestricted", "filename": "c:\\windows\\system32\\svchost.exe", "id": "proc_33", "image_name": "svchost.exe", "monitor_reason": "child_process", "monitored_id": 33, "origin_monitor_id": 26, "ref_parent_process": { "ref_id": "proc_26", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_3817", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:01:10.941", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 28672, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 159743, "entry_point": 0, "filename": null, "id": "region_3818", "name": "pagefile_0x0000000000020000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 131072, "timestamp": "00:01:10.941", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 212991, "entry_point": 0, "filename": null, "id": "region_3819", "name": "pagefile_0x0000000000030000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 196608, "timestamp": "00:01:10.941", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 266239, "entry_point": 0, "filename": null, "id": "region_3820", "name": "pagefile_0x0000000000040000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 262144, "timestamp": "00:01:10.941", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 327680, "type": "region", "version": 1 }, "end_va": 749567, "entry_point": 327680, "filename": "\\Windows\\System32\\locale.nls", "id": "region_3821", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 327680, "timestamp": "00:01:10.941", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 786432, "type": "region", "version": 1 }, "end_va": 794623, "entry_point": 0, "filename": null, "id": "region_3822", "name": "pagefile_0x00000000000c0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 786432, "timestamp": "00:01:10.942", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 851968, "type": "region", "version": 1 }, "end_va": 856063, "entry_point": 0, "filename": null, "id": "region_3823", "name": "private_0x00000000000d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 851968, "timestamp": "00:01:10.942", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 917504, "type": "region", "version": 1 }, "end_va": 921599, "entry_point": 0, "filename": null, "id": "region_3824", "name": "private_0x00000000000e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 917504, "timestamp": "00:01:10.942", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 983040, "type": "region", "version": 1 }, "end_va": 987135, "entry_point": 0, "filename": null, "id": "region_3825", "name": "pagefile_0x00000000000f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 983040, "timestamp": "00:01:10.942", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 1048576, "type": "region", "version": 1 }, "end_va": 2097151, "entry_point": 0, "filename": null, "id": "region_3826", "name": "private_0x0000000000100000", "norm_filename": null, "region_type": "private_memory", "start_va": 1048576, "timestamp": "00:01:10.942", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 2097152, "type": "region", "version": 1 }, "end_va": 2101247, "entry_point": 0, "filename": null, "id": "region_3827", "name": "pagefile_0x0000000000200000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2097152, "timestamp": "00:01:10.942", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 2162688, "type": "region", "version": 1 }, "end_va": 2686975, "entry_point": 0, "filename": null, "id": "region_3828", "name": "private_0x0000000000210000", "norm_filename": null, "region_type": "private_memory", "start_va": 2162688, "timestamp": "00:01:10.942", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2686976, "type": "region", "version": 1 }, "end_va": 2691071, "entry_point": 0, "filename": null, "id": "region_3829", "name": "private_0x0000000000290000", "norm_filename": null, "region_type": "private_memory", "start_va": 2686976, "timestamp": "00:01:10.942", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2752512, "type": "region", "version": 1 }, "end_va": 2756607, "entry_point": 0, "filename": null, "id": "region_3830", "name": "private_0x00000000002a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2752512, "timestamp": "00:01:10.942", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 2818048, "type": "region", "version": 1 }, "end_va": 2826239, "entry_point": 0, "filename": null, "id": "region_3831", "name": "pagefile_0x00000000002b0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2818048, "timestamp": "00:01:10.942", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 2949120, "type": "region", "version": 1 }, "end_va": 2957311, "entry_point": 0, "filename": null, "id": "region_3832", "name": "pagefile_0x00000000002d0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2949120, "timestamp": "00:01:10.942", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 3014656, "type": "region", "version": 1 }, "end_va": 3080191, "entry_point": 0, "filename": null, "id": "region_3833", "name": "private_0x00000000002e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 3014656, "timestamp": "00:01:10.942", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 3080192, "type": "region", "version": 1 }, "end_va": 4128767, "entry_point": 0, "filename": null, "id": "region_3834", "name": "private_0x00000000002f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 3080192, "timestamp": "00:01:10.942", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 4128768, "type": "region", "version": 1 }, "end_va": 5734399, "entry_point": 0, "filename": null, "id": "region_3835", "name": "pagefile_0x00000000003f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 4128768, "timestamp": "00:01:10.942", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 5767168, "type": "region", "version": 1 }, "end_va": 7344127, "entry_point": 0, "filename": null, "id": "region_3836", "name": "pagefile_0x0000000000580000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 5767168, "timestamp": "00:01:10.942", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 786432, "start_va": 7405568, "type": "region", "version": 1 }, "end_va": 8191999, "entry_point": 0, "filename": null, "id": "region_3837", "name": "pagefile_0x0000000000710000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 7405568, "timestamp": "00:01:10.942", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4141056, "start_va": 8192000, "type": "region", "version": 1 }, "end_va": 12333055, "entry_point": 0, "filename": null, "id": "region_3838", "name": "pagefile_0x00000000007d0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 8192000, "timestamp": "00:01:10.942", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 12386304, "type": "region", "version": 1 }, "end_va": 12910591, "entry_point": 0, "filename": null, "id": "region_3839", "name": "private_0x0000000000bd0000", "norm_filename": null, "region_type": "private_memory", "start_va": 12386304, "timestamp": "00:01:10.942", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 13565952, "type": "region", "version": 1 }, "end_va": 14090239, "entry_point": 0, "filename": null, "id": "region_3840", "name": "private_0x0000000000cf0000", "norm_filename": null, "region_type": "private_memory", "start_va": 13565952, "timestamp": "00:01:10.942", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 14417920, "type": "region", "version": 1 }, "end_va": 14942207, "entry_point": 0, "filename": null, "id": "region_3841", "name": "private_0x0000000000dc0000", "norm_filename": null, "region_type": "private_memory", "start_va": 14417920, "timestamp": "00:01:10.942", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 15007744, "type": "region", "version": 1 }, "end_va": 15532031, "entry_point": 0, "filename": null, "id": "region_3842", "name": "private_0x0000000000e50000", "norm_filename": null, "region_type": "private_memory", "start_va": 15007744, "timestamp": "00:01:10.942", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 15532032, "type": "region", "version": 1 }, "end_va": 16056319, "entry_point": 0, "filename": null, "id": "region_3843", "name": "private_0x0000000000ed0000", "norm_filename": null, "region_type": "private_memory", "start_va": 15532032, "timestamp": "00:01:10.942", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 16187392, "type": "region", "version": 1 }, "end_va": 16711679, "entry_point": 0, "filename": null, "id": "region_3844", "name": "private_0x0000000000f70000", "norm_filename": null, "region_type": "private_memory", "start_va": 16187392, "timestamp": "00:01:10.942", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2945024, "start_va": 16711680, "type": "region", "version": 1 }, "end_va": 19656703, "entry_point": 16711680, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_3845", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 16711680, "timestamp": "00:01:10.942", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 19791872, "type": "region", "version": 1 }, "end_va": 20316159, "entry_point": 0, "filename": null, "id": "region_3846", "name": "private_0x00000000012e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 19791872, "timestamp": "00:01:10.943", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 20512768, "type": "region", "version": 1 }, "end_va": 21037055, "entry_point": 0, "filename": null, "id": "region_3847", "name": "private_0x0000000001390000", "norm_filename": null, "region_type": "private_memory", "start_va": 20512768, "timestamp": "00:01:10.943", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 21299200, "type": "region", "version": 1 }, "end_va": 21823487, "entry_point": 0, "filename": null, "id": "region_3848", "name": "private_0x0000000001450000", "norm_filename": null, "region_type": "private_memory", "start_va": 21299200, "timestamp": "00:01:10.943", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 22020096, "type": "region", "version": 1 }, "end_va": 22544383, "entry_point": 0, "filename": null, "id": "region_3849", "name": "private_0x0000000001500000", "norm_filename": null, "region_type": "private_memory", "start_va": 22020096, "timestamp": "00:01:10.943", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 22675456, "type": "region", "version": 1 }, "end_va": 23199743, "entry_point": 0, "filename": null, "id": "region_3850", "name": "private_0x00000000015a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 22675456, "timestamp": "00:01:10.943", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 23658496, "type": "region", "version": 1 }, "end_va": 24182783, "entry_point": 0, "filename": null, "id": "region_3851", "name": "private_0x0000000001690000", "norm_filename": null, "region_type": "private_memory", "start_va": 23658496, "timestamp": "00:01:10.943", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 25165824, "type": "region", "version": 1 }, "end_va": 25690111, "entry_point": 0, "filename": null, "id": "region_3852", "name": "private_0x0000000001800000", "norm_filename": null, "region_type": "private_memory", "start_va": 25165824, "timestamp": "00:01:10.943", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 26279936, "type": "region", "version": 1 }, "end_va": 26804223, "entry_point": 0, "filename": null, "id": "region_3853", "name": "private_0x0000000001910000", "norm_filename": null, "region_type": "private_memory", "start_va": 26279936, "timestamp": "00:01:10.943", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 26804224, "type": "region", "version": 1 }, "end_va": 27328511, "entry_point": 0, "filename": null, "id": "region_3854", "name": "private_0x0000000001990000", "norm_filename": null, "region_type": "private_memory", "start_va": 26804224, "timestamp": "00:01:10.943", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 28508160, "type": "region", "version": 1 }, "end_va": 29032447, "entry_point": 0, "filename": null, "id": "region_3855", "name": "private_0x0000000001b30000", "norm_filename": null, "region_type": "private_memory", "start_va": 28508160, "timestamp": "00:01:10.943", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 29884416, "type": "region", "version": 1 }, "end_va": 30408703, "entry_point": 0, "filename": null, "id": "region_3856", "name": "private_0x0000000001c80000", "norm_filename": null, "region_type": "private_memory", "start_va": 29884416, "timestamp": "00:01:10.943", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1024000, "start_va": 2005467136, "type": "region", "version": 1 }, "end_va": 2006491135, "entry_point": 2005574344, "filename": "\\Windows\\System32\\user32.dll", "id": "region_3857", "name": "user32.dll", "norm_filename": "c:\\windows\\system32\\user32.dll", "region_type": "memory_mapped_file", "start_va": 2005467136, "timestamp": "00:01:10.943", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1175552, "start_va": 2006515712, "type": "region", "version": 1 }, "end_va": 2007691263, "entry_point": 2006605472, "filename": "\\Windows\\System32\\kernel32.dll", "id": "region_3858", "name": "kernel32.dll", "norm_filename": "c:\\windows\\system32\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 2006515712, "timestamp": "00:01:10.943", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 2007695360, "type": "region", "version": 1 }, "end_va": 2009436159, "entry_point": 2007695360, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_3859", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2007695360, "timestamp": "00:01:10.944", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2131623935, "entry_point": 0, "filename": null, "id": "region_3860", "name": "pagefile_0x000000007efe0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130575360, "timestamp": "00:01:10.944", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 15728640, "start_va": 2131623936, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_3861", "name": "private_0x000000007f0e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2131623936, "timestamp": "00:01:10.945", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable" ], "ref_process_dump": null, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_3862", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:01:10.945", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 45056, "start_va": 4282056704, "type": "region", "version": 1 }, "end_va": 4282101759, "entry_point": 4282066028, "filename": "\\Windows\\System32\\svchost.exe", "id": "region_3863", "name": "svchost.exe", "norm_filename": "c:\\windows\\system32\\svchost.exe", "region_type": "memory_mapped_file", "start_va": 4282056704, "timestamp": "00:01:10.945", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 65536, "start_va": 8791718232064, "type": "region", "version": 1 }, "end_va": 8791718297599, "entry_point": 8791718232064, "filename": "\\Windows\\System32\\uxsms.dll", "id": "region_3864", "name": "uxsms.dll", "norm_filename": "c:\\windows\\system32\\uxsms.dll", "region_type": "memory_mapped_file", "start_va": 8791718232064, "timestamp": "00:01:10.945", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 249856, "start_va": 8791719477248, "type": "region", "version": 1 }, "end_va": 8791719727103, "entry_point": 8791719477248, "filename": "\\Windows\\System32\\mstask.dll", "id": "region_3865", "name": "mstask.dll", "norm_filename": "c:\\windows\\system32\\mstask.dll", "region_type": "memory_mapped_file", "start_va": 8791719477248, "timestamp": "00:01:10.955", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1208320, "start_va": 8791720722432, "type": "region", "version": 1 }, "end_va": 8791721930751, "entry_point": 8791720722432, "filename": "\\Windows\\System32\\taskschd.dll", "id": "region_3866", "name": "taskschd.dll", "norm_filename": "c:\\windows\\system32\\taskschd.dll", "region_type": "memory_mapped_file", "start_va": 8791720722432, "timestamp": "00:01:10.971", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 196608, "start_va": 8791721967616, "type": "region", "version": 1 }, "end_va": 8791722164223, "entry_point": 8791721967616, "filename": "\\Windows\\System32\\PeerDist.dll", "id": "region_3867", "name": "peerdist.dll", "norm_filename": "c:\\windows\\system32\\peerdist.dll", "region_type": "memory_mapped_file", "start_va": 8791721967616, "timestamp": "00:01:10.980", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 704512, "start_va": 8791722164224, "type": "region", "version": 1 }, "end_va": 8791722868735, "entry_point": 8791722164224, "filename": "\\Windows\\System32\\cscsvc.dll", "id": "region_3868", "name": "cscsvc.dll", "norm_filename": "c:\\windows\\system32\\cscsvc.dll", "region_type": "memory_mapped_file", "start_va": 8791722164224, "timestamp": "00:01:10.988", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 36864, "start_va": 8791723016192, "type": "region", "version": 1 }, "end_va": 8791723053055, "entry_point": 8791723020304, "filename": "\\Windows\\System32\\avrt.dll", "id": "region_3869", "name": "avrt.dll", "norm_filename": "c:\\windows\\system32\\avrt.dll", "region_type": "memory_mapped_file", "start_va": 8791723016192, "timestamp": "00:01:10.996", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 180224, "start_va": 8791723081728, "type": "region", "version": 1 }, "end_va": 8791723261951, "entry_point": 8791723087300, "filename": "\\Windows\\System32\\powrprof.dll", "id": "region_3870", "name": "powrprof.dll", "norm_filename": "c:\\windows\\system32\\powrprof.dll", "region_type": "memory_mapped_file", "start_va": 8791723081728, "timestamp": "00:01:10.997", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 704512, "start_va": 8791723278336, "type": "region", "version": 1 }, "end_va": 8791723982847, "entry_point": 8791723371276, "filename": "\\Windows\\System32\\audiosrv.dll", "id": "region_3871", "name": "audiosrv.dll", "norm_filename": "c:\\windows\\system32\\audiosrv.dll", "region_type": "memory_mapped_file", "start_va": 8791723278336, "timestamp": "00:01:10.997", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 69632, "start_va": 8791728128000, "type": "region", "version": 1 }, "end_va": 8791728197631, "entry_point": 8791728132208, "filename": "\\Windows\\System32\\wtsapi32.dll", "id": "region_3872", "name": "wtsapi32.dll", "norm_filename": "c:\\windows\\system32\\wtsapi32.dll", "region_type": "memory_mapped_file", "start_va": 8791728128000, "timestamp": "00:01:10.998", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 217088, "start_va": 8791729569792, "type": "region", "version": 1 }, "end_va": 8791729786879, "entry_point": 8791729573988, "filename": "\\Windows\\System32\\xmllite.dll", "id": "region_3873", "name": "xmllite.dll", "norm_filename": "c:\\windows\\system32\\xmllite.dll", "region_type": "memory_mapped_file", "start_va": 8791729569792, "timestamp": "00:01:10.998", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 307200, "start_va": 8791729963008, "type": "region", "version": 1 }, "end_va": 8791730270207, "entry_point": 8791730024396, "filename": "\\Windows\\System32\\MMDevAPI.dll", "id": "region_3874", "name": "mmdevapi.dll", "norm_filename": "c:\\windows\\system32\\mmdevapi.dll", "region_type": "memory_mapped_file", "start_va": 8791729963008, "timestamp": "00:01:10.999", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1228800, "start_va": 8791734616064, "type": "region", "version": 1 }, "end_va": 8791735844863, "entry_point": 8791734654140, "filename": "\\Windows\\System32\\propsys.dll", "id": "region_3875", "name": "propsys.dll", "norm_filename": "c:\\windows\\system32\\propsys.dll", "region_type": "memory_mapped_file", "start_va": 8791734616064, "timestamp": "00:01:10.999", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2048000, "start_va": 8791736188928, "type": "region", "version": 1 }, "end_va": 8791738236927, "entry_point": 8791737813284, "filename": "\\Windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\\comctl32.dll", "id": "region_3876", "name": "comctl32.dll", "norm_filename": "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\\comctl32.dll", "region_type": "memory_mapped_file", "start_va": 8791736188928, "timestamp": "00:01:11.000", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 110592, "start_va": 8791745101824, "type": "region", "version": 1 }, "end_va": 8791745212415, "entry_point": 8791745110120, "filename": "\\Windows\\System32\\gpapi.dll", "id": "region_3877", "name": "gpapi.dll", "norm_filename": "c:\\windows\\system32\\gpapi.dll", "region_type": "memory_mapped_file", "start_va": 8791745101824, "timestamp": "00:01:11.000", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 122880, "start_va": 8791745232896, "type": "region", "version": 1 }, "end_va": 8791745355775, "entry_point": 8791745237944, "filename": "\\Windows\\System32\\userenv.dll", "id": "region_3878", "name": "userenv.dll", "norm_filename": "c:\\windows\\system32\\userenv.dll", "region_type": "memory_mapped_file", "start_va": 8791745232896, "timestamp": "00:01:11.000", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 53248, "start_va": 8791746674688, "type": "region", "version": 1 }, "end_va": 8791746727935, "entry_point": 8791746679624, "filename": "\\Windows\\System32\\pcwum.dll", "id": "region_3879", "name": "pcwum.dll", "norm_filename": "c:\\windows\\system32\\pcwum.dll", "region_type": "memory_mapped_file", "start_va": 8791746674688, "timestamp": "00:01:11.001", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 290816, "start_va": 8791747657728, "type": "region", "version": 1 }, "end_va": 8791747948543, "entry_point": 8791747661924, "filename": "\\Windows\\System32\\rsaenh.dll", "id": "region_3880", "name": "rsaenh.dll", "norm_filename": "c:\\windows\\system32\\rsaenh.dll", "region_type": "memory_mapped_file", "start_va": 8791747657728, "timestamp": "00:01:11.001", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 94208, "start_va": 8791750803456, "type": "region", "version": 1 }, "end_va": 8791750897663, "entry_point": 8791750816440, "filename": "\\Windows\\System32\\cryptsp.dll", "id": "region_3881", "name": "cryptsp.dll", "norm_filename": "c:\\windows\\system32\\cryptsp.dll", "region_type": "memory_mapped_file", "start_va": 8791750803456, "timestamp": "00:01:11.002", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 192512, "start_va": 8791752835072, "type": "region", "version": 1 }, "end_va": 8791753027583, "entry_point": 8791752839268, "filename": "\\Windows\\System32\\authz.dll", "id": "region_3882", "name": "authz.dll", "norm_filename": "c:\\windows\\system32\\authz.dll", "region_type": "memory_mapped_file", "start_va": 8791752835072, "timestamp": "00:01:11.002", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 151552, "start_va": 8791756898304, "type": "region", "version": 1 }, "end_va": 8791757049855, "entry_point": 8791756936792, "filename": "\\Windows\\System32\\sspicli.dll", "id": "region_3883", "name": "sspicli.dll", "norm_filename": "c:\\windows\\system32\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 8791756898304, "timestamp": "00:01:11.003", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 61440, "start_va": 8791757094912, "type": "region", "version": 1 }, "end_va": 8791757156351, "entry_point": 8791757099024, "filename": "\\Windows\\System32\\cryptbase.dll", "id": "region_3884", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\system32\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 8791757094912, "timestamp": "00:01:11.003", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 249856, "start_va": 8791757815808, "type": "region", "version": 1 }, "end_va": 8791758065663, "entry_point": 8791757822196, "filename": "\\Windows\\System32\\winsta.dll", "id": "region_3885", "name": "winsta.dll", "norm_filename": "c:\\windows\\system32\\winsta.dll", "region_type": "memory_mapped_file", "start_va": 8791757815808, "timestamp": "00:01:11.003", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 81920, "start_va": 8791758077952, "type": "region", "version": 1 }, "end_va": 8791758159871, "entry_point": 8791758082272, "filename": "\\Windows\\System32\\RpcRtRemote.dll", "id": "region_3886", "name": "rpcrtremote.dll", "norm_filename": "c:\\windows\\system32\\rpcrtremote.dll", "region_type": "memory_mapped_file", "start_va": 8791758077952, "timestamp": "00:01:11.004", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 61440, "start_va": 8791758209024, "type": "region", "version": 1 }, "end_va": 8791758270463, "entry_point": 8791758215600, "filename": "\\Windows\\System32\\profapi.dll", "id": "region_3887", "name": "profapi.dll", "norm_filename": "c:\\windows\\system32\\profapi.dll", "region_type": "memory_mapped_file", "start_va": 8791758209024, "timestamp": "00:01:11.004", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 106496, "start_va": 8791758929920, "type": "region", "version": 1 }, "end_va": 8791759036415, "entry_point": 8791758935384, "filename": "\\Windows\\System32\\devobj.dll", "id": "region_3888", "name": "devobj.dll", "norm_filename": "c:\\windows\\system32\\devobj.dll", "region_type": "memory_mapped_file", "start_va": 8791758929920, "timestamp": "00:01:11.006", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 438272, "start_va": 8791759060992, "type": "region", "version": 1 }, "end_va": 8791759499263, "entry_point": 8791759073504, "filename": "\\Windows\\System32\\KernelBase.dll", "id": "region_3889", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\system32\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 8791759060992, "timestamp": "00:01:11.007", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 221184, "start_va": 8791759519744, "type": "region", "version": 1 }, "end_va": 8791759740927, "entry_point": 8791759524980, "filename": "\\Windows\\System32\\cfgmgr32.dll", "id": "region_3890", "name": "cfgmgr32.dll", "norm_filename": "c:\\windows\\system32\\cfgmgr32.dll", "region_type": "memory_mapped_file", "start_va": 8791759519744, "timestamp": "00:01:11.007", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 823296, "start_va": 8791762206720, "type": "region", "version": 1 }, "end_va": 8791763030015, "entry_point": 8791762708596, "filename": "\\Windows\\System32\\usp10.dll", "id": "region_3891", "name": "usp10.dll", "norm_filename": "c:\\windows\\system32\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 8791762206720, "timestamp": "00:01:11.008", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1085440, "start_va": 8791763451904, "type": "region", "version": 1 }, "end_va": 8791764537343, "entry_point": 8791763456100, "filename": "\\Windows\\System32\\msctf.dll", "id": "region_3892", "name": "msctf.dll", "norm_filename": "c:\\windows\\system32\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 8791763451904, "timestamp": "00:01:11.008", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 57344, "start_va": 8791764566016, "type": "region", "version": 1 }, "end_va": 8791764623359, "entry_point": 8791764570240, "filename": "\\Windows\\System32\\lpk.dll", "id": "region_3893", "name": "lpk.dll", "norm_filename": "c:\\windows\\system32\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 8791764566016, "timestamp": "00:01:11.009", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 126976, "start_va": 8791765876736, "type": "region", "version": 1 }, "end_va": 8791766003711, "entry_point": 8791765901544, "filename": "\\Windows\\System32\\sechost.dll", "id": "region_3894", "name": "sechost.dll", "norm_filename": "c:\\windows\\system32\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 8791765876736, "timestamp": "00:01:11.009", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 188416, "start_va": 8791766007808, "type": "region", "version": 1 }, "end_va": 8791766196223, "entry_point": 8791766011920, "filename": "\\Windows\\System32\\imm32.dll", "id": "region_3895", "name": "imm32.dll", "norm_filename": "c:\\windows\\system32\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 8791766007808, "timestamp": "00:01:11.009", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1929216, "start_va": 8791782064128, "type": "region", "version": 1 }, "end_va": 8791783993343, "entry_point": 8791782068240, "filename": "\\Windows\\System32\\setupapi.dll", "id": "region_3896", "name": "setupapi.dll", "norm_filename": "c:\\windows\\system32\\setupapi.dll", "region_type": "memory_mapped_file", "start_va": 8791782064128, "timestamp": "00:01:11.010", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 880640, "start_va": 8791784685568, "type": "region", "version": 1 }, "end_va": 8791785566207, "entry_point": 8791784698484, "filename": "\\Windows\\System32\\oleaut32.dll", "id": "region_3897", "name": "oleaut32.dll", "norm_filename": "c:\\windows\\system32\\oleaut32.dll", "region_type": "memory_mapped_file", "start_va": 8791784685568, "timestamp": "00:01:11.010", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 897024, "start_va": 8791785603072, "type": "region", "version": 1 }, "end_va": 8791786500095, "entry_point": 8791785736032, "filename": "\\Windows\\System32\\advapi32.dll", "id": "region_3898", "name": "advapi32.dll", "norm_filename": "c:\\windows\\system32\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 8791785603072, "timestamp": "00:01:11.011", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1232896, "start_va": 8791786520576, "type": "region", "version": 1 }, "end_va": 8791787753471, "entry_point": 8791786843472, "filename": "\\Windows\\System32\\rpcrt4.dll", "id": "region_3899", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\system32\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 8791786520576, "timestamp": "00:01:11.011", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 626688, "start_va": 8791790256128, "type": "region", "version": 1 }, "end_va": 8791790882815, "entry_point": 8791790263312, "filename": "\\Windows\\System32\\clbcatq.dll", "id": "region_3900", "name": "clbcatq.dll", "norm_filename": "c:\\windows\\system32\\clbcatq.dll", "region_type": "memory_mapped_file", "start_va": 8791790256128, "timestamp": "00:01:11.012", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 651264, "start_va": 8791791435776, "type": "region", "version": 1 }, "end_va": 8791792087039, "entry_point": 8791791445408, "filename": "\\Windows\\System32\\msvcrt.dll", "id": "region_3901", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\system32\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 8791791435776, "timestamp": "00:01:11.012", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2109440, "start_va": 8791792091136, "type": "region", "version": 1 }, "end_va": 8791794200575, "entry_point": 8791792235312, "filename": "\\Windows\\System32\\ole32.dll", "id": "region_3902", "name": "ole32.dll", "norm_filename": "c:\\windows\\system32\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 8791792091136, "timestamp": "00:01:11.013", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 462848, "start_va": 8791794253824, "type": "region", "version": 1 }, "end_va": 8791794716671, "entry_point": 8791794327072, "filename": "\\Windows\\System32\\shlwapi.dll", "id": "region_3903", "name": "shlwapi.dll", "norm_filename": "c:\\windows\\system32\\shlwapi.dll", "region_type": "memory_mapped_file", "start_va": 8791794253824, "timestamp": "00:01:11.013", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 421888, "start_va": 8791794778112, "type": "region", "version": 1 }, "end_va": 8791795199999, "entry_point": 8791794823228, "filename": "\\Windows\\System32\\gdi32.dll", "id": "region_3904", "name": "gdi32.dll", "norm_filename": "c:\\windows\\system32\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 8791794778112, "timestamp": "00:01:11.014", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 8791795761152, "type": "region", "version": 1 }, "end_va": 8791795765247, "entry_point": 8791795761152, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_3905", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 8791795761152, "timestamp": "00:01:11.014", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092579840, "type": "region", "version": 1 }, "end_va": 8796092588031, "entry_point": 0, "filename": null, "id": "region_3906", "name": "private_0x000007fffff94000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092579840, "timestamp": "00:01:11.016", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092588032, "type": "region", "version": 1 }, "end_va": 8796092596223, "entry_point": 0, "filename": null, "id": "region_3907", "name": "private_0x000007fffff96000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092588032, "timestamp": "00:01:11.016", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092604416, "type": "region", "version": 1 }, "end_va": 8796092612607, "entry_point": 0, "filename": null, "id": "region_3908", "name": "private_0x000007fffff9a000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092604416, "timestamp": "00:01:11.016", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092612608, "type": "region", "version": 1 }, "end_va": 8796092620799, "entry_point": 0, "filename": null, "id": "region_3909", "name": "private_0x000007fffff9c000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092612608, "timestamp": "00:01:11.016", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092620800, "type": "region", "version": 1 }, "end_va": 8796092628991, "entry_point": 0, "filename": null, "id": "region_3910", "name": "private_0x000007fffff9e000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092620800, "timestamp": "00:01:11.016", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092628992, "type": "region", "version": 1 }, "end_va": 8796092637183, "entry_point": 0, "filename": null, "id": "region_3911", "name": "private_0x000007fffffa0000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092628992, "timestamp": "00:01:11.016", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092637184, "type": "region", "version": 1 }, "end_va": 8796092645375, "entry_point": 0, "filename": null, "id": "region_3912", "name": "private_0x000007fffffa2000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092637184, "timestamp": "00:01:11.016", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092645376, "type": "region", "version": 1 }, "end_va": 8796092653567, "entry_point": 0, "filename": null, "id": "region_3913", "name": "private_0x000007fffffa4000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092645376, "timestamp": "00:01:11.016", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092653568, "type": "region", "version": 1 }, "end_va": 8796092661759, "entry_point": 0, "filename": null, "id": "region_3914", "name": "private_0x000007fffffa6000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092653568, "timestamp": "00:01:11.016", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092661760, "type": "region", "version": 1 }, "end_va": 8796092669951, "entry_point": 0, "filename": null, "id": "region_3915", "name": "private_0x000007fffffa8000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092661760, "timestamp": "00:01:11.016", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092669952, "type": "region", "version": 1 }, "end_va": 8796092678143, "entry_point": 0, "filename": null, "id": "region_3916", "name": "private_0x000007fffffaa000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092669952, "timestamp": "00:01:11.016", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092678144, "type": "region", "version": 1 }, "end_va": 8796092686335, "entry_point": 0, "filename": null, "id": "region_3917", "name": "private_0x000007fffffac000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092678144, "timestamp": "00:01:11.016", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092686336, "type": "region", "version": 1 }, "end_va": 8796092694527, "entry_point": 0, "filename": null, "id": "region_3918", "name": "private_0x000007fffffae000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092686336, "timestamp": "00:01:11.016", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 8796092694528, "type": "region", "version": 1 }, "end_va": 8796092837887, "entry_point": 0, "filename": null, "id": "region_3919", "name": "pagefile_0x000007fffffb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 8796092694528, "timestamp": "00:01:11.016", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092841984, "type": "region", "version": 1 }, "end_va": 8796092850175, "entry_point": 0, "filename": null, "id": "region_3920", "name": "private_0x000007fffffd4000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092841984, "timestamp": "00:01:11.016", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092850176, "type": "region", "version": 1 }, "end_va": 8796092858367, "entry_point": 0, "filename": null, "id": "region_3921", "name": "private_0x000007fffffd6000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092850176, "timestamp": "00:01:11.016", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 8796092858368, "type": "region", "version": 1 }, "end_va": 8796092862463, "entry_point": 0, "filename": null, "id": "region_3922", "name": "private_0x000007fffffd8000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092858368, "timestamp": "00:01:11.016", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092866560, "type": "region", "version": 1 }, "end_va": 8796092874751, "entry_point": 0, "filename": null, "id": "region_3923", "name": "private_0x000007fffffda000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092866560, "timestamp": "00:01:11.016", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092874752, "type": "region", "version": 1 }, "end_va": 8796092882943, "entry_point": 0, "filename": null, "id": "region_3924", "name": "private_0x000007fffffdc000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092874752, "timestamp": "00:01:11.016", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092882944, "type": "region", "version": 1 }, "end_va": 8796092891135, "entry_point": 0, "filename": null, "id": "region_3925", "name": "private_0x000007fffffde000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092882944, "timestamp": "00:01:11.016", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 27787264, "type": "region", "version": 1 }, "end_va": 28311551, "entry_point": 0, "filename": null, "id": "region_5245", "name": "private_0x0000000001a80000", "norm_filename": null, "region_type": "private_memory", "start_va": 27787264, "timestamp": "00:01:21.779", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 258048, "start_va": 8791639851008, "type": "region", "version": 1 }, "end_va": 8791640109055, "entry_point": 8791639855808, "filename": "\\Windows\\System32\\cscobj.dll", "id": "region_5246", "name": "cscobj.dll", "norm_filename": "c:\\windows\\system32\\cscobj.dll", "region_type": "memory_mapped_file", "start_va": 8791639851008, "timestamp": "00:01:21.779", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092596224, "type": "region", "version": 1 }, "end_va": 8796092604415, "entry_point": 0, "filename": null, "id": "region_5247", "name": "private_0x000007fffff98000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092596224, "timestamp": "00:01:21.779", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 24641536, "type": "region", "version": 1 }, "end_va": 25165823, "entry_point": 0, "filename": null, "id": "region_5255", "name": "private_0x0000000001780000", "norm_filename": null, "region_type": "private_memory", "start_va": 24641536, "timestamp": "00:01:22.147", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 204800, "start_va": 8791635460096, "type": "region", "version": 1 }, "end_va": 8791635664895, "entry_point": 8791635464224, "filename": "\\Windows\\System32\\pcasvc.dll", "id": "region_5257", "name": "pcasvc.dll", "norm_filename": "c:\\windows\\system32\\pcasvc.dll", "region_type": "memory_mapped_file", "start_va": 8791635460096, "timestamp": "00:01:22.147", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092571648, "type": "region", "version": 1 }, "end_va": 8796092579839, "entry_point": 0, "filename": null, "id": "region_5258", "name": "private_0x000007fffff92000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092571648, "timestamp": "00:01:22.147", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 356352, "start_va": 8791705649152, "type": "region", "version": 1 }, "end_va": 8791706005503, "entry_point": 8791705653528, "filename": "\\Windows\\System32\\apphelp.dll", "id": "region_5260", "name": "apphelp.dll", "norm_filename": "c:\\windows\\system32\\apphelp.dll", "region_type": "memory_mapped_file", "start_va": 8791705649152, "timestamp": "00:01:22.153", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 73728, "start_va": 8791650598912, "type": "region", "version": 1 }, "end_va": 8791650672639, "entry_point": 8791650598912, "filename": "\\Windows\\System32\\aepic.dll", "id": "region_5261", "name": "aepic.dll", "norm_filename": "c:\\windows\\system32\\aepic.dll", "region_type": "memory_mapped_file", "start_va": 8791650598912, "timestamp": "00:01:22.157", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 12288, "start_va": 1971060736, "type": "region", "version": 1 }, "end_va": 1971073023, "entry_point": 1971060736, "filename": "\\Windows\\System32\\sfc.dll", "id": "region_5262", "name": "sfc.dll", "norm_filename": "c:\\windows\\system32\\sfc.dll", "region_type": "memory_mapped_file", "start_va": 1971060736, "timestamp": "00:01:22.174", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 65536, "start_va": 8791635394560, "type": "region", "version": 1 }, "end_va": 8791635460095, "entry_point": 8791635394560, "filename": "\\Windows\\System32\\sfc_os.dll", "id": "region_5263", "name": "sfc_os.dll", "norm_filename": "c:\\windows\\system32\\sfc_os.dll", "region_type": "memory_mapped_file", "start_va": 8791635394560, "timestamp": "00:01:22.187", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 8791743266816, "type": "region", "version": 1 }, "end_va": 8791743315967, "entry_point": 8791743271012, "filename": "\\Windows\\System32\\version.dll", "id": "region_5267", "name": "version.dll", "norm_filename": "c:\\windows\\system32\\version.dll", "region_type": "memory_mapped_file", "start_va": 8791743266816, "timestamp": "00:01:22.628", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 446464, "start_va": 8791753097216, "type": "region", "version": 1 }, "end_va": 8791753543679, "entry_point": 8791753101328, "filename": "\\Windows\\System32\\wevtapi.dll", "id": "region_5268", "name": "wevtapi.dll", "norm_filename": "c:\\windows\\system32\\wevtapi.dll", "region_type": "memory_mapped_file", "start_va": 8791753097216, "timestamp": "00:01:22.630", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1761280, "start_va": 8791633625088, "type": "region", "version": 1 }, "end_va": 8791635386367, "entry_point": 8791633625088, "filename": "\\Windows\\System32\\sysmain.dll", "id": "region_5269", "name": "sysmain.dll", "norm_filename": "c:\\windows\\system32\\sysmain.dll", "region_type": "memory_mapped_file", "start_va": 8791633625088, "timestamp": "00:01:22.663", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 2883584, "type": "region", "version": 1 }, "end_va": 2891775, "entry_point": 0, "filename": null, "id": "region_5271", "name": "pagefile_0x00000000002c0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2883584, "timestamp": "00:01:22.719", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 14188544, "start_va": 8791767777280, "type": "region", "version": 1 }, "end_va": 8791781965823, "entry_point": 8791768288956, "filename": "\\Windows\\System32\\shell32.dll", "id": "region_5272", "name": "shell32.dll", "norm_filename": "c:\\windows\\system32\\shell32.dll", "region_type": "memory_mapped_file", "start_va": 8791767777280, "timestamp": "00:01:22.724", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 139264, "start_va": 8791633428480, "type": "region", "version": 1 }, "end_va": 8791633567743, "entry_point": 8791633428480, "filename": "\\Windows\\System32\\trkwks.dll", "id": "region_5273", "name": "trkwks.dll", "norm_filename": "c:\\windows\\system32\\trkwks.dll", "region_type": "memory_mapped_file", "start_va": 8791633428480, "timestamp": "00:01:22.758", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 851968, "start_va": 29032448, "type": "region", "version": 1 }, "end_va": 29884415, "entry_point": 0, "filename": null, "id": "region_5278", "name": "private_0x0000000001bb0000", "norm_filename": null, "region_type": "private_memory", "start_va": 29032448, "timestamp": "00:01:22.871", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 184320, "start_va": 8791741366272, "type": "region", "version": 1 }, "end_va": 8791741550591, "entry_point": 8791741370384, "filename": "\\Windows\\System32\\ntmarta.dll", "id": "region_5279", "name": "ntmarta.dll", "norm_filename": "c:\\windows\\system32\\ntmarta.dll", "region_type": "memory_mapped_file", "start_va": 8791741366272, "timestamp": "00:01:22.873", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 335872, "start_va": 8791763058688, "type": "region", "version": 1 }, "end_va": 8791763394559, "entry_point": 8791763062996, "filename": "\\Windows\\System32\\Wldap32.dll", "id": "region_5280", "name": "wldap32.dll", "norm_filename": "c:\\windows\\system32\\wldap32.dll", "region_type": "memory_mapped_file", "start_va": 8791763058688, "timestamp": "00:01:22.875", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 30408704, "type": "region", "version": 1 }, "end_va": 31457279, "entry_point": 0, "filename": null, "id": "region_5281", "name": "private_0x0000000001d00000", "norm_filename": null, "region_type": "private_memory", "start_va": 30408704, "timestamp": "00:01:22.915", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 30801920, "type": "region", "version": 1 }, "end_va": 31326207, "entry_point": 0, "filename": null, "id": "region_5283", "name": "private_0x0000000001d60000", "norm_filename": null, "region_type": "private_memory", "start_va": 30801920, "timestamp": "00:01:23.100", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 31391744, "type": "region", "version": 1 }, "end_va": 31457279, "entry_point": 0, "filename": null, "id": "region_5284", "name": "private_0x0000000001df0000", "norm_filename": null, "region_type": "private_memory", "start_va": 31391744, "timestamp": "00:01:23.100", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092563456, "type": "region", "version": 1 }, "end_va": 8796092571647, "entry_point": 0, "filename": null, "id": "region_5285", "name": "private_0x000007fffff90000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092563456, "timestamp": "00:01:23.100", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 31457280, "type": "region", "version": 1 }, "end_va": 31981567, "entry_point": 0, "filename": null, "id": "region_5286", "name": "private_0x0000000001e00000", "norm_filename": null, "region_type": "private_memory", "start_va": 31457280, "timestamp": "00:01:23.107", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 29884416, "type": "region", "version": 1 }, "end_va": 30932991, "entry_point": 0, "filename": null, "id": "region_5288", "name": "private_0x0000000001c80000", "norm_filename": null, "region_type": "private_memory", "start_va": 29884416, "timestamp": "00:01:23.108", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 29163520, "type": "region", "version": 1 }, "end_va": 29687807, "entry_point": 0, "filename": null, "id": "region_5529", "name": "private_0x0000000001bd0000", "norm_filename": null, "region_type": "private_memory", "start_va": 29163520, "timestamp": "00:01:26.223", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 29818880, "type": "region", "version": 1 }, "end_va": 29884415, "entry_point": 0, "filename": null, "id": "region_5530", "name": "private_0x0000000001c70000", "norm_filename": null, "region_type": "private_memory", "start_va": 29818880, "timestamp": "00:01:26.223", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 376832, "start_va": 8791621369856, "type": "region", "version": 1 }, "end_va": 8791621746687, "entry_point": 8791621369856, "filename": "\\Windows\\System32\\netman.dll", "id": "region_5531", "name": "netman.dll", "norm_filename": "c:\\windows\\system32\\netman.dll", "region_type": "memory_mapped_file", "start_va": 8791621369856, "timestamp": "00:01:26.223", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 12910592, "type": "region", "version": 1 }, "end_va": 12914687, "entry_point": 0, "filename": null, "id": "region_5533", "name": "pagefile_0x0000000000c50000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 12910592, "timestamp": "00:01:26.240", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 8791781998592, "type": "region", "version": 1 }, "end_va": 8791782031359, "entry_point": 8791782003972, "filename": "\\Windows\\System32\\nsi.dll", "id": "region_5534", "name": "nsi.dll", "norm_filename": "c:\\windows\\system32\\nsi.dll", "region_type": "memory_mapped_file", "start_va": 8791781998592, "timestamp": "00:01:26.244", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 45056, "start_va": 8791717904384, "type": "region", "version": 1 }, "end_va": 8791717949439, "entry_point": 8791717908888, "filename": "\\Windows\\System32\\winnsi.dll", "id": "region_5535", "name": "winnsi.dll", "norm_filename": "c:\\windows\\system32\\winnsi.dll", "region_type": "memory_mapped_file", "start_va": 8791717904384, "timestamp": "00:01:26.245", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 786432, "start_va": 27328512, "type": "region", "version": 1 }, "end_va": 28114943, "entry_point": 0, "filename": null, "id": "region_5536", "name": "private_0x0000000001a10000", "norm_filename": null, "region_type": "private_memory", "start_va": 27328512, "timestamp": "00:01:26.258", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 31981568, "type": "region", "version": 1 }, "end_va": 33030143, "entry_point": 0, "filename": null, "id": "region_5537", "name": "private_0x0000000001e80000", "norm_filename": null, "region_type": "private_memory", "start_va": 31981568, "timestamp": "00:01:26.260", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 33030144, "type": "region", "version": 1 }, "end_va": 34078719, "entry_point": 0, "filename": null, "id": "region_5538", "name": "private_0x0000000001f80000", "norm_filename": null, "region_type": "private_memory", "start_va": 33030144, "timestamp": "00:01:26.266", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 33423360, "type": "region", "version": 1 }, "end_va": 33947647, "entry_point": 0, "filename": null, "id": "region_5564", "name": "private_0x0000000001fe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 33423360, "timestamp": "00:01:26.463", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 34013184, "type": "region", "version": 1 }, "end_va": 34078719, "entry_point": 0, "filename": null, "id": "region_5565", "name": "private_0x0000000002070000", "norm_filename": null, "region_type": "private_memory", "start_va": 34013184, "timestamp": "00:01:26.463", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 35258368, "type": "region", "version": 1 }, "end_va": 35782655, "entry_point": 0, "filename": null, "id": "region_5566", "name": "private_0x00000000021a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 35258368, "timestamp": "00:01:26.463", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092555264, "type": "region", "version": 1 }, "end_va": 8796092563455, "entry_point": 0, "filename": null, "id": "region_5567", "name": "private_0x000007fffff8e000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092555264, "timestamp": "00:01:26.463", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 135168, "start_va": 8791619731456, "type": "region", "version": 1 }, "end_va": 8791619866623, "entry_point": 8791619731456, "filename": "\\Windows\\System32\\wpdbusenum.dll", "id": "region_5574", "name": "wpdbusenum.dll", "norm_filename": "c:\\windows\\system32\\wpdbusenum.dll", "region_type": "memory_mapped_file", "start_va": 8791619731456, "timestamp": "00:01:26.491", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 8791654137856, "type": "region", "version": 1 }, "end_va": 8791654240255, "entry_point": 8791654148944, "filename": "\\Windows\\System32\\wdi.dll", "id": "region_5575", "name": "wdi.dll", "norm_filename": "c:\\windows\\system32\\wdi.dll", "region_type": "memory_mapped_file", "start_va": 8791654137856, "timestamp": "00:01:26.523", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2666496, "start_va": 8791646928896, "type": "region", "version": 1 }, "end_va": 8791649595391, "entry_point": 8791646957404, "filename": "\\Windows\\System32\\netshell.dll", "id": "region_5577", "name": "netshell.dll", "norm_filename": "c:\\windows\\system32\\netshell.dll", "region_type": "memory_mapped_file", "start_va": 8791646928896, "timestamp": "00:01:26.546", "type": "region", "version": 1 } ], "terminate_reason": "timeout", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "C:\\Windows\\system32\\svchost.exe -k netsvcs", "filename": "c:\\windows\\system32\\svchost.exe", "id": "proc_34", "image_name": "svchost.exe", "monitor_reason": "child_process", "monitored_id": 34, "origin_monitor_id": 26, "ref_parent_process": { "ref_id": "proc_26", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_1667", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:01:04.169", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 28672, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 159743, "entry_point": 0, "filename": null, "id": "region_1668", "name": "pagefile_0x0000000000020000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 131072, "timestamp": "00:01:04.169", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 212991, "entry_point": 0, "filename": null, "id": "region_1669", "name": "pagefile_0x0000000000030000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 196608, "timestamp": "00:01:04.169", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 266239, "entry_point": 0, "filename": null, "id": "region_1670", "name": "pagefile_0x0000000000040000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 262144, "timestamp": "00:01:04.169", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 327680, "type": "region", "version": 1 }, "end_va": 749567, "entry_point": 327680, "filename": "\\Windows\\System32\\locale.nls", "id": "region_1671", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 327680, "timestamp": "00:01:04.169", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 786432, "type": "region", "version": 1 }, "end_va": 794623, "entry_point": 0, "filename": null, "id": "region_1672", "name": "pagefile_0x00000000000c0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 786432, "timestamp": "00:01:04.169", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unknown" ], "info": "No dump was created for an unknown reason", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 851968, "type": "region", "version": 1 }, "end_va": 856063, "entry_point": 0, "filename": null, "id": "region_1673", "name": "private_0x00000000000d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 851968, "timestamp": "00:01:04.170", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unknown" ], "info": "No dump was created for an unknown reason", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 917504, "type": "region", "version": 1 }, "end_va": 921599, "entry_point": 0, "filename": null, "id": "region_1674", "name": "private_0x00000000000e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 917504, "timestamp": "00:01:04.170", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 983040, "type": "region", "version": 1 }, "end_va": 987135, "entry_point": 0, "filename": null, "id": "region_1675", "name": "pagefile_0x00000000000f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 983040, "timestamp": "00:01:04.170", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 1048576, "type": "region", "version": 1 }, "end_va": 1052671, "entry_point": 0, "filename": null, "id": "region_1676", "name": "pagefile_0x0000000000100000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1048576, "timestamp": "00:01:04.170", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 1114112, "type": "region", "version": 1 }, "end_va": 1118207, "entry_point": 0, "filename": null, "id": "region_1677", "name": "pagefile_0x0000000000110000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1114112, "timestamp": "00:01:04.170", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unknown" ], "info": "No dump was created for an unknown reason", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 1179648, "type": "region", "version": 1 }, "end_va": 1183743, "entry_point": 0, "filename": null, "id": "region_1678", "name": "private_0x0000000000120000", "norm_filename": null, "region_type": "private_memory", "start_va": 1179648, "timestamp": "00:01:04.170", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 1245184, "type": "region", "version": 1 }, "end_va": 1253375, "entry_point": 0, "filename": null, "id": "region_1679", "name": "pagefile_0x0000000000130000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1245184, "timestamp": "00:01:04.170", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 1310720, "type": "region", "version": 1 }, "end_va": 1327103, "entry_point": 1310720, "filename": "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db", "id": "region_1680", "name": "cversions.2.db", "norm_filename": "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db", "region_type": "memory_mapped_file", "start_va": 1310720, "timestamp": "00:01:04.170", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 1376256, "type": "region", "version": 1 }, "end_va": 1384447, "entry_point": 0, "filename": null, "id": "region_1681", "name": "pagefile_0x0000000000150000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1376256, "timestamp": "00:01:04.171", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unknown" ], "info": "No dump was created for an unknown reason", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 1441792, "type": "region", "version": 1 }, "end_va": 1507327, "entry_point": 0, "filename": null, "id": "region_1682", "name": "private_0x0000000000160000", "norm_filename": null, "region_type": "private_memory", "start_va": 1441792, "timestamp": "00:01:04.171", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 1507328, "type": "region", "version": 1 }, "end_va": 1523711, "entry_point": 1507328, "filename": "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db", "id": "region_1683", "name": "cversions.2.db", "norm_filename": "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db", "region_type": "memory_mapped_file", "start_va": 1507328, "timestamp": "00:01:04.171", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unknown" ], "info": "No dump was created for an unknown reason", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 1638400, "type": "region", "version": 1 }, "end_va": 2162687, "entry_point": 0, "filename": null, "id": "region_1684", "name": "private_0x0000000000190000", "norm_filename": null, "region_type": "private_memory", "start_va": 1638400, "timestamp": "00:01:04.171", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unknown" ], "info": "No dump was created for an unknown reason", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2162688, "type": "region", "version": 1 }, "end_va": 3211263, "entry_point": 0, "filename": null, "id": "region_1685", "name": "private_0x0000000000210000", "norm_filename": null, "region_type": "private_memory", "start_va": 2162688, "timestamp": "00:01:04.172", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 3276800, "type": "region", "version": 1 }, "end_va": 4325375, "entry_point": 0, "filename": null, "id": "region_1686", "name": "private_0x0000000000320000", "norm_filename": null, "region_type": "private_memory", "start_va": 3276800, "timestamp": "00:01:04.172", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 4325376, "type": "region", "version": 1 }, "end_va": 5931007, "entry_point": 0, "filename": null, "id": "region_1687", "name": "pagefile_0x0000000000420000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 4325376, "timestamp": "00:01:04.172", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 5963776, "type": "region", "version": 1 }, "end_va": 7540735, "entry_point": 0, "filename": null, "id": "region_1688", "name": "pagefile_0x00000000005b0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 5963776, "timestamp": "00:01:04.172", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 786432, "start_va": 7602176, "type": "region", "version": 1 }, "end_va": 8388607, "entry_point": 0, "filename": null, "id": "region_1689", "name": "pagefile_0x0000000000740000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 7602176, "timestamp": "00:01:04.172", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4141056, "start_va": 8388608, "type": "region", "version": 1 }, "end_va": 12529663, "entry_point": 0, "filename": null, "id": "region_1690", "name": "pagefile_0x0000000000800000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 8388608, "timestamp": "00:01:04.172", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable" ], "ref_process_dump": null, "size": 196608, "start_va": 12582912, "type": "region", "version": 1 }, "end_va": 12779519, "entry_point": 12582912, "filename": "\\ProgramData\\Microsoft\\Windows\\Caches\\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000012.db", "id": "region_1691", "name": "{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000012.db", "norm_filename": "c:\\programdata\\microsoft\\windows\\caches\\{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000012.db", "region_type": "memory_mapped_file", "start_va": 12582912, "timestamp": "00:01:04.172", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unknown" ], "info": "No dump was created for an unknown reason", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 12976128, "type": "region", "version": 1 }, "end_va": 13500415, "entry_point": 0, "filename": null, "id": "region_1692", "name": "private_0x0000000000c60000", "norm_filename": null, "region_type": "private_memory", "start_va": 12976128, "timestamp": "00:01:04.173", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unknown" ], "info": "No dump was created for an unknown reason", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 13500416, "type": "region", "version": 1 }, "end_va": 14024703, "entry_point": 0, "filename": null, "id": "region_1693", "name": "private_0x0000000000ce0000", "norm_filename": null, "region_type": "private_memory", "start_va": 13500416, "timestamp": "00:01:04.173", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unknown" ], "info": "No dump was created for an unknown reason", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 14024704, "type": "region", "version": 1 }, "end_va": 14548991, "entry_point": 0, "filename": null, "id": "region_1694", "name": "private_0x0000000000d60000", "norm_filename": null, "region_type": "private_memory", "start_va": 14024704, "timestamp": "00:01:04.173", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unknown" ], "info": "No dump was created for an unknown reason", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 14548992, "type": "region", "version": 1 }, "end_va": 15073279, "entry_point": 0, "filename": null, "id": "region_1695", "name": "private_0x0000000000de0000", "norm_filename": null, "region_type": "private_memory", "start_va": 14548992, "timestamp": "00:01:04.173", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unknown" ], "info": "No dump was created for an unknown reason", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 15204352, "type": "region", "version": 1 }, "end_va": 15728639, "entry_point": 0, "filename": null, "id": "region_1696", "name": "private_0x0000000000e80000", "norm_filename": null, "region_type": "private_memory", "start_va": 15204352, "timestamp": "00:01:04.174", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unknown" ], "info": "No dump was created for an unknown reason", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 15925248, "type": "region", "version": 1 }, "end_va": 16449535, "entry_point": 0, "filename": null, "id": "region_1697", "name": "private_0x0000000000f30000", "norm_filename": null, "region_type": "private_memory", "start_va": 15925248, "timestamp": "00:01:04.174", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unknown" ], "info": "No dump was created for an unknown reason", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 16711680, "type": "region", "version": 1 }, "end_va": 17235967, "entry_point": 0, "filename": null, "id": "region_1698", "name": "private_0x0000000000ff0000", "norm_filename": null, "region_type": "private_memory", "start_va": 16711680, "timestamp": "00:01:04.174", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2945024, "start_va": 17235968, "type": "region", "version": 1 }, "end_va": 20180991, "entry_point": 17235968, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_1699", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 17235968, "timestamp": "00:01:04.174", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unknown" ], "info": "No dump was created for an unknown reason", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 20381696, "type": "region", "version": 1 }, "end_va": 20905983, "entry_point": 0, "filename": null, "id": "region_1700", "name": "private_0x0000000001370000", "norm_filename": null, "region_type": "private_memory", "start_va": 20381696, "timestamp": "00:01:04.175", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unknown" ], "info": "No dump was created for an unknown reason", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 21037056, "type": "region", "version": 1 }, "end_va": 21561343, "entry_point": 0, "filename": null, "id": "region_1701", "name": "private_0x0000000001410000", "norm_filename": null, "region_type": "private_memory", "start_va": 21037056, "timestamp": "00:01:04.175", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unknown" ], "info": "No dump was created for an unknown reason", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 21889024, "type": "region", "version": 1 }, "end_va": 22413311, "entry_point": 0, "filename": null, "id": "region_1702", "name": "private_0x00000000014e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 21889024, "timestamp": "00:01:04.175", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable" ], "ref_process_dump": null, "size": 417792, "start_va": 22413312, "type": "region", "version": 1 }, "end_va": 22831103, "entry_point": 22413312, "filename": "\\ProgramData\\Microsoft\\Windows\\Caches\\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000002.db", "id": "region_1703", "name": "{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000002.db", "norm_filename": "c:\\programdata\\microsoft\\windows\\caches\\{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000002.db", "region_type": "memory_mapped_file", "start_va": 22413312, "timestamp": "00:01:04.175", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unknown" ], "info": "No dump was created for an unknown reason", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 23330816, "type": "region", "version": 1 }, "end_va": 23396351, "entry_point": 0, "filename": null, "id": "region_1704", "name": "private_0x0000000001640000", "norm_filename": null, "region_type": "private_memory", "start_va": 23330816, "timestamp": "00:01:04.176", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unknown" ], "info": "No dump was created for an unknown reason", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 23658496, "type": "region", "version": 1 }, "end_va": 24182783, "entry_point": 0, "filename": null, "id": "region_1705", "name": "private_0x0000000001690000", "norm_filename": null, "region_type": "private_memory", "start_va": 23658496, "timestamp": "00:01:04.176", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unknown" ], "info": "No dump was created for an unknown reason", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 24313856, "type": "region", "version": 1 }, "end_va": 24838143, "entry_point": 0, "filename": null, "id": "region_1706", "name": "private_0x0000000001730000", "norm_filename": null, "region_type": "private_memory", "start_va": 24313856, "timestamp": "00:01:04.176", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unknown" ], "info": "No dump was created for an unknown reason", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 24838144, "type": "region", "version": 1 }, "end_va": 25362431, "entry_point": 0, "filename": null, "id": "region_1707", "name": "private_0x00000000017b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 24838144, "timestamp": "00:01:04.177", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unknown" ], "info": "No dump was created for an unknown reason", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 26083328, "type": "region", "version": 1 }, "end_va": 26607615, "entry_point": 0, "filename": null, "id": "region_1708", "name": "private_0x00000000018e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 26083328, "timestamp": "00:01:04.177", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unknown" ], "info": "No dump was created for an unknown reason", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 26607616, "type": "region", "version": 1 }, "end_va": 27131903, "entry_point": 0, "filename": null, "id": "region_1709", "name": "private_0x0000000001960000", "norm_filename": null, "region_type": "private_memory", "start_va": 26607616, "timestamp": "00:01:04.177", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unknown" ], "info": "No dump was created for an unknown reason", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 27983872, "type": "region", "version": 1 }, "end_va": 28508159, "entry_point": 0, "filename": null, "id": "region_1710", "name": "private_0x0000000001ab0000", "norm_filename": null, "region_type": "private_memory", "start_va": 27983872, "timestamp": "00:01:04.177", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unknown" ], "info": "No dump was created for an unknown reason", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 28573696, "type": "region", "version": 1 }, "end_va": 29097983, "entry_point": 0, "filename": null, "id": "region_1711", "name": "private_0x0000000001b40000", "norm_filename": null, "region_type": "private_memory", "start_va": 28573696, "timestamp": "00:01:04.177", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unknown" ], "info": "No dump was created for an unknown reason", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 29425664, "type": "region", "version": 1 }, "end_va": 29949951, "entry_point": 0, "filename": null, "id": "region_1712", "name": "private_0x0000000001c10000", "norm_filename": null, "region_type": "private_memory", "start_va": 29425664, "timestamp": "00:01:04.178", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unknown" ], "info": "No dump was created for an unknown reason", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 30408704, "type": "region", "version": 1 }, "end_va": 30932991, "entry_point": 0, "filename": null, "id": "region_1713", "name": "private_0x0000000001d00000", "norm_filename": null, "region_type": "private_memory", "start_va": 30408704, "timestamp": "00:01:04.178", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unknown" ], "info": "No dump was created for an unknown reason", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 31391744, "type": "region", "version": 1 }, "end_va": 31916031, "entry_point": 0, "filename": null, "id": "region_1714", "name": "private_0x0000000001df0000", "norm_filename": null, "region_type": "private_memory", "start_va": 31391744, "timestamp": "00:01:04.178", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unknown" ], "info": "No dump was created for an unknown reason", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 32505856, "type": "region", "version": 1 }, "end_va": 33030143, "entry_point": 0, "filename": null, "id": "region_1715", "name": "private_0x0000000001f00000", "norm_filename": null, "region_type": "private_memory", "start_va": 32505856, "timestamp": "00:01:04.178", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unknown" ], "info": "No dump was created for an unknown reason", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 33357824, "type": "region", "version": 1 }, "end_va": 33882111, "entry_point": 0, "filename": null, "id": "region_1716", "name": "private_0x0000000001fd0000", "norm_filename": null, "region_type": "private_memory", "start_va": 33357824, "timestamp": "00:01:04.179", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unknown" ], "info": "No dump was created for an unknown reason", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 33882112, "type": "region", "version": 1 }, "end_va": 34930687, "entry_point": 0, "filename": null, "id": "region_1717", "name": "private_0x0000000002050000", "norm_filename": null, "region_type": "private_memory", "start_va": 33882112, "timestamp": "00:01:04.179", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unknown" ], "info": "No dump was created for an unknown reason", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 35782656, "type": "region", "version": 1 }, "end_va": 36306943, "entry_point": 0, "filename": null, "id": "region_1718", "name": "private_0x0000000002220000", "norm_filename": null, "region_type": "private_memory", "start_va": 35782656, "timestamp": "00:01:04.179", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 3420160, "start_va": 36306944, "type": "region", "version": 1 }, "end_va": 39727103, "entry_point": 0, "filename": null, "id": "region_1719", "name": "pagefile_0x00000000022a0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 36306944, "timestamp": "00:01:04.179", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1024000, "start_va": 2005467136, "type": "region", "version": 1 }, "end_va": 2006491135, "entry_point": 2005467136, "filename": "\\Windows\\System32\\user32.dll", "id": "region_1720", "name": "user32.dll", "norm_filename": "c:\\windows\\system32\\user32.dll", "region_type": "memory_mapped_file", "start_va": 2005467136, "timestamp": "00:01:04.179", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1175552, "start_va": 2006515712, "type": "region", "version": 1 }, "end_va": 2007691263, "entry_point": 2006515712, "filename": "\\Windows\\System32\\kernel32.dll", "id": "region_1721", "name": "kernel32.dll", "norm_filename": "c:\\windows\\system32\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 2006515712, "timestamp": "00:01:04.235", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 2007695360, "type": "region", "version": 1 }, "end_va": 2009436159, "entry_point": 2007695360, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_1722", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2007695360, "timestamp": "00:01:04.398", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2131623935, "entry_point": 0, "filename": null, "id": "region_1723", "name": "pagefile_0x000000007efe0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130575360, "timestamp": "00:01:04.398", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 15728640, "start_va": 2131623936, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_1724", "name": "private_0x000000007f0e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2131623936, "timestamp": "00:01:04.399", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unknown" ], "info": "No dump was created for an unknown reason", "permissions": [ "readable" ], "ref_process_dump": null, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_1725", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:01:04.399", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 45056, "start_va": 4282056704, "type": "region", "version": 1 }, "end_va": 4282101759, "entry_point": 4282056704, "filename": "\\Windows\\System32\\svchost.exe", "id": "region_1726", "name": "svchost.exe", "norm_filename": "c:\\windows\\system32\\svchost.exe", "region_type": "memory_mapped_file", "start_va": 4282056704, "timestamp": "00:01:04.399", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 974848, "start_va": 8791678648320, "type": "region", "version": 1 }, "end_va": 8791679623167, "entry_point": 8791678648320, "filename": "\\Windows\\System32\\actxprxy.dll", "id": "region_1727", "name": "actxprxy.dll", "norm_filename": "c:\\windows\\system32\\actxprxy.dll", "region_type": "memory_mapped_file", "start_va": 8791678648320, "timestamp": "00:01:04.409", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 487424, "start_va": 8791713382400, "type": "region", "version": 1 }, "end_va": 8791713869823, "entry_point": 8791713382400, "filename": "\\Windows\\System32\\taskcomp.dll", "id": "region_1728", "name": "taskcomp.dll", "norm_filename": "c:\\windows\\system32\\taskcomp.dll", "region_type": "memory_mapped_file", "start_va": 8791713382400, "timestamp": "00:01:04.417", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 8791713906688, "type": "region", "version": 1 }, "end_va": 8791713947647, "entry_point": 8791713906688, "filename": "\\Windows\\System32\\ktmw32.dll", "id": "region_1729", "name": "ktmw32.dll", "norm_filename": "c:\\windows\\system32\\ktmw32.dll", "region_type": "memory_mapped_file", "start_va": 8791713906688, "timestamp": "00:01:04.428", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1122304, "start_va": 8791713972224, "type": "region", "version": 1 }, "end_va": 8791715094527, "entry_point": 8791713972224, "filename": "\\Windows\\System32\\schedsvc.dll", "id": "region_1730", "name": "schedsvc.dll", "norm_filename": "c:\\windows\\system32\\schedsvc.dll", "region_type": "memory_mapped_file", "start_va": 8791713972224, "timestamp": "00:01:04.434", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 61440, "start_va": 8791715151872, "type": "region", "version": 1 }, "end_va": 8791715213311, "entry_point": 8791715151872, "filename": "\\Windows\\System32\\wiarpc.dll", "id": "region_1731", "name": "wiarpc.dll", "norm_filename": "c:\\windows\\system32\\wiarpc.dll", "region_type": "memory_mapped_file", "start_va": 8791715151872, "timestamp": "00:01:04.448", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 36864, "start_va": 8791715217408, "type": "region", "version": 1 }, "end_va": 8791715254271, "entry_point": 8791715217408, "filename": "\\Windows\\System32\\fvecerts.dll", "id": "region_1732", "name": "fvecerts.dll", "norm_filename": "c:\\windows\\system32\\fvecerts.dll", "region_type": "memory_mapped_file", "start_va": 8791715217408, "timestamp": "00:01:04.458", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 36864, "start_va": 8791715282944, "type": "region", "version": 1 }, "end_va": 8791715319807, "entry_point": 8791715282944, "filename": "\\Windows\\System32\\tbs.dll", "id": "region_1733", "name": "tbs.dll", "norm_filename": "c:\\windows\\system32\\tbs.dll", "region_type": "memory_mapped_file", "start_va": 8791715282944, "timestamp": "00:01:04.467", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 352256, "start_va": 8791715348480, "type": "region", "version": 1 }, "end_va": 8791715700735, "entry_point": 8791715348480, "filename": "\\Windows\\System32\\fveapi.dll", "id": "region_1734", "name": "fveapi.dll", "norm_filename": "c:\\windows\\system32\\fveapi.dll", "region_type": "memory_mapped_file", "start_va": 8791715348480, "timestamp": "00:01:04.476", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 385024, "start_va": 8791715807232, "type": "region", "version": 1 }, "end_va": 8791716192255, "entry_point": 8791715807232, "filename": "\\Windows\\System32\\shsvcs.dll", "id": "region_1735", "name": "shsvcs.dll", "norm_filename": "c:\\windows\\system32\\shsvcs.dll", "region_type": "memory_mapped_file", "start_va": 8791715807232, "timestamp": "00:01:04.485", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 81920, "start_va": 8791718297600, "type": "region", "version": 1 }, "end_va": 8791718379519, "entry_point": 8791718297600, "filename": "\\Windows\\System32\\Sens.dll", "id": "region_1736", "name": "sens.dll", "norm_filename": "c:\\windows\\system32\\sens.dll", "region_type": "memory_mapped_file", "start_va": 8791718297600, "timestamp": "00:01:04.496", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 421888, "start_va": 8791718428672, "type": "region", "version": 1 }, "end_va": 8791718850559, "entry_point": 8791718428672, "filename": "\\Windows\\System32\\es.dll", "id": "region_1737", "name": "es.dll", "norm_filename": "c:\\windows\\system32\\es.dll", "region_type": "memory_mapped_file", "start_va": 8791718428672, "timestamp": "00:01:04.507", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 45056, "start_va": 8791718887424, "type": "region", "version": 1 }, "end_va": 8791718932479, "entry_point": 8791718887424, "filename": "\\Windows\\System32\\slc.dll", "id": "region_1738", "name": "slc.dll", "norm_filename": "c:\\windows\\system32\\slc.dll", "region_type": "memory_mapped_file", "start_va": 8791718887424, "timestamp": "00:01:04.520", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 8791718952960, "type": "region", "version": 1 }, "end_va": 8791719002111, "entry_point": 8791718952960, "filename": "\\Windows\\System32\\dsrole.dll", "id": "region_1739", "name": "dsrole.dll", "norm_filename": "c:\\windows\\system32\\dsrole.dll", "region_type": "memory_mapped_file", "start_va": 8791718952960, "timestamp": "00:01:04.526", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 65536, "start_va": 8791719018496, "type": "region", "version": 1 }, "end_va": 8791719084031, "entry_point": 8791719018496, "filename": "\\Windows\\System32\\themeservice.dll", "id": "region_1740", "name": "themeservice.dll", "norm_filename": "c:\\windows\\system32\\themeservice.dll", "region_type": "memory_mapped_file", "start_va": 8791719018496, "timestamp": "00:01:04.533", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 8791719084032, "type": "region", "version": 1 }, "end_va": 8791719186431, "entry_point": 8791719084032, "filename": "\\Windows\\System32\\atl.dll", "id": "region_1741", "name": "atl.dll", "norm_filename": "c:\\windows\\system32\\atl.dll", "region_type": "memory_mapped_file", "start_va": 8791719084032, "timestamp": "00:01:04.542", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 225280, "start_va": 8791719215104, "type": "region", "version": 1 }, "end_va": 8791719440383, "entry_point": 8791719215104, "filename": "\\Windows\\System32\\profsvc.dll", "id": "region_1742", "name": "profsvc.dll", "norm_filename": "c:\\windows\\system32\\profsvc.dll", "region_type": "memory_mapped_file", "start_va": 8791719215104, "timestamp": "00:01:04.553", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 86016, "start_va": 8791719739392, "type": "region", "version": 1 }, "end_va": 8791719825407, "entry_point": 8791719739392, "filename": "\\Windows\\System32\\nlaapi.dll", "id": "region_1743", "name": "nlaapi.dll", "norm_filename": "c:\\windows\\system32\\nlaapi.dll", "region_type": "memory_mapped_file", "start_va": 8791719739392, "timestamp": "00:01:04.564", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 794624, "start_va": 8791719870464, "type": "region", "version": 1 }, "end_va": 8791720665087, "entry_point": 8791719870464, "filename": "\\Windows\\System32\\gpsvc.dll", "id": "region_1744", "name": "gpsvc.dll", "norm_filename": "c:\\windows\\system32\\gpsvc.dll", "region_type": "memory_mapped_file", "start_va": 8791719870464, "timestamp": "00:01:04.575", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 118784, "start_va": 8791722885120, "type": "region", "version": 1 }, "end_va": 8791723003903, "entry_point": 8791722885120, "filename": "\\Windows\\System32\\mmcss.dll", "id": "region_1745", "name": "mmcss.dll", "norm_filename": "c:\\windows\\system32\\mmcss.dll", "region_type": "memory_mapped_file", "start_va": 8791722885120, "timestamp": "00:01:04.585", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 36864, "start_va": 8791723016192, "type": "region", "version": 1 }, "end_va": 8791723053055, "entry_point": 8791723016192, "filename": "\\Windows\\System32\\avrt.dll", "id": "region_1746", "name": "avrt.dll", "norm_filename": "c:\\windows\\system32\\avrt.dll", "region_type": "memory_mapped_file", "start_va": 8791723016192, "timestamp": "00:01:04.594", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 86016, "start_va": 8791726686208, "type": "region", "version": 1 }, "end_va": 8791726772223, "entry_point": 8791726686208, "filename": "\\Windows\\System32\\wkscli.dll", "id": "region_1747", "name": "wkscli.dll", "norm_filename": "c:\\windows\\system32\\wkscli.dll", "region_type": "memory_mapped_file", "start_va": 8791726686208, "timestamp": "00:01:04.601", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 8791726817280, "type": "region", "version": 1 }, "end_va": 8791726866431, "entry_point": 8791726817280, "filename": "\\Windows\\System32\\netutils.dll", "id": "region_1748", "name": "netutils.dll", "norm_filename": "c:\\windows\\system32\\netutils.dll", "region_type": "memory_mapped_file", "start_va": 8791726817280, "timestamp": "00:01:04.609", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 90112, "start_va": 8791726882816, "type": "region", "version": 1 }, "end_va": 8791726972927, "entry_point": 8791726882816, "filename": "\\Windows\\System32\\netapi32.dll", "id": "region_1749", "name": "netapi32.dll", "norm_filename": "c:\\windows\\system32\\netapi32.dll", "region_type": "memory_mapped_file", "start_va": 8791726882816, "timestamp": "00:01:04.617", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 69632, "start_va": 8791728128000, "type": "region", "version": 1 }, "end_va": 8791728197631, "entry_point": 8791728128000, "filename": "\\Windows\\System32\\wtsapi32.dll", "id": "region_1750", "name": "wtsapi32.dll", "norm_filename": "c:\\windows\\system32\\wtsapi32.dll", "region_type": "memory_mapped_file", "start_va": 8791728128000, "timestamp": "00:01:04.629", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 217088, "start_va": 8791729569792, "type": "region", "version": 1 }, "end_va": 8791729786879, "entry_point": 8791729569792, "filename": "\\Windows\\System32\\xmllite.dll", "id": "region_1751", "name": "xmllite.dll", "norm_filename": "c:\\windows\\system32\\xmllite.dll", "region_type": "memory_mapped_file", "start_va": 8791729569792, "timestamp": "00:01:04.636", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 352256, "start_va": 8791734222848, "type": "region", "version": 1 }, "end_va": 8791734575103, "entry_point": 8791734222848, "filename": "\\Windows\\System32\\uxtheme.dll", "id": "region_1752", "name": "uxtheme.dll", "norm_filename": "c:\\windows\\system32\\uxtheme.dll", "region_type": "memory_mapped_file", "start_va": 8791734222848, "timestamp": "00:01:04.640", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1228800, "start_va": 8791734616064, "type": "region", "version": 1 }, "end_va": 8791735844863, "entry_point": 8791734616064, "filename": "\\Windows\\System32\\propsys.dll", "id": "region_1753", "name": "propsys.dll", "norm_filename": "c:\\windows\\system32\\propsys.dll", "region_type": "memory_mapped_file", "start_va": 8791734616064, "timestamp": "00:01:04.645", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 118784, "start_va": 8791735861248, "type": "region", "version": 1 }, "end_va": 8791735980031, "entry_point": 8791735861248, "filename": "\\Windows\\System32\\samlib.dll", "id": "region_1754", "name": "samlib.dll", "norm_filename": "c:\\windows\\system32\\samlib.dll", "region_type": "memory_mapped_file", "start_va": 8791735861248, "timestamp": "00:01:04.658", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2048000, "start_va": 8791736188928, "type": "region", "version": 1 }, "end_va": 8791738236927, "entry_point": 8791736188928, "filename": "\\Windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\\comctl32.dll", "id": "region_1755", "name": "comctl32.dll", "norm_filename": "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\\comctl32.dll", "region_type": "memory_mapped_file", "start_va": 8791736188928, "timestamp": "00:01:04.667", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 184320, "start_va": 8791741366272, "type": "region", "version": 1 }, "end_va": 8791741550591, "entry_point": 8791741366272, "filename": "\\Windows\\System32\\ntmarta.dll", "id": "region_1756", "name": "ntmarta.dll", "norm_filename": "c:\\windows\\system32\\ntmarta.dll", "region_type": "memory_mapped_file", "start_va": 8791741366272, "timestamp": "00:01:04.679", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 8791743266816, "type": "region", "version": 1 }, "end_va": 8791743315967, "entry_point": 8791743266816, "filename": "\\Windows\\System32\\version.dll", "id": "region_1757", "name": "version.dll", "norm_filename": "c:\\windows\\system32\\version.dll", "region_type": "memory_mapped_file", "start_va": 8791743266816, "timestamp": "00:01:04.691", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 28672, "start_va": 8791744118784, "type": "region", "version": 1 }, "end_va": 8791744147455, "entry_point": 8791744118784, "filename": "\\Windows\\System32\\WSHTCPIP.DLL", "id": "region_1758", "name": "wshtcpip.dll", "norm_filename": "c:\\windows\\system32\\wshtcpip.dll", "region_type": "memory_mapped_file", "start_va": 8791744118784, "timestamp": "00:01:04.699", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 110592, "start_va": 8791745101824, "type": "region", "version": 1 }, "end_va": 8791745212415, "entry_point": 8791745101824, "filename": "\\Windows\\System32\\gpapi.dll", "id": "region_1759", "name": "gpapi.dll", "norm_filename": "c:\\windows\\system32\\gpapi.dll", "region_type": "memory_mapped_file", "start_va": 8791745101824, "timestamp": "00:01:04.708", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 122880, "start_va": 8791745232896, "type": "region", "version": 1 }, "end_va": 8791745355775, "entry_point": 8791745232896, "filename": "\\Windows\\System32\\userenv.dll", "id": "region_1760", "name": "userenv.dll", "norm_filename": "c:\\windows\\system32\\userenv.dll", "region_type": "memory_mapped_file", "start_va": 8791745232896, "timestamp": "00:01:04.718", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 233472, "start_va": 8791746347008, "type": "region", "version": 1 }, "end_va": 8791746580479, "entry_point": 8791746347008, "filename": "\\Windows\\System32\\ubpm.dll", "id": "region_1761", "name": "ubpm.dll", "norm_filename": "c:\\windows\\system32\\ubpm.dll", "region_type": "memory_mapped_file", "start_va": 8791746347008, "timestamp": "00:01:04.730", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 8791746609152, "type": "region", "version": 1 }, "end_va": 8791746650111, "entry_point": 8791746609152, "filename": "\\Windows\\System32\\credssp.dll", "id": "region_1762", "name": "credssp.dll", "norm_filename": "c:\\windows\\system32\\credssp.dll", "region_type": "memory_mapped_file", "start_va": 8791746609152, "timestamp": "00:01:04.739", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 53248, "start_va": 8791746674688, "type": "region", "version": 1 }, "end_va": 8791746727935, "entry_point": 8791746674688, "filename": "\\Windows\\System32\\pcwum.dll", "id": "region_1763", "name": "pcwum.dll", "norm_filename": "c:\\windows\\system32\\pcwum.dll", "region_type": "memory_mapped_file", "start_va": 8791746674688, "timestamp": "00:01:04.747", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 290816, "start_va": 8791747657728, "type": "region", "version": 1 }, "end_va": 8791747948543, "entry_point": 8791747657728, "filename": "\\Windows\\System32\\rsaenh.dll", "id": "region_1764", "name": "rsaenh.dll", "norm_filename": "c:\\windows\\system32\\rsaenh.dll", "region_type": "memory_mapped_file", "start_va": 8791747657728, "timestamp": "00:01:04.758", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 196608, "start_va": 8791748640768, "type": "region", "version": 1 }, "end_va": 8791748837375, "entry_point": 8791748640768, "filename": "\\Windows\\System32\\logoncli.dll", "id": "region_1765", "name": "logoncli.dll", "norm_filename": "c:\\windows\\system32\\logoncli.dll", "region_type": "memory_mapped_file", "start_va": 8791748640768, "timestamp": "00:01:04.763", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 28672, "start_va": 8791750344704, "type": "region", "version": 1 }, "end_va": 8791750373375, "entry_point": 8791750344704, "filename": "\\Windows\\System32\\wship6.dll", "id": "region_1766", "name": "wship6.dll", "norm_filename": "c:\\windows\\system32\\wship6.dll", "region_type": "memory_mapped_file", "start_va": 8791750344704, "timestamp": "00:01:04.773", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 348160, "start_va": 8791750410240, "type": "region", "version": 1 }, "end_va": 8791750758399, "entry_point": 8791750410240, "filename": "\\Windows\\System32\\mswsock.dll", "id": "region_1767", "name": "mswsock.dll", "norm_filename": "c:\\windows\\system32\\mswsock.dll", "region_type": "memory_mapped_file", "start_va": 8791750410240, "timestamp": "00:01:04.783", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 94208, "start_va": 8791750803456, "type": "region", "version": 1 }, "end_va": 8791750897663, "entry_point": 8791750803456, "filename": "\\Windows\\System32\\cryptsp.dll", "id": "region_1768", "name": "cryptsp.dll", "norm_filename": "c:\\windows\\system32\\cryptsp.dll", "region_type": "memory_mapped_file", "start_va": 8791750803456, "timestamp": "00:01:04.793", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 204800, "start_va": 8791751917568, "type": "region", "version": 1 }, "end_va": 8791752122367, "entry_point": 8791751917568, "filename": "\\Windows\\System32\\netjoin.dll", "id": "region_1769", "name": "netjoin.dll", "norm_filename": "c:\\windows\\system32\\netjoin.dll", "region_type": "memory_mapped_file", "start_va": 8791751917568, "timestamp": "00:01:04.798", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 8791752245248, "type": "region", "version": 1 }, "end_va": 8791752286207, "entry_point": 8791752245248, "filename": "\\Windows\\System32\\sysntfy.dll", "id": "region_1770", "name": "sysntfy.dll", "norm_filename": "c:\\windows\\system32\\sysntfy.dll", "region_type": "memory_mapped_file", "start_va": 8791752245248, "timestamp": "00:01:04.806", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 192512, "start_va": 8791752835072, "type": "region", "version": 1 }, "end_va": 8791753027583, "entry_point": 8791752835072, "filename": "\\Windows\\System32\\authz.dll", "id": "region_1771", "name": "authz.dll", "norm_filename": "c:\\windows\\system32\\authz.dll", "region_type": "memory_mapped_file", "start_va": 8791752835072, "timestamp": "00:01:04.813", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 446464, "start_va": 8791753097216, "type": "region", "version": 1 }, "end_va": 8791753543679, "entry_point": 8791753097216, "filename": "\\Windows\\System32\\wevtapi.dll", "id": "region_1772", "name": "wevtapi.dll", "norm_filename": "c:\\windows\\system32\\wevtapi.dll", "region_type": "memory_mapped_file", "start_va": 8791753097216, "timestamp": "00:01:04.821", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 143360, "start_va": 8791756046336, "type": "region", "version": 1 }, "end_va": 8791756189695, "entry_point": 8791756046336, "filename": "\\Windows\\System32\\srvcli.dll", "id": "region_1773", "name": "srvcli.dll", "norm_filename": "c:\\windows\\system32\\srvcli.dll", "region_type": "memory_mapped_file", "start_va": 8791756046336, "timestamp": "00:01:04.826", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 45056, "start_va": 8791756701696, "type": "region", "version": 1 }, "end_va": 8791756746751, "entry_point": 8791756701696, "filename": "\\Windows\\System32\\secur32.dll", "id": "region_1774", "name": "secur32.dll", "norm_filename": "c:\\windows\\system32\\secur32.dll", "region_type": "memory_mapped_file", "start_va": 8791756701696, "timestamp": "00:01:04.834", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 151552, "start_va": 8791756898304, "type": "region", "version": 1 }, "end_va": 8791757049855, "entry_point": 8791756898304, "filename": "\\Windows\\System32\\sspicli.dll", "id": "region_1775", "name": "sspicli.dll", "norm_filename": "c:\\windows\\system32\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 8791756898304, "timestamp": "00:01:04.843", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 61440, "start_va": 8791757094912, "type": "region", "version": 1 }, "end_va": 8791757156351, "entry_point": 8791757094912, "filename": "\\Windows\\System32\\cryptbase.dll", "id": "region_1776", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\system32\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 8791757094912, "timestamp": "00:01:04.848", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 593920, "start_va": 8791757160448, "type": "region", "version": 1 }, "end_va": 8791757754367, "entry_point": 8791757160448, "filename": "\\Windows\\System32\\sxs.dll", "id": "region_1777", "name": "sxs.dll", "norm_filename": "c:\\windows\\system32\\sxs.dll", "region_type": "memory_mapped_file", "start_va": 8791757160448, "timestamp": "00:01:04.853", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 249856, "start_va": 8791757815808, "type": "region", "version": 1 }, "end_va": 8791758065663, "entry_point": 8791757815808, "filename": "\\Windows\\System32\\winsta.dll", "id": "region_1778", "name": "winsta.dll", "norm_filename": "c:\\windows\\system32\\winsta.dll", "region_type": "memory_mapped_file", "start_va": 8791757815808, "timestamp": "00:01:04.862", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 81920, "start_va": 8791758077952, "type": "region", "version": 1 }, "end_va": 8791758159871, "entry_point": 8791758077952, "filename": "\\Windows\\System32\\RpcRtRemote.dll", "id": "region_1779", "name": "rpcrtremote.dll", "norm_filename": "c:\\windows\\system32\\rpcrtremote.dll", "region_type": "memory_mapped_file", "start_va": 8791758077952, "timestamp": "00:01:04.871", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 61440, "start_va": 8791758209024, "type": "region", "version": 1 }, "end_va": 8791758270463, "entry_point": 8791758209024, "filename": "\\Windows\\System32\\profapi.dll", "id": "region_1780", "name": "profapi.dll", "norm_filename": "c:\\windows\\system32\\profapi.dll", "region_type": "memory_mapped_file", "start_va": 8791758209024, "timestamp": "00:01:04.876", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 61440, "start_va": 8791758864384, "type": "region", "version": 1 }, "end_va": 8791758925823, "entry_point": 8791758864384, "filename": "\\Windows\\System32\\msasn1.dll", "id": "region_1781", "name": "msasn1.dll", "norm_filename": "c:\\windows\\system32\\msasn1.dll", "region_type": "memory_mapped_file", "start_va": 8791758864384, "timestamp": "00:01:04.881", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 106496, "start_va": 8791758929920, "type": "region", "version": 1 }, "end_va": 8791759036415, "entry_point": 8791758929920, "filename": "\\Windows\\System32\\devobj.dll", "id": "region_1782", "name": "devobj.dll", "norm_filename": "c:\\windows\\system32\\devobj.dll", "region_type": "memory_mapped_file", "start_va": 8791758929920, "timestamp": "00:01:04.890", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 438272, "start_va": 8791759060992, "type": "region", "version": 1 }, "end_va": 8791759499263, "entry_point": 8791759060992, "filename": "\\Windows\\System32\\KernelBase.dll", "id": "region_1783", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\system32\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 8791759060992, "timestamp": "00:01:04.900", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 221184, "start_va": 8791759519744, "type": "region", "version": 1 }, "end_va": 8791759740927, "entry_point": 8791759519744, "filename": "\\Windows\\System32\\cfgmgr32.dll", "id": "region_1784", "name": "cfgmgr32.dll", "norm_filename": "c:\\windows\\system32\\cfgmgr32.dll", "region_type": "memory_mapped_file", "start_va": 8791759519744, "timestamp": "00:01:04.943", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 237568, "start_va": 8791759781888, "type": "region", "version": 1 }, "end_va": 8791760019455, "entry_point": 8791759781888, "filename": "\\Windows\\System32\\wintrust.dll", "id": "region_1785", "name": "wintrust.dll", "norm_filename": "c:\\windows\\system32\\wintrust.dll", "region_type": "memory_mapped_file", "start_va": 8791759781888, "timestamp": "00:01:04.953", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1470464, "start_va": 8791760044032, "type": "region", "version": 1 }, "end_va": 8791761514495, "entry_point": 8791760044032, "filename": "\\Windows\\System32\\crypt32.dll", "id": "region_1786", "name": "crypt32.dll", "norm_filename": "c:\\windows\\system32\\crypt32.dll", "region_type": "memory_mapped_file", "start_va": 8791760044032, "timestamp": "00:01:04.963", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 823296, "start_va": 8791762206720, "type": "region", "version": 1 }, "end_va": 8791763030015, "entry_point": 8791762206720, "filename": "\\Windows\\System32\\usp10.dll", "id": "region_1787", "name": "usp10.dll", "norm_filename": "c:\\windows\\system32\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 8791762206720, "timestamp": "00:01:04.976", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 335872, "start_va": 8791763058688, "type": "region", "version": 1 }, "end_va": 8791763394559, "entry_point": 8791763058688, "filename": "\\Windows\\System32\\Wldap32.dll", "id": "region_1788", "name": "wldap32.dll", "norm_filename": "c:\\windows\\system32\\wldap32.dll", "region_type": "memory_mapped_file", "start_va": 8791763058688, "timestamp": "00:01:04.981", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1085440, "start_va": 8791763451904, "type": "region", "version": 1 }, "end_va": 8791764537343, "entry_point": 8791763451904, "filename": "\\Windows\\System32\\msctf.dll", "id": "region_1789", "name": "msctf.dll", "norm_filename": "c:\\windows\\system32\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 8791763451904, "timestamp": "00:01:04.994", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 57344, "start_va": 8791764566016, "type": "region", "version": 1 }, "end_va": 8791764623359, "entry_point": 8791764566016, "filename": "\\Windows\\System32\\lpk.dll", "id": "region_1790", "name": "lpk.dll", "norm_filename": "c:\\windows\\system32\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 8791764566016, "timestamp": "00:01:04.999", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 126976, "start_va": 8791765876736, "type": "region", "version": 1 }, "end_va": 8791766003711, "entry_point": 8791765876736, "filename": "\\Windows\\System32\\sechost.dll", "id": "region_1791", "name": "sechost.dll", "norm_filename": "c:\\windows\\system32\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 8791765876736, "timestamp": "00:01:05.004", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 188416, "start_va": 8791766007808, "type": "region", "version": 1 }, "end_va": 8791766196223, "entry_point": 8791766007808, "filename": "\\Windows\\System32\\imm32.dll", "id": "region_1792", "name": "imm32.dll", "norm_filename": "c:\\windows\\system32\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 8791766007808, "timestamp": "00:01:05.009", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 14188544, "start_va": 8791767777280, "type": "region", "version": 1 }, "end_va": 8791781965823, "entry_point": 8791767777280, "filename": "\\Windows\\System32\\shell32.dll", "id": "region_1793", "name": "shell32.dll", "norm_filename": "c:\\windows\\system32\\shell32.dll", "region_type": "memory_mapped_file", "start_va": 8791767777280, "timestamp": "00:01:05.015", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 8791781998592, "type": "region", "version": 1 }, "end_va": 8791782031359, "entry_point": 8791781998592, "filename": "\\Windows\\System32\\nsi.dll", "id": "region_1794", "name": "nsi.dll", "norm_filename": "c:\\windows\\system32\\nsi.dll", "region_type": "memory_mapped_file", "start_va": 8791781998592, "timestamp": "00:01:05.606", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1929216, "start_va": 8791782064128, "type": "region", "version": 1 }, "end_va": 8791783993343, "entry_point": 8791782064128, "filename": "\\Windows\\System32\\setupapi.dll", "id": "region_1795", "name": "setupapi.dll", "norm_filename": "c:\\windows\\system32\\setupapi.dll", "region_type": "memory_mapped_file", "start_va": 8791782064128, "timestamp": "00:01:05.614", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 880640, "start_va": 8791784685568, "type": "region", "version": 1 }, "end_va": 8791785566207, "entry_point": 8791784685568, "filename": "\\Windows\\System32\\oleaut32.dll", "id": "region_1796", "name": "oleaut32.dll", "norm_filename": "c:\\windows\\system32\\oleaut32.dll", "region_type": "memory_mapped_file", "start_va": 8791784685568, "timestamp": "00:01:05.629", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 897024, "start_va": 8791785603072, "type": "region", "version": 1 }, "end_va": 8791786500095, "entry_point": 8791785603072, "filename": "\\Windows\\System32\\advapi32.dll", "id": "region_1797", "name": "advapi32.dll", "norm_filename": "c:\\windows\\system32\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 8791785603072, "timestamp": "00:01:05.638", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1232896, "start_va": 8791786520576, "type": "region", "version": 1 }, "end_va": 8791787753471, "entry_point": 8791786520576, "filename": "\\Windows\\System32\\rpcrt4.dll", "id": "region_1798", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\system32\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 8791786520576, "timestamp": "00:01:05.703", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 626688, "start_va": 8791790256128, "type": "region", "version": 1 }, "end_va": 8791790882815, "entry_point": 8791790256128, "filename": "\\Windows\\System32\\clbcatq.dll", "id": "region_1799", "name": "clbcatq.dll", "norm_filename": "c:\\windows\\system32\\clbcatq.dll", "region_type": "memory_mapped_file", "start_va": 8791790256128, "timestamp": "00:01:05.713", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 651264, "start_va": 8791791435776, "type": "region", "version": 1 }, "end_va": 8791792087039, "entry_point": 8791791435776, "filename": "\\Windows\\System32\\msvcrt.dll", "id": "region_1800", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\system32\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 8791791435776, "timestamp": "00:01:05.719", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2109440, "start_va": 8791792091136, "type": "region", "version": 1 }, "end_va": 8791794200575, "entry_point": 8791792091136, "filename": "\\Windows\\System32\\ole32.dll", "id": "region_1801", "name": "ole32.dll", "norm_filename": "c:\\windows\\system32\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 8791792091136, "timestamp": "00:01:05.731", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 462848, "start_va": 8791794253824, "type": "region", "version": 1 }, "end_va": 8791794716671, "entry_point": 8791794253824, "filename": "\\Windows\\System32\\shlwapi.dll", "id": "region_1802", "name": "shlwapi.dll", "norm_filename": "c:\\windows\\system32\\shlwapi.dll", "region_type": "memory_mapped_file", "start_va": 8791794253824, "timestamp": "00:01:05.984", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 421888, "start_va": 8791794778112, "type": "region", "version": 1 }, "end_va": 8791795199999, "entry_point": 8791794778112, "filename": "\\Windows\\System32\\gdi32.dll", "id": "region_1803", "name": "gdi32.dll", "norm_filename": "c:\\windows\\system32\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 8791794778112, "timestamp": "00:01:06.040", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 315392, "start_va": 8791795236864, "type": "region", "version": 1 }, "end_va": 8791795552255, "entry_point": 8791795236864, "filename": "\\Windows\\System32\\ws2_32.dll", "id": "region_1804", "name": "ws2_32.dll", "norm_filename": "c:\\windows\\system32\\ws2_32.dll", "region_type": "memory_mapped_file", "start_va": 8791795236864, "timestamp": "00:01:06.083", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 8791795761152, "type": "region", "version": 1 }, "end_va": 8791795765247, "entry_point": 8791795761152, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_1805", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 8791795761152, "timestamp": "00:01:06.093", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unknown" ], "info": "No dump was created for an unknown reason", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092571648, "type": "region", "version": 1 }, "end_va": 8796092579839, "entry_point": 0, "filename": null, "id": "region_1806", "name": "private_0x000007fffff92000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092571648, "timestamp": "00:01:06.096", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unknown" ], "info": "No dump was created for an unknown reason", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092588032, "type": "region", "version": 1 }, "end_va": 8796092596223, "entry_point": 0, "filename": null, "id": "region_1807", "name": "private_0x000007fffff96000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092588032, "timestamp": "00:01:06.097", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unknown" ], "info": "No dump was created for an unknown reason", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092596224, "type": "region", "version": 1 }, "end_va": 8796092604415, "entry_point": 0, "filename": null, "id": "region_1808", "name": "private_0x000007fffff98000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092596224, "timestamp": "00:01:06.097", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unknown" ], "info": "No dump was created for an unknown reason", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092604416, "type": "region", "version": 1 }, "end_va": 8796092612607, "entry_point": 0, "filename": null, "id": "region_1809", "name": "private_0x000007fffff9a000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092604416, "timestamp": "00:01:06.097", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unknown" ], "info": "No dump was created for an unknown reason", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092612608, "type": "region", "version": 1 }, "end_va": 8796092620799, "entry_point": 0, "filename": null, "id": "region_1810", "name": "private_0x000007fffff9c000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092612608, "timestamp": "00:01:06.097", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unknown" ], "info": "No dump was created for an unknown reason", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092620800, "type": "region", "version": 1 }, "end_va": 8796092628991, "entry_point": 0, "filename": null, "id": "region_1811", "name": "private_0x000007fffff9e000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092620800, "timestamp": "00:01:06.098", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unknown" ], "info": "No dump was created for an unknown reason", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092628992, "type": "region", "version": 1 }, "end_va": 8796092637183, "entry_point": 0, "filename": null, "id": "region_1812", "name": "private_0x000007fffffa0000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092628992, "timestamp": "00:01:06.098", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unknown" ], "info": "No dump was created for an unknown reason", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092637184, "type": "region", "version": 1 }, "end_va": 8796092645375, "entry_point": 0, "filename": null, "id": "region_1813", "name": "private_0x000007fffffa2000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092637184, "timestamp": "00:01:06.098", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unknown" ], "info": "No dump was created for an unknown reason", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092645376, "type": "region", "version": 1 }, "end_va": 8796092653567, "entry_point": 0, "filename": null, "id": "region_1814", "name": "private_0x000007fffffa4000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092645376, "timestamp": "00:01:06.098", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unknown" ], "info": "No dump was created for an unknown reason", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092653568, "type": "region", "version": 1 }, "end_va": 8796092661759, "entry_point": 0, "filename": null, "id": "region_1815", "name": "private_0x000007fffffa6000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092653568, "timestamp": "00:01:06.098", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unknown" ], "info": "No dump was created for an unknown reason", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092661760, "type": "region", "version": 1 }, "end_va": 8796092669951, "entry_point": 0, "filename": null, "id": "region_1816", "name": "private_0x000007fffffa8000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092661760, "timestamp": "00:01:06.099", "type": "region", "version": 1 } ], "terminate_reason": "timeout", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "C:\\Windows\\system32\\AUDIODG.EXE 0x2e4", "filename": "c:\\windows\\system32\\audiodg.exe", "id": "proc_35", "image_name": "audiodg.exe", "monitor_reason": "child_process", "monitored_id": 35, "origin_monitor_id": 31, "ref_parent_process": { "ref_id": "proc_31", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_4623", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:01:16.725", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 552959, "entry_point": 131072, "filename": "\\Windows\\System32\\locale.nls", "id": "region_4624", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 131072, "timestamp": "00:01:16.725", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 28672, "start_va": 589824, "type": "region", "version": 1 }, "end_va": 618495, "entry_point": 0, "filename": null, "id": "region_4625", "name": "pagefile_0x0000000000090000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 589824, "timestamp": "00:01:16.725", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 655360, "type": "region", "version": 1 }, "end_va": 663551, "entry_point": 0, "filename": null, "id": "region_4626", "name": "pagefile_0x00000000000a0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 655360, "timestamp": "00:01:16.725", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 720896, "type": "region", "version": 1 }, "end_va": 724991, "entry_point": 720896, "filename": "\\Windows\\System32\\en-US\\audiodg.exe.mui", "id": "region_4627", "name": "audiodg.exe.mui", "norm_filename": "c:\\windows\\system32\\en-us\\audiodg.exe.mui", "region_type": "memory_mapped_file", "start_va": 720896, "timestamp": "00:01:16.725", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 786432, "type": "region", "version": 1 }, "end_va": 790527, "entry_point": 0, "filename": null, "id": "region_4628", "name": "private_0x00000000000c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 786432, "timestamp": "00:01:16.730", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 851968, "type": "region", "version": 1 }, "end_va": 856063, "entry_point": 0, "filename": null, "id": "region_4629", "name": "private_0x00000000000d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 851968, "timestamp": "00:01:16.731", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 917504, "type": "region", "version": 1 }, "end_va": 921599, "entry_point": 0, "filename": null, "id": "region_4630", "name": "pagefile_0x00000000000e0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 917504, "timestamp": "00:01:16.731", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 1179648, "type": "region", "version": 1 }, "end_va": 1245183, "entry_point": 0, "filename": null, "id": "region_4631", "name": "private_0x0000000000120000", "norm_filename": null, "region_type": "private_memory", "start_va": 1179648, "timestamp": "00:01:16.731", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 1245184, "type": "region", "version": 1 }, "end_va": 1769471, "entry_point": 0, "filename": null, "id": "region_4632", "name": "private_0x0000000000130000", "norm_filename": null, "region_type": "private_memory", "start_va": 1245184, "timestamp": "00:01:16.731", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 1769472, "type": "region", "version": 1 }, "end_va": 2818047, "entry_point": 0, "filename": null, "id": "region_4633", "name": "private_0x00000000001b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1769472, "timestamp": "00:01:16.731", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 786432, "start_va": 2818048, "type": "region", "version": 1 }, "end_va": 3604479, "entry_point": 0, "filename": null, "id": "region_4634", "name": "pagefile_0x00000000002b0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2818048, "timestamp": "00:01:16.731", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 3670016, "type": "region", "version": 1 }, "end_va": 4718591, "entry_point": 0, "filename": null, "id": "region_4635", "name": "private_0x0000000000380000", "norm_filename": null, "region_type": "private_memory", "start_va": 3670016, "timestamp": "00:01:16.731", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 4718592, "type": "region", "version": 1 }, "end_va": 6324223, "entry_point": 0, "filename": null, "id": "region_4636", "name": "pagefile_0x0000000000480000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 4718592, "timestamp": "00:01:16.731", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 6356992, "type": "region", "version": 1 }, "end_va": 7933951, "entry_point": 0, "filename": null, "id": "region_4637", "name": "pagefile_0x0000000000610000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 6356992, "timestamp": "00:01:16.731", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 8257536, "type": "region", "version": 1 }, "end_va": 8781823, "entry_point": 0, "filename": null, "id": "region_4638", "name": "private_0x00000000007e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 8257536, "timestamp": "00:01:16.731", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 10485760, "type": "region", "version": 1 }, "end_va": 11010047, "entry_point": 0, "filename": null, "id": "region_4639", "name": "private_0x0000000000a00000", "norm_filename": null, "region_type": "private_memory", "start_va": 10485760, "timestamp": "00:01:16.731", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2945024, "start_va": 11010048, "type": "region", "version": 1 }, "end_va": 13955071, "entry_point": 11010048, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_4640", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 11010048, "timestamp": "00:01:16.731", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 14680064, "type": "region", "version": 1 }, "end_va": 15204351, "entry_point": 0, "filename": null, "id": "region_4641", "name": "private_0x0000000000e00000", "norm_filename": null, "region_type": "private_memory", "start_va": 14680064, "timestamp": "00:01:16.731", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 15400960, "type": "region", "version": 1 }, "end_va": 15925247, "entry_point": 0, "filename": null, "id": "region_4642", "name": "private_0x0000000000eb0000", "norm_filename": null, "region_type": "private_memory", "start_va": 15400960, "timestamp": "00:01:16.731", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1024000, "start_va": 2005467136, "type": "region", "version": 1 }, "end_va": 2006491135, "entry_point": 2005574344, "filename": "\\Windows\\System32\\user32.dll", "id": "region_4643", "name": "user32.dll", "norm_filename": "c:\\windows\\system32\\user32.dll", "region_type": "memory_mapped_file", "start_va": 2005467136, "timestamp": "00:01:16.731", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1175552, "start_va": 2006515712, "type": "region", "version": 1 }, "end_va": 2007691263, "entry_point": 2006605472, "filename": "\\Windows\\System32\\kernel32.dll", "id": "region_4644", "name": "kernel32.dll", "norm_filename": "c:\\windows\\system32\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 2006515712, "timestamp": "00:01:16.732", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 2007695360, "type": "region", "version": 1 }, "end_va": 2009436159, "entry_point": 2007695360, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_4645", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2007695360, "timestamp": "00:01:16.733", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2131623935, "entry_point": 0, "filename": null, "id": "region_4646", "name": "pagefile_0x000000007efe0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130575360, "timestamp": "00:01:16.734", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 15728640, "start_va": 2131623936, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_4647", "name": "private_0x000000007f0e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2131623936, "timestamp": "00:01:16.734", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable" ], "ref_process_dump": null, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_4648", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:01:16.734", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 147456, "start_va": 4284678144, "type": "region", "version": 1 }, "end_va": 4284825599, "entry_point": 4284678144, "filename": "\\Windows\\System32\\audiodg.exe", "id": "region_4649", "name": "audiodg.exe", "norm_filename": "c:\\windows\\system32\\audiodg.exe", "region_type": "memory_mapped_file", "start_va": 4284678144, "timestamp": "00:01:16.734", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 307200, "start_va": 8791729963008, "type": "region", "version": 1 }, "end_va": 8791730270207, "entry_point": 8791730024396, "filename": "\\Windows\\System32\\MMDevAPI.dll", "id": "region_4650", "name": "mmdevapi.dll", "norm_filename": "c:\\windows\\system32\\mmdevapi.dll", "region_type": "memory_mapped_file", "start_va": 8791729963008, "timestamp": "00:01:16.746", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1228800, "start_va": 8791734616064, "type": "region", "version": 1 }, "end_va": 8791735844863, "entry_point": 8791734654140, "filename": "\\Windows\\System32\\propsys.dll", "id": "region_4651", "name": "propsys.dll", "norm_filename": "c:\\windows\\system32\\propsys.dll", "region_type": "memory_mapped_file", "start_va": 8791734616064, "timestamp": "00:01:16.746", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 184320, "start_va": 8791741366272, "type": "region", "version": 1 }, "end_va": 8791741550591, "entry_point": 8791741370384, "filename": "\\Windows\\System32\\ntmarta.dll", "id": "region_4652", "name": "ntmarta.dll", "norm_filename": "c:\\windows\\system32\\ntmarta.dll", "region_type": "memory_mapped_file", "start_va": 8791741366272, "timestamp": "00:01:16.747", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 290816, "start_va": 8791747657728, "type": "region", "version": 1 }, "end_va": 8791747948543, "entry_point": 8791747661924, "filename": "\\Windows\\System32\\rsaenh.dll", "id": "region_4653", "name": "rsaenh.dll", "norm_filename": "c:\\windows\\system32\\rsaenh.dll", "region_type": "memory_mapped_file", "start_va": 8791747657728, "timestamp": "00:01:16.748", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 94208, "start_va": 8791750803456, "type": "region", "version": 1 }, "end_va": 8791750897663, "entry_point": 8791750816440, "filename": "\\Windows\\System32\\cryptsp.dll", "id": "region_4654", "name": "cryptsp.dll", "norm_filename": "c:\\windows\\system32\\cryptsp.dll", "region_type": "memory_mapped_file", "start_va": 8791750803456, "timestamp": "00:01:16.748", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 61440, "start_va": 8791757094912, "type": "region", "version": 1 }, "end_va": 8791757156351, "entry_point": 8791757099024, "filename": "\\Windows\\System32\\cryptbase.dll", "id": "region_4655", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\system32\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 8791757094912, "timestamp": "00:01:16.749", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 81920, "start_va": 8791758077952, "type": "region", "version": 1 }, "end_va": 8791758159871, "entry_point": 8791758082272, "filename": "\\Windows\\System32\\RpcRtRemote.dll", "id": "region_4656", "name": "rpcrtremote.dll", "norm_filename": "c:\\windows\\system32\\rpcrtremote.dll", "region_type": "memory_mapped_file", "start_va": 8791758077952, "timestamp": "00:01:16.750", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 438272, "start_va": 8791759060992, "type": "region", "version": 1 }, "end_va": 8791759499263, "entry_point": 8791759073504, "filename": "\\Windows\\System32\\KernelBase.dll", "id": "region_4657", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\system32\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 8791759060992, "timestamp": "00:01:16.750", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 823296, "start_va": 8791762206720, "type": "region", "version": 1 }, "end_va": 8791763030015, "entry_point": 8791762708596, "filename": "\\Windows\\System32\\usp10.dll", "id": "region_4658", "name": "usp10.dll", "norm_filename": "c:\\windows\\system32\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 8791762206720, "timestamp": "00:01:16.751", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 335872, "start_va": 8791763058688, "type": "region", "version": 1 }, "end_va": 8791763394559, "entry_point": 8791763062996, "filename": "\\Windows\\System32\\Wldap32.dll", "id": "region_4659", "name": "wldap32.dll", "norm_filename": "c:\\windows\\system32\\wldap32.dll", "region_type": "memory_mapped_file", "start_va": 8791763058688, "timestamp": "00:01:16.751", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1085440, "start_va": 8791763451904, "type": "region", "version": 1 }, "end_va": 8791764537343, "entry_point": 8791763456100, "filename": "\\Windows\\System32\\msctf.dll", "id": "region_4660", "name": "msctf.dll", "norm_filename": "c:\\windows\\system32\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 8791763451904, "timestamp": "00:01:16.752", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 57344, "start_va": 8791764566016, "type": "region", "version": 1 }, "end_va": 8791764623359, "entry_point": 8791764570240, "filename": "\\Windows\\System32\\lpk.dll", "id": "region_4661", "name": "lpk.dll", "norm_filename": "c:\\windows\\system32\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 8791764566016, "timestamp": "00:01:16.753", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 126976, "start_va": 8791765876736, "type": "region", "version": 1 }, "end_va": 8791766003711, "entry_point": 8791765901544, "filename": "\\Windows\\System32\\sechost.dll", "id": "region_4662", "name": "sechost.dll", "norm_filename": "c:\\windows\\system32\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 8791765876736, "timestamp": "00:01:16.754", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 188416, "start_va": 8791766007808, "type": "region", "version": 1 }, "end_va": 8791766196223, "entry_point": 8791766011920, "filename": "\\Windows\\System32\\imm32.dll", "id": "region_4663", "name": "imm32.dll", "norm_filename": "c:\\windows\\system32\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 8791766007808, "timestamp": "00:01:16.754", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 880640, "start_va": 8791784685568, "type": "region", "version": 1 }, "end_va": 8791785566207, "entry_point": 8791784698484, "filename": "\\Windows\\System32\\oleaut32.dll", "id": "region_4664", "name": "oleaut32.dll", "norm_filename": "c:\\windows\\system32\\oleaut32.dll", "region_type": "memory_mapped_file", "start_va": 8791784685568, "timestamp": "00:01:16.755", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 897024, "start_va": 8791785603072, "type": "region", "version": 1 }, "end_va": 8791786500095, "entry_point": 8791785736032, "filename": "\\Windows\\System32\\advapi32.dll", "id": "region_4665", "name": "advapi32.dll", "norm_filename": "c:\\windows\\system32\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 8791785603072, "timestamp": "00:01:16.755", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1232896, "start_va": 8791786520576, "type": "region", "version": 1 }, "end_va": 8791787753471, "entry_point": 8791786843472, "filename": "\\Windows\\System32\\rpcrt4.dll", "id": "region_4666", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\system32\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 8791786520576, "timestamp": "00:01:16.756", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 626688, "start_va": 8791790256128, "type": "region", "version": 1 }, "end_va": 8791790882815, "entry_point": 8791790263312, "filename": "\\Windows\\System32\\clbcatq.dll", "id": "region_4667", "name": "clbcatq.dll", "norm_filename": "c:\\windows\\system32\\clbcatq.dll", "region_type": "memory_mapped_file", "start_va": 8791790256128, "timestamp": "00:01:16.756", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 651264, "start_va": 8791791435776, "type": "region", "version": 1 }, "end_va": 8791792087039, "entry_point": 8791791445408, "filename": "\\Windows\\System32\\msvcrt.dll", "id": "region_4668", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\system32\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 8791791435776, "timestamp": "00:01:16.757", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2109440, "start_va": 8791792091136, "type": "region", "version": 1 }, "end_va": 8791794200575, "entry_point": 8791792235312, "filename": "\\Windows\\System32\\ole32.dll", "id": "region_4669", "name": "ole32.dll", "norm_filename": "c:\\windows\\system32\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 8791792091136, "timestamp": "00:01:16.758", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 421888, "start_va": 8791794778112, "type": "region", "version": 1 }, "end_va": 8791795199999, "entry_point": 8791794823228, "filename": "\\Windows\\System32\\gdi32.dll", "id": "region_4670", "name": "gdi32.dll", "norm_filename": "c:\\windows\\system32\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 8791794778112, "timestamp": "00:01:16.760", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 8791795761152, "type": "region", "version": 1 }, "end_va": 8791795765247, "entry_point": 8791795761152, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_4671", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 8791795761152, "timestamp": "00:01:16.761", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 8796092694528, "type": "region", "version": 1 }, "end_va": 8796092837887, "entry_point": 0, "filename": null, "id": "region_4672", "name": "pagefile_0x000007fffffb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 8796092694528, "timestamp": "00:01:16.764", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092841984, "type": "region", "version": 1 }, "end_va": 8796092850175, "entry_point": 0, "filename": null, "id": "region_4673", "name": "private_0x000007fffffd4000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092841984, "timestamp": "00:01:16.764", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092850176, "type": "region", "version": 1 }, "end_va": 8796092858367, "entry_point": 0, "filename": null, "id": "region_4674", "name": "private_0x000007fffffd6000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092850176, "timestamp": "00:01:16.764", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 8796092858368, "type": "region", "version": 1 }, "end_va": 8796092862463, "entry_point": 0, "filename": null, "id": "region_4675", "name": "private_0x000007fffffd8000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092858368, "timestamp": "00:01:16.764", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092866560, "type": "region", "version": 1 }, "end_va": 8796092874751, "entry_point": 0, "filename": null, "id": "region_4676", "name": "private_0x000007fffffda000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092866560, "timestamp": "00:01:16.764", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092874752, "type": "region", "version": 1 }, "end_va": 8796092882943, "entry_point": 0, "filename": null, "id": "region_4677", "name": "private_0x000007fffffdc000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092874752, "timestamp": "00:01:16.764", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092882944, "type": "region", "version": 1 }, "end_va": 8796092891135, "entry_point": 0, "filename": null, "id": "region_4678", "name": "private_0x000007fffffde000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092882944, "timestamp": "00:01:16.764", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 323584, "start_va": 8791727603712, "type": "region", "version": 1 }, "end_va": 8791727927295, "entry_point": 8791727613796, "filename": "\\Windows\\System32\\AudioSes.dll", "id": "region_4881", "name": "audioses.dll", "norm_filename": "c:\\windows\\system32\\audioses.dll", "region_type": "memory_mapped_file", "start_va": 8791727603712, "timestamp": "00:01:18.245", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 983040, "type": "region", "version": 1 }, "end_va": 991231, "entry_point": 0, "filename": null, "id": "region_4882", "name": "private_0x00000000000f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 983040, "timestamp": "00:01:18.247", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4206592, "start_va": 15925248, "type": "region", "version": 1 }, "end_va": 20131839, "entry_point": 0, "filename": null, "id": "region_4883", "name": "private_0x0000000000f30000", "norm_filename": null, "region_type": "private_memory", "start_va": 15925248, "timestamp": "00:01:18.247", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 1048576, "type": "region", "version": 1 }, "end_va": 1052671, "entry_point": 0, "filename": null, "id": "region_4898", "name": "pagefile_0x0000000000100000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1048576, "timestamp": "00:01:18.319", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 462848, "start_va": 8791653613568, "type": "region", "version": 1 }, "end_va": 8791654076415, "entry_point": 8791653613568, "filename": "\\Windows\\System32\\AudioEng.dll", "id": "region_4899", "name": "audioeng.dll", "norm_filename": "c:\\windows\\system32\\audioeng.dll", "region_type": "memory_mapped_file", "start_va": 8791653613568, "timestamp": "00:01:18.326", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 36864, "start_va": 8791723016192, "type": "region", "version": 1 }, "end_va": 8791723053055, "entry_point": 8791723020304, "filename": "\\Windows\\System32\\avrt.dll", "id": "region_4900", "name": "avrt.dll", "norm_filename": "c:\\windows\\system32\\avrt.dll", "region_type": "memory_mapped_file", "start_va": 8791723016192, "timestamp": "00:01:18.360", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 1114112, "type": "region", "version": 1 }, "end_va": 1122303, "entry_point": 0, "filename": null, "id": "region_4918", "name": "private_0x0000000000110000", "norm_filename": null, "region_type": "private_memory", "start_va": 1114112, "timestamp": "00:01:18.501", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4206592, "start_va": 20185088, "type": "region", "version": 1 }, "end_va": 24391679, "entry_point": 0, "filename": null, "id": "region_4919", "name": "private_0x0000000001340000", "norm_filename": null, "region_type": "private_memory", "start_va": 20185088, "timestamp": "00:01:18.501", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1929216, "start_va": 8791782064128, "type": "region", "version": 1 }, "end_va": 8791783993343, "entry_point": 8791782068240, "filename": "\\Windows\\System32\\setupapi.dll", "id": "region_4920", "name": "setupapi.dll", "norm_filename": "c:\\windows\\system32\\setupapi.dll", "region_type": "memory_mapped_file", "start_va": 8791782064128, "timestamp": "00:01:18.513", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 221184, "start_va": 8791759519744, "type": "region", "version": 1 }, "end_va": 8791759740927, "entry_point": 8791759524980, "filename": "\\Windows\\System32\\cfgmgr32.dll", "id": "region_4921", "name": "cfgmgr32.dll", "norm_filename": "c:\\windows\\system32\\cfgmgr32.dll", "region_type": "memory_mapped_file", "start_va": 8791759519744, "timestamp": "00:01:18.529", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 106496, "start_va": 8791758929920, "type": "region", "version": 1 }, "end_va": 8791759036415, "entry_point": 8791758935384, "filename": "\\Windows\\System32\\devobj.dll", "id": "region_4922", "name": "devobj.dll", "norm_filename": "c:\\windows\\system32\\devobj.dll", "region_type": "memory_mapped_file", "start_va": 8791758929920, "timestamp": "00:01:18.531", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4141056, "start_va": 24444928, "type": "region", "version": 1 }, "end_va": 28585983, "entry_point": 0, "filename": null, "id": "region_4923", "name": "pagefile_0x0000000001750000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 24444928, "timestamp": "00:01:18.536", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 524288, "start_va": 8791653089280, "type": "region", "version": 1 }, "end_va": 8791653613567, "entry_point": 8791653089280, "filename": "\\Windows\\System32\\AUDIOKSE.dll", "id": "region_4924", "name": "audiokse.dll", "norm_filename": "c:\\windows\\system32\\audiokse.dll", "region_type": "memory_mapped_file", "start_va": 8791653089280, "timestamp": "00:01:18.542", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1470464, "start_va": 8791760044032, "type": "region", "version": 1 }, "end_va": 8791761514495, "entry_point": 8791760048320, "filename": "\\Windows\\System32\\crypt32.dll", "id": "region_4940", "name": "crypt32.dll", "norm_filename": "c:\\windows\\system32\\crypt32.dll", "region_type": "memory_mapped_file", "start_va": 8791760044032, "timestamp": "00:01:18.713", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 61440, "start_va": 8791758864384, "type": "region", "version": 1 }, "end_va": 8791758925823, "entry_point": 8791758868512, "filename": "\\Windows\\System32\\msasn1.dll", "id": "region_4941", "name": "msasn1.dll", "norm_filename": "c:\\windows\\system32\\msasn1.dll", "region_type": "memory_mapped_file", "start_va": 8791758864384, "timestamp": "00:01:18.716", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 237568, "start_va": 8791759781888, "type": "region", "version": 1 }, "end_va": 8791760019455, "entry_point": 8791759786784, "filename": "\\Windows\\System32\\wintrust.dll", "id": "region_4942", "name": "wintrust.dll", "norm_filename": "c:\\windows\\system32\\wintrust.dll", "region_type": "memory_mapped_file", "start_va": 8791759781888, "timestamp": "00:01:18.718", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 24576, "start_va": 1938554880, "type": "region", "version": 1 }, "end_va": 1938579455, "entry_point": 1938558992, "filename": "\\Windows\\System32\\ksuser.dll", "id": "region_4943", "name": "ksuser.dll", "norm_filename": "c:\\windows\\system32\\ksuser.dll", "region_type": "memory_mapped_file", "start_va": 1938554880, "timestamp": "00:01:18.720", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 3604480, "type": "region", "version": 1 }, "end_va": 3612671, "entry_point": 0, "filename": null, "id": "region_4944", "name": "private_0x0000000000370000", "norm_filename": null, "region_type": "private_memory", "start_va": 3604480, "timestamp": "00:01:18.771", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4206592, "start_va": 28639232, "type": "region", "version": 1 }, "end_va": 32845823, "entry_point": 0, "filename": null, "id": "region_4945", "name": "private_0x0000000001b50000", "norm_filename": null, "region_type": "private_memory", "start_va": 28639232, "timestamp": "00:01:18.772", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 462848, "start_va": 8791794253824, "type": "region", "version": 1 }, "end_va": 8791794716671, "entry_point": 8791794327072, "filename": "\\Windows\\System32\\shlwapi.dll", "id": "region_4972", "name": "shlwapi.dll", "norm_filename": "c:\\windows\\system32\\shlwapi.dll", "region_type": "memory_mapped_file", "start_va": 8791794253824, "timestamp": "00:01:18.891", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 7995392, "type": "region", "version": 1 }, "end_va": 7999487, "entry_point": 0, "filename": null, "id": "region_5031", "name": "private_0x00000000007a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 7995392, "timestamp": "00:01:19.199", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 8060928, "type": "region", "version": 1 }, "end_va": 8065023, "entry_point": 0, "filename": null, "id": "region_5032", "name": "private_0x00000000007b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 8060928, "timestamp": "00:01:19.200", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8126464, "type": "region", "version": 1 }, "end_va": 8134655, "entry_point": 0, "filename": null, "id": "region_5033", "name": "private_0x00000000007c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 8126464, "timestamp": "00:01:19.226", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 8192000, "type": "region", "version": 1 }, "end_va": 8196095, "entry_point": 0, "filename": null, "id": "region_5034", "name": "private_0x00000000007d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 8192000, "timestamp": "00:01:19.226", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8781824, "type": "region", "version": 1 }, "end_va": 8790015, "entry_point": 0, "filename": null, "id": "region_5035", "name": "private_0x0000000000860000", "norm_filename": null, "region_type": "private_memory", "start_va": 8781824, "timestamp": "00:01:19.226", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 270336, "start_va": 8847360, "type": "region", "version": 1 }, "end_va": 9117695, "entry_point": 0, "filename": null, "id": "region_5036", "name": "private_0x0000000000870000", "norm_filename": null, "region_type": "private_memory", "start_va": 8847360, "timestamp": "00:01:19.226", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1605632, "start_va": 8791651385344, "type": "region", "version": 1 }, "end_va": 8791652990975, "entry_point": 8791651385344, "filename": "\\Windows\\System32\\WMALFXGFXDSP.dll", "id": "region_5037", "name": "wmalfxgfxdsp.dll", "norm_filename": "c:\\windows\\system32\\wmalfxgfxdsp.dll", "region_type": "memory_mapped_file", "start_va": 8791651385344, "timestamp": "00:01:19.255", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 442368, "start_va": 8791650140160, "type": "region", "version": 1 }, "end_va": 8791650582527, "entry_point": 8791650140160, "filename": "\\Windows\\System32\\mfplat.dll", "id": "region_5063", "name": "mfplat.dll", "norm_filename": "c:\\windows\\system32\\mfplat.dll", "region_type": "memory_mapped_file", "start_va": 8791650140160, "timestamp": "00:01:19.456", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 315392, "start_va": 8791795236864, "type": "region", "version": 1 }, "end_va": 8791795552255, "entry_point": 8791795241072, "filename": "\\Windows\\System32\\ws2_32.dll", "id": "region_5064", "name": "ws2_32.dll", "norm_filename": "c:\\windows\\system32\\ws2_32.dll", "region_type": "memory_mapped_file", "start_va": 8791795236864, "timestamp": "00:01:19.487", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 8791781998592, "type": "region", "version": 1 }, "end_va": 8791782031359, "entry_point": 8791782003972, "filename": "\\Windows\\System32\\nsi.dll", "id": "region_5065", "name": "nsi.dll", "norm_filename": "c:\\windows\\system32\\nsi.dll", "region_type": "memory_mapped_file", "start_va": 8791781998592, "timestamp": "00:01:19.489", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 33095680, "type": "region", "version": 1 }, "end_va": 33619967, "entry_point": 0, "filename": null, "id": "region_5097", "name": "private_0x0000000001f90000", "norm_filename": null, "region_type": "private_memory", "start_va": 33095680, "timestamp": "00:01:19.816", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092686336, "type": "region", "version": 1 }, "end_va": 8796092694527, "entry_point": 0, "filename": null, "id": "region_5098", "name": "private_0x000007fffffae000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092686336, "timestamp": "00:01:19.816", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 14024704, "type": "region", "version": 1 }, "end_va": 14548991, "entry_point": 0, "filename": null, "id": "region_5150", "name": "private_0x0000000000d60000", "norm_filename": null, "region_type": "private_memory", "start_va": 14024704, "timestamp": "00:01:20.467", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 9175040, "type": "region", "version": 1 }, "end_va": 9183231, "entry_point": 0, "filename": null, "id": "region_5191", "name": "private_0x00000000008c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 9175040, "timestamp": "00:01:21.160", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 9830400, "type": "region", "version": 1 }, "end_va": 10354687, "entry_point": 0, "filename": null, "id": "region_5192", "name": "private_0x0000000000960000", "norm_filename": null, "region_type": "private_memory", "start_va": 9830400, "timestamp": "00:01:21.160", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092678144, "type": "region", "version": 1 }, "end_va": 8796092686335, "entry_point": 0, "filename": null, "id": "region_5194", "name": "private_0x000007fffffac000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092678144, "timestamp": "00:01:21.160", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 40960, "start_va": 9240576, "type": "region", "version": 1 }, "end_va": 9281535, "entry_point": 0, "filename": null, "id": "region_5195", "name": "private_0x00000000008d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 9240576, "timestamp": "00:01:21.160", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 34865152, "type": "region", "version": 1 }, "end_va": 35389439, "entry_point": 0, "filename": null, "id": "region_5199", "name": "private_0x0000000002140000", "norm_filename": null, "region_type": "private_memory", "start_va": 34865152, "timestamp": "00:01:21.307", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092669952, "type": "region", "version": 1 }, "end_va": 8796092678143, "entry_point": 0, "filename": null, "id": "region_5200", "name": "private_0x000007fffffaa000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092669952, "timestamp": "00:01:21.307", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 9306112, "type": "region", "version": 1 }, "end_va": 9310207, "entry_point": 0, "filename": null, "id": "region_5201", "name": "private_0x00000000008e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 9306112, "timestamp": "00:01:21.309", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 9371648, "type": "region", "version": 1 }, "end_va": 9379839, "entry_point": 0, "filename": null, "id": "region_5202", "name": "pagefile_0x00000000008f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 9371648, "timestamp": "00:01:21.310", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 35913728, "type": "region", "version": 1 }, "end_va": 36438015, "entry_point": 0, "filename": null, "id": "region_5203", "name": "private_0x0000000002240000", "norm_filename": null, "region_type": "private_memory", "start_va": 35913728, "timestamp": "00:01:21.359", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092661760, "type": "region", "version": 1 }, "end_va": 8796092669951, "entry_point": 0, "filename": null, "id": "region_5204", "name": "private_0x000007fffffa8000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092661760, "timestamp": "00:01:21.359", "type": "region", "version": 1 } ], "terminate_reason": "timeout", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "C:\\Windows\\system32\\svchost.exe -k LocalService", "filename": "c:\\windows\\system32\\svchost.exe", "id": "proc_36", "image_name": "svchost.exe", "monitor_reason": "child_process", "monitored_id": 36, "origin_monitor_id": 26, "ref_parent_process": { "ref_id": "proc_26", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_2557", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:01:08.635", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 28672, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 159743, "entry_point": 0, "filename": null, "id": "region_2558", "name": "pagefile_0x0000000000020000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 131072, "timestamp": "00:01:08.635", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 212991, "entry_point": 0, "filename": null, "id": "region_2559", "name": "pagefile_0x0000000000030000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 196608, "timestamp": "00:01:08.635", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 266239, "entry_point": 0, "filename": null, "id": "region_2560", "name": "pagefile_0x0000000000040000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 262144, "timestamp": "00:01:08.635", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 327680, "type": "region", "version": 1 }, "end_va": 749567, "entry_point": 327680, "filename": "\\Windows\\System32\\locale.nls", "id": "region_2561", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 327680, "timestamp": "00:01:08.635", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 786432, "type": "region", "version": 1 }, "end_va": 794623, "entry_point": 0, "filename": null, "id": "region_2562", "name": "pagefile_0x00000000000c0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 786432, "timestamp": "00:01:08.635", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 851968, "type": "region", "version": 1 }, "end_va": 1376255, "entry_point": 0, "filename": null, "id": "region_2563", "name": "private_0x00000000000d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 851968, "timestamp": "00:01:08.635", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 1376256, "type": "region", "version": 1 }, "end_va": 2424831, "entry_point": 0, "filename": null, "id": "region_2564", "name": "private_0x0000000000150000", "norm_filename": null, "region_type": "private_memory", "start_va": 1376256, "timestamp": "00:01:08.635", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2424832, "type": "region", "version": 1 }, "end_va": 2428927, "entry_point": 0, "filename": null, "id": "region_2565", "name": "private_0x0000000000250000", "norm_filename": null, "region_type": "private_memory", "start_va": 2424832, "timestamp": "00:01:08.635", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 2490368, "type": "region", "version": 1 }, "end_va": 2555903, "entry_point": 0, "filename": null, "id": "region_2566", "name": "private_0x0000000000260000", "norm_filename": null, "region_type": "private_memory", "start_va": 2490368, "timestamp": "00:01:08.635", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2555904, "type": "region", "version": 1 }, "end_va": 2559999, "entry_point": 0, "filename": null, "id": "region_2567", "name": "private_0x0000000000270000", "norm_filename": null, "region_type": "private_memory", "start_va": 2555904, "timestamp": "00:01:08.635", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 2621440, "type": "region", "version": 1 }, "end_va": 2625535, "entry_point": 0, "filename": null, "id": "region_2568", "name": "pagefile_0x0000000000280000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2621440, "timestamp": "00:01:08.635", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 3145728, "type": "region", "version": 1 }, "end_va": 4194303, "entry_point": 0, "filename": null, "id": "region_2569", "name": "private_0x0000000000300000", "norm_filename": null, "region_type": "private_memory", "start_va": 3145728, "timestamp": "00:01:08.635", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 4194304, "type": "region", "version": 1 }, "end_va": 5799935, "entry_point": 0, "filename": null, "id": "region_2570", "name": "pagefile_0x0000000000400000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 4194304, "timestamp": "00:01:08.635", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 5832704, "type": "region", "version": 1 }, "end_va": 7409663, "entry_point": 0, "filename": null, "id": "region_2571", "name": "pagefile_0x0000000000590000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 5832704, "timestamp": "00:01:08.635", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 786432, "start_va": 7471104, "type": "region", "version": 1 }, "end_va": 8257535, "entry_point": 0, "filename": null, "id": "region_2572", "name": "pagefile_0x0000000000720000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 7471104, "timestamp": "00:01:08.636", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4141056, "start_va": 8257536, "type": "region", "version": 1 }, "end_va": 12398591, "entry_point": 0, "filename": null, "id": "region_2573", "name": "pagefile_0x00000000007e0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 8257536, "timestamp": "00:01:08.636", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 12517376, "type": "region", "version": 1 }, "end_va": 13041663, "entry_point": 0, "filename": null, "id": "region_2574", "name": "private_0x0000000000bf0000", "norm_filename": null, "region_type": "private_memory", "start_va": 12517376, "timestamp": "00:01:08.636", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 13631488, "type": "region", "version": 1 }, "end_va": 14155775, "entry_point": 0, "filename": null, "id": "region_2575", "name": "private_0x0000000000d00000", "norm_filename": null, "region_type": "private_memory", "start_va": 13631488, "timestamp": "00:01:08.636", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 14155776, "type": "region", "version": 1 }, "end_va": 15204351, "entry_point": 0, "filename": null, "id": "region_2576", "name": "private_0x0000000000d80000", "norm_filename": null, "region_type": "private_memory", "start_va": 14155776, "timestamp": "00:01:08.636", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 15925248, "type": "region", "version": 1 }, "end_va": 16449535, "entry_point": 0, "filename": null, "id": "region_2577", "name": "private_0x0000000000f30000", "norm_filename": null, "region_type": "private_memory", "start_va": 15925248, "timestamp": "00:01:08.636", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2945024, "start_va": 17170432, "type": "region", "version": 1 }, "end_va": 20115455, "entry_point": 17170432, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_2578", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 17170432, "timestamp": "00:01:08.636", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 20185088, "type": "region", "version": 1 }, "end_va": 20709375, "entry_point": 0, "filename": null, "id": "region_2579", "name": "private_0x0000000001340000", "norm_filename": null, "region_type": "private_memory", "start_va": 20185088, "timestamp": "00:01:08.636", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 21233664, "type": "region", "version": 1 }, "end_va": 21757951, "entry_point": 0, "filename": null, "id": "region_2580", "name": "private_0x0000000001440000", "norm_filename": null, "region_type": "private_memory", "start_va": 21233664, "timestamp": "00:01:08.636", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1024000, "start_va": 2005467136, "type": "region", "version": 1 }, "end_va": 2006491135, "entry_point": 2005574344, "filename": "\\Windows\\System32\\user32.dll", "id": "region_2581", "name": "user32.dll", "norm_filename": "c:\\windows\\system32\\user32.dll", "region_type": "memory_mapped_file", "start_va": 2005467136, "timestamp": "00:01:08.636", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1175552, "start_va": 2006515712, "type": "region", "version": 1 }, "end_va": 2007691263, "entry_point": 2006605472, "filename": "\\Windows\\System32\\kernel32.dll", "id": "region_2582", "name": "kernel32.dll", "norm_filename": "c:\\windows\\system32\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 2006515712, "timestamp": "00:01:08.637", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 2007695360, "type": "region", "version": 1 }, "end_va": 2009436159, "entry_point": 2007695360, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_2583", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2007695360, "timestamp": "00:01:08.637", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2131623935, "entry_point": 0, "filename": null, "id": "region_2584", "name": "pagefile_0x000000007efe0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130575360, "timestamp": "00:01:08.638", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 15728640, "start_va": 2131623936, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_2585", "name": "private_0x000000007f0e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2131623936, "timestamp": "00:01:08.638", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable" ], "ref_process_dump": null, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_2586", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:01:08.638", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 45056, "start_va": 4282056704, "type": "region", "version": 1 }, "end_va": 4282101759, "entry_point": 4282066028, "filename": "\\Windows\\System32\\svchost.exe", "id": "region_2587", "name": "svchost.exe", "norm_filename": "c:\\windows\\system32\\svchost.exe", "region_type": "memory_mapped_file", "start_va": 4282056704, "timestamp": "00:01:08.638", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 8791717773312, "type": "region", "version": 1 }, "end_va": 8791717814271, "entry_point": 8791717773312, "filename": "\\Windows\\System32\\nsisvc.dll", "id": "region_2588", "name": "nsisvc.dll", "norm_filename": "c:\\windows\\system32\\nsisvc.dll", "region_type": "memory_mapped_file", "start_va": 8791717773312, "timestamp": "00:01:08.639", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 421888, "start_va": 8791718428672, "type": "region", "version": 1 }, "end_va": 8791718850559, "entry_point": 8791718518880, "filename": "\\Windows\\System32\\es.dll", "id": "region_2589", "name": "es.dll", "norm_filename": "c:\\windows\\system32\\es.dll", "region_type": "memory_mapped_file", "start_va": 8791718428672, "timestamp": "00:01:08.646", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 290816, "start_va": 8791747657728, "type": "region", "version": 1 }, "end_va": 8791747948543, "entry_point": 8791747661924, "filename": "\\Windows\\System32\\rsaenh.dll", "id": "region_2590", "name": "rsaenh.dll", "norm_filename": "c:\\windows\\system32\\rsaenh.dll", "region_type": "memory_mapped_file", "start_va": 8791747657728, "timestamp": "00:01:08.647", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 94208, "start_va": 8791750803456, "type": "region", "version": 1 }, "end_va": 8791750897663, "entry_point": 8791750816440, "filename": "\\Windows\\System32\\cryptsp.dll", "id": "region_2591", "name": "cryptsp.dll", "norm_filename": "c:\\windows\\system32\\cryptsp.dll", "region_type": "memory_mapped_file", "start_va": 8791750803456, "timestamp": "00:01:08.647", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 61440, "start_va": 8791757094912, "type": "region", "version": 1 }, "end_va": 8791757156351, "entry_point": 8791757099024, "filename": "\\Windows\\System32\\cryptbase.dll", "id": "region_2592", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\system32\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 8791757094912, "timestamp": "00:01:08.648", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 81920, "start_va": 8791758077952, "type": "region", "version": 1 }, "end_va": 8791758159871, "entry_point": 8791758082272, "filename": "\\Windows\\System32\\RpcRtRemote.dll", "id": "region_2593", "name": "rpcrtremote.dll", "norm_filename": "c:\\windows\\system32\\rpcrtremote.dll", "region_type": "memory_mapped_file", "start_va": 8791758077952, "timestamp": "00:01:08.648", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 438272, "start_va": 8791759060992, "type": "region", "version": 1 }, "end_va": 8791759499263, "entry_point": 8791759073504, "filename": "\\Windows\\System32\\KernelBase.dll", "id": "region_2594", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\system32\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 8791759060992, "timestamp": "00:01:08.649", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 823296, "start_va": 8791762206720, "type": "region", "version": 1 }, "end_va": 8791763030015, "entry_point": 8791762708596, "filename": "\\Windows\\System32\\usp10.dll", "id": "region_2595", "name": "usp10.dll", "norm_filename": "c:\\windows\\system32\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 8791762206720, "timestamp": "00:01:08.649", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1085440, "start_va": 8791763451904, "type": "region", "version": 1 }, "end_va": 8791764537343, "entry_point": 8791763456100, "filename": "\\Windows\\System32\\msctf.dll", "id": "region_2596", "name": "msctf.dll", "norm_filename": "c:\\windows\\system32\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 8791763451904, "timestamp": "00:01:08.650", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 57344, "start_va": 8791764566016, "type": "region", "version": 1 }, "end_va": 8791764623359, "entry_point": 8791764570240, "filename": "\\Windows\\System32\\lpk.dll", "id": "region_2597", "name": "lpk.dll", "norm_filename": "c:\\windows\\system32\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 8791764566016, "timestamp": "00:01:08.650", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 126976, "start_va": 8791765876736, "type": "region", "version": 1 }, "end_va": 8791766003711, "entry_point": 8791765901544, "filename": "\\Windows\\System32\\sechost.dll", "id": "region_2598", "name": "sechost.dll", "norm_filename": "c:\\windows\\system32\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 8791765876736, "timestamp": "00:01:08.651", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 188416, "start_va": 8791766007808, "type": "region", "version": 1 }, "end_va": 8791766196223, "entry_point": 8791766011920, "filename": "\\Windows\\System32\\imm32.dll", "id": "region_2599", "name": "imm32.dll", "norm_filename": "c:\\windows\\system32\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 8791766007808, "timestamp": "00:01:08.651", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 8791781998592, "type": "region", "version": 1 }, "end_va": 8791782031359, "entry_point": 8791782003972, "filename": "\\Windows\\System32\\nsi.dll", "id": "region_2600", "name": "nsi.dll", "norm_filename": "c:\\windows\\system32\\nsi.dll", "region_type": "memory_mapped_file", "start_va": 8791781998592, "timestamp": "00:01:08.652", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 880640, "start_va": 8791784685568, "type": "region", "version": 1 }, "end_va": 8791785566207, "entry_point": 8791784698484, "filename": "\\Windows\\System32\\oleaut32.dll", "id": "region_2601", "name": "oleaut32.dll", "norm_filename": "c:\\windows\\system32\\oleaut32.dll", "region_type": "memory_mapped_file", "start_va": 8791784685568, "timestamp": "00:01:08.652", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 897024, "start_va": 8791785603072, "type": "region", "version": 1 }, "end_va": 8791786500095, "entry_point": 8791785736032, "filename": "\\Windows\\System32\\advapi32.dll", "id": "region_2602", "name": "advapi32.dll", "norm_filename": "c:\\windows\\system32\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 8791785603072, "timestamp": "00:01:08.653", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1232896, "start_va": 8791786520576, "type": "region", "version": 1 }, "end_va": 8791787753471, "entry_point": 8791786843472, "filename": "\\Windows\\System32\\rpcrt4.dll", "id": "region_2603", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\system32\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 8791786520576, "timestamp": "00:01:08.653", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 626688, "start_va": 8791790256128, "type": "region", "version": 1 }, "end_va": 8791790882815, "entry_point": 8791790263312, "filename": "\\Windows\\System32\\clbcatq.dll", "id": "region_2604", "name": "clbcatq.dll", "norm_filename": "c:\\windows\\system32\\clbcatq.dll", "region_type": "memory_mapped_file", "start_va": 8791790256128, "timestamp": "00:01:08.654", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 651264, "start_va": 8791791435776, "type": "region", "version": 1 }, "end_va": 8791792087039, "entry_point": 8791791445408, "filename": "\\Windows\\System32\\msvcrt.dll", "id": "region_2605", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\system32\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 8791791435776, "timestamp": "00:01:08.654", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2109440, "start_va": 8791792091136, "type": "region", "version": 1 }, "end_va": 8791794200575, "entry_point": 8791792235312, "filename": "\\Windows\\System32\\ole32.dll", "id": "region_2606", "name": "ole32.dll", "norm_filename": "c:\\windows\\system32\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 8791792091136, "timestamp": "00:01:08.655", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 421888, "start_va": 8791794778112, "type": "region", "version": 1 }, "end_va": 8791795199999, "entry_point": 8791794823228, "filename": "\\Windows\\System32\\gdi32.dll", "id": "region_2607", "name": "gdi32.dll", "norm_filename": "c:\\windows\\system32\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 8791794778112, "timestamp": "00:01:08.655", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 8791795761152, "type": "region", "version": 1 }, "end_va": 8791795765247, "entry_point": 8791795761152, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_2608", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 8791795761152, "timestamp": "00:01:08.656", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092686336, "type": "region", "version": 1 }, "end_va": 8796092694527, "entry_point": 0, "filename": null, "id": "region_2609", "name": "private_0x000007fffffae000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092686336, "timestamp": "00:01:08.659", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 8796092694528, "type": "region", "version": 1 }, "end_va": 8796092837887, "entry_point": 0, "filename": null, "id": "region_2610", "name": "pagefile_0x000007fffffb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 8796092694528, "timestamp": "00:01:08.659", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 8796092837888, "type": "region", "version": 1 }, "end_va": 8796092841983, "entry_point": 0, "filename": null, "id": "region_2611", "name": "private_0x000007fffffd3000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092837888, "timestamp": "00:01:08.659", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092841984, "type": "region", "version": 1 }, "end_va": 8796092850175, "entry_point": 0, "filename": null, "id": "region_2612", "name": "private_0x000007fffffd4000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092841984, "timestamp": "00:01:08.659", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092858368, "type": "region", "version": 1 }, "end_va": 8796092866559, "entry_point": 0, "filename": null, "id": "region_2613", "name": "private_0x000007fffffd8000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092858368, "timestamp": "00:01:08.659", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092866560, "type": "region", "version": 1 }, "end_va": 8796092874751, "entry_point": 0, "filename": null, "id": "region_2614", "name": "private_0x000007fffffda000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092866560, "timestamp": "00:01:08.659", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092874752, "type": "region", "version": 1 }, "end_va": 8796092882943, "entry_point": 0, "filename": null, "id": "region_2615", "name": "private_0x000007fffffdc000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092874752, "timestamp": "00:01:08.659", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092882944, "type": "region", "version": 1 }, "end_va": 8796092891135, "entry_point": 0, "filename": null, "id": "region_2616", "name": "private_0x000007fffffde000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092882944, "timestamp": "00:01:08.659", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 69632, "start_va": 2686976, "type": "region", "version": 1 }, "end_va": 2756607, "entry_point": 2777184, "filename": "\\Windows\\System32\\es.dll", "id": "region_4911", "name": "es.dll", "norm_filename": "c:\\windows\\system32\\es.dll", "region_type": "memory_mapped_file", "start_va": 2686976, "timestamp": "00:01:18.417", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 15204352, "type": "region", "version": 1 }, "end_va": 15728639, "entry_point": 0, "filename": null, "id": "region_4912", "name": "private_0x0000000000e80000", "norm_filename": null, "region_type": "private_memory", "start_va": 15204352, "timestamp": "00:01:18.418", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 22216704, "type": "region", "version": 1 }, "end_va": 22740991, "entry_point": 0, "filename": null, "id": "region_4913", "name": "private_0x0000000001530000", "norm_filename": null, "region_type": "private_memory", "start_va": 22216704, "timestamp": "00:01:18.418", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092678144, "type": "region", "version": 1 }, "end_va": 8796092686335, "entry_point": 0, "filename": null, "id": "region_4914", "name": "private_0x000007fffffac000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092678144, "timestamp": "00:01:18.418", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092850176, "type": "region", "version": 1 }, "end_va": 8796092858367, "entry_point": 0, "filename": null, "id": "region_4915", "name": "private_0x000007fffffd6000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092850176, "timestamp": "00:01:18.418", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 593920, "start_va": 8791757160448, "type": "region", "version": 1 }, "end_va": 8791757754367, "entry_point": 8791757165632, "filename": "\\Windows\\System32\\sxs.dll", "id": "region_4916", "name": "sxs.dll", "norm_filename": "c:\\windows\\system32\\sxs.dll", "region_type": "memory_mapped_file", "start_va": 8791757160448, "timestamp": "00:01:18.427", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 2818048, "type": "region", "version": 1 }, "end_va": 2834431, "entry_point": 2818048, "filename": "\\Windows\\System32\\stdole2.tlb", "id": "region_4917", "name": "stdole2.tlb", "norm_filename": "c:\\windows\\system32\\stdole2.tlb", "region_type": "memory_mapped_file", "start_va": 2818048, "timestamp": "00:01:18.435", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 22740992, "type": "region", "version": 1 }, "end_va": 23789567, "entry_point": 0, "filename": null, "id": "region_4939", "name": "private_0x00000000015b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 22740992, "timestamp": "00:01:18.690", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 24510464, "type": "region", "version": 1 }, "end_va": 25034751, "entry_point": 0, "filename": null, "id": "region_5522", "name": "private_0x0000000001760000", "norm_filename": null, "region_type": "private_memory", "start_va": 24510464, "timestamp": "00:01:26.201", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092669952, "type": "region", "version": 1 }, "end_va": 8796092678143, "entry_point": 0, "filename": null, "id": "region_5523", "name": "private_0x000007fffffaa000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092669952, "timestamp": "00:01:26.201", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 475136, "start_va": 8791624187904, "type": "region", "version": 1 }, "end_va": 8791624663039, "entry_point": 8791624214256, "filename": "\\Windows\\System32\\netprofm.dll", "id": "region_5524", "name": "netprofm.dll", "norm_filename": "c:\\windows\\system32\\netprofm.dll", "region_type": "memory_mapped_file", "start_va": 8791624187904, "timestamp": "00:01:26.202", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 86016, "start_va": 8791719739392, "type": "region", "version": 1 }, "end_va": 8791719825407, "entry_point": 8791719764184, "filename": "\\Windows\\System32\\nlaapi.dll", "id": "region_5525", "name": "nlaapi.dll", "norm_filename": "c:\\windows\\system32\\nlaapi.dll", "region_type": "memory_mapped_file", "start_va": 8791719739392, "timestamp": "00:01:26.203", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 655360, "start_va": 16449536, "type": "region", "version": 1 }, "end_va": 17104895, "entry_point": 0, "filename": null, "id": "region_5526", "name": "private_0x0000000000fb0000", "norm_filename": null, "region_type": "private_memory", "start_va": 16449536, "timestamp": "00:01:26.207", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 25362432, "type": "region", "version": 1 }, "end_va": 25886719, "entry_point": 0, "filename": null, "id": "region_5527", "name": "private_0x0000000001830000", "norm_filename": null, "region_type": "private_memory", "start_va": 25362432, "timestamp": "00:01:26.217", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092661760, "type": "region", "version": 1 }, "end_va": 8796092669951, "entry_point": 0, "filename": null, "id": "region_5528", "name": "private_0x000007fffffa8000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092661760, "timestamp": "00:01:26.217", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 23855104, "type": "region", "version": 1 }, "end_va": 24379391, "entry_point": 0, "filename": null, "id": "region_5544", "name": "private_0x00000000016c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 23855104, "timestamp": "00:01:26.389", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 8791654137856, "type": "region", "version": 1 }, "end_va": 8791654240255, "entry_point": 8791654148944, "filename": "\\Windows\\System32\\wdi.dll", "id": "region_5545", "name": "wdi.dll", "norm_filename": "c:\\windows\\system32\\wdi.dll", "region_type": "memory_mapped_file", "start_va": 8791654137856, "timestamp": "00:01:26.390", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 26738688, "type": "region", "version": 1 }, "end_va": 27262975, "entry_point": 0, "filename": null, "id": "region_5559", "name": "private_0x0000000001980000", "norm_filename": null, "region_type": "private_memory", "start_va": 26738688, "timestamp": "00:01:26.440", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092653568, "type": "region", "version": 1 }, "end_va": 8796092661759, "entry_point": 0, "filename": null, "id": "region_5560", "name": "private_0x000007fffffa6000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092653568, "timestamp": "00:01:26.440", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 8791619928064, "type": "region", "version": 1 }, "end_va": 8791619977215, "entry_point": 8791619928064, "filename": "\\Windows\\System32\\npmproxy.dll", "id": "region_5561", "name": "npmproxy.dll", "norm_filename": "c:\\windows\\system32\\npmproxy.dll", "region_type": "memory_mapped_file", "start_va": 8791619928064, "timestamp": "00:01:26.443", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 159744, "start_va": 8791717969920, "type": "region", "version": 1 }, "end_va": 8791718129663, "entry_point": 8791718009020, "filename": "\\Windows\\System32\\IPHLPAPI.DLL", "id": "region_5597", "name": "iphlpapi.dll", "norm_filename": "c:\\windows\\system32\\iphlpapi.dll", "region_type": "memory_mapped_file", "start_va": 8791717969920, "timestamp": "00:01:26.628", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 45056, "start_va": 8791717904384, "type": "region", "version": 1 }, "end_va": 8791717949439, "entry_point": 8791717908888, "filename": "\\Windows\\System32\\winnsi.dll", "id": "region_5598", "name": "winnsi.dll", "norm_filename": "c:\\windows\\system32\\winnsi.dll", "region_type": "memory_mapped_file", "start_va": 8791717904384, "timestamp": "00:01:26.629", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 315392, "start_va": 8791795236864, "type": "region", "version": 1 }, "end_va": 8791795552255, "entry_point": 8791795241072, "filename": "\\Windows\\System32\\ws2_32.dll", "id": "region_5602", "name": "ws2_32.dll", "norm_filename": "c:\\windows\\system32\\ws2_32.dll", "region_type": "memory_mapped_file", "start_va": 8791795236864, "timestamp": "00:01:26.649", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1310720, "start_va": 27262976, "type": "region", "version": 1 }, "end_va": 28573695, "entry_point": 0, "filename": null, "id": "region_5603", "name": "private_0x0000000001a00000", "norm_filename": null, "region_type": "private_memory", "start_va": 27262976, "timestamp": "00:01:26.654", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 884736, "start_va": 8791618813952, "type": "region", "version": 1 }, "end_va": 8791619698687, "entry_point": 8791618813952, "filename": "\\Windows\\System32\\perftrack.dll", "id": "region_5611", "name": "perftrack.dll", "norm_filename": "c:\\windows\\system32\\perftrack.dll", "region_type": "memory_mapped_file", "start_va": 8791618813952, "timestamp": "00:01:26.739", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 2883584, "type": "region", "version": 1 }, "end_va": 2891775, "entry_point": 0, "filename": null, "id": "region_5613", "name": "pagefile_0x00000000002c0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2883584, "timestamp": "00:01:26.769", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 507904, "start_va": 8791670456320, "type": "region", "version": 1 }, "end_va": 8791670964223, "entry_point": 8791670460884, "filename": "\\Windows\\System32\\wer.dll", "id": "region_5614", "name": "wer.dll", "norm_filename": "c:\\windows\\system32\\wer.dll", "region_type": "memory_mapped_file", "start_va": 8791670456320, "timestamp": "00:01:26.775", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 98304, "start_va": 8791729831936, "type": "region", "version": 1 }, "end_va": 8791729930239, "entry_point": 8791729836336, "filename": "\\Windows\\System32\\dwmapi.dll", "id": "region_5615", "name": "dwmapi.dll", "norm_filename": "c:\\windows\\system32\\dwmapi.dll", "region_type": "memory_mapped_file", "start_va": 8791729831936, "timestamp": "00:01:26.777", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 45056, "start_va": 8791756701696, "type": "region", "version": 1 }, "end_va": 8791756746751, "entry_point": 8791756705840, "filename": "\\Windows\\System32\\secur32.dll", "id": "region_5616", "name": "secur32.dll", "norm_filename": "c:\\windows\\system32\\secur32.dll", "region_type": "memory_mapped_file", "start_va": 8791756701696, "timestamp": "00:01:26.778", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 151552, "start_va": 8791756898304, "type": "region", "version": 1 }, "end_va": 8791757049855, "entry_point": 8791756936792, "filename": "\\Windows\\System32\\sspicli.dll", "id": "region_5617", "name": "sspicli.dll", "norm_filename": "c:\\windows\\system32\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 8791756898304, "timestamp": "00:01:26.780", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 73728, "start_va": 8791650598912, "type": "region", "version": 1 }, "end_va": 8791650672639, "entry_point": 8791650603088, "filename": "\\Windows\\System32\\aepic.dll", "id": "region_5618", "name": "aepic.dll", "norm_filename": "c:\\windows\\system32\\aepic.dll", "region_type": "memory_mapped_file", "start_va": 8791650598912, "timestamp": "00:01:26.781", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 12288, "start_va": 1971060736, "type": "region", "version": 1 }, "end_va": 1971073023, "entry_point": 1971060736, "filename": "\\Windows\\System32\\sfc.dll", "id": "region_5619", "name": "sfc.dll", "norm_filename": "c:\\windows\\system32\\sfc.dll", "region_type": "memory_mapped_file", "start_va": 1971060736, "timestamp": "00:01:26.783", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 65536, "start_va": 8791635394560, "type": "region", "version": 1 }, "end_va": 8791635460095, "entry_point": 8791635398672, "filename": "\\Windows\\System32\\sfc_os.dll", "id": "region_5620", "name": "sfc_os.dll", "norm_filename": "c:\\windows\\system32\\sfc_os.dll", "region_type": "memory_mapped_file", "start_va": 8791635394560, "timestamp": "00:01:26.784", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 8791743266816, "type": "region", "version": 1 }, "end_va": 8791743315967, "entry_point": 8791743271012, "filename": "\\Windows\\System32\\version.dll", "id": "region_5621", "name": "version.dll", "norm_filename": "c:\\windows\\system32\\version.dll", "region_type": "memory_mapped_file", "start_va": 8791743266816, "timestamp": "00:01:26.785", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 2031616, "start_va": 28573696, "type": "region", "version": 1 }, "end_va": 30605311, "entry_point": 0, "filename": null, "id": "region_5622", "name": "private_0x0000000001b40000", "norm_filename": null, "region_type": "private_memory", "start_va": 28573696, "timestamp": "00:01:26.787", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 26083328, "type": "region", "version": 1 }, "end_va": 26607615, "entry_point": 0, "filename": null, "id": "region_5681", "name": "private_0x00000000018e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 26083328, "timestamp": "00:01:27.255", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092645376, "type": "region", "version": 1 }, "end_va": 8796092653567, "entry_point": 0, "filename": null, "id": "region_5682", "name": "private_0x000007fffffa4000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092645376, "timestamp": "00:01:27.255", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 16449536, "type": "region", "version": 1 }, "end_va": 16973823, "entry_point": 0, "filename": null, "id": "region_5683", "name": "private_0x0000000000fb0000", "norm_filename": null, "region_type": "private_memory", "start_va": 16449536, "timestamp": "00:01:27.274", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 17039360, "type": "region", "version": 1 }, "end_va": 17104895, "entry_point": 0, "filename": null, "id": "region_5684", "name": "private_0x0000000001040000", "norm_filename": null, "region_type": "private_memory", "start_va": 17039360, "timestamp": "00:01:27.274", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092637184, "type": "region", "version": 1 }, "end_va": 8796092645375, "entry_point": 0, "filename": null, "id": "region_5685", "name": "private_0x000007fffffa2000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092637184, "timestamp": "00:01:27.274", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 28639232, "type": "region", "version": 1 }, "end_va": 29163519, "entry_point": 0, "filename": null, "id": "region_5697", "name": "private_0x0000000001b50000", "norm_filename": null, "region_type": "private_memory", "start_va": 28639232, "timestamp": "00:01:27.489", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 30081024, "type": "region", "version": 1 }, "end_va": 30605311, "entry_point": 0, "filename": null, "id": "region_5698", "name": "private_0x0000000001cb0000", "norm_filename": null, "region_type": "private_memory", "start_va": 30081024, "timestamp": "00:01:27.489", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 110592, "start_va": 8791745101824, "type": "region", "version": 1 }, "end_va": 8791745212415, "entry_point": 8791745110120, "filename": "\\Windows\\System32\\gpapi.dll", "id": "region_5699", "name": "gpapi.dll", "norm_filename": "c:\\windows\\system32\\gpapi.dll", "region_type": "memory_mapped_file", "start_va": 8791745101824, "timestamp": "00:01:27.489", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092628992, "type": "region", "version": 1 }, "end_va": 8796092637183, "entry_point": 0, "filename": null, "id": "region_5700", "name": "private_0x000007fffffa0000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092628992, "timestamp": "00:01:27.490", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 2949120, "type": "region", "version": 1 }, "end_va": 2957311, "entry_point": 0, "filename": null, "id": "region_5730", "name": "pagefile_0x00000000002d0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2949120, "timestamp": "00:01:27.821", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 27262976, "type": "region", "version": 1 }, "end_va": 28311551, "entry_point": 0, "filename": null, "id": "region_5731", "name": "private_0x0000000001a00000", "norm_filename": null, "region_type": "private_memory", "start_va": 27262976, "timestamp": "00:01:27.822", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 28508160, "type": "region", "version": 1 }, "end_va": 28573695, "entry_point": 0, "filename": null, "id": "region_5732", "name": "private_0x0000000001b30000", "norm_filename": null, "region_type": "private_memory", "start_va": 28508160, "timestamp": "00:01:27.822", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 31260672, "type": "region", "version": 1 }, "end_va": 31784959, "entry_point": 0, "filename": null, "id": "region_5764", "name": "private_0x0000000001dd0000", "norm_filename": null, "region_type": "private_memory", "start_va": 31260672, "timestamp": "00:01:27.993", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092620800, "type": "region", "version": 1 }, "end_va": 8796092628991, "entry_point": 0, "filename": null, "id": "region_5765", "name": "private_0x000007fffff9e000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092620800, "timestamp": "00:01:27.993", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2949120, "type": "region", "version": 1 }, "end_va": 2953215, "entry_point": 0, "filename": null, "id": "region_5781", "name": "private_0x00000000002d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2949120, "timestamp": "00:01:28.160", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 24576000, "type": "region", "version": 1 }, "end_va": 25100287, "entry_point": 0, "filename": null, "id": "region_5782", "name": "private_0x0000000001770000", "norm_filename": null, "region_type": "private_memory", "start_va": 24576000, "timestamp": "00:01:28.160", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092612608, "type": "region", "version": 1 }, "end_va": 8796092620799, "entry_point": 0, "filename": null, "id": "region_5783", "name": "private_0x000007fffff9c000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092612608, "timestamp": "00:01:28.160", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 2949120, "type": "region", "version": 1 }, "end_va": 2953215, "entry_point": 0, "filename": null, "id": "region_5784", "name": "pagefile_0x00000000002d0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2949120, "timestamp": "00:01:28.160", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 32768000, "type": "region", "version": 1 }, "end_va": 33292287, "entry_point": 0, "filename": null, "id": "region_5901", "name": "private_0x0000000001f40000", "norm_filename": null, "region_type": "private_memory", "start_va": 32768000, "timestamp": "00:01:29.124", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 462848, "start_va": 8791655841792, "type": "region", "version": 1 }, "end_va": 8791656304639, "entry_point": 8791655845904, "filename": "\\Windows\\System32\\winhttp.dll", "id": "region_5902", "name": "winhttp.dll", "norm_filename": "c:\\windows\\system32\\winhttp.dll", "region_type": "memory_mapped_file", "start_va": 8791655841792, "timestamp": "00:01:29.124", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092604416, "type": "region", "version": 1 }, "end_va": 8796092612607, "entry_point": 0, "filename": null, "id": "region_5903", "name": "private_0x000007fffff9a000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092604416, "timestamp": "00:01:29.125", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 409600, "start_va": 8791655383040, "type": "region", "version": 1 }, "end_va": 8791655792639, "entry_point": 8791655387732, "filename": "\\Windows\\System32\\webio.dll", "id": "region_5904", "name": "webio.dll", "norm_filename": "c:\\windows\\system32\\webio.dll", "region_type": "memory_mapped_file", "start_va": 8791655383040, "timestamp": "00:01:29.125", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 462848, "start_va": 8791794253824, "type": "region", "version": 1 }, "end_va": 8791794716671, "entry_point": 8791794327072, "filename": "\\Windows\\System32\\shlwapi.dll", "id": "region_5922", "name": "shlwapi.dll", "norm_filename": "c:\\windows\\system32\\shlwapi.dll", "region_type": "memory_mapped_file", "start_va": 8791794253824, "timestamp": "00:01:29.273", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 786432, "start_va": 29163520, "type": "region", "version": 1 }, "end_va": 29949951, "entry_point": 29163520, "filename": "\\Windows\\System32\\en-US\\KernelBase.dll.mui", "id": "region_5923", "name": "kernelbase.dll.mui", "norm_filename": "c:\\windows\\system32\\en-us\\kernelbase.dll.mui", "region_type": "memory_mapped_file", "start_va": 29163520, "timestamp": "00:01:29.275", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 3014656, "type": "region", "version": 1 }, "end_va": 3018751, "entry_point": 0, "filename": null, "id": "region_5924", "name": "private_0x00000000002e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 3014656, "timestamp": "00:01:29.278", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 8791746609152, "type": "region", "version": 1 }, "end_va": 8791746650111, "entry_point": 8791746624696, "filename": "\\Windows\\System32\\credssp.dll", "id": "region_5933", "name": "credssp.dll", "norm_filename": "c:\\windows\\system32\\credssp.dll", "region_type": "memory_mapped_file", "start_va": 8791746609152, "timestamp": "00:01:29.282", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 372736, "start_va": 8791748837376, "type": "region", "version": 1 }, "end_va": 8791749210111, "entry_point": 8791748864320, "filename": "\\Windows\\System32\\dnsapi.dll", "id": "region_5934", "name": "dnsapi.dll", "norm_filename": "c:\\windows\\system32\\dnsapi.dll", "region_type": "memory_mapped_file", "start_va": 8791748837376, "timestamp": "00:01:29.285", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 2228224, "start_va": 31784960, "type": "region", "version": 1 }, "end_va": 34013183, "entry_point": 0, "filename": null, "id": "region_5935", "name": "private_0x0000000001e50000", "norm_filename": null, "region_type": "private_memory", "start_va": 31784960, "timestamp": "00:01:29.286", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1966080, "start_va": 34013184, "type": "region", "version": 1 }, "end_va": 35979263, "entry_point": 0, "filename": null, "id": "region_5936", "name": "private_0x0000000002070000", "norm_filename": null, "region_type": "private_memory", "start_va": 34013184, "timestamp": "00:01:29.287", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 86016, "start_va": 8791644766208, "type": "region", "version": 1 }, "end_va": 8791644852223, "entry_point": 8791644766208, "filename": "\\Windows\\System32\\NapiNSP.dll", "id": "region_5937", "name": "napinsp.dll", "norm_filename": "c:\\windows\\system32\\napinsp.dll", "region_type": "memory_mapped_file", "start_va": 8791644766208, "timestamp": "00:01:29.290", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 8791644635136, "type": "region", "version": 1 }, "end_va": 8791644737535, "entry_point": 8791644635136, "filename": "\\Windows\\System32\\pnrpnsp.dll", "id": "region_5938", "name": "pnrpnsp.dll", "norm_filename": "c:\\windows\\system32\\pnrpnsp.dll", "region_type": "memory_mapped_file", "start_va": 8791644635136, "timestamp": "00:01:29.314", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 348160, "start_va": 8791750410240, "type": "region", "version": 1 }, "end_va": 8791750758399, "entry_point": 8791750414420, "filename": "\\Windows\\System32\\mswsock.dll", "id": "region_5939", "name": "mswsock.dll", "norm_filename": "c:\\windows\\system32\\mswsock.dll", "region_type": "memory_mapped_file", "start_va": 8791750410240, "timestamp": "00:01:29.334", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 45056, "start_va": 8791654268928, "type": "region", "version": 1 }, "end_va": 8791654313983, "entry_point": 8791654268928, "filename": "\\Windows\\System32\\winrnr.dll", "id": "region_5940", "name": "winrnr.dll", "norm_filename": "c:\\windows\\system32\\winrnr.dll", "region_type": "memory_mapped_file", "start_va": 8791654268928, "timestamp": "00:01:29.339", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 28672, "start_va": 8791744118784, "type": "region", "version": 1 }, "end_va": 8791744147455, "entry_point": 8791744124080, "filename": "\\Windows\\System32\\WSHTCPIP.DLL", "id": "region_5941", "name": "wshtcpip.dll", "norm_filename": "c:\\windows\\system32\\wshtcpip.dll", "region_type": "memory_mapped_file", "start_va": 8791744118784, "timestamp": "00:01:29.355", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 28672, "start_va": 8791750344704, "type": "region", "version": 1 }, "end_va": 8791750373375, "entry_point": 8791750349868, "filename": "\\Windows\\System32\\wship6.dll", "id": "region_5942", "name": "wship6.dll", "norm_filename": "c:\\windows\\system32\\wship6.dll", "region_type": "memory_mapped_file", "start_va": 8791750344704, "timestamp": "00:01:29.358", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 8791679631360, "type": "region", "version": 1 }, "end_va": 8791679664127, "entry_point": 8791679636500, "filename": "\\Windows\\System32\\rasadhlp.dll", "id": "region_5943", "name": "rasadhlp.dll", "norm_filename": "c:\\windows\\system32\\rasadhlp.dll", "region_type": "memory_mapped_file", "start_va": 8791679631360, "timestamp": "00:01:29.368", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 339968, "start_va": 8791716528128, "type": "region", "version": 1 }, "end_va": 8791716868095, "entry_point": 8791716539288, "filename": "\\Windows\\System32\\FWPUCLNT.DLL", "id": "region_5944", "name": "fwpuclnt.dll", "norm_filename": "c:\\windows\\system32\\fwpuclnt.dll", "region_type": "memory_mapped_file", "start_va": 8791716528128, "timestamp": "00:01:29.370", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 2162688, "start_va": 35979264, "type": "region", "version": 1 }, "end_va": 38141951, "entry_point": 0, "filename": null, "id": "region_5945", "name": "private_0x0000000002250000", "norm_filename": null, "region_type": "private_memory", "start_va": 35979264, "timestamp": "00:01:29.372", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 2097152, "start_va": 38141952, "type": "region", "version": 1 }, "end_va": 40239103, "entry_point": 0, "filename": null, "id": "region_5950", "name": "private_0x0000000002460000", "norm_filename": null, "region_type": "private_memory", "start_va": 38141952, "timestamp": "00:01:29.446", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 69632, "start_va": 8791716331520, "type": "region", "version": 1 }, "end_va": 8791716401151, "entry_point": 8791716337324, "filename": "\\Windows\\System32\\dhcpcsvc6.dll", "id": "region_6434", "name": "dhcpcsvc6.dll", "norm_filename": "c:\\windows\\system32\\dhcpcsvc6.dll", "region_type": "memory_mapped_file", "start_va": 8791716331520, "timestamp": "00:01:31.759", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 98304, "start_va": 8791716200448, "type": "region", "version": 1 }, "end_va": 8791716298751, "entry_point": 8791716207608, "filename": "\\Windows\\System32\\dhcpcsvc.dll", "id": "region_6435", "name": "dhcpcsvc.dll", "norm_filename": "c:\\windows\\system32\\dhcpcsvc.dll", "region_type": "memory_mapped_file", "start_va": 8791716200448, "timestamp": "00:01:31.761", "type": "region", "version": 1 } ], "terminate_reason": "timeout", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "C:\\Windows\\system32\\svchost.exe -k NetworkService", "filename": "c:\\windows\\system32\\svchost.exe", "id": "proc_37", "image_name": "svchost.exe", "monitor_reason": "child_process", "monitored_id": 37, "origin_monitor_id": 26, "ref_parent_process": { "ref_id": "proc_26", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_3678", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:01:10.694", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 28672, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 159743, "entry_point": 0, "filename": null, "id": "region_3679", "name": "pagefile_0x0000000000020000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 131072, "timestamp": "00:01:10.694", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 212991, "entry_point": 0, "filename": null, "id": "region_3680", "name": "pagefile_0x0000000000030000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 196608, "timestamp": "00:01:10.694", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 266239, "entry_point": 0, "filename": null, "id": "region_3681", "name": "pagefile_0x0000000000040000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 262144, "timestamp": "00:01:10.694", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 327680, "type": "region", "version": 1 }, "end_va": 335871, "entry_point": 0, "filename": null, "id": "region_3682", "name": "pagefile_0x0000000000050000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 327680, "timestamp": "00:01:10.694", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 393216, "type": "region", "version": 1 }, "end_va": 397311, "entry_point": 0, "filename": null, "id": "region_3683", "name": "private_0x0000000000060000", "norm_filename": null, "region_type": "private_memory", "start_va": 393216, "timestamp": "00:01:10.694", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 458752, "type": "region", "version": 1 }, "end_va": 462847, "entry_point": 0, "filename": null, "id": "region_3684", "name": "private_0x0000000000070000", "norm_filename": null, "region_type": "private_memory", "start_va": 458752, "timestamp": "00:01:10.694", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 720896, "type": "region", "version": 1 }, "end_va": 1245183, "entry_point": 0, "filename": null, "id": "region_3685", "name": "private_0x00000000000b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 720896, "timestamp": "00:01:10.694", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 1245184, "type": "region", "version": 1 }, "end_va": 1667071, "entry_point": 1245184, "filename": "\\Windows\\System32\\locale.nls", "id": "region_3686", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 1245184, "timestamp": "00:01:10.694", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 1835008, "type": "region", "version": 1 }, "end_va": 2883583, "entry_point": 0, "filename": null, "id": "region_3687", "name": "private_0x00000000001c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1835008, "timestamp": "00:01:10.694", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2883584, "type": "region", "version": 1 }, "end_va": 3932159, "entry_point": 0, "filename": null, "id": "region_3688", "name": "private_0x00000000002c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2883584, "timestamp": "00:01:10.695", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 4325376, "type": "region", "version": 1 }, "end_va": 4390911, "entry_point": 0, "filename": null, "id": "region_3689", "name": "private_0x0000000000420000", "norm_filename": null, "region_type": "private_memory", "start_va": 4325376, "timestamp": "00:01:10.695", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 4390912, "type": "region", "version": 1 }, "end_va": 5996543, "entry_point": 0, "filename": null, "id": "region_3690", "name": "pagefile_0x0000000000430000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 4390912, "timestamp": "00:01:10.695", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 6029312, "type": "region", "version": 1 }, "end_va": 7606271, "entry_point": 0, "filename": null, "id": "region_3691", "name": "pagefile_0x00000000005c0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 6029312, "timestamp": "00:01:10.695", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 786432, "start_va": 7667712, "type": "region", "version": 1 }, "end_va": 8454143, "entry_point": 0, "filename": null, "id": "region_3692", "name": "pagefile_0x0000000000750000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 7667712, "timestamp": "00:01:10.695", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4141056, "start_va": 8454144, "type": "region", "version": 1 }, "end_va": 12595199, "entry_point": 0, "filename": null, "id": "region_3693", "name": "pagefile_0x0000000000810000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 8454144, "timestamp": "00:01:10.695", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 12779520, "type": "region", "version": 1 }, "end_va": 13303807, "entry_point": 0, "filename": null, "id": "region_3694", "name": "private_0x0000000000c30000", "norm_filename": null, "region_type": "private_memory", "start_va": 12779520, "timestamp": "00:01:10.695", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 13303808, "type": "region", "version": 1 }, "end_va": 13828095, "entry_point": 0, "filename": null, "id": "region_3695", "name": "private_0x0000000000cb0000", "norm_filename": null, "region_type": "private_memory", "start_va": 13303808, "timestamp": "00:01:10.695", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 14090240, "type": "region", "version": 1 }, "end_va": 14614527, "entry_point": 0, "filename": null, "id": "region_3696", "name": "private_0x0000000000d70000", "norm_filename": null, "region_type": "private_memory", "start_va": 14090240, "timestamp": "00:01:10.695", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 14942208, "type": "region", "version": 1 }, "end_va": 15466495, "entry_point": 0, "filename": null, "id": "region_3697", "name": "private_0x0000000000e40000", "norm_filename": null, "region_type": "private_memory", "start_va": 14942208, "timestamp": "00:01:10.695", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 15466496, "type": "region", "version": 1 }, "end_va": 15990783, "entry_point": 0, "filename": null, "id": "region_3698", "name": "private_0x0000000000ec0000", "norm_filename": null, "region_type": "private_memory", "start_va": 15466496, "timestamp": "00:01:10.695", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 16515072, "type": "region", "version": 1 }, "end_va": 16580607, "entry_point": 0, "filename": null, "id": "region_3699", "name": "private_0x0000000000fc0000", "norm_filename": null, "region_type": "private_memory", "start_va": 16515072, "timestamp": "00:01:10.695", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2945024, "start_va": 17235968, "type": "region", "version": 1 }, "end_va": 20180991, "entry_point": 17235968, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_3700", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 17235968, "timestamp": "00:01:10.695", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 20578304, "type": "region", "version": 1 }, "end_va": 21102591, "entry_point": 0, "filename": null, "id": "region_3701", "name": "private_0x00000000013a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 20578304, "timestamp": "00:01:10.695", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 21495808, "type": "region", "version": 1 }, "end_va": 22020095, "entry_point": 0, "filename": null, "id": "region_3702", "name": "private_0x0000000001480000", "norm_filename": null, "region_type": "private_memory", "start_va": 21495808, "timestamp": "00:01:10.695", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 22020096, "type": "region", "version": 1 }, "end_va": 22544383, "entry_point": 0, "filename": null, "id": "region_3703", "name": "private_0x0000000001500000", "norm_filename": null, "region_type": "private_memory", "start_va": 22020096, "timestamp": "00:01:10.695", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 23330816, "type": "region", "version": 1 }, "end_va": 23855103, "entry_point": 0, "filename": null, "id": "region_3704", "name": "private_0x0000000001640000", "norm_filename": null, "region_type": "private_memory", "start_va": 23330816, "timestamp": "00:01:10.695", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 24707072, "type": "region", "version": 1 }, "end_va": 25231359, "entry_point": 0, "filename": null, "id": "region_3705", "name": "private_0x0000000001790000", "norm_filename": null, "region_type": "private_memory", "start_va": 24707072, "timestamp": "00:01:10.695", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 27131904, "type": "region", "version": 1 }, "end_va": 27197439, "entry_point": 0, "filename": null, "id": "region_3706", "name": "private_0x00000000019e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 27131904, "timestamp": "00:01:10.695", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1024000, "start_va": 2005467136, "type": "region", "version": 1 }, "end_va": 2006491135, "entry_point": 2005574344, "filename": "\\Windows\\System32\\user32.dll", "id": "region_3707", "name": "user32.dll", "norm_filename": "c:\\windows\\system32\\user32.dll", "region_type": "memory_mapped_file", "start_va": 2005467136, "timestamp": "00:01:10.695", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1175552, "start_va": 2006515712, "type": "region", "version": 1 }, "end_va": 2007691263, "entry_point": 2006605472, "filename": "\\Windows\\System32\\kernel32.dll", "id": "region_3708", "name": "kernel32.dll", "norm_filename": "c:\\windows\\system32\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 2006515712, "timestamp": "00:01:10.696", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 2007695360, "type": "region", "version": 1 }, "end_va": 2009436159, "entry_point": 2007695360, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_3709", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2007695360, "timestamp": "00:01:10.697", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2131623935, "entry_point": 0, "filename": null, "id": "region_3710", "name": "pagefile_0x000000007efe0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130575360, "timestamp": "00:01:10.697", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 15728640, "start_va": 2131623936, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_3711", "name": "private_0x000000007f0e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2131623936, "timestamp": "00:01:10.698", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable" ], "ref_process_dump": null, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_3712", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:01:10.698", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 45056, "start_va": 4282056704, "type": "region", "version": 1 }, "end_va": 4282101759, "entry_point": 4282066028, "filename": "\\Windows\\System32\\svchost.exe", "id": "region_3713", "name": "svchost.exe", "norm_filename": "c:\\windows\\system32\\svchost.exe", "region_type": "memory_mapped_file", "start_va": 4282056704, "timestamp": "00:01:10.698", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 98304, "start_va": 8791716200448, "type": "region", "version": 1 }, "end_va": 8791716298751, "entry_point": 8791716200448, "filename": "\\Windows\\System32\\dhcpcsvc.dll", "id": "region_3714", "name": "dhcpcsvc.dll", "norm_filename": "c:\\windows\\system32\\dhcpcsvc.dll", "region_type": "memory_mapped_file", "start_va": 8791716200448, "timestamp": "00:01:10.699", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 69632, "start_va": 8791716331520, "type": "region", "version": 1 }, "end_va": 8791716401151, "entry_point": 8791716331520, "filename": "\\Windows\\System32\\dhcpcsvc6.dll", "id": "region_3715", "name": "dhcpcsvc6.dll", "norm_filename": "c:\\windows\\system32\\dhcpcsvc6.dll", "region_type": "memory_mapped_file", "start_va": 8791716331520, "timestamp": "00:01:10.712", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 28672, "start_va": 8791716462592, "type": "region", "version": 1 }, "end_va": 8791716491263, "entry_point": 8791716462592, "filename": "\\Windows\\System32\\dnsext.dll", "id": "region_3716", "name": "dnsext.dll", "norm_filename": "c:\\windows\\system32\\dnsext.dll", "region_type": "memory_mapped_file", "start_va": 8791716462592, "timestamp": "00:01:10.723", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 339968, "start_va": 8791716528128, "type": "region", "version": 1 }, "end_va": 8791716868095, "entry_point": 8791716539288, "filename": "\\Windows\\System32\\FWPUCLNT.DLL", "id": "region_3717", "name": "fwpuclnt.dll", "norm_filename": "c:\\windows\\system32\\fwpuclnt.dll", "region_type": "memory_mapped_file", "start_va": 8791716528128, "timestamp": "00:01:10.726", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 196608, "start_va": 8791716921344, "type": "region", "version": 1 }, "end_va": 8791717117951, "entry_point": 8791716921344, "filename": "\\Windows\\System32\\dnsrslvr.dll", "id": "region_3718", "name": "dnsrslvr.dll", "norm_filename": "c:\\windows\\system32\\dnsrslvr.dll", "region_type": "memory_mapped_file", "start_va": 8791716921344, "timestamp": "00:01:10.726", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 45056, "start_va": 8791717904384, "type": "region", "version": 1 }, "end_va": 8791717949439, "entry_point": 8791717908888, "filename": "\\Windows\\System32\\winnsi.dll", "id": "region_3719", "name": "winnsi.dll", "norm_filename": "c:\\windows\\system32\\winnsi.dll", "region_type": "memory_mapped_file", "start_va": 8791717904384, "timestamp": "00:01:10.736", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 159744, "start_va": 8791717969920, "type": "region", "version": 1 }, "end_va": 8791718129663, "entry_point": 8791718009020, "filename": "\\Windows\\System32\\IPHLPAPI.DLL", "id": "region_3720", "name": "iphlpapi.dll", "norm_filename": "c:\\windows\\system32\\iphlpapi.dll", "region_type": "memory_mapped_file", "start_va": 8791717969920, "timestamp": "00:01:10.737", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 28672, "start_va": 8791744118784, "type": "region", "version": 1 }, "end_va": 8791744147455, "entry_point": 8791744124080, "filename": "\\Windows\\System32\\WSHTCPIP.DLL", "id": "region_3721", "name": "wshtcpip.dll", "norm_filename": "c:\\windows\\system32\\wshtcpip.dll", "region_type": "memory_mapped_file", "start_va": 8791744118784, "timestamp": "00:01:10.737", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 110592, "start_va": 8791745101824, "type": "region", "version": 1 }, "end_va": 8791745212415, "entry_point": 8791745110120, "filename": "\\Windows\\System32\\gpapi.dll", "id": "region_3722", "name": "gpapi.dll", "norm_filename": "c:\\windows\\system32\\gpapi.dll", "region_type": "memory_mapped_file", "start_va": 8791745101824, "timestamp": "00:01:10.738", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 122880, "start_va": 8791745232896, "type": "region", "version": 1 }, "end_va": 8791745355775, "entry_point": 8791745237944, "filename": "\\Windows\\System32\\userenv.dll", "id": "region_3723", "name": "userenv.dll", "norm_filename": "c:\\windows\\system32\\userenv.dll", "region_type": "memory_mapped_file", "start_va": 8791745232896, "timestamp": "00:01:10.738", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 372736, "start_va": 8791748837376, "type": "region", "version": 1 }, "end_va": 8791749210111, "entry_point": 8791748864320, "filename": "\\Windows\\System32\\dnsapi.dll", "id": "region_3724", "name": "dnsapi.dll", "norm_filename": "c:\\windows\\system32\\dnsapi.dll", "region_type": "memory_mapped_file", "start_va": 8791748837376, "timestamp": "00:01:10.739", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 28672, "start_va": 8791750344704, "type": "region", "version": 1 }, "end_va": 8791750373375, "entry_point": 8791750349868, "filename": "\\Windows\\System32\\wship6.dll", "id": "region_3725", "name": "wship6.dll", "norm_filename": "c:\\windows\\system32\\wship6.dll", "region_type": "memory_mapped_file", "start_va": 8791750344704, "timestamp": "00:01:10.739", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 348160, "start_va": 8791750410240, "type": "region", "version": 1 }, "end_va": 8791750758399, "entry_point": 8791750414420, "filename": "\\Windows\\System32\\mswsock.dll", "id": "region_3726", "name": "mswsock.dll", "norm_filename": "c:\\windows\\system32\\mswsock.dll", "region_type": "memory_mapped_file", "start_va": 8791750410240, "timestamp": "00:01:10.740", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 61440, "start_va": 8791757094912, "type": "region", "version": 1 }, "end_va": 8791757156351, "entry_point": 8791757099024, "filename": "\\Windows\\System32\\cryptbase.dll", "id": "region_3727", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\system32\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 8791757094912, "timestamp": "00:01:10.741", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 81920, "start_va": 8791758077952, "type": "region", "version": 1 }, "end_va": 8791758159871, "entry_point": 8791758082272, "filename": "\\Windows\\System32\\RpcRtRemote.dll", "id": "region_3728", "name": "rpcrtremote.dll", "norm_filename": "c:\\windows\\system32\\rpcrtremote.dll", "region_type": "memory_mapped_file", "start_va": 8791758077952, "timestamp": "00:01:10.741", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 61440, "start_va": 8791758209024, "type": "region", "version": 1 }, "end_va": 8791758270463, "entry_point": 8791758215600, "filename": "\\Windows\\System32\\profapi.dll", "id": "region_3729", "name": "profapi.dll", "norm_filename": "c:\\windows\\system32\\profapi.dll", "region_type": "memory_mapped_file", "start_va": 8791758209024, "timestamp": "00:01:10.742", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 438272, "start_va": 8791759060992, "type": "region", "version": 1 }, "end_va": 8791759499263, "entry_point": 8791759073504, "filename": "\\Windows\\System32\\KernelBase.dll", "id": "region_3730", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\system32\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 8791759060992, "timestamp": "00:01:10.745", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 823296, "start_va": 8791762206720, "type": "region", "version": 1 }, "end_va": 8791763030015, "entry_point": 8791762708596, "filename": "\\Windows\\System32\\usp10.dll", "id": "region_3731", "name": "usp10.dll", "norm_filename": "c:\\windows\\system32\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 8791762206720, "timestamp": "00:01:10.745", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1085440, "start_va": 8791763451904, "type": "region", "version": 1 }, "end_va": 8791764537343, "entry_point": 8791763456100, "filename": "\\Windows\\System32\\msctf.dll", "id": "region_3732", "name": "msctf.dll", "norm_filename": "c:\\windows\\system32\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 8791763451904, "timestamp": "00:01:10.746", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 57344, "start_va": 8791764566016, "type": "region", "version": 1 }, "end_va": 8791764623359, "entry_point": 8791764570240, "filename": "\\Windows\\System32\\lpk.dll", "id": "region_3733", "name": "lpk.dll", "norm_filename": "c:\\windows\\system32\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 8791764566016, "timestamp": "00:01:10.747", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 126976, "start_va": 8791765876736, "type": "region", "version": 1 }, "end_va": 8791766003711, "entry_point": 8791765901544, "filename": "\\Windows\\System32\\sechost.dll", "id": "region_3734", "name": "sechost.dll", "norm_filename": "c:\\windows\\system32\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 8791765876736, "timestamp": "00:01:10.747", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 188416, "start_va": 8791766007808, "type": "region", "version": 1 }, "end_va": 8791766196223, "entry_point": 8791766011920, "filename": "\\Windows\\System32\\imm32.dll", "id": "region_3735", "name": "imm32.dll", "norm_filename": "c:\\windows\\system32\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 8791766007808, "timestamp": "00:01:10.748", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 8791781998592, "type": "region", "version": 1 }, "end_va": 8791782031359, "entry_point": 8791782003972, "filename": "\\Windows\\System32\\nsi.dll", "id": "region_3736", "name": "nsi.dll", "norm_filename": "c:\\windows\\system32\\nsi.dll", "region_type": "memory_mapped_file", "start_va": 8791781998592, "timestamp": "00:01:10.749", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 897024, "start_va": 8791785603072, "type": "region", "version": 1 }, "end_va": 8791786500095, "entry_point": 8791785736032, "filename": "\\Windows\\System32\\advapi32.dll", "id": "region_3737", "name": "advapi32.dll", "norm_filename": "c:\\windows\\system32\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 8791785603072, "timestamp": "00:01:10.750", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1232896, "start_va": 8791786520576, "type": "region", "version": 1 }, "end_va": 8791787753471, "entry_point": 8791786843472, "filename": "\\Windows\\System32\\rpcrt4.dll", "id": "region_3738", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\system32\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 8791786520576, "timestamp": "00:01:10.751", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 651264, "start_va": 8791791435776, "type": "region", "version": 1 }, "end_va": 8791792087039, "entry_point": 8791791445408, "filename": "\\Windows\\System32\\msvcrt.dll", "id": "region_3739", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\system32\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 8791791435776, "timestamp": "00:01:10.751", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2109440, "start_va": 8791792091136, "type": "region", "version": 1 }, "end_va": 8791794200575, "entry_point": 8791792235312, "filename": "\\Windows\\System32\\ole32.dll", "id": "region_3740", "name": "ole32.dll", "norm_filename": "c:\\windows\\system32\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 8791792091136, "timestamp": "00:01:10.752", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 421888, "start_va": 8791794778112, "type": "region", "version": 1 }, "end_va": 8791795199999, "entry_point": 8791794823228, "filename": "\\Windows\\System32\\gdi32.dll", "id": "region_3741", "name": "gdi32.dll", "norm_filename": "c:\\windows\\system32\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 8791794778112, "timestamp": "00:01:10.753", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 315392, "start_va": 8791795236864, "type": "region", "version": 1 }, "end_va": 8791795552255, "entry_point": 8791795241072, "filename": "\\Windows\\System32\\ws2_32.dll", "id": "region_3742", "name": "ws2_32.dll", "norm_filename": "c:\\windows\\system32\\ws2_32.dll", "region_type": "memory_mapped_file", "start_va": 8791795236864, "timestamp": "00:01:10.753", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 8791795761152, "type": "region", "version": 1 }, "end_va": 8791795765247, "entry_point": 8791795761152, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_3743", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 8791795761152, "timestamp": "00:01:10.754", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092669952, "type": "region", "version": 1 }, "end_va": 8796092678143, "entry_point": 0, "filename": null, "id": "region_3744", "name": "private_0x000007fffffaa000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092669952, "timestamp": "00:01:10.757", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092678144, "type": "region", "version": 1 }, "end_va": 8796092686335, "entry_point": 0, "filename": null, "id": "region_3745", "name": "private_0x000007fffffac000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092678144, "timestamp": "00:01:10.757", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092686336, "type": "region", "version": 1 }, "end_va": 8796092694527, "entry_point": 0, "filename": null, "id": "region_3746", "name": "private_0x000007fffffae000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092686336, "timestamp": "00:01:10.757", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 8796092694528, "type": "region", "version": 1 }, "end_va": 8796092837887, "entry_point": 0, "filename": null, "id": "region_3747", "name": "pagefile_0x000007fffffb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 8796092694528, "timestamp": "00:01:10.757", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092837888, "type": "region", "version": 1 }, "end_va": 8796092846079, "entry_point": 0, "filename": null, "id": "region_3748", "name": "private_0x000007fffffd3000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092837888, "timestamp": "00:01:10.757", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092846080, "type": "region", "version": 1 }, "end_va": 8796092854271, "entry_point": 0, "filename": null, "id": "region_3749", "name": "private_0x000007fffffd5000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092846080, "timestamp": "00:01:10.757", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 8796092854272, "type": "region", "version": 1 }, "end_va": 8796092858367, "entry_point": 0, "filename": null, "id": "region_3750", "name": "private_0x000007fffffd7000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092854272, "timestamp": "00:01:10.757", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092858368, "type": "region", "version": 1 }, "end_va": 8796092866559, "entry_point": 0, "filename": null, "id": "region_3751", "name": "private_0x000007fffffd8000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092858368, "timestamp": "00:01:10.757", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092866560, "type": "region", "version": 1 }, "end_va": 8796092874751, "entry_point": 0, "filename": null, "id": "region_3752", "name": "private_0x000007fffffda000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092866560, "timestamp": "00:01:10.757", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092874752, "type": "region", "version": 1 }, "end_va": 8796092882943, "entry_point": 0, "filename": null, "id": "region_3753", "name": "private_0x000007fffffdc000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092874752, "timestamp": "00:01:10.757", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092882944, "type": "region", "version": 1 }, "end_va": 8796092891135, "entry_point": 0, "filename": null, "id": "region_3754", "name": "private_0x000007fffffde000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092882944, "timestamp": "00:01:10.757", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 25821184, "type": "region", "version": 1 }, "end_va": 26345471, "entry_point": 0, "filename": null, "id": "region_3937", "name": "private_0x00000000018a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 25821184, "timestamp": "00:01:11.370", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092661760, "type": "region", "version": 1 }, "end_va": 8796092669951, "entry_point": 0, "filename": null, "id": "region_3938", "name": "private_0x000007fffffa8000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092661760, "timestamp": "00:01:11.370", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 131072, "start_va": 8791661674496, "type": "region", "version": 1 }, "end_va": 8791661805567, "entry_point": 8791661674496, "filename": "\\Windows\\System32\\wkssvc.dll", "id": "region_3939", "name": "wkssvc.dll", "norm_filename": "c:\\windows\\system32\\wkssvc.dll", "region_type": "memory_mapped_file", "start_va": 8791661674496, "timestamp": "00:01:11.374", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 8791726817280, "type": "region", "version": 1 }, "end_va": 8791726866431, "entry_point": 8791726823588, "filename": "\\Windows\\System32\\netutils.dll", "id": "region_3940", "name": "netutils.dll", "norm_filename": "c:\\windows\\system32\\netutils.dll", "region_type": "memory_mapped_file", "start_va": 8791726817280, "timestamp": "00:01:11.392", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 204800, "start_va": 8791751917568, "type": "region", "version": 1 }, "end_va": 8791752122367, "entry_point": 8791751922764, "filename": "\\Windows\\System32\\netjoin.dll", "id": "region_3941", "name": "netjoin.dll", "norm_filename": "c:\\windows\\system32\\netjoin.dll", "region_type": "memory_mapped_file", "start_va": 8791751917568, "timestamp": "00:01:11.393", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 151552, "start_va": 8791756898304, "type": "region", "version": 1 }, "end_va": 8791757049855, "entry_point": 8791756936792, "filename": "\\Windows\\System32\\sspicli.dll", "id": "region_3949", "name": "sspicli.dll", "norm_filename": "c:\\windows\\system32\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 8791756898304, "timestamp": "00:01:11.537", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 524288, "type": "region", "version": 1 }, "end_va": 528383, "entry_point": 0, "filename": null, "id": "region_3950", "name": "private_0x0000000000080000", "norm_filename": null, "region_type": "private_memory", "start_va": 524288, "timestamp": "00:01:11.547", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 23855104, "type": "region", "version": 1 }, "end_va": 24903679, "entry_point": 0, "filename": null, "id": "region_3951", "name": "private_0x00000000016c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 23855104, "timestamp": "00:01:11.553", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 26869760, "type": "region", "version": 1 }, "end_va": 27394047, "entry_point": 0, "filename": null, "id": "region_4015", "name": "private_0x00000000019a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 26869760, "timestamp": "00:01:12.450", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1441792, "start_va": 27394048, "type": "region", "version": 1 }, "end_va": 28835839, "entry_point": 0, "filename": null, "id": "region_4016", "name": "private_0x0000000001a20000", "norm_filename": null, "region_type": "private_memory", "start_va": 27394048, "timestamp": "00:01:12.450", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 25100288, "type": "region", "version": 1 }, "end_va": 25624575, "entry_point": 0, "filename": null, "id": "region_4388", "name": "private_0x00000000017f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 25100288, "timestamp": "00:01:15.162", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 27459584, "type": "region", "version": 1 }, "end_va": 27983871, "entry_point": 0, "filename": null, "id": "region_4389", "name": "private_0x0000000001a30000", "norm_filename": null, "region_type": "private_memory", "start_va": 27459584, "timestamp": "00:01:15.162", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 28770304, "type": "region", "version": 1 }, "end_va": 28835839, "entry_point": 0, "filename": null, "id": "region_4390", "name": "private_0x0000000001b70000", "norm_filename": null, "region_type": "private_memory", "start_va": 28770304, "timestamp": "00:01:15.162", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 196608, "start_va": 8791727931392, "type": "region", "version": 1 }, "end_va": 8791728127999, "entry_point": 8791727931392, "filename": "\\Windows\\System32\\cryptsvc.dll", "id": "region_4391", "name": "cryptsvc.dll", "norm_filename": "c:\\windows\\system32\\cryptsvc.dll", "region_type": "memory_mapped_file", "start_va": 8791727931392, "timestamp": "00:01:15.162", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092653568, "type": "region", "version": 1 }, "end_va": 8796092661759, "entry_point": 0, "filename": null, "id": "region_4392", "name": "private_0x000007fffffa6000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092653568, "timestamp": "00:01:15.173", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1470464, "start_va": 8791760044032, "type": "region", "version": 1 }, "end_va": 8791761514495, "entry_point": 8791760048320, "filename": "\\Windows\\System32\\crypt32.dll", "id": "region_4393", "name": "crypt32.dll", "norm_filename": "c:\\windows\\system32\\crypt32.dll", "region_type": "memory_mapped_file", "start_va": 8791760044032, "timestamp": "00:01:15.182", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 61440, "start_va": 8791758864384, "type": "region", "version": 1 }, "end_va": 8791758925823, "entry_point": 8791758868512, "filename": "\\Windows\\System32\\msasn1.dll", "id": "region_4394", "name": "msasn1.dll", "norm_filename": "c:\\windows\\system32\\msasn1.dll", "region_type": "memory_mapped_file", "start_va": 8791758864384, "timestamp": "00:01:15.183", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 15990784, "type": "region", "version": 1 }, "end_va": 16515071, "entry_point": 0, "filename": null, "id": "region_4431", "name": "private_0x0000000000f40000", "norm_filename": null, "region_type": "private_memory", "start_va": 15990784, "timestamp": "00:01:15.502", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 25690112, "type": "region", "version": 1 }, "end_va": 26214399, "entry_point": 0, "filename": null, "id": "region_4432", "name": "private_0x0000000001880000", "norm_filename": null, "region_type": "private_memory", "start_va": 25690112, "timestamp": "00:01:15.502", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092637184, "type": "region", "version": 1 }, "end_va": 8796092645375, "entry_point": 0, "filename": null, "id": "region_4433", "name": "private_0x000007fffffa2000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092637184, "timestamp": "00:01:15.502", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092645376, "type": "region", "version": 1 }, "end_va": 8796092653567, "entry_point": 0, "filename": null, "id": "region_4434", "name": "private_0x000007fffffa4000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092645376, "timestamp": "00:01:15.502", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1769472, "start_va": 8791724785664, "type": "region", "version": 1 }, "end_va": 8791726555135, "entry_point": 8791724785664, "filename": "\\Windows\\System32\\vssapi.dll", "id": "region_4462", "name": "vssapi.dll", "norm_filename": "c:\\windows\\system32\\vssapi.dll", "region_type": "memory_mapped_file", "start_va": 8791724785664, "timestamp": "00:01:15.841", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 8791719084032, "type": "region", "version": 1 }, "end_va": 8791719186431, "entry_point": 8791719088552, "filename": "\\Windows\\System32\\atl.dll", "id": "region_4463", "name": "atl.dll", "norm_filename": "c:\\windows\\system32\\atl.dll", "region_type": "memory_mapped_file", "start_va": 8791719084032, "timestamp": "00:01:15.862", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 94208, "start_va": 8791727276032, "type": "region", "version": 1 }, "end_va": 8791727370239, "entry_point": 8791727276032, "filename": "\\Windows\\System32\\vsstrace.dll", "id": "region_4464", "name": "vsstrace.dll", "norm_filename": "c:\\windows\\system32\\vsstrace.dll", "region_type": "memory_mapped_file", "start_va": 8791727276032, "timestamp": "00:01:15.865", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 880640, "start_va": 8791784685568, "type": "region", "version": 1 }, "end_va": 8791785566207, "entry_point": 8791784698484, "filename": "\\Windows\\System32\\oleaut32.dll", "id": "region_4491", "name": "oleaut32.dll", "norm_filename": "c:\\windows\\system32\\oleaut32.dll", "region_type": "memory_mapped_file", "start_va": 8791784685568, "timestamp": "00:01:16.105", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 81920, "start_va": 8791726555136, "type": "region", "version": 1 }, "end_va": 8791726637055, "entry_point": 8791726560948, "filename": "\\Windows\\System32\\samcli.dll", "id": "region_4492", "name": "samcli.dll", "norm_filename": "c:\\windows\\system32\\samcli.dll", "region_type": "memory_mapped_file", "start_va": 8791726555136, "timestamp": "00:01:16.113", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 118784, "start_va": 8791735861248, "type": "region", "version": 1 }, "end_va": 8791735980031, "entry_point": 8791735869172, "filename": "\\Windows\\System32\\samlib.dll", "id": "region_4493", "name": "samlib.dll", "norm_filename": "c:\\windows\\system32\\samlib.dll", "region_type": "memory_mapped_file", "start_va": 8791735861248, "timestamp": "00:01:16.115", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 94208, "start_va": 8791750803456, "type": "region", "version": 1 }, "end_va": 8791750897663, "entry_point": 8791750816440, "filename": "\\Windows\\System32\\cryptsp.dll", "id": "region_4494", "name": "cryptsp.dll", "norm_filename": "c:\\windows\\system32\\cryptsp.dll", "region_type": "memory_mapped_file", "start_va": 8791750803456, "timestamp": "00:01:16.133", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 282624, "start_va": 3932160, "type": "region", "version": 1 }, "end_va": 4214783, "entry_point": 3936356, "filename": "\\Windows\\System32\\rsaenh.dll", "id": "region_4495", "name": "rsaenh.dll", "norm_filename": "c:\\windows\\system32\\rsaenh.dll", "region_type": "memory_mapped_file", "start_va": 3932160, "timestamp": "00:01:16.135", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 25165824, "type": "region", "version": 1 }, "end_va": 25690111, "entry_point": 0, "filename": null, "id": "region_4569", "name": "private_0x0000000001800000", "norm_filename": null, "region_type": "private_memory", "start_va": 25165824, "timestamp": "00:01:16.465", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 290816, "start_va": 8791747657728, "type": "region", "version": 1 }, "end_va": 8791747948543, "entry_point": 8791747661924, "filename": "\\Windows\\System32\\rsaenh.dll", "id": "region_4571", "name": "rsaenh.dll", "norm_filename": "c:\\windows\\system32\\rsaenh.dll", "region_type": "memory_mapped_file", "start_va": 8791747657728, "timestamp": "00:01:16.465", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 29097984, "type": "region", "version": 1 }, "end_va": 29622271, "entry_point": 0, "filename": null, "id": "region_4679", "name": "private_0x0000000001bc0000", "norm_filename": null, "region_type": "private_memory", "start_va": 29097984, "timestamp": "00:01:16.817", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092628992, "type": "region", "version": 1 }, "end_va": 8796092637183, "entry_point": 0, "filename": null, "id": "region_4680", "name": "private_0x000007fffffa0000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092628992, "timestamp": "00:01:16.817", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 524288, "type": "region", "version": 1 }, "end_va": 528383, "entry_point": 0, "filename": null, "id": "region_4681", "name": "pagefile_0x0000000000080000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 524288, "timestamp": "00:01:16.818", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 626688, "start_va": 8791790256128, "type": "region", "version": 1 }, "end_va": 8791790882815, "entry_point": 8791790263312, "filename": "\\Windows\\System32\\clbcatq.dll", "id": "region_4682", "name": "clbcatq.dll", "norm_filename": "c:\\windows\\system32\\clbcatq.dll", "region_type": "memory_mapped_file", "start_va": 8791790256128, "timestamp": "00:01:16.819", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 589824, "type": "region", "version": 1 }, "end_va": 593919, "entry_point": 0, "filename": null, "id": "region_4683", "name": "pagefile_0x0000000000090000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 589824, "timestamp": "00:01:16.821", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 421888, "start_va": 8791718428672, "type": "region", "version": 1 }, "end_va": 8791718850559, "entry_point": 8791718518880, "filename": "\\Windows\\System32\\es.dll", "id": "region_4684", "name": "es.dll", "norm_filename": "c:\\windows\\system32\\es.dll", "region_type": "memory_mapped_file", "start_va": 8791718428672, "timestamp": "00:01:16.823", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 319488, "start_va": 8791724457984, "type": "region", "version": 1 }, "end_va": 8791724777471, "entry_point": 8791724457984, "filename": "\\Windows\\System32\\nlasvc.dll", "id": "region_4720", "name": "nlasvc.dll", "norm_filename": "c:\\windows\\system32\\nlasvc.dll", "region_type": "memory_mapped_file", "start_va": 8791724457984, "timestamp": "00:01:16.949", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 446464, "start_va": 8791753097216, "type": "region", "version": 1 }, "end_va": 8791753543679, "entry_point": 8791753101328, "filename": "\\Windows\\System32\\wevtapi.dll", "id": "region_4721", "name": "wevtapi.dll", "norm_filename": "c:\\windows\\system32\\wevtapi.dll", "region_type": "memory_mapped_file", "start_va": 8791753097216, "timestamp": "00:01:16.986", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 229376, "start_va": 8791656366080, "type": "region", "version": 1 }, "end_va": 8791656595455, "entry_point": 8791656366080, "filename": "\\Windows\\System32\\ncsi.dll", "id": "region_4777", "name": "ncsi.dll", "norm_filename": "c:\\windows\\system32\\ncsi.dll", "region_type": "memory_mapped_file", "start_va": 8791656366080, "timestamp": "00:01:17.344", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 462848, "start_va": 8791655841792, "type": "region", "version": 1 }, "end_va": 8791656304639, "entry_point": 8791655841792, "filename": "\\Windows\\System32\\winhttp.dll", "id": "region_4778", "name": "winhttp.dll", "norm_filename": "c:\\windows\\system32\\winhttp.dll", "region_type": "memory_mapped_file", "start_va": 8791655841792, "timestamp": "00:01:17.370", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 409600, "start_va": 8791655383040, "type": "region", "version": 1 }, "end_va": 8791655792639, "entry_point": 8791655383040, "filename": "\\Windows\\System32\\webio.dll", "id": "region_4788", "name": "webio.dll", "norm_filename": "c:\\windows\\system32\\webio.dll", "region_type": "memory_mapped_file", "start_va": 8791655383040, "timestamp": "00:01:17.563", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 221184, "start_va": 8791759519744, "type": "region", "version": 1 }, "end_va": 8791759740927, "entry_point": 8791759524980, "filename": "\\Windows\\System32\\cfgmgr32.dll", "id": "region_4789", "name": "cfgmgr32.dll", "norm_filename": "c:\\windows\\system32\\cfgmgr32.dll", "region_type": "memory_mapped_file", "start_va": 8791759519744, "timestamp": "00:01:17.573", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 327680, "start_va": 3932160, "type": "region", "version": 1 }, "end_va": 4259839, "entry_point": 0, "filename": null, "id": "region_4790", "name": "private_0x00000000003c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 3932160, "timestamp": "00:01:17.627", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 45056, "start_va": 8791756701696, "type": "region", "version": 1 }, "end_va": 8791756746751, "entry_point": 8791756705840, "filename": "\\Windows\\System32\\secur32.dll", "id": "region_4792", "name": "secur32.dll", "norm_filename": "c:\\windows\\system32\\secur32.dll", "region_type": "memory_mapped_file", "start_va": 8791756701696, "timestamp": "00:01:17.648", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 655360, "type": "region", "version": 1 }, "end_va": 659455, "entry_point": 0, "filename": null, "id": "region_4793", "name": "private_0x00000000000a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 655360, "timestamp": "00:01:17.650", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 8791746609152, "type": "region", "version": 1 }, "end_va": 8791746650111, "entry_point": 8791746624696, "filename": "\\Windows\\System32\\credssp.dll", "id": "region_4802", "name": "credssp.dll", "norm_filename": "c:\\windows\\system32\\credssp.dll", "region_type": "memory_mapped_file", "start_va": 8791746609152, "timestamp": "00:01:17.657", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 29622272, "type": "region", "version": 1 }, "end_va": 30670847, "entry_point": 0, "filename": null, "id": "region_4804", "name": "private_0x0000000001c40000", "norm_filename": null, "region_type": "private_memory", "start_va": 29622272, "timestamp": "00:01:17.661", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 30670848, "type": "region", "version": 1 }, "end_va": 31719423, "entry_point": 0, "filename": null, "id": "region_4805", "name": "private_0x0000000001d40000", "norm_filename": null, "region_type": "private_memory", "start_va": 30670848, "timestamp": "00:01:17.665", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 31719424, "type": "region", "version": 1 }, "end_va": 32767999, "entry_point": 0, "filename": null, "id": "region_4806", "name": "private_0x0000000001e40000", "norm_filename": null, "region_type": "private_memory", "start_va": 31719424, "timestamp": "00:01:17.666", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 69632, "start_va": 8791712661504, "type": "region", "version": 1 }, "end_va": 8791712731135, "entry_point": 8791712661504, "filename": "\\Windows\\System32\\ssdpapi.dll", "id": "region_4834", "name": "ssdpapi.dll", "norm_filename": "c:\\windows\\system32\\ssdpapi.dll", "region_type": "memory_mapped_file", "start_va": 8791712661504, "timestamp": "00:01:17.846", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1228800, "start_va": 8791734616064, "type": "region", "version": 1 }, "end_va": 8791735844863, "entry_point": 8791734654140, "filename": "\\Windows\\System32\\propsys.dll", "id": "region_4901", "name": "propsys.dll", "norm_filename": "c:\\windows\\system32\\propsys.dll", "region_type": "memory_mapped_file", "start_va": 8791734616064, "timestamp": "00:01:18.371", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 22740992, "type": "region", "version": 1 }, "end_va": 23265279, "entry_point": 0, "filename": null, "id": "region_4946", "name": "private_0x00000000015b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 22740992, "timestamp": "00:01:18.793", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092620800, "type": "region", "version": 1 }, "end_va": 8796092628991, "entry_point": 0, "filename": null, "id": "region_4947", "name": "private_0x000007fffff9e000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092620800, "timestamp": "00:01:18.793", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 33423360, "type": "region", "version": 1 }, "end_va": 33947647, "entry_point": 0, "filename": null, "id": "region_5130", "name": "private_0x0000000001fe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 33423360, "timestamp": "00:01:20.058", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 86016, "start_va": 8791726686208, "type": "region", "version": 1 }, "end_va": 8791726772223, "entry_point": 8791726690384, "filename": "\\Windows\\System32\\wkscli.dll", "id": "region_5137", "name": "wkscli.dll", "norm_filename": "c:\\windows\\system32\\wkscli.dll", "region_type": "memory_mapped_file", "start_va": 8791726686208, "timestamp": "00:01:20.144", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 34078720, "type": "region", "version": 1 }, "end_va": 34603007, "entry_point": 0, "filename": null, "id": "region_5148", "name": "private_0x0000000002080000", "norm_filename": null, "region_type": "private_memory", "start_va": 34078720, "timestamp": "00:01:20.413", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 139264, "start_va": 8791752310784, "type": "region", "version": 1 }, "end_va": 8791752450047, "entry_point": 8791752334640, "filename": "\\Windows\\System32\\bcrypt.dll", "id": "region_5183", "name": "bcrypt.dll", "norm_filename": "c:\\windows\\system32\\bcrypt.dll", "region_type": "memory_mapped_file", "start_va": 8791752310784, "timestamp": "00:01:20.829", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 311296, "start_va": 8791746871296, "type": "region", "version": 1 }, "end_va": 8791747182591, "entry_point": 8791746902352, "filename": "\\Windows\\System32\\bcryptprimitives.dll", "id": "region_5184", "name": "bcryptprimitives.dll", "norm_filename": "c:\\windows\\system32\\bcryptprimitives.dll", "region_type": "memory_mapped_file", "start_va": 8791746871296, "timestamp": "00:01:20.831", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 28246016, "type": "region", "version": 1 }, "end_va": 28770303, "entry_point": 0, "filename": null, "id": "region_5243", "name": "private_0x0000000001af0000", "norm_filename": null, "region_type": "private_memory", "start_va": 28246016, "timestamp": "00:01:21.755", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092612608, "type": "region", "version": 1 }, "end_va": 8796092620799, "entry_point": 0, "filename": null, "id": "region_5244", "name": "private_0x000007fffff9c000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092612608, "timestamp": "00:01:21.755", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 1703936, "type": "region", "version": 1 }, "end_va": 1708031, "entry_point": 0, "filename": null, "id": "region_5654", "name": "private_0x00000000001a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1703936, "timestamp": "00:01:26.999", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 1703936, "type": "region", "version": 1 }, "end_va": 1708031, "entry_point": 0, "filename": null, "id": "region_5655", "name": "pagefile_0x00000000001a0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1703936, "timestamp": "00:01:27.000", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 34603008, "type": "region", "version": 1 }, "end_va": 35651583, "entry_point": 0, "filename": null, "id": "region_5674", "name": "private_0x0000000002100000", "norm_filename": null, "region_type": "private_memory", "start_va": 34603008, "timestamp": "00:01:27.158", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 69632, "start_va": 8791728128000, "type": "region", "version": 1 }, "end_va": 8791728197631, "entry_point": 8791728132208, "filename": "\\Windows\\System32\\wtsapi32.dll", "id": "region_5675", "name": "wtsapi32.dll", "norm_filename": "c:\\windows\\system32\\wtsapi32.dll", "region_type": "memory_mapped_file", "start_va": 8791728128000, "timestamp": "00:01:27.165", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 249856, "start_va": 8791757815808, "type": "region", "version": 1 }, "end_va": 8791758065663, "entry_point": 8791757822196, "filename": "\\Windows\\System32\\winsta.dll", "id": "region_5676", "name": "winsta.dll", "norm_filename": "c:\\windows\\system32\\winsta.dll", "region_type": "memory_mapped_file", "start_va": 8791757815808, "timestamp": "00:01:27.167", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 26279936, "type": "region", "version": 1 }, "end_va": 26804223, "entry_point": 0, "filename": null, "id": "region_5677", "name": "private_0x0000000001910000", "norm_filename": null, "region_type": "private_memory", "start_va": 26279936, "timestamp": "00:01:27.228", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092604416, "type": "region", "version": 1 }, "end_va": 8796092612607, "entry_point": 0, "filename": null, "id": "region_5678", "name": "private_0x000007fffff9a000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092604416, "timestamp": "00:01:27.228", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 462848, "start_va": 8791794253824, "type": "region", "version": 1 }, "end_va": 8791794716671, "entry_point": 8791794327072, "filename": "\\Windows\\System32\\shlwapi.dll", "id": "region_5888", "name": "shlwapi.dll", "norm_filename": "c:\\windows\\system32\\shlwapi.dll", "region_type": "memory_mapped_file", "start_va": 8791794253824, "timestamp": "00:01:29.050", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 786432, "start_va": 24903680, "type": "region", "version": 1 }, "end_va": 25690111, "entry_point": 24903680, "filename": "\\Windows\\System32\\en-US\\KernelBase.dll.mui", "id": "region_5889", "name": "kernelbase.dll.mui", "norm_filename": "c:\\windows\\system32\\en-us\\kernelbase.dll.mui", "region_type": "memory_mapped_file", "start_va": 24903680, "timestamp": "00:01:29.053", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 36503552, "type": "region", "version": 1 }, "end_va": 37027839, "entry_point": 0, "filename": null, "id": "region_6041", "name": "private_0x00000000022d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 36503552, "timestamp": "00:01:29.939", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092596224, "type": "region", "version": 1 }, "end_va": 8796092604415, "entry_point": 0, "filename": null, "id": "region_6042", "name": "private_0x000007fffff98000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092596224, "timestamp": "00:01:29.939", "type": "region", "version": 1 } ], "terminate_reason": "timeout", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "C:\\Windows\\system32\\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}", "filename": "c:\\windows\\system32\\dllhost.exe", "id": "proc_38", "image_name": "dllhost.exe", "monitor_reason": "child_process", "monitored_id": 38, "origin_monitor_id": 29, "ref_parent_process": { "ref_id": "proc_29", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_2438", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:01:06.863", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 135167, "entry_point": 0, "filename": null, "id": "region_2439", "name": "private_0x0000000000020000", "norm_filename": null, "region_type": "private_memory", "start_va": 131072, "timestamp": "00:01:06.863", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 212991, "entry_point": 0, "filename": null, "id": "region_2440", "name": "pagefile_0x0000000000030000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 196608, "timestamp": "00:01:06.863", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 684031, "entry_point": 262144, "filename": "\\Windows\\System32\\locale.nls", "id": "region_2441", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 262144, "timestamp": "00:01:06.863", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 786432, "start_va": 720896, "type": "region", "version": 1 }, "end_va": 1507327, "entry_point": 0, "filename": null, "id": "region_2442", "name": "pagefile_0x00000000000b0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 720896, "timestamp": "00:01:06.864", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 1507328, "type": "region", "version": 1 }, "end_va": 1511423, "entry_point": 0, "filename": null, "id": "region_2443", "name": "private_0x0000000000170000", "norm_filename": null, "region_type": "private_memory", "start_va": 1507328, "timestamp": "00:01:06.864", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 1572864, "type": "region", "version": 1 }, "end_va": 1576959, "entry_point": 0, "filename": null, "id": "region_2444", "name": "pagefile_0x0000000000180000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1572864, "timestamp": "00:01:06.864", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 1638400, "type": "region", "version": 1 }, "end_va": 1703935, "entry_point": 0, "filename": null, "id": "region_2445", "name": "private_0x0000000000190000", "norm_filename": null, "region_type": "private_memory", "start_va": 1638400, "timestamp": "00:01:06.864", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 1703936, "type": "region", "version": 1 }, "end_va": 1708031, "entry_point": 0, "filename": null, "id": "region_2446", "name": "pagefile_0x00000000001a0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1703936, "timestamp": "00:01:06.864", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 1769472, "type": "region", "version": 1 }, "end_va": 1773567, "entry_point": 0, "filename": null, "id": "region_2447", "name": "pagefile_0x00000000001b0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1769472, "timestamp": "00:01:06.864", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 1900544, "type": "region", "version": 1 }, "end_va": 1966079, "entry_point": 0, "filename": null, "id": "region_2448", "name": "private_0x00000000001d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1900544, "timestamp": "00:01:06.864", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2031616, "type": "region", "version": 1 }, "end_va": 3080191, "entry_point": 0, "filename": null, "id": "region_2449", "name": "private_0x00000000001f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2031616, "timestamp": "00:01:06.864", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 3080192, "type": "region", "version": 1 }, "end_va": 4128767, "entry_point": 0, "filename": null, "id": "region_2450", "name": "private_0x00000000002f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 3080192, "timestamp": "00:01:06.864", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 4194304, "type": "region", "version": 1 }, "end_va": 5242879, "entry_point": 0, "filename": null, "id": "region_2451", "name": "private_0x0000000000400000", "norm_filename": null, "region_type": "private_memory", "start_va": 4194304, "timestamp": "00:01:06.864", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 5242880, "type": "region", "version": 1 }, "end_va": 6848511, "entry_point": 0, "filename": null, "id": "region_2452", "name": "pagefile_0x0000000000500000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 5242880, "timestamp": "00:01:06.864", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 6881280, "type": "region", "version": 1 }, "end_va": 8458239, "entry_point": 0, "filename": null, "id": "region_2453", "name": "pagefile_0x0000000000690000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 6881280, "timestamp": "00:01:06.864", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 9437184, "type": "region", "version": 1 }, "end_va": 10485759, "entry_point": 0, "filename": null, "id": "region_2454", "name": "private_0x0000000000900000", "norm_filename": null, "region_type": "private_memory", "start_va": 9437184, "timestamp": "00:01:06.864", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 10485760, "type": "region", "version": 1 }, "end_va": 11534335, "entry_point": 0, "filename": null, "id": "region_2455", "name": "private_0x0000000000a00000", "norm_filename": null, "region_type": "private_memory", "start_va": 10485760, "timestamp": "00:01:06.864", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 11534336, "type": "region", "version": 1 }, "end_va": 12582911, "entry_point": 0, "filename": null, "id": "region_2456", "name": "private_0x0000000000b00000", "norm_filename": null, "region_type": "private_memory", "start_va": 11534336, "timestamp": "00:01:06.864", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2945024, "start_va": 12582912, "type": "region", "version": 1 }, "end_va": 15527935, "entry_point": 12582912, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_2457", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 12582912, "timestamp": "00:01:06.864", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 16515072, "type": "region", "version": 1 }, "end_va": 17563647, "entry_point": 0, "filename": null, "id": "region_2458", "name": "private_0x0000000000fc0000", "norm_filename": null, "region_type": "private_memory", "start_va": 16515072, "timestamp": "00:01:06.864", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 18153472, "type": "region", "version": 1 }, "end_va": 19202047, "entry_point": 0, "filename": null, "id": "region_2459", "name": "private_0x0000000001150000", "norm_filename": null, "region_type": "private_memory", "start_va": 18153472, "timestamp": "00:01:06.865", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 19398656, "type": "region", "version": 1 }, "end_va": 20447231, "entry_point": 0, "filename": null, "id": "region_2460", "name": "private_0x0000000001280000", "norm_filename": null, "region_type": "private_memory", "start_va": 19398656, "timestamp": "00:01:06.865", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1024000, "start_va": 2005467136, "type": "region", "version": 1 }, "end_va": 2006491135, "entry_point": 2005574344, "filename": "\\Windows\\System32\\user32.dll", "id": "region_2461", "name": "user32.dll", "norm_filename": "c:\\windows\\system32\\user32.dll", "region_type": "memory_mapped_file", "start_va": 2005467136, "timestamp": "00:01:06.865", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1175552, "start_va": 2006515712, "type": "region", "version": 1 }, "end_va": 2007691263, "entry_point": 2006605472, "filename": "\\Windows\\System32\\kernel32.dll", "id": "region_2462", "name": "kernel32.dll", "norm_filename": "c:\\windows\\system32\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 2006515712, "timestamp": "00:01:06.865", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 2007695360, "type": "region", "version": 1 }, "end_va": 2009436159, "entry_point": 2007695360, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_2463", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2007695360, "timestamp": "00:01:06.866", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2131623935, "entry_point": 0, "filename": null, "id": "region_2464", "name": "pagefile_0x000000007efe0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130575360, "timestamp": "00:01:06.866", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 15728640, "start_va": 2131623936, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_2465", "name": "private_0x000000007f0e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2131623936, "timestamp": "00:01:06.867", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable" ], "ref_process_dump": null, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_2466", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:01:06.867", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 28672, "start_va": 4285530112, "type": "region", "version": 1 }, "end_va": 4285558783, "entry_point": 4285530112, "filename": "\\Windows\\System32\\dllhost.exe", "id": "region_2467", "name": "dllhost.exe", "norm_filename": "c:\\windows\\system32\\dllhost.exe", "region_type": "memory_mapped_file", "start_va": 4285530112, "timestamp": "00:01:06.867", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 73728, "start_va": 8791712595968, "type": "region", "version": 1 }, "end_va": 8791712669695, "entry_point": 8791712595968, "filename": "\\Windows\\System32\\IDStore.dll", "id": "region_2468", "name": "idstore.dll", "norm_filename": "c:\\windows\\system32\\idstore.dll", "region_type": "memory_mapped_file", "start_va": 8791712595968, "timestamp": "00:01:06.874", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 655360, "start_va": 8791712727040, "type": "region", "version": 1 }, "end_va": 8791713382399, "entry_point": 8791712727040, "filename": "\\Windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_a4d6a923711520a9\\comctl32.dll", "id": "region_2469", "name": "comctl32.dll", "norm_filename": "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_a4d6a923711520a9\\comctl32.dll", "region_type": "memory_mapped_file", "start_va": 8791712727040, "timestamp": "00:01:06.884", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 118784, "start_va": 8791735861248, "type": "region", "version": 1 }, "end_va": 8791735980031, "entry_point": 8791735869172, "filename": "\\Windows\\System32\\samlib.dll", "id": "region_2470", "name": "samlib.dll", "norm_filename": "c:\\windows\\system32\\samlib.dll", "region_type": "memory_mapped_file", "start_va": 8791735861248, "timestamp": "00:01:06.947", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 147456, "start_va": 8791735992320, "type": "region", "version": 1 }, "end_va": 8791736139775, "entry_point": 8791735996452, "filename": "\\Windows\\System32\\shacct.dll", "id": "region_2471", "name": "shacct.dll", "norm_filename": "c:\\windows\\system32\\shacct.dll", "region_type": "memory_mapped_file", "start_va": 8791735992320, "timestamp": "00:01:06.947", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 184320, "start_va": 8791741366272, "type": "region", "version": 1 }, "end_va": 8791741550591, "entry_point": 8791741370384, "filename": "\\Windows\\System32\\ntmarta.dll", "id": "region_2472", "name": "ntmarta.dll", "norm_filename": "c:\\windows\\system32\\ntmarta.dll", "region_type": "memory_mapped_file", "start_va": 8791741366272, "timestamp": "00:01:06.948", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 122880, "start_va": 8791745232896, "type": "region", "version": 1 }, "end_va": 8791745355775, "entry_point": 8791745237944, "filename": "\\Windows\\System32\\userenv.dll", "id": "region_2473", "name": "userenv.dll", "norm_filename": "c:\\windows\\system32\\userenv.dll", "region_type": "memory_mapped_file", "start_va": 8791745232896, "timestamp": "00:01:06.948", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 290816, "start_va": 8791747657728, "type": "region", "version": 1 }, "end_va": 8791747948543, "entry_point": 8791747661924, "filename": "\\Windows\\System32\\rsaenh.dll", "id": "region_2474", "name": "rsaenh.dll", "norm_filename": "c:\\windows\\system32\\rsaenh.dll", "region_type": "memory_mapped_file", "start_va": 8791747657728, "timestamp": "00:01:06.949", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 94208, "start_va": 8791750803456, "type": "region", "version": 1 }, "end_va": 8791750897663, "entry_point": 8791750816440, "filename": "\\Windows\\System32\\cryptsp.dll", "id": "region_2475", "name": "cryptsp.dll", "norm_filename": "c:\\windows\\system32\\cryptsp.dll", "region_type": "memory_mapped_file", "start_va": 8791750803456, "timestamp": "00:01:06.950", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 61440, "start_va": 8791757094912, "type": "region", "version": 1 }, "end_va": 8791757156351, "entry_point": 8791757099024, "filename": "\\Windows\\System32\\cryptbase.dll", "id": "region_2476", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\system32\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 8791757094912, "timestamp": "00:01:06.950", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 81920, "start_va": 8791758077952, "type": "region", "version": 1 }, "end_va": 8791758159871, "entry_point": 8791758082272, "filename": "\\Windows\\System32\\RpcRtRemote.dll", "id": "region_2477", "name": "rpcrtremote.dll", "norm_filename": "c:\\windows\\system32\\rpcrtremote.dll", "region_type": "memory_mapped_file", "start_va": 8791758077952, "timestamp": "00:01:06.951", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 61440, "start_va": 8791758209024, "type": "region", "version": 1 }, "end_va": 8791758270463, "entry_point": 8791758215600, "filename": "\\Windows\\System32\\profapi.dll", "id": "region_2478", "name": "profapi.dll", "norm_filename": "c:\\windows\\system32\\profapi.dll", "region_type": "memory_mapped_file", "start_va": 8791758209024, "timestamp": "00:01:06.952", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 438272, "start_va": 8791759060992, "type": "region", "version": 1 }, "end_va": 8791759499263, "entry_point": 8791759073504, "filename": "\\Windows\\System32\\KernelBase.dll", "id": "region_2479", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\system32\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 8791759060992, "timestamp": "00:01:06.954", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 823296, "start_va": 8791762206720, "type": "region", "version": 1 }, "end_va": 8791763030015, "entry_point": 8791762708596, "filename": "\\Windows\\System32\\usp10.dll", "id": "region_2480", "name": "usp10.dll", "norm_filename": "c:\\windows\\system32\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 8791762206720, "timestamp": "00:01:06.955", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 335872, "start_va": 8791763058688, "type": "region", "version": 1 }, "end_va": 8791763394559, "entry_point": 8791763062996, "filename": "\\Windows\\System32\\Wldap32.dll", "id": "region_2481", "name": "wldap32.dll", "norm_filename": "c:\\windows\\system32\\wldap32.dll", "region_type": "memory_mapped_file", "start_va": 8791763058688, "timestamp": "00:01:06.956", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1085440, "start_va": 8791763451904, "type": "region", "version": 1 }, "end_va": 8791764537343, "entry_point": 8791763456100, "filename": "\\Windows\\System32\\msctf.dll", "id": "region_2482", "name": "msctf.dll", "norm_filename": "c:\\windows\\system32\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 8791763451904, "timestamp": "00:01:06.956", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 57344, "start_va": 8791764566016, "type": "region", "version": 1 }, "end_va": 8791764623359, "entry_point": 8791764570240, "filename": "\\Windows\\System32\\lpk.dll", "id": "region_2483", "name": "lpk.dll", "norm_filename": "c:\\windows\\system32\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 8791764566016, "timestamp": "00:01:06.957", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 126976, "start_va": 8791765876736, "type": "region", "version": 1 }, "end_va": 8791766003711, "entry_point": 8791765901544, "filename": "\\Windows\\System32\\sechost.dll", "id": "region_2484", "name": "sechost.dll", "norm_filename": "c:\\windows\\system32\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 8791765876736, "timestamp": "00:01:06.957", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 188416, "start_va": 8791766007808, "type": "region", "version": 1 }, "end_va": 8791766196223, "entry_point": 8791766011920, "filename": "\\Windows\\System32\\imm32.dll", "id": "region_2485", "name": "imm32.dll", "norm_filename": "c:\\windows\\system32\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 8791766007808, "timestamp": "00:01:06.958", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 14188544, "start_va": 8791767777280, "type": "region", "version": 1 }, "end_va": 8791781965823, "entry_point": 8791768288956, "filename": "\\Windows\\System32\\shell32.dll", "id": "region_2486", "name": "shell32.dll", "norm_filename": "c:\\windows\\system32\\shell32.dll", "region_type": "memory_mapped_file", "start_va": 8791767777280, "timestamp": "00:01:06.959", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 880640, "start_va": 8791784685568, "type": "region", "version": 1 }, "end_va": 8791785566207, "entry_point": 8791784698484, "filename": "\\Windows\\System32\\oleaut32.dll", "id": "region_2487", "name": "oleaut32.dll", "norm_filename": "c:\\windows\\system32\\oleaut32.dll", "region_type": "memory_mapped_file", "start_va": 8791784685568, "timestamp": "00:01:06.959", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 897024, "start_va": 8791785603072, "type": "region", "version": 1 }, "end_va": 8791786500095, "entry_point": 8791785736032, "filename": "\\Windows\\System32\\advapi32.dll", "id": "region_2488", "name": "advapi32.dll", "norm_filename": "c:\\windows\\system32\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 8791785603072, "timestamp": "00:01:06.960", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1232896, "start_va": 8791786520576, "type": "region", "version": 1 }, "end_va": 8791787753471, "entry_point": 8791786843472, "filename": "\\Windows\\System32\\rpcrt4.dll", "id": "region_2489", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\system32\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 8791786520576, "timestamp": "00:01:06.961", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 626688, "start_va": 8791790256128, "type": "region", "version": 1 }, "end_va": 8791790882815, "entry_point": 8791790263312, "filename": "\\Windows\\System32\\clbcatq.dll", "id": "region_2490", "name": "clbcatq.dll", "norm_filename": "c:\\windows\\system32\\clbcatq.dll", "region_type": "memory_mapped_file", "start_va": 8791790256128, "timestamp": "00:01:06.961", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 651264, "start_va": 8791791435776, "type": "region", "version": 1 }, "end_va": 8791792087039, "entry_point": 8791791445408, "filename": "\\Windows\\System32\\msvcrt.dll", "id": "region_2491", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\system32\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 8791791435776, "timestamp": "00:01:06.962", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2109440, "start_va": 8791792091136, "type": "region", "version": 1 }, "end_va": 8791794200575, "entry_point": 8791792235312, "filename": "\\Windows\\System32\\ole32.dll", "id": "region_2492", "name": "ole32.dll", "norm_filename": "c:\\windows\\system32\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 8791792091136, "timestamp": "00:01:06.963", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 462848, "start_va": 8791794253824, "type": "region", "version": 1 }, "end_va": 8791794716671, "entry_point": 8791794327072, "filename": "\\Windows\\System32\\shlwapi.dll", "id": "region_2493", "name": "shlwapi.dll", "norm_filename": "c:\\windows\\system32\\shlwapi.dll", "region_type": "memory_mapped_file", "start_va": 8791794253824, "timestamp": "00:01:06.963", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 421888, "start_va": 8791794778112, "type": "region", "version": 1 }, "end_va": 8791795199999, "entry_point": 8791794823228, "filename": "\\Windows\\System32\\gdi32.dll", "id": "region_2494", "name": "gdi32.dll", "norm_filename": "c:\\windows\\system32\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 8791794778112, "timestamp": "00:01:06.964", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 8791795761152, "type": "region", "version": 1 }, "end_va": 8791795765247, "entry_point": 8791795761152, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_2495", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 8791795761152, "timestamp": "00:01:06.965", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 8796092694528, "type": "region", "version": 1 }, "end_va": 8796092837887, "entry_point": 0, "filename": null, "id": "region_2496", "name": "pagefile_0x000007fffffb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 8796092694528, "timestamp": "00:01:06.967", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092837888, "type": "region", "version": 1 }, "end_va": 8796092846079, "entry_point": 0, "filename": null, "id": "region_2497", "name": "private_0x000007fffffd3000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092837888, "timestamp": "00:01:06.967", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092846080, "type": "region", "version": 1 }, "end_va": 8796092854271, "entry_point": 0, "filename": null, "id": "region_2498", "name": "private_0x000007fffffd5000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092846080, "timestamp": "00:01:06.967", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092854272, "type": "region", "version": 1 }, "end_va": 8796092862463, "entry_point": 0, "filename": null, "id": "region_2499", "name": "private_0x000007fffffd7000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092854272, "timestamp": "00:01:06.967", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 8796092862464, "type": "region", "version": 1 }, "end_va": 8796092866559, "entry_point": 0, "filename": null, "id": "region_2500", "name": "private_0x000007fffffd9000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092862464, "timestamp": "00:01:06.967", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092866560, "type": "region", "version": 1 }, "end_va": 8796092874751, "entry_point": 0, "filename": null, "id": "region_2501", "name": "private_0x000007fffffda000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092866560, "timestamp": "00:01:06.967", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092874752, "type": "region", "version": 1 }, "end_va": 8796092882943, "entry_point": 0, "filename": null, "id": "region_2502", "name": "private_0x000007fffffdc000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092874752, "timestamp": "00:01:06.967", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092882944, "type": "region", "version": 1 }, "end_va": 8796092891135, "entry_point": 0, "filename": null, "id": "region_2503", "name": "private_0x000007fffffde000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092882944, "timestamp": "00:01:06.967", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "C:\\Windows\\System32\\spoolsv.exe", "filename": "c:\\windows\\system32\\spoolsv.exe", "id": "proc_39", "image_name": "spoolsv.exe", "monitor_reason": "child_process", "monitored_id": 39, "origin_monitor_id": 26, "ref_parent_process": { "ref_id": "proc_26", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_2617", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:01:08.662", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 28672, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 159743, "entry_point": 0, "filename": null, "id": "region_2618", "name": "pagefile_0x0000000000020000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 131072, "timestamp": "00:01:08.662", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 212991, "entry_point": 0, "filename": null, "id": "region_2619", "name": "pagefile_0x0000000000030000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 196608, "timestamp": "00:01:08.662", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 266239, "entry_point": 0, "filename": null, "id": "region_2620", "name": "pagefile_0x0000000000040000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 262144, "timestamp": "00:01:08.662", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 327680, "type": "region", "version": 1 }, "end_va": 749567, "entry_point": 327680, "filename": "\\Windows\\System32\\locale.nls", "id": "region_2621", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 327680, "timestamp": "00:01:08.662", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 786432, "type": "region", "version": 1 }, "end_va": 794623, "entry_point": 0, "filename": null, "id": "region_2622", "name": "pagefile_0x00000000000c0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 786432, "timestamp": "00:01:08.662", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 851968, "type": "region", "version": 1 }, "end_va": 856063, "entry_point": 0, "filename": null, "id": "region_2623", "name": "private_0x00000000000d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 851968, "timestamp": "00:01:08.662", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 917504, "type": "region", "version": 1 }, "end_va": 921599, "entry_point": 0, "filename": null, "id": "region_2624", "name": "private_0x00000000000e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 917504, "timestamp": "00:01:08.662", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 983040, "type": "region", "version": 1 }, "end_va": 987135, "entry_point": 0, "filename": null, "id": "region_2625", "name": "private_0x00000000000f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 983040, "timestamp": "00:01:08.662", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 1048576, "type": "region", "version": 1 }, "end_va": 1052671, "entry_point": 0, "filename": null, "id": "region_2626", "name": "pagefile_0x0000000000100000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1048576, "timestamp": "00:01:08.662", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 1114112, "type": "region", "version": 1 }, "end_va": 1376255, "entry_point": 0, "filename": null, "id": "region_2627", "name": "private_0x0000000000110000", "norm_filename": null, "region_type": "private_memory", "start_va": 1114112, "timestamp": "00:01:08.662", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 1376256, "type": "region", "version": 1 }, "end_va": 2424831, "entry_point": 0, "filename": null, "id": "region_2628", "name": "private_0x0000000000150000", "norm_filename": null, "region_type": "private_memory", "start_va": 1376256, "timestamp": "00:01:08.662", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 2424832, "type": "region", "version": 1 }, "end_va": 2428927, "entry_point": 0, "filename": null, "id": "region_2629", "name": "pagefile_0x0000000000250000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2424832, "timestamp": "00:01:08.662", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 2490368, "type": "region", "version": 1 }, "end_va": 2494463, "entry_point": 2490368, "filename": "\\Windows\\System32\\msxml6r.dll", "id": "region_2630", "name": "msxml6r.dll", "norm_filename": "c:\\windows\\system32\\msxml6r.dll", "region_type": "memory_mapped_file", "start_va": 2490368, "timestamp": "00:01:08.662", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "" ], "ref_process_dump": null, "size": 131072, "start_va": 2555904, "type": "region", "version": 1 }, "end_va": 2686975, "entry_point": 0, "filename": null, "id": "region_2631", "name": "private_0x0000000000270000", "norm_filename": null, "region_type": "private_memory", "start_va": 2555904, "timestamp": "00:01:08.671", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 2752512, "type": "region", "version": 1 }, "end_va": 2818047, "entry_point": 0, "filename": null, "id": "region_2632", "name": "private_0x00000000002a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2752512, "timestamp": "00:01:08.671", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 3211264, "type": "region", "version": 1 }, "end_va": 4259839, "entry_point": 0, "filename": null, "id": "region_2633", "name": "private_0x0000000000310000", "norm_filename": null, "region_type": "private_memory", "start_va": 3211264, "timestamp": "00:01:08.671", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 4259840, "type": "region", "version": 1 }, "end_va": 5865471, "entry_point": 0, "filename": null, "id": "region_2634", "name": "pagefile_0x0000000000410000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 4259840, "timestamp": "00:01:08.671", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 5898240, "type": "region", "version": 1 }, "end_va": 7475199, "entry_point": 0, "filename": null, "id": "region_2635", "name": "pagefile_0x00000000005a0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 5898240, "timestamp": "00:01:08.671", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20971520, "start_va": 7536640, "type": "region", "version": 1 }, "end_va": 28508159, "entry_point": 0, "filename": null, "id": "region_2636", "name": "pagefile_0x0000000000730000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 7536640, "timestamp": "00:01:08.672", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4141056, "start_va": 28508160, "type": "region", "version": 1 }, "end_va": 32649215, "entry_point": 0, "filename": null, "id": "region_2637", "name": "pagefile_0x0000000001b30000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 28508160, "timestamp": "00:01:08.672", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 32899072, "type": "region", "version": 1 }, "end_va": 33161215, "entry_point": 0, "filename": null, "id": "region_2638", "name": "private_0x0000000001f60000", "norm_filename": null, "region_type": "private_memory", "start_va": 32899072, "timestamp": "00:01:08.672", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 33226752, "type": "region", "version": 1 }, "end_va": 33488895, "entry_point": 0, "filename": null, "id": "region_2639", "name": "private_0x0000000001fb0000", "norm_filename": null, "region_type": "private_memory", "start_va": 33226752, "timestamp": "00:01:08.672", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 33619968, "type": "region", "version": 1 }, "end_va": 34144255, "entry_point": 0, "filename": null, "id": "region_2640", "name": "private_0x0000000002010000", "norm_filename": null, "region_type": "private_memory", "start_va": 33619968, "timestamp": "00:01:08.672", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 34209792, "type": "region", "version": 1 }, "end_va": 34734079, "entry_point": 0, "filename": null, "id": "region_2641", "name": "private_0x00000000020a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 34209792, "timestamp": "00:01:08.672", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 34930688, "type": "region", "version": 1 }, "end_va": 35192831, "entry_point": 0, "filename": null, "id": "region_2642", "name": "private_0x0000000002150000", "norm_filename": null, "region_type": "private_memory", "start_va": 34930688, "timestamp": "00:01:08.672", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 35192832, "type": "region", "version": 1 }, "end_va": 35454975, "entry_point": 0, "filename": null, "id": "region_2643", "name": "private_0x0000000002190000", "norm_filename": null, "region_type": "private_memory", "start_va": 35192832, "timestamp": "00:01:08.672", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 35913728, "type": "region", "version": 1 }, "end_va": 36175871, "entry_point": 0, "filename": null, "id": "region_2644", "name": "private_0x0000000002240000", "norm_filename": null, "region_type": "private_memory", "start_va": 35913728, "timestamp": "00:01:08.672", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 36306944, "type": "region", "version": 1 }, "end_va": 36372479, "entry_point": 0, "filename": null, "id": "region_2645", "name": "private_0x00000000022a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 36306944, "timestamp": "00:01:08.672", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 36700160, "type": "region", "version": 1 }, "end_va": 36962303, "entry_point": 0, "filename": null, "id": "region_2646", "name": "private_0x0000000002300000", "norm_filename": null, "region_type": "private_memory", "start_va": 36700160, "timestamp": "00:01:08.672", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2945024, "start_va": 36962304, "type": "region", "version": 1 }, "end_va": 39907327, "entry_point": 36962304, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_2647", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 36962304, "timestamp": "00:01:08.672", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 39976960, "type": "region", "version": 1 }, "end_va": 40239103, "entry_point": 0, "filename": null, "id": "region_2648", "name": "private_0x0000000002620000", "norm_filename": null, "region_type": "private_memory", "start_va": 39976960, "timestamp": "00:01:08.673", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 40239104, "type": "region", "version": 1 }, "end_va": 40501247, "entry_point": 0, "filename": null, "id": "region_2649", "name": "private_0x0000000002660000", "norm_filename": null, "region_type": "private_memory", "start_va": 40239104, "timestamp": "00:01:08.673", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 40501248, "type": "region", "version": 1 }, "end_va": 40566783, "entry_point": 0, "filename": null, "id": "region_2650", "name": "private_0x00000000026a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 40501248, "timestamp": "00:01:08.673", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 41287680, "type": "region", "version": 1 }, "end_va": 41811967, "entry_point": 0, "filename": null, "id": "region_2651", "name": "private_0x0000000002760000", "norm_filename": null, "region_type": "private_memory", "start_va": 41287680, "timestamp": "00:01:08.673", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1052672, "start_va": 41811968, "type": "region", "version": 1 }, "end_va": 42864639, "entry_point": 0, "filename": null, "id": "region_2652", "name": "private_0x00000000027e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 41811968, "timestamp": "00:01:08.673", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 786432, "start_va": 42926080, "type": "region", "version": 1 }, "end_va": 43712511, "entry_point": 42926080, "filename": "\\Windows\\System32\\en-US\\KernelBase.dll.mui", "id": "region_2653", "name": "kernelbase.dll.mui", "norm_filename": "c:\\windows\\system32\\en-us\\kernelbase.dll.mui", "region_type": "memory_mapped_file", "start_va": 42926080, "timestamp": "00:01:08.673", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 43712512, "type": "region", "version": 1 }, "end_va": 44236799, "entry_point": 0, "filename": null, "id": "region_2654", "name": "private_0x00000000029b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 43712512, "timestamp": "00:01:08.673", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 44236800, "type": "region", "version": 1 }, "end_va": 45285375, "entry_point": 0, "filename": null, "id": "region_2655", "name": "private_0x0000000002a30000", "norm_filename": null, "region_type": "private_memory", "start_va": 44236800, "timestamp": "00:01:08.673", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 45481984, "type": "region", "version": 1 }, "end_va": 45744127, "entry_point": 0, "filename": null, "id": "region_2656", "name": "private_0x0000000002b60000", "norm_filename": null, "region_type": "private_memory", "start_va": 45481984, "timestamp": "00:01:08.673", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 45744128, "type": "region", "version": 1 }, "end_va": 46268415, "entry_point": 0, "filename": null, "id": "region_2657", "name": "private_0x0000000002ba0000", "norm_filename": null, "region_type": "private_memory", "start_va": 45744128, "timestamp": "00:01:08.673", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 46858240, "type": "region", "version": 1 }, "end_va": 47120383, "entry_point": 0, "filename": null, "id": "region_2658", "name": "private_0x0000000002cb0000", "norm_filename": null, "region_type": "private_memory", "start_va": 46858240, "timestamp": "00:01:08.673", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 47775744, "type": "region", "version": 1 }, "end_va": 48300031, "entry_point": 0, "filename": null, "id": "region_2659", "name": "private_0x0000000002d90000", "norm_filename": null, "region_type": "private_memory", "start_va": 47775744, "timestamp": "00:01:08.674", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 49872896, "type": "region", "version": 1 }, "end_va": 50397183, "entry_point": 0, "filename": null, "id": "region_2660", "name": "private_0x0000000002f90000", "norm_filename": null, "region_type": "private_memory", "start_va": 49872896, "timestamp": "00:01:08.674", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4194304, "start_va": 50397184, "type": "region", "version": 1 }, "end_va": 54591487, "entry_point": 0, "filename": null, "id": "region_2661", "name": "private_0x0000000003010000", "norm_filename": null, "region_type": "private_memory", "start_va": 50397184, "timestamp": "00:01:08.674", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1024000, "start_va": 2005467136, "type": "region", "version": 1 }, "end_va": 2006491135, "entry_point": 2005574344, "filename": "\\Windows\\System32\\user32.dll", "id": "region_2662", "name": "user32.dll", "norm_filename": "c:\\windows\\system32\\user32.dll", "region_type": "memory_mapped_file", "start_va": 2005467136, "timestamp": "00:01:08.674", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1175552, "start_va": 2006515712, "type": "region", "version": 1 }, "end_va": 2007691263, "entry_point": 2006605472, "filename": "\\Windows\\System32\\kernel32.dll", "id": "region_2663", "name": "kernel32.dll", "norm_filename": "c:\\windows\\system32\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 2006515712, "timestamp": "00:01:08.674", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 2007695360, "type": "region", "version": 1 }, "end_va": 2009436159, "entry_point": 2007695360, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_2664", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2007695360, "timestamp": "00:01:08.675", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2131623935, "entry_point": 0, "filename": null, "id": "region_2665", "name": "pagefile_0x000000007efe0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130575360, "timestamp": "00:01:08.676", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 15728640, "start_va": 2131623936, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_2666", "name": "private_0x000000007f0e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2131623936, "timestamp": "00:01:08.676", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable" ], "ref_process_dump": null, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_2667", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:01:08.676", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 573440, "start_va": 4286709760, "type": "region", "version": 1 }, "end_va": 4287283199, "entry_point": 4286709760, "filename": "\\Windows\\System32\\spoolsv.exe", "id": "region_2668", "name": "spoolsv.exe", "norm_filename": "c:\\windows\\system32\\spoolsv.exe", "region_type": "memory_mapped_file", "start_va": 4286709760, "timestamp": "00:01:08.676", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 65536, "start_va": 8791662985216, "type": "region", "version": 1 }, "end_va": 8791663050751, "entry_point": 8791662985216, "filename": "\\Windows\\System32\\fdPnp.dll", "id": "region_2669", "name": "fdpnp.dll", "norm_filename": "c:\\windows\\system32\\fdpnp.dll", "region_type": "memory_mapped_file", "start_va": 8791662985216, "timestamp": "00:01:08.688", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 208896, "start_va": 8791663050752, "type": "region", "version": 1 }, "end_va": 8791663259647, "entry_point": 8791663050752, "filename": "\\Windows\\System32\\fundisc.dll", "id": "region_2670", "name": "fundisc.dll", "norm_filename": "c:\\windows\\system32\\fundisc.dll", "region_type": "memory_mapped_file", "start_va": 8791663050752, "timestamp": "00:01:08.700", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1175552, "start_va": 8791663312896, "type": "region", "version": 1 }, "end_va": 8791664488447, "entry_point": 8791663312896, "filename": "\\Windows\\System32\\webservices.dll", "id": "region_2671", "name": "webservices.dll", "norm_filename": "c:\\windows\\system32\\webservices.dll", "region_type": "memory_mapped_file", "start_va": 8791663312896, "timestamp": "00:01:08.713", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 593920, "start_va": 8791664492544, "type": "region", "version": 1 }, "end_va": 8791665086463, "entry_point": 8791664492544, "filename": "\\Windows\\System32\\WSDApi.dll", "id": "region_2672", "name": "wsdapi.dll", "norm_filename": "c:\\windows\\system32\\wsdapi.dll", "region_type": "memory_mapped_file", "start_va": 8791664492544, "timestamp": "00:01:08.725", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 237568, "start_va": 8791665147904, "type": "region", "version": 1 }, "end_va": 8791665385471, "entry_point": 8791665147904, "filename": "\\Windows\\System32\\WSDMon.dll", "id": "region_2673", "name": "wsdmon.dll", "norm_filename": "c:\\windows\\system32\\wsdmon.dll", "region_type": "memory_mapped_file", "start_va": 8791665147904, "timestamp": "00:01:08.734", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 28672, "start_va": 8791665410048, "type": "region", "version": 1 }, "end_va": 8791665438719, "entry_point": 8791665410048, "filename": "\\Windows\\System32\\WlS0WndH.dll", "id": "region_2674", "name": "wls0wndh.dll", "norm_filename": "c:\\windows\\system32\\wls0wndh.dll", "region_type": "memory_mapped_file", "start_va": 8791665410048, "timestamp": "00:01:08.743", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 61440, "start_va": 8791674126336, "type": "region", "version": 1 }, "end_va": 8791674187775, "entry_point": 8791674126336, "filename": "\\Windows\\System32\\usbmon.dll", "id": "region_2675", "name": "usbmon.dll", "norm_filename": "c:\\windows\\system32\\usbmon.dll", "region_type": "memory_mapped_file", "start_va": 8791674126336, "timestamp": "00:01:08.751", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2039808, "start_va": 8791674191872, "type": "region", "version": 1 }, "end_va": 8791676231679, "entry_point": 8791674191872, "filename": "\\Windows\\System32\\msxml6.dll", "id": "region_2676", "name": "msxml6.dll", "norm_filename": "c:\\windows\\system32\\msxml6.dll", "region_type": "memory_mapped_file", "start_va": 8791674191872, "timestamp": "00:01:08.761", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 81920, "start_va": 8791676289024, "type": "region", "version": 1 }, "end_va": 8791676370943, "entry_point": 8791676289024, "filename": "\\Windows\\System32\\wsnmp32.dll", "id": "region_2677", "name": "wsnmp32.dll", "norm_filename": "c:\\windows\\system32\\wsnmp32.dll", "region_type": "memory_mapped_file", "start_va": 8791676289024, "timestamp": "00:01:08.779", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 45056, "start_va": 8791676420096, "type": "region", "version": 1 }, "end_va": 8791676465151, "entry_point": 8791676420096, "filename": "\\Windows\\System32\\snmpapi.dll", "id": "region_2678", "name": "snmpapi.dll", "norm_filename": "c:\\windows\\system32\\snmpapi.dll", "region_type": "memory_mapped_file", "start_va": 8791676420096, "timestamp": "00:01:08.788", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 212992, "start_va": 8791676485632, "type": "region", "version": 1 }, "end_va": 8791676698623, "entry_point": 8791676485632, "filename": "\\Windows\\System32\\tcpmon.dll", "id": "region_2679", "name": "tcpmon.dll", "norm_filename": "c:\\windows\\system32\\tcpmon.dll", "region_type": "memory_mapped_file", "start_va": 8791676485632, "timestamp": "00:01:08.796", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 57344, "start_va": 8791676747776, "type": "region", "version": 1 }, "end_va": 8791676805119, "entry_point": 8791676747776, "filename": "\\Windows\\System32\\FXSMON.dll", "id": "region_2680", "name": "fxsmon.dll", "norm_filename": "c:\\windows\\system32\\fxsmon.dll", "region_type": "memory_mapped_file", "start_va": 8791676747776, "timestamp": "00:01:08.809", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 65536, "start_va": 8791676813312, "type": "region", "version": 1 }, "end_va": 8791676878847, "entry_point": 8791676813312, "filename": "\\Windows\\System32\\PrintIsolationProxy.dll", "id": "region_2681", "name": "printisolationproxy.dll", "norm_filename": "c:\\windows\\system32\\printisolationproxy.dll", "region_type": "memory_mapped_file", "start_va": 8791676813312, "timestamp": "00:01:08.817", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 462848, "start_va": 8791676878848, "type": "region", "version": 1 }, "end_va": 8791677341695, "entry_point": 8791676878848, "filename": "\\Windows\\System32\\winspool.drv", "id": "region_2682", "name": "winspool.drv", "norm_filename": "c:\\windows\\system32\\winspool.drv", "region_type": "memory_mapped_file", "start_va": 8791676878848, "timestamp": "00:01:08.826", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 73728, "start_va": 8791677403136, "type": "region", "version": 1 }, "end_va": 8791677476863, "entry_point": 8791677403136, "filename": "\\Windows\\System32\\spoolss.dll", "id": "region_2683", "name": "spoolss.dll", "norm_filename": "c:\\windows\\system32\\spoolss.dll", "region_type": "memory_mapped_file", "start_va": 8791677403136, "timestamp": "00:01:08.837", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 974848, "start_va": 8791677534208, "type": "region", "version": 1 }, "end_va": 8791678509055, "entry_point": 8791677534208, "filename": "\\Windows\\System32\\localspl.dll", "id": "region_2684", "name": "localspl.dll", "norm_filename": "c:\\windows\\system32\\localspl.dll", "region_type": "memory_mapped_file", "start_va": 8791677534208, "timestamp": "00:01:08.848", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 77824, "start_va": 8791678517248, "type": "region", "version": 1 }, "end_va": 8791678595071, "entry_point": 8791678517248, "filename": "\\Windows\\System32\\umb.dll", "id": "region_2685", "name": "umb.dll", "norm_filename": "c:\\windows\\system32\\umb.dll", "region_type": "memory_mapped_file", "start_va": 8791678517248, "timestamp": "00:01:08.859", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 8791679631360, "type": "region", "version": 1 }, "end_va": 8791679664127, "entry_point": 8791679631360, "filename": "\\Windows\\System32\\rasadhlp.dll", "id": "region_2686", "name": "rasadhlp.dll", "norm_filename": "c:\\windows\\system32\\rasadhlp.dll", "region_type": "memory_mapped_file", "start_va": 8791679631360, "timestamp": "00:01:08.868", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 339968, "start_va": 8791716528128, "type": "region", "version": 1 }, "end_va": 8791716868095, "entry_point": 8791716528128, "filename": "\\Windows\\System32\\FWPUCLNT.DLL", "id": "region_2687", "name": "fwpuclnt.dll", "norm_filename": "c:\\windows\\system32\\fwpuclnt.dll", "region_type": "memory_mapped_file", "start_va": 8791716528128, "timestamp": "00:01:08.877", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 45056, "start_va": 8791717904384, "type": "region", "version": 1 }, "end_va": 8791717949439, "entry_point": 8791717908888, "filename": "\\Windows\\System32\\winnsi.dll", "id": "region_2688", "name": "winnsi.dll", "norm_filename": "c:\\windows\\system32\\winnsi.dll", "region_type": "memory_mapped_file", "start_va": 8791717904384, "timestamp": "00:01:08.887", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 159744, "start_va": 8791717969920, "type": "region", "version": 1 }, "end_va": 8791718129663, "entry_point": 8791718009020, "filename": "\\Windows\\System32\\IPHLPAPI.DLL", "id": "region_2689", "name": "iphlpapi.dll", "norm_filename": "c:\\windows\\system32\\iphlpapi.dll", "region_type": "memory_mapped_file", "start_va": 8791717969920, "timestamp": "00:01:08.888", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 45056, "start_va": 8791718887424, "type": "region", "version": 1 }, "end_va": 8791718932479, "entry_point": 8791718907788, "filename": "\\Windows\\System32\\slc.dll", "id": "region_2690", "name": "slc.dll", "norm_filename": "c:\\windows\\system32\\slc.dll", "region_type": "memory_mapped_file", "start_va": 8791718887424, "timestamp": "00:01:08.888", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 8791719084032, "type": "region", "version": 1 }, "end_va": 8791719186431, "entry_point": 8791719088552, "filename": "\\Windows\\System32\\atl.dll", "id": "region_2691", "name": "atl.dll", "norm_filename": "c:\\windows\\system32\\atl.dll", "region_type": "memory_mapped_file", "start_va": 8791719084032, "timestamp": "00:01:08.889", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 180224, "start_va": 8791723081728, "type": "region", "version": 1 }, "end_va": 8791723261951, "entry_point": 8791723087300, "filename": "\\Windows\\System32\\powrprof.dll", "id": "region_2692", "name": "powrprof.dll", "norm_filename": "c:\\windows\\system32\\powrprof.dll", "region_type": "memory_mapped_file", "start_va": 8791723081728, "timestamp": "00:01:08.889", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 69632, "start_va": 8791728128000, "type": "region", "version": 1 }, "end_va": 8791728197631, "entry_point": 8791728132208, "filename": "\\Windows\\System32\\wtsapi32.dll", "id": "region_2693", "name": "wtsapi32.dll", "norm_filename": "c:\\windows\\system32\\wtsapi32.dll", "region_type": "memory_mapped_file", "start_va": 8791728128000, "timestamp": "00:01:08.890", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 8791743266816, "type": "region", "version": 1 }, "end_va": 8791743315967, "entry_point": 8791743271012, "filename": "\\Windows\\System32\\version.dll", "id": "region_2694", "name": "version.dll", "norm_filename": "c:\\windows\\system32\\version.dll", "region_type": "memory_mapped_file", "start_va": 8791743266816, "timestamp": "00:01:08.890", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 765952, "start_va": 8791743332352, "type": "region", "version": 1 }, "end_va": 8791744098303, "entry_point": 8791743360480, "filename": "\\Windows\\System32\\FirewallAPI.dll", "id": "region_2695", "name": "firewallapi.dll", "norm_filename": "c:\\windows\\system32\\firewallapi.dll", "region_type": "memory_mapped_file", "start_va": 8791743332352, "timestamp": "00:01:08.891", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 28672, "start_va": 8791744118784, "type": "region", "version": 1 }, "end_va": 8791744147455, "entry_point": 8791744124080, "filename": "\\Windows\\System32\\WSHTCPIP.DLL", "id": "region_2696", "name": "wshtcpip.dll", "norm_filename": "c:\\windows\\system32\\wshtcpip.dll", "region_type": "memory_mapped_file", "start_va": 8791744118784, "timestamp": "00:01:08.891", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 8791746609152, "type": "region", "version": 1 }, "end_va": 8791746650111, "entry_point": 8791746624696, "filename": "\\Windows\\System32\\credssp.dll", "id": "region_2697", "name": "credssp.dll", "norm_filename": "c:\\windows\\system32\\credssp.dll", "region_type": "memory_mapped_file", "start_va": 8791746609152, "timestamp": "00:01:08.892", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 372736, "start_va": 8791748837376, "type": "region", "version": 1 }, "end_va": 8791749210111, "entry_point": 8791748864320, "filename": "\\Windows\\System32\\dnsapi.dll", "id": "region_2698", "name": "dnsapi.dll", "norm_filename": "c:\\windows\\system32\\dnsapi.dll", "region_type": "memory_mapped_file", "start_va": 8791748837376, "timestamp": "00:01:08.893", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 28672, "start_va": 8791750344704, "type": "region", "version": 1 }, "end_va": 8791750373375, "entry_point": 8791750349868, "filename": "\\Windows\\System32\\wship6.dll", "id": "region_2699", "name": "wship6.dll", "norm_filename": "c:\\windows\\system32\\wship6.dll", "region_type": "memory_mapped_file", "start_va": 8791750344704, "timestamp": "00:01:08.893", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 348160, "start_va": 8791750410240, "type": "region", "version": 1 }, "end_va": 8791750758399, "entry_point": 8791750414420, "filename": "\\Windows\\System32\\mswsock.dll", "id": "region_2700", "name": "mswsock.dll", "norm_filename": "c:\\windows\\system32\\mswsock.dll", "region_type": "memory_mapped_file", "start_va": 8791750410240, "timestamp": "00:01:08.894", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 143360, "start_va": 8791756046336, "type": "region", "version": 1 }, "end_va": 8791756189695, "entry_point": 8791756050840, "filename": "\\Windows\\System32\\srvcli.dll", "id": "region_2701", "name": "srvcli.dll", "norm_filename": "c:\\windows\\system32\\srvcli.dll", "region_type": "memory_mapped_file", "start_va": 8791756046336, "timestamp": "00:01:08.894", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 45056, "start_va": 8791756701696, "type": "region", "version": 1 }, "end_va": 8791756746751, "entry_point": 8791756705840, "filename": "\\Windows\\System32\\secur32.dll", "id": "region_2702", "name": "secur32.dll", "norm_filename": "c:\\windows\\system32\\secur32.dll", "region_type": "memory_mapped_file", "start_va": 8791756701696, "timestamp": "00:01:08.895", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 151552, "start_va": 8791756898304, "type": "region", "version": 1 }, "end_va": 8791757049855, "entry_point": 8791756936792, "filename": "\\Windows\\System32\\sspicli.dll", "id": "region_2703", "name": "sspicli.dll", "norm_filename": "c:\\windows\\system32\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 8791756898304, "timestamp": "00:01:08.895", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 61440, "start_va": 8791757094912, "type": "region", "version": 1 }, "end_va": 8791757156351, "entry_point": 8791757099024, "filename": "\\Windows\\System32\\cryptbase.dll", "id": "region_2704", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\system32\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 8791757094912, "timestamp": "00:01:08.896", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 249856, "start_va": 8791757815808, "type": "region", "version": 1 }, "end_va": 8791758065663, "entry_point": 8791757822196, "filename": "\\Windows\\System32\\winsta.dll", "id": "region_2705", "name": "winsta.dll", "norm_filename": "c:\\windows\\system32\\winsta.dll", "region_type": "memory_mapped_file", "start_va": 8791757815808, "timestamp": "00:01:08.897", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 81920, "start_va": 8791758077952, "type": "region", "version": 1 }, "end_va": 8791758159871, "entry_point": 8791758082272, "filename": "\\Windows\\System32\\RpcRtRemote.dll", "id": "region_2706", "name": "rpcrtremote.dll", "norm_filename": "c:\\windows\\system32\\rpcrtremote.dll", "region_type": "memory_mapped_file", "start_va": 8791758077952, "timestamp": "00:01:08.897", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 61440, "start_va": 8791758864384, "type": "region", "version": 1 }, "end_va": 8791758925823, "entry_point": 8791758868512, "filename": "\\Windows\\System32\\msasn1.dll", "id": "region_2707", "name": "msasn1.dll", "norm_filename": "c:\\windows\\system32\\msasn1.dll", "region_type": "memory_mapped_file", "start_va": 8791758864384, "timestamp": "00:01:08.898", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 106496, "start_va": 8791758929920, "type": "region", "version": 1 }, "end_va": 8791759036415, "entry_point": 8791758935384, "filename": "\\Windows\\System32\\devobj.dll", "id": "region_2708", "name": "devobj.dll", "norm_filename": "c:\\windows\\system32\\devobj.dll", "region_type": "memory_mapped_file", "start_va": 8791758929920, "timestamp": "00:01:08.899", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 438272, "start_va": 8791759060992, "type": "region", "version": 1 }, "end_va": 8791759499263, "entry_point": 8791759073504, "filename": "\\Windows\\System32\\KernelBase.dll", "id": "region_2709", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\system32\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 8791759060992, "timestamp": "00:01:08.899", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 221184, "start_va": 8791759519744, "type": "region", "version": 1 }, "end_va": 8791759740927, "entry_point": 8791759524980, "filename": "\\Windows\\System32\\cfgmgr32.dll", "id": "region_2710", "name": "cfgmgr32.dll", "norm_filename": "c:\\windows\\system32\\cfgmgr32.dll", "region_type": "memory_mapped_file", "start_va": 8791759519744, "timestamp": "00:01:08.900", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 237568, "start_va": 8791759781888, "type": "region", "version": 1 }, "end_va": 8791760019455, "entry_point": 8791759786784, "filename": "\\Windows\\System32\\wintrust.dll", "id": "region_2711", "name": "wintrust.dll", "norm_filename": "c:\\windows\\system32\\wintrust.dll", "region_type": "memory_mapped_file", "start_va": 8791759781888, "timestamp": "00:01:08.900", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1470464, "start_va": 8791760044032, "type": "region", "version": 1 }, "end_va": 8791761514495, "entry_point": 8791760048320, "filename": "\\Windows\\System32\\crypt32.dll", "id": "region_2712", "name": "crypt32.dll", "norm_filename": "c:\\windows\\system32\\crypt32.dll", "region_type": "memory_mapped_file", "start_va": 8791760044032, "timestamp": "00:01:08.901", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 823296, "start_va": 8791762206720, "type": "region", "version": 1 }, "end_va": 8791763030015, "entry_point": 8791762708596, "filename": "\\Windows\\System32\\usp10.dll", "id": "region_2713", "name": "usp10.dll", "norm_filename": "c:\\windows\\system32\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 8791762206720, "timestamp": "00:01:08.901", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1085440, "start_va": 8791763451904, "type": "region", "version": 1 }, "end_va": 8791764537343, "entry_point": 8791763456100, "filename": "\\Windows\\System32\\msctf.dll", "id": "region_2714", "name": "msctf.dll", "norm_filename": "c:\\windows\\system32\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 8791763451904, "timestamp": "00:01:08.902", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 57344, "start_va": 8791764566016, "type": "region", "version": 1 }, "end_va": 8791764623359, "entry_point": 8791764570240, "filename": "\\Windows\\System32\\lpk.dll", "id": "region_2715", "name": "lpk.dll", "norm_filename": "c:\\windows\\system32\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 8791764566016, "timestamp": "00:01:08.903", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 126976, "start_va": 8791765876736, "type": "region", "version": 1 }, "end_va": 8791766003711, "entry_point": 8791765901544, "filename": "\\Windows\\System32\\sechost.dll", "id": "region_2716", "name": "sechost.dll", "norm_filename": "c:\\windows\\system32\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 8791765876736, "timestamp": "00:01:08.903", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 188416, "start_va": 8791766007808, "type": "region", "version": 1 }, "end_va": 8791766196223, "entry_point": 8791766011920, "filename": "\\Windows\\System32\\imm32.dll", "id": "region_2717", "name": "imm32.dll", "norm_filename": "c:\\windows\\system32\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 8791766007808, "timestamp": "00:01:08.904", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 8791781998592, "type": "region", "version": 1 }, "end_va": 8791782031359, "entry_point": 8791782003972, "filename": "\\Windows\\System32\\nsi.dll", "id": "region_2718", "name": "nsi.dll", "norm_filename": "c:\\windows\\system32\\nsi.dll", "region_type": "memory_mapped_file", "start_va": 8791781998592, "timestamp": "00:01:08.904", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1929216, "start_va": 8791782064128, "type": "region", "version": 1 }, "end_va": 8791783993343, "entry_point": 8791782068240, "filename": "\\Windows\\System32\\setupapi.dll", "id": "region_2719", "name": "setupapi.dll", "norm_filename": "c:\\windows\\system32\\setupapi.dll", "region_type": "memory_mapped_file", "start_va": 8791782064128, "timestamp": "00:01:08.905", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 880640, "start_va": 8791784685568, "type": "region", "version": 1 }, "end_va": 8791785566207, "entry_point": 8791784698484, "filename": "\\Windows\\System32\\oleaut32.dll", "id": "region_2720", "name": "oleaut32.dll", "norm_filename": "c:\\windows\\system32\\oleaut32.dll", "region_type": "memory_mapped_file", "start_va": 8791784685568, "timestamp": "00:01:08.906", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 897024, "start_va": 8791785603072, "type": "region", "version": 1 }, "end_va": 8791786500095, "entry_point": 8791785736032, "filename": "\\Windows\\System32\\advapi32.dll", "id": "region_2721", "name": "advapi32.dll", "norm_filename": "c:\\windows\\system32\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 8791785603072, "timestamp": "00:01:08.906", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1232896, "start_va": 8791786520576, "type": "region", "version": 1 }, "end_va": 8791787753471, "entry_point": 8791786843472, "filename": "\\Windows\\System32\\rpcrt4.dll", "id": "region_2722", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\system32\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 8791786520576, "timestamp": "00:01:08.907", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 626688, "start_va": 8791790256128, "type": "region", "version": 1 }, "end_va": 8791790882815, "entry_point": 8791790263312, "filename": "\\Windows\\System32\\clbcatq.dll", "id": "region_2723", "name": "clbcatq.dll", "norm_filename": "c:\\windows\\system32\\clbcatq.dll", "region_type": "memory_mapped_file", "start_va": 8791790256128, "timestamp": "00:01:08.907", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 651264, "start_va": 8791791435776, "type": "region", "version": 1 }, "end_va": 8791792087039, "entry_point": 8791791445408, "filename": "\\Windows\\System32\\msvcrt.dll", "id": "region_2724", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\system32\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 8791791435776, "timestamp": "00:01:08.908", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2109440, "start_va": 8791792091136, "type": "region", "version": 1 }, "end_va": 8791794200575, "entry_point": 8791792235312, "filename": "\\Windows\\System32\\ole32.dll", "id": "region_2725", "name": "ole32.dll", "norm_filename": "c:\\windows\\system32\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 8791792091136, "timestamp": "00:01:08.909", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 462848, "start_va": 8791794253824, "type": "region", "version": 1 }, "end_va": 8791794716671, "entry_point": 8791794327072, "filename": "\\Windows\\System32\\shlwapi.dll", "id": "region_2726", "name": "shlwapi.dll", "norm_filename": "c:\\windows\\system32\\shlwapi.dll", "region_type": "memory_mapped_file", "start_va": 8791794253824, "timestamp": "00:01:08.910", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 421888, "start_va": 8791794778112, "type": "region", "version": 1 }, "end_va": 8791795199999, "entry_point": 8791794823228, "filename": "\\Windows\\System32\\gdi32.dll", "id": "region_2727", "name": "gdi32.dll", "norm_filename": "c:\\windows\\system32\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 8791794778112, "timestamp": "00:01:08.910", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 315392, "start_va": 8791795236864, "type": "region", "version": 1 }, "end_va": 8791795552255, "entry_point": 8791795241072, "filename": "\\Windows\\System32\\ws2_32.dll", "id": "region_2728", "name": "ws2_32.dll", "norm_filename": "c:\\windows\\system32\\ws2_32.dll", "region_type": "memory_mapped_file", "start_va": 8791795236864, "timestamp": "00:01:08.911", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 8791795761152, "type": "region", "version": 1 }, "end_va": 8791795765247, "entry_point": 8791795761152, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_2729", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 8791795761152, "timestamp": "00:01:08.912", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092653568, "type": "region", "version": 1 }, "end_va": 8796092661759, "entry_point": 0, "filename": null, "id": "region_2730", "name": "private_0x000007fffffa6000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092653568, "timestamp": "00:01:08.914", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092661760, "type": "region", "version": 1 }, "end_va": 8796092669951, "entry_point": 0, "filename": null, "id": "region_2731", "name": "private_0x000007fffffa8000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092661760, "timestamp": "00:01:08.914", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092669952, "type": "region", "version": 1 }, "end_va": 8796092678143, "entry_point": 0, "filename": null, "id": "region_2732", "name": "private_0x000007fffffaa000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092669952, "timestamp": "00:01:08.914", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092678144, "type": "region", "version": 1 }, "end_va": 8796092686335, "entry_point": 0, "filename": null, "id": "region_2733", "name": "private_0x000007fffffac000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092678144, "timestamp": "00:01:08.914", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092686336, "type": "region", "version": 1 }, "end_va": 8796092694527, "entry_point": 0, "filename": null, "id": "region_2734", "name": "private_0x000007fffffae000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092686336, "timestamp": "00:01:08.914", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 8796092694528, "type": "region", "version": 1 }, "end_va": 8796092837887, "entry_point": 0, "filename": null, "id": "region_2735", "name": "pagefile_0x000007fffffb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 8796092694528, "timestamp": "00:01:08.914", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092837888, "type": "region", "version": 1 }, "end_va": 8796092846079, "entry_point": 0, "filename": null, "id": "region_2736", "name": "private_0x000007fffffd3000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092837888, "timestamp": "00:01:08.914", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092846080, "type": "region", "version": 1 }, "end_va": 8796092854271, "entry_point": 0, "filename": null, "id": "region_2737", "name": "private_0x000007fffffd5000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092846080, "timestamp": "00:01:08.914", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092854272, "type": "region", "version": 1 }, "end_va": 8796092862463, "entry_point": 0, "filename": null, "id": "region_2738", "name": "private_0x000007fffffd7000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092854272, "timestamp": "00:01:08.914", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092862464, "type": "region", "version": 1 }, "end_va": 8796092870655, "entry_point": 0, "filename": null, "id": "region_2739", "name": "private_0x000007fffffd9000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092862464, "timestamp": "00:01:08.914", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 8796092870656, "type": "region", "version": 1 }, "end_va": 8796092874751, "entry_point": 0, "filename": null, "id": "region_2740", "name": "private_0x000007fffffdb000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092870656, "timestamp": "00:01:08.914", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092874752, "type": "region", "version": 1 }, "end_va": 8796092882943, "entry_point": 0, "filename": null, "id": "region_2741", "name": "private_0x000007fffffdc000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092874752, "timestamp": "00:01:08.914", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092882944, "type": "region", "version": 1 }, "end_va": 8796092891135, "entry_point": 0, "filename": null, "id": "region_2742", "name": "private_0x000007fffffde000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092882944, "timestamp": "00:01:08.914", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 46333952, "type": "region", "version": 1 }, "end_va": 46596095, "entry_point": 0, "filename": null, "id": "region_3758", "name": "private_0x0000000002c30000", "norm_filename": null, "region_type": "private_memory", "start_va": 46333952, "timestamp": "00:01:10.766", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092645376, "type": "region", "version": 1 }, "end_va": 8796092653567, "entry_point": 0, "filename": null, "id": "region_3759", "name": "private_0x000007fffffa4000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092645376, "timestamp": "00:01:10.766", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 458752, "start_va": 35454976, "type": "region", "version": 1 }, "end_va": 35913727, "entry_point": 0, "filename": null, "id": "region_3762", "name": "private_0x00000000021d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 35454976, "timestamp": "00:01:10.773", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 41025536, "type": "region", "version": 1 }, "end_va": 41287679, "entry_point": 0, "filename": null, "id": "region_3763", "name": "private_0x0000000002720000", "norm_filename": null, "region_type": "private_memory", "start_va": 41025536, "timestamp": "00:01:10.773", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092637184, "type": "region", "version": 1 }, "end_va": 8796092645375, "entry_point": 0, "filename": null, "id": "region_3764", "name": "private_0x000007fffffa2000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092637184, "timestamp": "00:01:10.773", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 48300032, "type": "region", "version": 1 }, "end_va": 49348607, "entry_point": 0, "filename": null, "id": "region_3765", "name": "private_0x0000000002e10000", "norm_filename": null, "region_type": "private_memory", "start_va": 48300032, "timestamp": "00:01:10.774", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 57344, "start_va": 8791661805568, "type": "region", "version": 1 }, "end_va": 8791661862911, "entry_point": 8791661805568, "filename": "\\Windows\\System32\\spool\\prtprocs\\x64\\winprint.dll", "id": "region_3766", "name": "winprint.dll", "norm_filename": "c:\\windows\\system32\\spool\\prtprocs\\x64\\winprint.dll", "region_type": "memory_mapped_file", "start_va": 8791661805568, "timestamp": "00:01:10.785", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 122880, "start_va": 8791745232896, "type": "region", "version": 1 }, "end_va": 8791745355775, "entry_point": 8791745237944, "filename": "\\Windows\\System32\\userenv.dll", "id": "region_3767", "name": "userenv.dll", "norm_filename": "c:\\windows\\system32\\userenv.dll", "region_type": "memory_mapped_file", "start_va": 8791745232896, "timestamp": "00:01:10.804", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 61440, "start_va": 8791758209024, "type": "region", "version": 1 }, "end_va": 8791758270463, "entry_point": 8791758215600, "filename": "\\Windows\\System32\\profapi.dll", "id": "region_3768", "name": "profapi.dll", "norm_filename": "c:\\windows\\system32\\profapi.dll", "region_type": "memory_mapped_file", "start_va": 8791758209024, "timestamp": "00:01:10.806", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 110592, "start_va": 8791745101824, "type": "region", "version": 1 }, "end_va": 8791745212415, "entry_point": 8791745110120, "filename": "\\Windows\\System32\\gpapi.dll", "id": "region_3769", "name": "gpapi.dll", "norm_filename": "c:\\windows\\system32\\gpapi.dll", "region_type": "memory_mapped_file", "start_va": 8791745101824, "timestamp": "00:01:10.811", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 47185920, "type": "region", "version": 1 }, "end_va": 47448063, "entry_point": 0, "filename": null, "id": "region_3974", "name": "private_0x0000000002d00000", "norm_filename": null, "region_type": "private_memory", "start_va": 47185920, "timestamp": "00:01:11.901", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092628992, "type": "region", "version": 1 }, "end_va": 8796092637183, "entry_point": 0, "filename": null, "id": "region_3975", "name": "private_0x000007fffffa0000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092628992, "timestamp": "00:01:11.901", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 8791718952960, "type": "region", "version": 1 }, "end_va": 8791719002111, "entry_point": 8791718958552, "filename": "\\Windows\\System32\\dsrole.dll", "id": "region_3976", "name": "dsrole.dll", "norm_filename": "c:\\windows\\system32\\dsrole.dll", "region_type": "memory_mapped_file", "start_va": 8791718952960, "timestamp": "00:01:11.904", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 2818048, "type": "region", "version": 1 }, "end_va": 3080191, "entry_point": 0, "filename": null, "id": "region_3977", "name": "private_0x00000000002b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2818048, "timestamp": "00:01:11.912", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 49414144, "type": "region", "version": 1 }, "end_va": 49676287, "entry_point": 0, "filename": null, "id": "region_3978", "name": "private_0x0000000002f20000", "norm_filename": null, "region_type": "private_memory", "start_va": 49414144, "timestamp": "00:01:11.912", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092612608, "type": "region", "version": 1 }, "end_va": 8796092620799, "entry_point": 0, "filename": null, "id": "region_3979", "name": "private_0x000007fffff9c000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092612608, "timestamp": "00:01:11.912", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092620800, "type": "region", "version": 1 }, "end_va": 8796092628991, "entry_point": 0, "filename": null, "id": "region_3980", "name": "private_0x000007fffff9e000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092620800, "timestamp": "00:01:11.912", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 774144, "start_va": 8791656890368, "type": "region", "version": 1 }, "end_va": 8791657664511, "entry_point": 8791656890368, "filename": "\\Windows\\System32\\win32spl.dll", "id": "region_3981", "name": "win32spl.dll", "norm_filename": "c:\\windows\\system32\\win32spl.dll", "region_type": "memory_mapped_file", "start_va": 8791656890368, "timestamp": "00:01:11.922", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 73728, "start_va": 8791745363968, "type": "region", "version": 1 }, "end_va": 8791745437695, "entry_point": 8791745368160, "filename": "\\Windows\\System32\\devrtl.dll", "id": "region_3990", "name": "devrtl.dll", "norm_filename": "c:\\windows\\system32\\devrtl.dll", "region_type": "memory_mapped_file", "start_va": 8791745363968, "timestamp": "00:01:12.121", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 126976, "start_va": 8791745495040, "type": "region", "version": 1 }, "end_va": 8791745622015, "entry_point": 8791745518696, "filename": "\\Windows\\System32\\SPInf.dll", "id": "region_3991", "name": "spinf.dll", "norm_filename": "c:\\windows\\system32\\spinf.dll", "region_type": "memory_mapped_file", "start_va": 8791745495040, "timestamp": "00:01:12.123", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 86016, "start_va": 3080192, "type": "region", "version": 1 }, "end_va": 3166207, "entry_point": 3080192, "filename": "\\Windows\\System32\\DriverStore\\infpub.dat", "id": "region_3992", "name": "infpub.dat", "norm_filename": "c:\\windows\\system32\\driverstore\\infpub.dat", "region_type": "memory_mapped_file", "start_va": 3080192, "timestamp": "00:01:12.129", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 32702464, "type": "region", "version": 1 }, "end_va": 32845823, "entry_point": 32702464, "filename": "\\Windows\\System32\\DriverStore\\infstrng.dat", "id": "region_3993", "name": "infstrng.dat", "norm_filename": "c:\\windows\\system32\\driverstore\\infstrng.dat", "region_type": "memory_mapped_file", "start_va": 32702464, "timestamp": "00:01:12.135", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 34734080, "type": "region", "version": 1 }, "end_va": 34877439, "entry_point": 34734080, "filename": "\\Windows\\System32\\DriverStore\\infstor.dat", "id": "region_3994", "name": "infstor.dat", "norm_filename": "c:\\windows\\system32\\driverstore\\infstor.dat", "region_type": "memory_mapped_file", "start_va": 34734080, "timestamp": "00:01:12.141", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 2686976, "type": "region", "version": 1 }, "end_va": 2691071, "entry_point": 2686976, "filename": "\\Windows\\inf\\faxcn002.inf", "id": "region_3995", "name": "faxcn002.inf", "norm_filename": "c:\\windows\\inf\\faxcn002.inf", "region_type": "memory_mapped_file", "start_va": 2686976, "timestamp": "00:01:12.177", "type": "region", "version": 1 } ], "terminate_reason": "timeout", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "C:\\Windows\\system32\\svchost.exe -k LocalServiceNoNetwork", "filename": "c:\\windows\\system32\\svchost.exe", "id": "proc_40", "image_name": "svchost.exe", "monitor_reason": "child_process", "monitored_id": 40, "origin_monitor_id": 26, "ref_parent_process": { "ref_id": "proc_26", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_3299", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:01:09.875", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 28672, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 159743, "entry_point": 0, "filename": null, "id": "region_3300", "name": "pagefile_0x0000000000020000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 131072, "timestamp": "00:01:09.875", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 212991, "entry_point": 0, "filename": null, "id": "region_3301", "name": "pagefile_0x0000000000030000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 196608, "timestamp": "00:01:09.875", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 266239, "entry_point": 0, "filename": null, "id": "region_3302", "name": "pagefile_0x0000000000040000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 262144, "timestamp": "00:01:09.875", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 327680, "type": "region", "version": 1 }, "end_va": 749567, "entry_point": 327680, "filename": "\\Windows\\System32\\locale.nls", "id": "region_3303", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 327680, "timestamp": "00:01:09.875", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 786432, "start_va": 786432, "type": "region", "version": 1 }, "end_va": 1572863, "entry_point": 0, "filename": null, "id": "region_3304", "name": "pagefile_0x00000000000c0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 786432, "timestamp": "00:01:09.875", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 1572864, "type": "region", "version": 1 }, "end_va": 1581055, "entry_point": 0, "filename": null, "id": "region_3305", "name": "pagefile_0x0000000000180000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1572864, "timestamp": "00:01:09.875", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 1638400, "type": "region", "version": 1 }, "end_va": 2162687, "entry_point": 0, "filename": null, "id": "region_3306", "name": "private_0x0000000000190000", "norm_filename": null, "region_type": "private_memory", "start_va": 1638400, "timestamp": "00:01:09.875", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2162688, "type": "region", "version": 1 }, "end_va": 3211263, "entry_point": 0, "filename": null, "id": "region_3307", "name": "private_0x0000000000210000", "norm_filename": null, "region_type": "private_memory", "start_va": 2162688, "timestamp": "00:01:09.875", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 3211264, "type": "region", "version": 1 }, "end_va": 3215359, "entry_point": 0, "filename": null, "id": "region_3308", "name": "private_0x0000000000310000", "norm_filename": null, "region_type": "private_memory", "start_va": 3211264, "timestamp": "00:01:09.875", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 3276800, "type": "region", "version": 1 }, "end_va": 3280895, "entry_point": 0, "filename": null, "id": "region_3309", "name": "private_0x0000000000320000", "norm_filename": null, "region_type": "private_memory", "start_va": 3276800, "timestamp": "00:01:09.875", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 114688, "start_va": 3342336, "type": "region", "version": 1 }, "end_va": 3457023, "entry_point": 3342336, "filename": "\\Windows\\System32\\en-US\\FirewallAPI.dll.mui", "id": "region_3310", "name": "firewallapi.dll.mui", "norm_filename": "c:\\windows\\system32\\en-us\\firewallapi.dll.mui", "region_type": "memory_mapped_file", "start_va": 3342336, "timestamp": "00:01:09.876", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 3473408, "type": "region", "version": 1 }, "end_va": 4521983, "entry_point": 0, "filename": null, "id": "region_3311", "name": "private_0x0000000000350000", "norm_filename": null, "region_type": "private_memory", "start_va": 3473408, "timestamp": "00:01:09.881", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 4521984, "type": "region", "version": 1 }, "end_va": 6127615, "entry_point": 0, "filename": null, "id": "region_3312", "name": "pagefile_0x0000000000450000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 4521984, "timestamp": "00:01:09.881", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 6160384, "type": "region", "version": 1 }, "end_va": 6164479, "entry_point": 0, "filename": null, "id": "region_3313", "name": "private_0x00000000005e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 6160384, "timestamp": "00:01:09.881", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 6356992, "type": "region", "version": 1 }, "end_va": 6422527, "entry_point": 0, "filename": null, "id": "region_3314", "name": "private_0x0000000000610000", "norm_filename": null, "region_type": "private_memory", "start_va": 6356992, "timestamp": "00:01:09.881", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 6422528, "type": "region", "version": 1 }, "end_va": 7999487, "entry_point": 0, "filename": null, "id": "region_3315", "name": "pagefile_0x0000000000620000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 6422528, "timestamp": "00:01:09.881", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4141056, "start_va": 8060928, "type": "region", "version": 1 }, "end_va": 12201983, "entry_point": 0, "filename": null, "id": "region_3316", "name": "pagefile_0x00000000007b0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 8060928, "timestamp": "00:01:09.882", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 12779520, "type": "region", "version": 1 }, "end_va": 13303807, "entry_point": 0, "filename": null, "id": "region_3317", "name": "private_0x0000000000c30000", "norm_filename": null, "region_type": "private_memory", "start_va": 12779520, "timestamp": "00:01:09.882", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 13500416, "type": "region", "version": 1 }, "end_va": 14024703, "entry_point": 0, "filename": null, "id": "region_3318", "name": "private_0x0000000000ce0000", "norm_filename": null, "region_type": "private_memory", "start_va": 13500416, "timestamp": "00:01:09.882", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 14352384, "type": "region", "version": 1 }, "end_va": 14876671, "entry_point": 0, "filename": null, "id": "region_3319", "name": "private_0x0000000000db0000", "norm_filename": null, "region_type": "private_memory", "start_va": 14352384, "timestamp": "00:01:09.882", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 15269888, "type": "region", "version": 1 }, "end_va": 15794175, "entry_point": 0, "filename": null, "id": "region_3320", "name": "private_0x0000000000e90000", "norm_filename": null, "region_type": "private_memory", "start_va": 15269888, "timestamp": "00:01:09.882", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2945024, "start_va": 16646144, "type": "region", "version": 1 }, "end_va": 19591167, "entry_point": 16646144, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_3321", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 16646144, "timestamp": "00:01:09.882", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 20447232, "type": "region", "version": 1 }, "end_va": 20971519, "entry_point": 0, "filename": null, "id": "region_3322", "name": "private_0x0000000001380000", "norm_filename": null, "region_type": "private_memory", "start_va": 20447232, "timestamp": "00:01:09.882", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 21168128, "type": "region", "version": 1 }, "end_va": 21692415, "entry_point": 0, "filename": null, "id": "region_3323", "name": "private_0x0000000001430000", "norm_filename": null, "region_type": "private_memory", "start_va": 21168128, "timestamp": "00:01:09.882", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 21889024, "type": "region", "version": 1 }, "end_va": 22413311, "entry_point": 0, "filename": null, "id": "region_3324", "name": "private_0x00000000014e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 21889024, "timestamp": "00:01:09.882", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 22478848, "type": "region", "version": 1 }, "end_va": 23003135, "entry_point": 0, "filename": null, "id": "region_3325", "name": "private_0x0000000001570000", "norm_filename": null, "region_type": "private_memory", "start_va": 22478848, "timestamp": "00:01:09.882", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 23789568, "type": "region", "version": 1 }, "end_va": 24313855, "entry_point": 0, "filename": null, "id": "region_3326", "name": "private_0x00000000016b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 23789568, "timestamp": "00:01:09.882", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 24379392, "type": "region", "version": 1 }, "end_va": 24903679, "entry_point": 0, "filename": null, "id": "region_3327", "name": "private_0x0000000001740000", "norm_filename": null, "region_type": "private_memory", "start_va": 24379392, "timestamp": "00:01:09.882", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 25296896, "type": "region", "version": 1 }, "end_va": 25821183, "entry_point": 0, "filename": null, "id": "region_3328", "name": "private_0x0000000001820000", "norm_filename": null, "region_type": "private_memory", "start_va": 25296896, "timestamp": "00:01:09.882", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1024000, "start_va": 2005467136, "type": "region", "version": 1 }, "end_va": 2006491135, "entry_point": 2005574344, "filename": "\\Windows\\System32\\user32.dll", "id": "region_3329", "name": "user32.dll", "norm_filename": "c:\\windows\\system32\\user32.dll", "region_type": "memory_mapped_file", "start_va": 2005467136, "timestamp": "00:01:09.882", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1175552, "start_va": 2006515712, "type": "region", "version": 1 }, "end_va": 2007691263, "entry_point": 2006605472, "filename": "\\Windows\\System32\\kernel32.dll", "id": "region_3330", "name": "kernel32.dll", "norm_filename": "c:\\windows\\system32\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 2006515712, "timestamp": "00:01:09.883", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 2007695360, "type": "region", "version": 1 }, "end_va": 2009436159, "entry_point": 2007695360, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_3331", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2007695360, "timestamp": "00:01:09.884", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2131623935, "entry_point": 0, "filename": null, "id": "region_3332", "name": "pagefile_0x000000007efe0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130575360, "timestamp": "00:01:09.885", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 15728640, "start_va": 2131623936, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_3333", "name": "private_0x000000007f0e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2131623936, "timestamp": "00:01:09.885", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable" ], "ref_process_dump": null, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_3334", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:01:09.885", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 45056, "start_va": 4282056704, "type": "region", "version": 1 }, "end_va": 4282101759, "entry_point": 4282066028, "filename": "\\Windows\\System32\\svchost.exe", "id": "region_3335", "name": "svchost.exe", "norm_filename": "c:\\windows\\system32\\svchost.exe", "region_type": "memory_mapped_file", "start_va": 4282056704, "timestamp": "00:01:09.885", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 843776, "start_va": 8791683301376, "type": "region", "version": 1 }, "end_va": 8791684145151, "entry_point": 8791683301376, "filename": "\\Windows\\System32\\MPSSVC.dll", "id": "region_3336", "name": "mpssvc.dll", "norm_filename": "c:\\windows\\system32\\mpssvc.dll", "region_type": "memory_mapped_file", "start_va": 8791683301376, "timestamp": "00:01:09.886", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 720896, "start_va": 8791711875072, "type": "region", "version": 1 }, "end_va": 8791712595967, "entry_point": 8791711875072, "filename": "\\Windows\\System32\\BFE.DLL", "id": "region_3337", "name": "bfe.dll", "norm_filename": "c:\\windows\\system32\\bfe.dll", "region_type": "memory_mapped_file", "start_va": 8791711875072, "timestamp": "00:01:09.898", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 339968, "start_va": 8791716528128, "type": "region", "version": 1 }, "end_va": 8791716868095, "entry_point": 8791716539288, "filename": "\\Windows\\System32\\FWPUCLNT.DLL", "id": "region_3338", "name": "fwpuclnt.dll", "norm_filename": "c:\\windows\\system32\\fwpuclnt.dll", "region_type": "memory_mapped_file", "start_va": 8791716528128, "timestamp": "00:01:09.908", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 45056, "start_va": 8791718887424, "type": "region", "version": 1 }, "end_va": 8791718932479, "entry_point": 8791718907788, "filename": "\\Windows\\System32\\slc.dll", "id": "region_3339", "name": "slc.dll", "norm_filename": "c:\\windows\\system32\\slc.dll", "region_type": "memory_mapped_file", "start_va": 8791718887424, "timestamp": "00:01:09.909", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 8791743266816, "type": "region", "version": 1 }, "end_va": 8791743315967, "entry_point": 8791743271012, "filename": "\\Windows\\System32\\version.dll", "id": "region_3340", "name": "version.dll", "norm_filename": "c:\\windows\\system32\\version.dll", "region_type": "memory_mapped_file", "start_va": 8791743266816, "timestamp": "00:01:09.909", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 765952, "start_va": 8791743332352, "type": "region", "version": 1 }, "end_va": 8791744098303, "entry_point": 8791743360480, "filename": "\\Windows\\System32\\FirewallAPI.dll", "id": "region_3341", "name": "firewallapi.dll", "norm_filename": "c:\\windows\\system32\\firewallapi.dll", "region_type": "memory_mapped_file", "start_va": 8791743332352, "timestamp": "00:01:09.910", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 8791746609152, "type": "region", "version": 1 }, "end_va": 8791746650111, "entry_point": 8791746624696, "filename": "\\Windows\\System32\\credssp.dll", "id": "region_3342", "name": "credssp.dll", "norm_filename": "c:\\windows\\system32\\credssp.dll", "region_type": "memory_mapped_file", "start_va": 8791746609152, "timestamp": "00:01:09.910", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 53248, "start_va": 8791746674688, "type": "region", "version": 1 }, "end_va": 8791746727935, "entry_point": 8791746679624, "filename": "\\Windows\\System32\\pcwum.dll", "id": "region_3343", "name": "pcwum.dll", "norm_filename": "c:\\windows\\system32\\pcwum.dll", "region_type": "memory_mapped_file", "start_va": 8791746674688, "timestamp": "00:01:09.929", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 192512, "start_va": 8791752835072, "type": "region", "version": 1 }, "end_va": 8791753027583, "entry_point": 8791752839268, "filename": "\\Windows\\System32\\authz.dll", "id": "region_3344", "name": "authz.dll", "norm_filename": "c:\\windows\\system32\\authz.dll", "region_type": "memory_mapped_file", "start_va": 8791752835072, "timestamp": "00:01:09.936", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 45056, "start_va": 8791756701696, "type": "region", "version": 1 }, "end_va": 8791756746751, "entry_point": 8791756705840, "filename": "\\Windows\\System32\\secur32.dll", "id": "region_3345", "name": "secur32.dll", "norm_filename": "c:\\windows\\system32\\secur32.dll", "region_type": "memory_mapped_file", "start_va": 8791756701696, "timestamp": "00:01:09.937", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 151552, "start_va": 8791756898304, "type": "region", "version": 1 }, "end_va": 8791757049855, "entry_point": 8791756936792, "filename": "\\Windows\\System32\\sspicli.dll", "id": "region_3346", "name": "sspicli.dll", "norm_filename": "c:\\windows\\system32\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 8791756898304, "timestamp": "00:01:09.938", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 61440, "start_va": 8791757094912, "type": "region", "version": 1 }, "end_va": 8791757156351, "entry_point": 8791757099024, "filename": "\\Windows\\System32\\cryptbase.dll", "id": "region_3347", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\system32\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 8791757094912, "timestamp": "00:01:09.939", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 81920, "start_va": 8791758077952, "type": "region", "version": 1 }, "end_va": 8791758159871, "entry_point": 8791758082272, "filename": "\\Windows\\System32\\RpcRtRemote.dll", "id": "region_3348", "name": "rpcrtremote.dll", "norm_filename": "c:\\windows\\system32\\rpcrtremote.dll", "region_type": "memory_mapped_file", "start_va": 8791758077952, "timestamp": "00:01:09.939", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 438272, "start_va": 8791759060992, "type": "region", "version": 1 }, "end_va": 8791759499263, "entry_point": 8791759073504, "filename": "\\Windows\\System32\\KernelBase.dll", "id": "region_3349", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\system32\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 8791759060992, "timestamp": "00:01:09.940", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 221184, "start_va": 8791759519744, "type": "region", "version": 1 }, "end_va": 8791759740927, "entry_point": 8791759524980, "filename": "\\Windows\\System32\\cfgmgr32.dll", "id": "region_3350", "name": "cfgmgr32.dll", "norm_filename": "c:\\windows\\system32\\cfgmgr32.dll", "region_type": "memory_mapped_file", "start_va": 8791759519744, "timestamp": "00:01:09.942", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 823296, "start_va": 8791762206720, "type": "region", "version": 1 }, "end_va": 8791763030015, "entry_point": 8791762708596, "filename": "\\Windows\\System32\\usp10.dll", "id": "region_3351", "name": "usp10.dll", "norm_filename": "c:\\windows\\system32\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 8791762206720, "timestamp": "00:01:09.943", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1085440, "start_va": 8791763451904, "type": "region", "version": 1 }, "end_va": 8791764537343, "entry_point": 8791763456100, "filename": "\\Windows\\System32\\msctf.dll", "id": "region_3352", "name": "msctf.dll", "norm_filename": "c:\\windows\\system32\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 8791763451904, "timestamp": "00:01:09.944", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 57344, "start_va": 8791764566016, "type": "region", "version": 1 }, "end_va": 8791764623359, "entry_point": 8791764570240, "filename": "\\Windows\\System32\\lpk.dll", "id": "region_3353", "name": "lpk.dll", "norm_filename": "c:\\windows\\system32\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 8791764566016, "timestamp": "00:01:09.944", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 126976, "start_va": 8791765876736, "type": "region", "version": 1 }, "end_va": 8791766003711, "entry_point": 8791765901544, "filename": "\\Windows\\System32\\sechost.dll", "id": "region_3354", "name": "sechost.dll", "norm_filename": "c:\\windows\\system32\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 8791765876736, "timestamp": "00:01:09.945", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 188416, "start_va": 8791766007808, "type": "region", "version": 1 }, "end_va": 8791766196223, "entry_point": 8791766011920, "filename": "\\Windows\\System32\\imm32.dll", "id": "region_3355", "name": "imm32.dll", "norm_filename": "c:\\windows\\system32\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 8791766007808, "timestamp": "00:01:09.946", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 8791781998592, "type": "region", "version": 1 }, "end_va": 8791782031359, "entry_point": 8791782003972, "filename": "\\Windows\\System32\\nsi.dll", "id": "region_3356", "name": "nsi.dll", "norm_filename": "c:\\windows\\system32\\nsi.dll", "region_type": "memory_mapped_file", "start_va": 8791781998592, "timestamp": "00:01:09.946", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 897024, "start_va": 8791785603072, "type": "region", "version": 1 }, "end_va": 8791786500095, "entry_point": 8791785736032, "filename": "\\Windows\\System32\\advapi32.dll", "id": "region_3357", "name": "advapi32.dll", "norm_filename": "c:\\windows\\system32\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 8791785603072, "timestamp": "00:01:09.947", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1232896, "start_va": 8791786520576, "type": "region", "version": 1 }, "end_va": 8791787753471, "entry_point": 8791786843472, "filename": "\\Windows\\System32\\rpcrt4.dll", "id": "region_3358", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\system32\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 8791786520576, "timestamp": "00:01:09.948", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 651264, "start_va": 8791791435776, "type": "region", "version": 1 }, "end_va": 8791792087039, "entry_point": 8791791445408, "filename": "\\Windows\\System32\\msvcrt.dll", "id": "region_3359", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\system32\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 8791791435776, "timestamp": "00:01:09.948", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2109440, "start_va": 8791792091136, "type": "region", "version": 1 }, "end_va": 8791794200575, "entry_point": 8791792235312, "filename": "\\Windows\\System32\\ole32.dll", "id": "region_3360", "name": "ole32.dll", "norm_filename": "c:\\windows\\system32\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 8791792091136, "timestamp": "00:01:09.949", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 462848, "start_va": 8791794253824, "type": "region", "version": 1 }, "end_va": 8791794716671, "entry_point": 8791794327072, "filename": "\\Windows\\System32\\shlwapi.dll", "id": "region_3361", "name": "shlwapi.dll", "norm_filename": "c:\\windows\\system32\\shlwapi.dll", "region_type": "memory_mapped_file", "start_va": 8791794253824, "timestamp": "00:01:09.950", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 421888, "start_va": 8791794778112, "type": "region", "version": 1 }, "end_va": 8791795199999, "entry_point": 8791794823228, "filename": "\\Windows\\System32\\gdi32.dll", "id": "region_3362", "name": "gdi32.dll", "norm_filename": "c:\\windows\\system32\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 8791794778112, "timestamp": "00:01:09.951", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 8791795761152, "type": "region", "version": 1 }, "end_va": 8791795765247, "entry_point": 8791795761152, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_3363", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 8791795761152, "timestamp": "00:01:09.958", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092653568, "type": "region", "version": 1 }, "end_va": 8796092661759, "entry_point": 0, "filename": null, "id": "region_3364", "name": "private_0x000007fffffa6000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092653568, "timestamp": "00:01:10.000", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092661760, "type": "region", "version": 1 }, "end_va": 8796092669951, "entry_point": 0, "filename": null, "id": "region_3365", "name": "private_0x000007fffffa8000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092661760, "timestamp": "00:01:10.000", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092669952, "type": "region", "version": 1 }, "end_va": 8796092678143, "entry_point": 0, "filename": null, "id": "region_3366", "name": "private_0x000007fffffaa000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092669952, "timestamp": "00:01:10.000", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092678144, "type": "region", "version": 1 }, "end_va": 8796092686335, "entry_point": 0, "filename": null, "id": "region_3367", "name": "private_0x000007fffffac000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092678144, "timestamp": "00:01:10.000", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092686336, "type": "region", "version": 1 }, "end_va": 8796092694527, "entry_point": 0, "filename": null, "id": "region_3368", "name": "private_0x000007fffffae000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092686336, "timestamp": "00:01:10.000", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 8796092694528, "type": "region", "version": 1 }, "end_va": 8796092837887, "entry_point": 0, "filename": null, "id": "region_3369", "name": "pagefile_0x000007fffffb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 8796092694528, "timestamp": "00:01:10.000", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 8796092841984, "type": "region", "version": 1 }, "end_va": 8796092846079, "entry_point": 0, "filename": null, "id": "region_3370", "name": "private_0x000007fffffd4000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092841984, "timestamp": "00:01:10.000", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092850176, "type": "region", "version": 1 }, "end_va": 8796092858367, "entry_point": 0, "filename": null, "id": "region_3371", "name": "private_0x000007fffffd6000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092850176, "timestamp": "00:01:10.000", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092858368, "type": "region", "version": 1 }, "end_va": 8796092866559, "entry_point": 0, "filename": null, "id": "region_3372", "name": "private_0x000007fffffd8000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092858368, "timestamp": "00:01:10.000", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092866560, "type": "region", "version": 1 }, "end_va": 8796092874751, "entry_point": 0, "filename": null, "id": "region_3373", "name": "private_0x000007fffffda000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092866560, "timestamp": "00:01:10.000", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092874752, "type": "region", "version": 1 }, "end_va": 8796092882943, "entry_point": 0, "filename": null, "id": "region_3374", "name": "private_0x000007fffffdc000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092874752, "timestamp": "00:01:10.000", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092882944, "type": "region", "version": 1 }, "end_va": 8796092891135, "entry_point": 0, "filename": null, "id": "region_3375", "name": "private_0x000007fffffde000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092882944, "timestamp": "00:01:10.000", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 122880, "start_va": 8791745232896, "type": "region", "version": 1 }, "end_va": 8791745355775, "entry_point": 8791745237944, "filename": "\\Windows\\System32\\userenv.dll", "id": "region_3755", "name": "userenv.dll", "norm_filename": "c:\\windows\\system32\\userenv.dll", "region_type": "memory_mapped_file", "start_va": 8791745232896, "timestamp": "00:01:10.758", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 61440, "start_va": 8791758209024, "type": "region", "version": 1 }, "end_va": 8791758270463, "entry_point": 8791758215600, "filename": "\\Windows\\System32\\profapi.dll", "id": "region_3756", "name": "profapi.dll", "norm_filename": "c:\\windows\\system32\\profapi.dll", "region_type": "memory_mapped_file", "start_va": 8791758209024, "timestamp": "00:01:10.759", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 110592, "start_va": 8791745101824, "type": "region", "version": 1 }, "end_va": 8791745212415, "entry_point": 8791745110120, "filename": "\\Windows\\System32\\gpapi.dll", "id": "region_3757", "name": "gpapi.dll", "norm_filename": "c:\\windows\\system32\\gpapi.dll", "region_type": "memory_mapped_file", "start_va": 8791745101824, "timestamp": "00:01:10.763", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 315392, "start_va": 8791795236864, "type": "region", "version": 1 }, "end_va": 8791795552255, "entry_point": 8791795241072, "filename": "\\Windows\\System32\\ws2_32.dll", "id": "region_3955", "name": "ws2_32.dll", "norm_filename": "c:\\windows\\system32\\ws2_32.dll", "region_type": "memory_mapped_file", "start_va": 8791795236864, "timestamp": "00:01:11.576", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 159744, "start_va": 8791717969920, "type": "region", "version": 1 }, "end_va": 8791718129663, "entry_point": 8791718009020, "filename": "\\Windows\\System32\\IPHLPAPI.DLL", "id": "region_3956", "name": "iphlpapi.dll", "norm_filename": "c:\\windows\\system32\\iphlpapi.dll", "region_type": "memory_mapped_file", "start_va": 8791717969920, "timestamp": "00:01:11.582", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 45056, "start_va": 8791717904384, "type": "region", "version": 1 }, "end_va": 8791717949439, "entry_point": 8791717908888, "filename": "\\Windows\\System32\\winnsi.dll", "id": "region_3957", "name": "winnsi.dll", "norm_filename": "c:\\windows\\system32\\winnsi.dll", "region_type": "memory_mapped_file", "start_va": 8791717904384, "timestamp": "00:01:11.584", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 69632, "start_va": 8791716331520, "type": "region", "version": 1 }, "end_va": 8791716401151, "entry_point": 8791716337324, "filename": "\\Windows\\System32\\dhcpcsvc6.dll", "id": "region_3958", "name": "dhcpcsvc6.dll", "norm_filename": "c:\\windows\\system32\\dhcpcsvc6.dll", "region_type": "memory_mapped_file", "start_va": 8791716331520, "timestamp": "00:01:11.587", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 98304, "start_va": 8791716200448, "type": "region", "version": 1 }, "end_va": 8791716298751, "entry_point": 8791716207608, "filename": "\\Windows\\System32\\dhcpcsvc.dll", "id": "region_3986", "name": "dhcpcsvc.dll", "norm_filename": "c:\\windows\\system32\\dhcpcsvc.dll", "region_type": "memory_mapped_file", "start_va": 8791716200448, "timestamp": "00:01:12.071", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 348160, "start_va": 8791750410240, "type": "region", "version": 1 }, "end_va": 8791750758399, "entry_point": 8791750414420, "filename": "\\Windows\\System32\\mswsock.dll", "id": "region_3987", "name": "mswsock.dll", "norm_filename": "c:\\windows\\system32\\mswsock.dll", "region_type": "memory_mapped_file", "start_va": 8791750410240, "timestamp": "00:01:12.086", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 28672, "start_va": 8791744118784, "type": "region", "version": 1 }, "end_va": 8791744147455, "entry_point": 8791744124080, "filename": "\\Windows\\System32\\WSHTCPIP.DLL", "id": "region_3988", "name": "wshtcpip.dll", "norm_filename": "c:\\windows\\system32\\wshtcpip.dll", "region_type": "memory_mapped_file", "start_va": 8791744118784, "timestamp": "00:01:12.089", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 28672, "start_va": 8791750344704, "type": "region", "version": 1 }, "end_va": 8791750373375, "entry_point": 8791750349868, "filename": "\\Windows\\System32\\wship6.dll", "id": "region_3989", "name": "wship6.dll", "norm_filename": "c:\\windows\\system32\\wship6.dll", "region_type": "memory_mapped_file", "start_va": 8791750344704, "timestamp": "00:01:12.091", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 16121856, "type": "region", "version": 1 }, "end_va": 16646143, "entry_point": 0, "filename": null, "id": "region_3999", "name": "private_0x0000000000f60000", "norm_filename": null, "region_type": "private_memory", "start_va": 16121856, "timestamp": "00:01:12.255", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092645376, "type": "region", "version": 1 }, "end_va": 8796092653567, "entry_point": 0, "filename": null, "id": "region_4000", "name": "private_0x000007fffffa4000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092645376, "timestamp": "00:01:12.255", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 19922944, "type": "region", "version": 1 }, "end_va": 20447231, "entry_point": 0, "filename": null, "id": "region_4453", "name": "private_0x0000000001300000", "norm_filename": null, "region_type": "private_memory", "start_va": 19922944, "timestamp": "00:01:15.661", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092637184, "type": "region", "version": 1 }, "end_va": 8796092645375, "entry_point": 0, "filename": null, "id": "region_4454", "name": "private_0x000007fffffa2000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092637184, "timestamp": "00:01:15.661", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 180224, "start_va": 8791727407104, "type": "region", "version": 1 }, "end_va": 8791727587327, "entry_point": 8791727407104, "filename": "\\Windows\\System32\\dps.dll", "id": "region_4455", "name": "dps.dll", "norm_filename": "c:\\windows\\system32\\dps.dll", "region_type": "memory_mapped_file", "start_va": 8791727407104, "timestamp": "00:01:15.665", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 880640, "start_va": 8791784685568, "type": "region", "version": 1 }, "end_va": 8791785566207, "entry_point": 8791784698484, "filename": "\\Windows\\System32\\oleaut32.dll", "id": "region_4457", "name": "oleaut32.dll", "norm_filename": "c:\\windows\\system32\\oleaut32.dll", "region_type": "memory_mapped_file", "start_va": 8791784685568, "timestamp": "00:01:15.815", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 6225920, "type": "region", "version": 1 }, "end_va": 6230015, "entry_point": 0, "filename": null, "id": "region_4458", "name": "pagefile_0x00000000005f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 6225920, "timestamp": "00:01:15.817", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 626688, "start_va": 8791790256128, "type": "region", "version": 1 }, "end_va": 8791790882815, "entry_point": 8791790263312, "filename": "\\Windows\\System32\\clbcatq.dll", "id": "region_4459", "name": "clbcatq.dll", "norm_filename": "c:\\windows\\system32\\clbcatq.dll", "region_type": "memory_mapped_file", "start_va": 8791790256128, "timestamp": "00:01:15.817", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 6291456, "type": "region", "version": 1 }, "end_va": 6295551, "entry_point": 0, "filename": null, "id": "region_4460", "name": "pagefile_0x0000000000600000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 6291456, "timestamp": "00:01:15.822", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1208320, "start_va": 8791720722432, "type": "region", "version": 1 }, "end_va": 8791721930751, "entry_point": 8791720726764, "filename": "\\Windows\\System32\\taskschd.dll", "id": "region_4461", "name": "taskschd.dll", "norm_filename": "c:\\windows\\system32\\taskschd.dll", "region_type": "memory_mapped_file", "start_va": 8791720722432, "timestamp": "00:01:15.824", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 23068672, "type": "region", "version": 1 }, "end_va": 23592959, "entry_point": 0, "filename": null, "id": "region_4722", "name": "private_0x0000000001600000", "norm_filename": null, "region_type": "private_memory", "start_va": 23068672, "timestamp": "00:01:16.990", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092628992, "type": "region", "version": 1 }, "end_va": 8796092637183, "entry_point": 0, "filename": null, "id": "region_4723", "name": "private_0x000007fffffa0000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092628992, "timestamp": "00:01:16.990", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 27066368, "type": "region", "version": 1 }, "end_va": 27590655, "entry_point": 0, "filename": null, "id": "region_4724", "name": "private_0x00000000019d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 27066368, "timestamp": "00:01:17.003", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092620800, "type": "region", "version": 1 }, "end_va": 8796092628991, "entry_point": 0, "filename": null, "id": "region_4725", "name": "private_0x000007fffff9e000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092620800, "timestamp": "00:01:17.003", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 12255232, "type": "region", "version": 1 }, "end_va": 12259327, "entry_point": 0, "filename": null, "id": "region_4791", "name": "private_0x0000000000bb0000", "norm_filename": null, "region_type": "private_memory", "start_va": 12255232, "timestamp": "00:01:17.646", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 27656192, "type": "region", "version": 1 }, "end_va": 28180479, "entry_point": 0, "filename": null, "id": "region_4816", "name": "private_0x0000000001a60000", "norm_filename": null, "region_type": "private_memory", "start_va": 27656192, "timestamp": "00:01:17.727", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 28246016, "type": "region", "version": 1 }, "end_va": 28770303, "entry_point": 0, "filename": null, "id": "region_4817", "name": "private_0x0000000001af0000", "norm_filename": null, "region_type": "private_memory", "start_va": 28246016, "timestamp": "00:01:17.727", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 29491200, "type": "region", "version": 1 }, "end_va": 30015487, "entry_point": 0, "filename": null, "id": "region_4818", "name": "private_0x0000000001c20000", "norm_filename": null, "region_type": "private_memory", "start_va": 29491200, "timestamp": "00:01:17.727", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 8791727013888, "type": "region", "version": 1 }, "end_va": 8791727054847, "entry_point": 8791727013888, "filename": "\\Windows\\System32\\wfapigp.dll", "id": "region_4819", "name": "wfapigp.dll", "norm_filename": "c:\\windows\\system32\\wfapigp.dll", "region_type": "memory_mapped_file", "start_va": 8791727013888, "timestamp": "00:01:17.727", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092596224, "type": "region", "version": 1 }, "end_va": 8796092604415, "entry_point": 0, "filename": null, "id": "region_4820", "name": "private_0x000007fffff98000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092596224, "timestamp": "00:01:17.730", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092604416, "type": "region", "version": 1 }, "end_va": 8796092612607, "entry_point": 0, "filename": null, "id": "region_4821", "name": "private_0x000007fffff9a000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092604416, "timestamp": "00:01:17.730", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092612608, "type": "region", "version": 1 }, "end_va": 8796092620799, "entry_point": 0, "filename": null, "id": "region_4822", "name": "private_0x000007fffff9c000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092612608, "timestamp": "00:01:17.730", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 32768, "start_va": 12255232, "type": "region", "version": 1 }, "end_va": 12287999, "entry_point": 0, "filename": null, "id": "region_4843", "name": "private_0x0000000000bb0000", "norm_filename": null, "region_type": "private_memory", "start_va": 12255232, "timestamp": "00:01:17.946", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 16384, "start_va": 12320768, "type": "region", "version": 1 }, "end_va": 12337151, "entry_point": 0, "filename": null, "id": "region_4844", "name": "private_0x0000000000bc0000", "norm_filename": null, "region_type": "private_memory", "start_va": 12320768, "timestamp": "00:01:17.959", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 16384, "start_va": 12386304, "type": "region", "version": 1 }, "end_va": 12402687, "entry_point": 0, "filename": null, "id": "region_4845", "name": "private_0x0000000000bd0000", "norm_filename": null, "region_type": "private_memory", "start_va": 12386304, "timestamp": "00:01:17.959", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 16384, "start_va": 12451840, "type": "region", "version": 1 }, "end_va": 12468223, "entry_point": 0, "filename": null, "id": "region_4846", "name": "private_0x0000000000be0000", "norm_filename": null, "region_type": "private_memory", "start_va": 12451840, "timestamp": "00:01:17.959", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 16384, "start_va": 12517376, "type": "region", "version": 1 }, "end_va": 12533759, "entry_point": 0, "filename": null, "id": "region_4847", "name": "private_0x0000000000bf0000", "norm_filename": null, "region_type": "private_memory", "start_va": 12517376, "timestamp": "00:01:17.959", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 16384, "start_va": 12582912, "type": "region", "version": 1 }, "end_va": 12599295, "entry_point": 0, "filename": null, "id": "region_4848", "name": "private_0x0000000000c00000", "norm_filename": null, "region_type": "private_memory", "start_va": 12582912, "timestamp": "00:01:17.959", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 16384, "start_va": 12648448, "type": "region", "version": 1 }, "end_va": 12664831, "entry_point": 0, "filename": null, "id": "region_4849", "name": "private_0x0000000000c10000", "norm_filename": null, "region_type": "private_memory", "start_va": 12648448, "timestamp": "00:01:17.959", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 12713984, "type": "region", "version": 1 }, "end_va": 12718079, "entry_point": 0, "filename": null, "id": "region_4850", "name": "private_0x0000000000c20000", "norm_filename": null, "region_type": "private_memory", "start_va": 12713984, "timestamp": "00:01:17.959", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 13303808, "type": "region", "version": 1 }, "end_va": 13307903, "entry_point": 0, "filename": null, "id": "region_4851", "name": "private_0x0000000000cb0000", "norm_filename": null, "region_type": "private_memory", "start_va": 13303808, "timestamp": "00:01:17.959", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 13369344, "type": "region", "version": 1 }, "end_va": 13373439, "entry_point": 0, "filename": null, "id": "region_4852", "name": "private_0x0000000000cc0000", "norm_filename": null, "region_type": "private_memory", "start_va": 13369344, "timestamp": "00:01:17.959", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 13434880, "type": "region", "version": 1 }, "end_va": 13438975, "entry_point": 0, "filename": null, "id": "region_4853", "name": "private_0x0000000000cd0000", "norm_filename": null, "region_type": "private_memory", "start_va": 13434880, "timestamp": "00:01:17.959", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 14024704, "type": "region", "version": 1 }, "end_va": 14028799, "entry_point": 0, "filename": null, "id": "region_4854", "name": "private_0x0000000000d60000", "norm_filename": null, "region_type": "private_memory", "start_va": 14024704, "timestamp": "00:01:17.959", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 30146560, "type": "region", "version": 1 }, "end_va": 30670847, "entry_point": 0, "filename": null, "id": "region_4855", "name": "private_0x0000000001cc0000", "norm_filename": null, "region_type": "private_memory", "start_va": 30146560, "timestamp": "00:01:17.959", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092588032, "type": "region", "version": 1 }, "end_va": 8796092596223, "entry_point": 0, "filename": null, "id": "region_4856", "name": "private_0x000007fffff96000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092588032, "timestamp": "00:01:17.959", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 25821184, "type": "region", "version": 1 }, "end_va": 26869759, "entry_point": 0, "filename": null, "id": "region_4859", "name": "private_0x00000000018a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 25821184, "timestamp": "00:01:18.040", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 638976, "start_va": 8791653613568, "type": "region", "version": 1 }, "end_va": 8791654252543, "entry_point": 8791653613568, "filename": "\\Windows\\System32\\mscms.dll", "id": "region_4860", "name": "mscms.dll", "norm_filename": "c:\\windows\\system32\\mscms.dll", "region_type": "memory_mapped_file", "start_va": 8791653613568, "timestamp": "00:01:18.048", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 638976, "start_va": 8791652958208, "type": "region", "version": 1 }, "end_va": 8791653597183, "entry_point": 8791652962704, "filename": "\\Windows\\System32\\mscms.dll", "id": "region_4861", "name": "mscms.dll", "norm_filename": "c:\\windows\\system32\\mscms.dll", "region_type": "memory_mapped_file", "start_va": 8791652958208, "timestamp": "00:01:18.071", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 204800, "start_va": 8791654006784, "type": "region", "version": 1 }, "end_va": 8791654211583, "entry_point": 8791654006784, "filename": "\\Windows\\System32\\pcasvc.dll", "id": "region_4862", "name": "pcasvc.dll", "norm_filename": "c:\\windows\\system32\\pcasvc.dll", "region_type": "memory_mapped_file", "start_va": 8791654006784, "timestamp": "00:01:18.077", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 204800, "start_va": 8791653744640, "type": "region", "version": 1 }, "end_va": 8791653949439, "entry_point": 8791653748768, "filename": "\\Windows\\System32\\pcasvc.dll", "id": "region_4873", "name": "pcasvc.dll", "norm_filename": "c:\\windows\\system32\\pcasvc.dll", "region_type": "memory_mapped_file", "start_va": 8791653744640, "timestamp": "00:01:18.193", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 204800, "start_va": 8791654006784, "type": "region", "version": 1 }, "end_va": 8791654211583, "entry_point": 8791654010912, "filename": "\\Windows\\System32\\pcasvc.dll", "id": "region_4874", "name": "pcasvc.dll", "norm_filename": "c:\\windows\\system32\\pcasvc.dll", "region_type": "memory_mapped_file", "start_va": 8791654006784, "timestamp": "00:01:18.196", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 4291624960, "type": "region", "version": 1 }, "end_va": 4291657727, "entry_point": 4291624960, "filename": "\\Windows\\System32\\snmptrap.exe", "id": "region_4876", "name": "snmptrap.exe", "norm_filename": "c:\\windows\\system32\\snmptrap.exe", "region_type": "memory_mapped_file", "start_va": 4291624960, "timestamp": "00:01:18.205", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 4289331200, "type": "region", "version": 1 }, "end_va": 4289363967, "entry_point": 4289341152, "filename": "\\Windows\\System32\\snmptrap.exe", "id": "region_4877", "name": "snmptrap.exe", "norm_filename": "c:\\windows\\system32\\snmptrap.exe", "region_type": "memory_mapped_file", "start_va": 4289331200, "timestamp": "00:01:18.225", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 4294180864, "type": "region", "version": 1 }, "end_va": 4294213631, "entry_point": 4294190816, "filename": "\\Windows\\System32\\snmptrap.exe", "id": "region_4878", "name": "snmptrap.exe", "norm_filename": "c:\\windows\\system32\\snmptrap.exe", "region_type": "memory_mapped_file", "start_va": 4294180864, "timestamp": "00:01:18.228", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 8791718166528, "type": "region", "version": 1 }, "end_va": 8791718207487, "entry_point": 8791718173404, "filename": "\\Windows\\System32\\lmhsvc.dll", "id": "region_4879", "name": "lmhsvc.dll", "norm_filename": "c:\\windows\\system32\\lmhsvc.dll", "region_type": "memory_mapped_file", "start_va": 8791718166528, "timestamp": "00:01:18.231", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 8791654137856, "type": "region", "version": 1 }, "end_va": 8791654240255, "entry_point": 8791654137856, "filename": "\\Windows\\System32\\wdi.dll", "id": "region_4884", "name": "wdi.dll", "norm_filename": "c:\\windows\\system32\\wdi.dll", "region_type": "memory_mapped_file", "start_va": 8791654137856, "timestamp": "00:01:18.252", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 331776, "start_va": 8791717380096, "type": "region", "version": 1 }, "end_va": 8791717711871, "entry_point": 8791717443264, "filename": "\\Windows\\System32\\dhcpcore.dll", "id": "region_4904", "name": "dhcpcore.dll", "norm_filename": "c:\\windows\\system32\\dhcpcore.dll", "region_type": "memory_mapped_file", "start_va": 8791717380096, "timestamp": "00:01:18.386", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 30801920, "type": "region", "version": 1 }, "end_va": 31326207, "entry_point": 0, "filename": null, "id": "region_4948", "name": "private_0x0000000001d60000", "norm_filename": null, "region_type": "private_memory", "start_va": 30801920, "timestamp": "00:01:18.809", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092579840, "type": "region", "version": 1 }, "end_va": 8796092588031, "entry_point": 0, "filename": null, "id": "region_4949", "name": "private_0x000007fffff94000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092579840, "timestamp": "00:01:18.809", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 31326208, "type": "region", "version": 1 }, "end_va": 32374783, "entry_point": 0, "filename": null, "id": "region_4950", "name": "private_0x0000000001de0000", "norm_filename": null, "region_type": "private_memory", "start_va": 31326208, "timestamp": "00:01:18.812", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 184320, "start_va": 8791741366272, "type": "region", "version": 1 }, "end_va": 8791741550591, "entry_point": 8791741370384, "filename": "\\Windows\\System32\\ntmarta.dll", "id": "region_4951", "name": "ntmarta.dll", "norm_filename": "c:\\windows\\system32\\ntmarta.dll", "region_type": "memory_mapped_file", "start_va": 8791741366272, "timestamp": "00:01:18.826", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 335872, "start_va": 8791763058688, "type": "region", "version": 1 }, "end_va": 8791763394559, "entry_point": 8791763062996, "filename": "\\Windows\\System32\\Wldap32.dll", "id": "region_4952", "name": "wldap32.dll", "norm_filename": "c:\\windows\\system32\\wldap32.dll", "region_type": "memory_mapped_file", "start_va": 8791763058688, "timestamp": "00:01:18.828", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "" ], "ref_process_dump": null, "size": 77824, "start_va": 14090240, "type": "region", "version": 1 }, "end_va": 14168063, "entry_point": 0, "filename": null, "id": "region_4953", "name": "private_0x0000000000d70000", "norm_filename": null, "region_type": "private_memory", "start_va": 14090240, "timestamp": "00:01:18.833", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 8192, "start_va": 8791712595968, "type": "region", "version": 1 }, "end_va": 8791712604159, "entry_point": 8791712595968, "filename": "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelEvents.dll", "id": "region_5006", "name": "servicemodelevents.dll", "norm_filename": "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelevents.dll", "region_type": "memory_mapped_file", "start_va": 8791712595968, "timestamp": "00:01:19.101", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 45056, "start_va": 14090240, "type": "region", "version": 1 }, "end_va": 14135295, "entry_point": 14090240, "filename": "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelEvents.dll.mui", "id": "region_5007", "name": "servicemodelevents.dll.mui", "norm_filename": "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelevents.dll.mui", "region_type": "memory_mapped_file", "start_va": 14090240, "timestamp": "00:01:19.116", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 8192, "start_va": 8791653023744, "type": "region", "version": 1 }, "end_va": 8791653031935, "entry_point": 8791653023744, "filename": "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelEvents.dll", "id": "region_5008", "name": "servicemodelevents.dll", "norm_filename": "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelevents.dll", "region_type": "memory_mapped_file", "start_va": 8791653023744, "timestamp": "00:01:19.134", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 753664, "start_va": 8791650598912, "type": "region", "version": 1 }, "end_va": 8791651352575, "entry_point": 8791650598912, "filename": "\\Windows\\System32\\PeerDistSh.dll", "id": "region_5038", "name": "peerdistsh.dll", "norm_filename": "c:\\windows\\system32\\peerdistsh.dll", "region_type": "memory_mapped_file", "start_va": 8791650598912, "timestamp": "00:01:19.292", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 753664, "start_va": 8791649812480, "type": "region", "version": 1 }, "end_va": 8791650566143, "entry_point": 8791650498104, "filename": "\\Windows\\System32\\PeerDistSh.dll", "id": "region_5039", "name": "peerdistsh.dll", "norm_filename": "c:\\windows\\system32\\peerdistsh.dll", "region_type": "memory_mapped_file", "start_va": 8791649812480, "timestamp": "00:01:19.311", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 753664, "start_va": 8791650598912, "type": "region", "version": 1 }, "end_va": 8791651352575, "entry_point": 8791651284536, "filename": "\\Windows\\System32\\PeerDistSh.dll", "id": "region_5040", "name": "peerdistsh.dll", "norm_filename": "c:\\windows\\system32\\peerdistsh.dll", "region_type": "memory_mapped_file", "start_va": 8791650598912, "timestamp": "00:01:19.315", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 753664, "start_va": 8791649353728, "type": "region", "version": 1 }, "end_va": 8791650107391, "entry_point": 8791650039352, "filename": "\\Windows\\System32\\PeerDistSh.dll", "id": "region_5067", "name": "peerdistsh.dll", "norm_filename": "c:\\windows\\system32\\peerdistsh.dll", "region_type": "memory_mapped_file", "start_va": 8791649353728, "timestamp": "00:01:19.498", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 753664, "start_va": 8791648829440, "type": "region", "version": 1 }, "end_va": 8791649583103, "entry_point": 8791649515064, "filename": "\\Windows\\System32\\PeerDistSh.dll", "id": "region_5072", "name": "peerdistsh.dll", "norm_filename": "c:\\windows\\system32\\peerdistsh.dll", "region_type": "memory_mapped_file", "start_va": 8791648829440, "timestamp": "00:01:19.581", "type": "region", "version": 1 } ], "terminate_reason": "timeout", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "\"taskhost.exe\"", "filename": "c:\\windows\\system32\\taskhost.exe", "id": "proc_41", "image_name": "taskhost.exe", "monitor_reason": "child_process", "monitored_id": 41, "origin_monitor_id": 26, "ref_parent_process": { "ref_id": "proc_26", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_3455", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:01:10.077", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 28672, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 159743, "entry_point": 0, "filename": null, "id": "region_3456", "name": "pagefile_0x0000000000020000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 131072, "timestamp": "00:01:10.077", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 212991, "entry_point": 0, "filename": null, "id": "region_3457", "name": "pagefile_0x0000000000030000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 196608, "timestamp": "00:01:10.077", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 684031, "entry_point": 262144, "filename": "\\Windows\\System32\\locale.nls", "id": "region_3458", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 262144, "timestamp": "00:01:10.078", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 720896, "type": "region", "version": 1 }, "end_va": 729087, "entry_point": 0, "filename": null, "id": "region_3459", "name": "pagefile_0x00000000000b0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 720896, "timestamp": "00:01:10.081", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 786432, "type": "region", "version": 1 }, "end_va": 790527, "entry_point": 0, "filename": null, "id": "region_3460", "name": "private_0x00000000000c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 786432, "timestamp": "00:01:10.081", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 851968, "type": "region", "version": 1 }, "end_va": 1376255, "entry_point": 0, "filename": null, "id": "region_3461", "name": "private_0x00000000000d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 851968, "timestamp": "00:01:10.081", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 1376256, "type": "region", "version": 1 }, "end_va": 1380351, "entry_point": 0, "filename": null, "id": "region_3462", "name": "private_0x0000000000150000", "norm_filename": null, "region_type": "private_memory", "start_va": 1376256, "timestamp": "00:01:10.081", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 1441792, "type": "region", "version": 1 }, "end_va": 2490367, "entry_point": 0, "filename": null, "id": "region_3463", "name": "private_0x0000000000160000", "norm_filename": null, "region_type": "private_memory", "start_va": 1441792, "timestamp": "00:01:10.081", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 2490368, "type": "region", "version": 1 }, "end_va": 2494463, "entry_point": 0, "filename": null, "id": "region_3464", "name": "pagefile_0x0000000000260000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2490368, "timestamp": "00:01:10.081", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 2555904, "type": "region", "version": 1 }, "end_va": 2559999, "entry_point": 0, "filename": null, "id": "region_3465", "name": "pagefile_0x0000000000270000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2555904, "timestamp": "00:01:10.081", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 2621440, "type": "region", "version": 1 }, "end_va": 2686975, "entry_point": 0, "filename": null, "id": "region_3466", "name": "private_0x0000000000280000", "norm_filename": null, "region_type": "private_memory", "start_va": 2621440, "timestamp": "00:01:10.081", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2686976, "type": "region", "version": 1 }, "end_va": 3735551, "entry_point": 0, "filename": null, "id": "region_3467", "name": "private_0x0000000000290000", "norm_filename": null, "region_type": "private_memory", "start_va": 2686976, "timestamp": "00:01:10.081", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 3735552, "type": "region", "version": 1 }, "end_va": 5341183, "entry_point": 0, "filename": null, "id": "region_3468", "name": "pagefile_0x0000000000390000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 3735552, "timestamp": "00:01:10.081", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 5373952, "type": "region", "version": 1 }, "end_va": 6950911, "entry_point": 0, "filename": null, "id": "region_3469", "name": "pagefile_0x0000000000520000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 5373952, "timestamp": "00:01:10.081", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20971520, "start_va": 7012352, "type": "region", "version": 1 }, "end_va": 27983871, "entry_point": 0, "filename": null, "id": "region_3470", "name": "pagefile_0x00000000006b0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 7012352, "timestamp": "00:01:10.082", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4141056, "start_va": 27983872, "type": "region", "version": 1 }, "end_va": 32124927, "entry_point": 0, "filename": null, "id": "region_3471", "name": "pagefile_0x0000000001ab0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 27983872, "timestamp": "00:01:10.082", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 32309248, "type": "region", "version": 1 }, "end_va": 32833535, "entry_point": 0, "filename": null, "id": "region_3472", "name": "private_0x0000000001ed0000", "norm_filename": null, "region_type": "private_memory", "start_va": 32309248, "timestamp": "00:01:10.082", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 33488896, "type": "region", "version": 1 }, "end_va": 34013183, "entry_point": 0, "filename": null, "id": "region_3473", "name": "private_0x0000000001ff0000", "norm_filename": null, "region_type": "private_memory", "start_va": 33488896, "timestamp": "00:01:10.082", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 913408, "start_va": 34013184, "type": "region", "version": 1 }, "end_va": 34926591, "entry_point": 0, "filename": null, "id": "region_3474", "name": "pagefile_0x0000000002070000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 34013184, "timestamp": "00:01:10.082", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 35258368, "type": "region", "version": 1 }, "end_va": 35782655, "entry_point": 0, "filename": null, "id": "region_3475", "name": "private_0x00000000021a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 35258368, "timestamp": "00:01:10.082", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 35848192, "type": "region", "version": 1 }, "end_va": 36372479, "entry_point": 0, "filename": null, "id": "region_3476", "name": "private_0x0000000002230000", "norm_filename": null, "region_type": "private_memory", "start_va": 35848192, "timestamp": "00:01:10.082", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 37027840, "type": "region", "version": 1 }, "end_va": 37552127, "entry_point": 0, "filename": null, "id": "region_3477", "name": "private_0x0000000002350000", "norm_filename": null, "region_type": "private_memory", "start_va": 37027840, "timestamp": "00:01:10.082", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 37814272, "type": "region", "version": 1 }, "end_va": 38338559, "entry_point": 0, "filename": null, "id": "region_3478", "name": "private_0x0000000002410000", "norm_filename": null, "region_type": "private_memory", "start_va": 37814272, "timestamp": "00:01:10.082", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 38469632, "type": "region", "version": 1 }, "end_va": 38993919, "entry_point": 0, "filename": null, "id": "region_3479", "name": "private_0x00000000024b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 38469632, "timestamp": "00:01:10.082", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 39387136, "type": "region", "version": 1 }, "end_va": 39911423, "entry_point": 0, "filename": null, "id": "region_3480", "name": "private_0x0000000002590000", "norm_filename": null, "region_type": "private_memory", "start_va": 39387136, "timestamp": "00:01:10.082", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 41484288, "type": "region", "version": 1 }, "end_va": 42008575, "entry_point": 0, "filename": null, "id": "region_3481", "name": "private_0x0000000002790000", "norm_filename": null, "region_type": "private_memory", "start_va": 41484288, "timestamp": "00:01:10.082", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1024000, "start_va": 2005467136, "type": "region", "version": 1 }, "end_va": 2006491135, "entry_point": 2005574344, "filename": "\\Windows\\System32\\user32.dll", "id": "region_3482", "name": "user32.dll", "norm_filename": "c:\\windows\\system32\\user32.dll", "region_type": "memory_mapped_file", "start_va": 2005467136, "timestamp": "00:01:10.082", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1175552, "start_va": 2006515712, "type": "region", "version": 1 }, "end_va": 2007691263, "entry_point": 2006605472, "filename": "\\Windows\\System32\\kernel32.dll", "id": "region_3483", "name": "kernel32.dll", "norm_filename": "c:\\windows\\system32\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 2006515712, "timestamp": "00:01:10.083", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 2007695360, "type": "region", "version": 1 }, "end_va": 2009436159, "entry_point": 2007695360, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_3484", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2007695360, "timestamp": "00:01:10.084", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2131623935, "entry_point": 0, "filename": null, "id": "region_3485", "name": "pagefile_0x000000007efe0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130575360, "timestamp": "00:01:10.085", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 15728640, "start_va": 2131623936, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_3486", "name": "private_0x000000007f0e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2131623936, "timestamp": "00:01:10.085", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable" ], "ref_process_dump": null, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_3487", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:01:10.085", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 81920, "start_va": 4287889408, "type": "region", "version": 1 }, "end_va": 4287971327, "entry_point": 4287889408, "filename": "\\Windows\\System32\\taskhost.exe", "id": "region_3488", "name": "taskhost.exe", "norm_filename": "c:\\windows\\system32\\taskhost.exe", "region_type": "memory_mapped_file", "start_va": 4287889408, "timestamp": "00:01:10.085", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 249856, "start_va": 8791706042368, "type": "region", "version": 1 }, "end_va": 8791706292223, "entry_point": 8791706042368, "filename": "\\Windows\\System32\\msutb.dll", "id": "region_3489", "name": "msutb.dll", "norm_filename": "c:\\windows\\system32\\msutb.dll", "region_type": "memory_mapped_file", "start_va": 8791706042368, "timestamp": "00:01:10.095", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 45056, "start_va": 8791706304512, "type": "region", "version": 1 }, "end_va": 8791706349567, "entry_point": 8791706304512, "filename": "\\Windows\\System32\\MsCtfMonitor.dll", "id": "region_3490", "name": "msctfmonitor.dll", "norm_filename": "c:\\windows\\system32\\msctfmonitor.dll", "region_type": "memory_mapped_file", "start_va": 8791706304512, "timestamp": "00:01:10.110", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 45056, "start_va": 8791706370048, "type": "region", "version": 1 }, "end_va": 8791706415103, "entry_point": 8791706370048, "filename": "\\Windows\\System32\\HotStartUserAgent.dll", "id": "region_3491", "name": "hotstartuseragent.dll", "norm_filename": "c:\\windows\\system32\\hotstartuseragent.dll", "region_type": "memory_mapped_file", "start_va": 8791706370048, "timestamp": "00:01:10.122", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 98304, "start_va": 8791711612928, "type": "region", "version": 1 }, "end_va": 8791711711231, "entry_point": 8791711612928, "filename": "\\Windows\\System32\\PlaySndSrv.dll", "id": "region_3492", "name": "playsndsrv.dll", "norm_filename": "c:\\windows\\system32\\playsndsrv.dll", "region_type": "memory_mapped_file", "start_va": 8791711612928, "timestamp": "00:01:10.137", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 69632, "start_va": 8791728128000, "type": "region", "version": 1 }, "end_va": 8791728197631, "entry_point": 8791728132208, "filename": "\\Windows\\System32\\wtsapi32.dll", "id": "region_3493", "name": "wtsapi32.dll", "norm_filename": "c:\\windows\\system32\\wtsapi32.dll", "region_type": "memory_mapped_file", "start_va": 8791728128000, "timestamp": "00:01:10.164", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 98304, "start_va": 8791729831936, "type": "region", "version": 1 }, "end_va": 8791729930239, "entry_point": 8791729836336, "filename": "\\Windows\\System32\\dwmapi.dll", "id": "region_3494", "name": "dwmapi.dll", "norm_filename": "c:\\windows\\system32\\dwmapi.dll", "region_type": "memory_mapped_file", "start_va": 8791729831936, "timestamp": "00:01:10.165", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 352256, "start_va": 8791734222848, "type": "region", "version": 1 }, "end_va": 8791734575103, "entry_point": 8791734270912, "filename": "\\Windows\\System32\\uxtheme.dll", "id": "region_3495", "name": "uxtheme.dll", "norm_filename": "c:\\windows\\system32\\uxtheme.dll", "region_type": "memory_mapped_file", "start_va": 8791734222848, "timestamp": "00:01:10.166", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 61440, "start_va": 8791757094912, "type": "region", "version": 1 }, "end_va": 8791757156351, "entry_point": 8791757099024, "filename": "\\Windows\\System32\\cryptbase.dll", "id": "region_3496", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\system32\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 8791757094912, "timestamp": "00:01:10.166", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 249856, "start_va": 8791757815808, "type": "region", "version": 1 }, "end_va": 8791758065663, "entry_point": 8791757822196, "filename": "\\Windows\\System32\\winsta.dll", "id": "region_3497", "name": "winsta.dll", "norm_filename": "c:\\windows\\system32\\winsta.dll", "region_type": "memory_mapped_file", "start_va": 8791757815808, "timestamp": "00:01:10.167", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 438272, "start_va": 8791759060992, "type": "region", "version": 1 }, "end_va": 8791759499263, "entry_point": 8791759073504, "filename": "\\Windows\\System32\\KernelBase.dll", "id": "region_3498", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\system32\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 8791759060992, "timestamp": "00:01:10.168", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 823296, "start_va": 8791762206720, "type": "region", "version": 1 }, "end_va": 8791763030015, "entry_point": 8791762708596, "filename": "\\Windows\\System32\\usp10.dll", "id": "region_3499", "name": "usp10.dll", "norm_filename": "c:\\windows\\system32\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 8791762206720, "timestamp": "00:01:10.168", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1085440, "start_va": 8791763451904, "type": "region", "version": 1 }, "end_va": 8791764537343, "entry_point": 8791763456100, "filename": "\\Windows\\System32\\msctf.dll", "id": "region_3500", "name": "msctf.dll", "norm_filename": "c:\\windows\\system32\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 8791763451904, "timestamp": "00:01:10.169", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 57344, "start_va": 8791764566016, "type": "region", "version": 1 }, "end_va": 8791764623359, "entry_point": 8791764570240, "filename": "\\Windows\\System32\\lpk.dll", "id": "region_3501", "name": "lpk.dll", "norm_filename": "c:\\windows\\system32\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 8791764566016, "timestamp": "00:01:10.169", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 126976, "start_va": 8791765876736, "type": "region", "version": 1 }, "end_va": 8791766003711, "entry_point": 8791765901544, "filename": "\\Windows\\System32\\sechost.dll", "id": "region_3502", "name": "sechost.dll", "norm_filename": "c:\\windows\\system32\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 8791765876736, "timestamp": "00:01:10.170", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 188416, "start_va": 8791766007808, "type": "region", "version": 1 }, "end_va": 8791766196223, "entry_point": 8791766011920, "filename": "\\Windows\\System32\\imm32.dll", "id": "region_3503", "name": "imm32.dll", "norm_filename": "c:\\windows\\system32\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 8791766007808, "timestamp": "00:01:10.170", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 880640, "start_va": 8791784685568, "type": "region", "version": 1 }, "end_va": 8791785566207, "entry_point": 8791784698484, "filename": "\\Windows\\System32\\oleaut32.dll", "id": "region_3504", "name": "oleaut32.dll", "norm_filename": "c:\\windows\\system32\\oleaut32.dll", "region_type": "memory_mapped_file", "start_va": 8791784685568, "timestamp": "00:01:10.171", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 897024, "start_va": 8791785603072, "type": "region", "version": 1 }, "end_va": 8791786500095, "entry_point": 8791785736032, "filename": "\\Windows\\System32\\advapi32.dll", "id": "region_3505", "name": "advapi32.dll", "norm_filename": "c:\\windows\\system32\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 8791785603072, "timestamp": "00:01:10.171", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1232896, "start_va": 8791786520576, "type": "region", "version": 1 }, "end_va": 8791787753471, "entry_point": 8791786843472, "filename": "\\Windows\\System32\\rpcrt4.dll", "id": "region_3506", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\system32\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 8791786520576, "timestamp": "00:01:10.172", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 626688, "start_va": 8791790256128, "type": "region", "version": 1 }, "end_va": 8791790882815, "entry_point": 8791790263312, "filename": "\\Windows\\System32\\clbcatq.dll", "id": "region_3507", "name": "clbcatq.dll", "norm_filename": "c:\\windows\\system32\\clbcatq.dll", "region_type": "memory_mapped_file", "start_va": 8791790256128, "timestamp": "00:01:10.172", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 651264, "start_va": 8791791435776, "type": "region", "version": 1 }, "end_va": 8791792087039, "entry_point": 8791791445408, "filename": "\\Windows\\System32\\msvcrt.dll", "id": "region_3508", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\system32\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 8791791435776, "timestamp": "00:01:10.173", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2109440, "start_va": 8791792091136, "type": "region", "version": 1 }, "end_va": 8791794200575, "entry_point": 8791792235312, "filename": "\\Windows\\System32\\ole32.dll", "id": "region_3509", "name": "ole32.dll", "norm_filename": "c:\\windows\\system32\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 8791792091136, "timestamp": "00:01:10.174", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 421888, "start_va": 8791794778112, "type": "region", "version": 1 }, "end_va": 8791795199999, "entry_point": 8791794823228, "filename": "\\Windows\\System32\\gdi32.dll", "id": "region_3510", "name": "gdi32.dll", "norm_filename": "c:\\windows\\system32\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 8791794778112, "timestamp": "00:01:10.175", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 8791795761152, "type": "region", "version": 1 }, "end_va": 8791795765247, "entry_point": 8791795761152, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_3511", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 8791795761152, "timestamp": "00:01:10.175", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092678144, "type": "region", "version": 1 }, "end_va": 8796092686335, "entry_point": 0, "filename": null, "id": "region_3512", "name": "private_0x000007fffffac000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092678144, "timestamp": "00:01:10.181", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092686336, "type": "region", "version": 1 }, "end_va": 8796092694527, "entry_point": 0, "filename": null, "id": "region_3513", "name": "private_0x000007fffffae000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092686336, "timestamp": "00:01:10.181", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 8796092694528, "type": "region", "version": 1 }, "end_va": 8796092837887, "entry_point": 0, "filename": null, "id": "region_3514", "name": "pagefile_0x000007fffffb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 8796092694528, "timestamp": "00:01:10.181", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092837888, "type": "region", "version": 1 }, "end_va": 8796092846079, "entry_point": 0, "filename": null, "id": "region_3515", "name": "private_0x000007fffffd3000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092837888, "timestamp": "00:01:10.181", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092846080, "type": "region", "version": 1 }, "end_va": 8796092854271, "entry_point": 0, "filename": null, "id": "region_3516", "name": "private_0x000007fffffd5000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092846080, "timestamp": "00:01:10.181", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092854272, "type": "region", "version": 1 }, "end_va": 8796092862463, "entry_point": 0, "filename": null, "id": "region_3517", "name": "private_0x000007fffffd7000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092854272, "timestamp": "00:01:10.181", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092862464, "type": "region", "version": 1 }, "end_va": 8796092870655, "entry_point": 0, "filename": null, "id": "region_3518", "name": "private_0x000007fffffd9000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092862464, "timestamp": "00:01:10.181", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 8796092870656, "type": "region", "version": 1 }, "end_va": 8796092874751, "entry_point": 0, "filename": null, "id": "region_3519", "name": "private_0x000007fffffdb000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092870656, "timestamp": "00:01:10.181", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092874752, "type": "region", "version": 1 }, "end_va": 8796092882943, "entry_point": 0, "filename": null, "id": "region_3520", "name": "private_0x000007fffffdc000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092874752, "timestamp": "00:01:10.181", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092882944, "type": "region", "version": 1 }, "end_va": 8796092891135, "entry_point": 0, "filename": null, "id": "region_3521", "name": "private_0x000007fffffde000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092882944, "timestamp": "00:01:10.181", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 40960000, "type": "region", "version": 1 }, "end_va": 41484287, "entry_point": 0, "filename": null, "id": "region_3934", "name": "private_0x0000000002710000", "norm_filename": null, "region_type": "private_memory", "start_va": 40960000, "timestamp": "00:01:11.364", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092669952, "type": "region", "version": 1 }, "end_va": 8796092678143, "entry_point": 0, "filename": null, "id": "region_3935", "name": "private_0x000007fffffaa000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092669952, "timestamp": "00:01:11.364", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 81920, "start_va": 8791758077952, "type": "region", "version": 1 }, "end_va": 8791758159871, "entry_point": 8791758082272, "filename": "\\Windows\\System32\\RpcRtRemote.dll", "id": "region_3936", "name": "rpcrtremote.dll", "norm_filename": "c:\\windows\\system32\\rpcrtremote.dll", "region_type": "memory_mapped_file", "start_va": 8791758077952, "timestamp": "00:01:11.365", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 42336256, "type": "region", "version": 1 }, "end_va": 42860543, "entry_point": 0, "filename": null, "id": "region_3982", "name": "private_0x0000000002860000", "norm_filename": null, "region_type": "private_memory", "start_va": 42336256, "timestamp": "00:01:11.983", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092661760, "type": "region", "version": 1 }, "end_va": 8796092669951, "entry_point": 0, "filename": null, "id": "region_3983", "name": "private_0x000007fffffa8000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092661760, "timestamp": "00:01:11.983", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 45056, "start_va": 8791718887424, "type": "region", "version": 1 }, "end_va": 8791718932479, "entry_point": 8791718907788, "filename": "\\Windows\\System32\\slc.dll", "id": "region_3984", "name": "slc.dll", "norm_filename": "c:\\windows\\system32\\slc.dll", "region_type": "memory_mapped_file", "start_va": 8791718887424, "timestamp": "00:01:11.983", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 43188224, "type": "region", "version": 1 }, "end_va": 43712511, "entry_point": 0, "filename": null, "id": "region_3997", "name": "private_0x0000000002930000", "norm_filename": null, "region_type": "private_memory", "start_va": 43188224, "timestamp": "00:01:12.196", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092653568, "type": "region", "version": 1 }, "end_va": 8796092661759, "entry_point": 0, "filename": null, "id": "region_3998", "name": "private_0x000007fffffa6000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092653568, "timestamp": "00:01:12.196", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 249856, "start_va": 32833536, "type": "region", "version": 1 }, "end_va": 33083391, "entry_point": 32833536, "filename": "\\Windows\\System32\\input.dll", "id": "region_4005", "name": "input.dll", "norm_filename": "c:\\windows\\system32\\input.dll", "region_type": "memory_mapped_file", "start_va": 32833536, "timestamp": "00:01:12.355", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 249856, "start_va": 32833536, "type": "region", "version": 1 }, "end_va": 33083391, "entry_point": 32837744, "filename": "\\Windows\\System32\\input.dll", "id": "region_4006", "name": "input.dll", "norm_filename": "c:\\windows\\system32\\input.dll", "region_type": "memory_mapped_file", "start_va": 32833536, "timestamp": "00:01:12.371", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 503808, "start_va": 32833536, "type": "region", "version": 1 }, "end_va": 33337343, "entry_point": 33175644, "filename": "\\Program Files\\Common Files\\Microsoft Shared\\ink\\tiptsf.dll", "id": "region_4014", "name": "tiptsf.dll", "norm_filename": "c:\\program files\\common files\\microsoft shared\\ink\\tiptsf.dll", "region_type": "memory_mapped_file", "start_va": 32833536, "timestamp": "00:01:12.387", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 126976, "start_va": 32178176, "type": "region", "version": 1 }, "end_va": 32305151, "entry_point": 32178176, "filename": "\\Windows\\IME\\SPTIP.DLL", "id": "region_4029", "name": "sptip.dll", "norm_filename": "c:\\windows\\ime\\sptip.dll", "region_type": "memory_mapped_file", "start_va": 32178176, "timestamp": "00:01:12.546", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 376832, "start_va": 32833536, "type": "region", "version": 1 }, "end_va": 33210367, "entry_point": 32833536, "filename": "\\Program Files\\Windows NT\\TableTextService\\TableTextService.dll", "id": "region_4030", "name": "tabletextservice.dll", "norm_filename": "c:\\program files\\windows nt\\tabletextservice\\tabletextservice.dll", "region_type": "memory_mapped_file", "start_va": 32833536, "timestamp": "00:01:12.556", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 376832, "start_va": 32833536, "type": "region", "version": 1 }, "end_va": 33210367, "entry_point": 33012668, "filename": "\\Program Files\\Windows NT\\TableTextService\\TableTextService.dll", "id": "region_4182", "name": "tabletextservice.dll", "norm_filename": "c:\\program files\\windows nt\\tabletextservice\\tabletextservice.dll", "region_type": "memory_mapped_file", "start_va": 32833536, "timestamp": "00:01:12.951", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 786432, "start_va": 38338560, "type": "region", "version": 1 }, "end_va": 39124991, "entry_point": 38338560, "filename": "\\Windows\\System32\\en-US\\KernelBase.dll.mui", "id": "region_4209", "name": "kernelbase.dll.mui", "norm_filename": "c:\\windows\\system32\\en-us\\kernelbase.dll.mui", "region_type": "memory_mapped_file", "start_va": 38338560, "timestamp": "00:01:13.772", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 32178176, "type": "region", "version": 1 }, "end_va": 32186367, "entry_point": 0, "filename": null, "id": "region_4210", "name": "pagefile_0x0000000001eb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 32178176, "timestamp": "00:01:13.775", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 40435712, "type": "region", "version": 1 }, "end_va": 40959999, "entry_point": 0, "filename": null, "id": "region_4245", "name": "private_0x0000000002690000", "norm_filename": null, "region_type": "private_memory", "start_va": 40435712, "timestamp": "00:01:14.285", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 32243712, "type": "region", "version": 1 }, "end_va": 32251903, "entry_point": 32243712, "filename": "\\Windows\\System32\\en-US\\msutb.dll.mui", "id": "region_4247", "name": "msutb.dll.mui", "norm_filename": "c:\\windows\\system32\\en-us\\msutb.dll.mui", "region_type": "memory_mapped_file", "start_va": 32243712, "timestamp": "00:01:14.288", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 2424832, "start_va": 42860544, "type": "region", "version": 1 }, "end_va": 45285375, "entry_point": 0, "filename": null, "id": "region_4248", "name": "private_0x00000000028e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 42860544, "timestamp": "00:01:14.299", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 32833536, "type": "region", "version": 1 }, "end_va": 33095679, "entry_point": 0, "filename": null, "id": "region_4249", "name": "private_0x0000000001f50000", "norm_filename": null, "region_type": "private_memory", "start_va": 32833536, "timestamp": "00:01:14.302", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 33095680, "type": "region", "version": 1 }, "end_va": 33099775, "entry_point": 0, "filename": null, "id": "region_4264", "name": "private_0x0000000001f90000", "norm_filename": null, "region_type": "private_memory", "start_va": 33095680, "timestamp": "00:01:14.478", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 33161216, "type": "region", "version": 1 }, "end_va": 33165311, "entry_point": 0, "filename": null, "id": "region_4265", "name": "private_0x0000000001fa0000", "norm_filename": null, "region_type": "private_memory", "start_va": 33161216, "timestamp": "00:01:14.478", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2945024, "start_va": 45285376, "type": "region", "version": 1 }, "end_va": 48230399, "entry_point": 45285376, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_4266", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 45285376, "timestamp": "00:01:14.478", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 241664, "start_va": 8791712792576, "type": "region", "version": 1 }, "end_va": 8791713034239, "entry_point": 8791712801520, "filename": "\\Windows\\System32\\winmm.dll", "id": "region_4971", "name": "winmm.dll", "norm_filename": "c:\\windows\\system32\\winmm.dll", "region_type": "memory_mapped_file", "start_va": 8791712792576, "timestamp": "00:01:18.847", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 39714816, "type": "region", "version": 1 }, "end_va": 40239103, "entry_point": 0, "filename": null, "id": "region_4973", "name": "private_0x00000000025e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 39714816, "timestamp": "00:01:18.930", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 43057152, "type": "region", "version": 1 }, "end_va": 43581439, "entry_point": 0, "filename": null, "id": "region_6138", "name": "private_0x0000000002910000", "norm_filename": null, "region_type": "private_memory", "start_va": 43057152, "timestamp": "00:01:30.584", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 44761088, "type": "region", "version": 1 }, "end_va": 45285375, "entry_point": 0, "filename": null, "id": "region_6139", "name": "private_0x0000000002ab0000", "norm_filename": null, "region_type": "private_memory", "start_va": 44761088, "timestamp": "00:01:30.584", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 57344, "start_va": 8791646863360, "type": "region", "version": 1 }, "end_va": 8791646920703, "entry_point": 8791646863360, "filename": "\\Windows\\System32\\dimsjob.dll", "id": "region_6141", "name": "dimsjob.dll", "norm_filename": "c:\\windows\\system32\\dimsjob.dll", "region_type": "memory_mapped_file", "start_va": 8791646863360, "timestamp": "00:01:30.587", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 462848, "start_va": 8791794253824, "type": "region", "version": 1 }, "end_va": 8791794716671, "entry_point": 8791794327072, "filename": "\\Windows\\System32\\shlwapi.dll", "id": "region_6142", "name": "shlwapi.dll", "norm_filename": "c:\\windows\\system32\\shlwapi.dll", "region_type": "memory_mapped_file", "start_va": 8791794253824, "timestamp": "00:01:30.605", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1208320, "start_va": 8791720722432, "type": "region", "version": 1 }, "end_va": 8791721930751, "entry_point": 8791720726764, "filename": "\\Windows\\System32\\taskschd.dll", "id": "region_6143", "name": "taskschd.dll", "norm_filename": "c:\\windows\\system32\\taskschd.dll", "region_type": "memory_mapped_file", "start_va": 8791720722432, "timestamp": "00:01:30.609", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 151552, "start_va": 8791756898304, "type": "region", "version": 1 }, "end_va": 8791757049855, "entry_point": 8791756936792, "filename": "\\Windows\\System32\\sspicli.dll", "id": "region_6144", "name": "sspicli.dll", "norm_filename": "c:\\windows\\system32\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 8791756898304, "timestamp": "00:01:30.612", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 475136, "start_va": 8791624187904, "type": "region", "version": 1 }, "end_va": 8791624663039, "entry_point": 8791624214256, "filename": "\\Windows\\System32\\netprofm.dll", "id": "region_6145", "name": "netprofm.dll", "norm_filename": "c:\\windows\\system32\\netprofm.dll", "region_type": "memory_mapped_file", "start_va": 8791624187904, "timestamp": "00:01:30.634", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 8791781998592, "type": "region", "version": 1 }, "end_va": 8791782031359, "entry_point": 8791782003972, "filename": "\\Windows\\System32\\nsi.dll", "id": "region_6146", "name": "nsi.dll", "norm_filename": "c:\\windows\\system32\\nsi.dll", "region_type": "memory_mapped_file", "start_va": 8791781998592, "timestamp": "00:01:30.636", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 86016, "start_va": 8791719739392, "type": "region", "version": 1 }, "end_va": 8791719825407, "entry_point": 8791719764184, "filename": "\\Windows\\System32\\nlaapi.dll", "id": "region_6147", "name": "nlaapi.dll", "norm_filename": "c:\\windows\\system32\\nlaapi.dll", "region_type": "memory_mapped_file", "start_va": 8791719739392, "timestamp": "00:01:30.637", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 458752, "start_va": 36372480, "type": "region", "version": 1 }, "end_va": 36831231, "entry_point": 0, "filename": null, "id": "region_6148", "name": "private_0x00000000022b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 36372480, "timestamp": "00:01:30.639", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 94208, "start_va": 8791750803456, "type": "region", "version": 1 }, "end_va": 8791750897663, "entry_point": 8791750816440, "filename": "\\Windows\\System32\\cryptsp.dll", "id": "region_6149", "name": "cryptsp.dll", "norm_filename": "c:\\windows\\system32\\cryptsp.dll", "region_type": "memory_mapped_file", "start_va": 8791750803456, "timestamp": "00:01:30.642", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 282624, "start_va": 34930688, "type": "region", "version": 1 }, "end_va": 35213311, "entry_point": 34934884, "filename": "\\Windows\\System32\\rsaenh.dll", "id": "region_6150", "name": "rsaenh.dll", "norm_filename": "c:\\windows\\system32\\rsaenh.dll", "region_type": "memory_mapped_file", "start_va": 34930688, "timestamp": "00:01:30.644", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 290816, "start_va": 8791747657728, "type": "region", "version": 1 }, "end_va": 8791747948543, "entry_point": 8791747661924, "filename": "\\Windows\\System32\\rsaenh.dll", "id": "region_6155", "name": "rsaenh.dll", "norm_filename": "c:\\windows\\system32\\rsaenh.dll", "region_type": "memory_mapped_file", "start_va": 8791747657728, "timestamp": "00:01:30.657", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 43581440, "type": "region", "version": 1 }, "end_va": 44105727, "entry_point": 0, "filename": null, "id": "region_6156", "name": "private_0x0000000002990000", "norm_filename": null, "region_type": "private_memory", "start_va": 43581440, "timestamp": "00:01:30.664", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 8791619928064, "type": "region", "version": 1 }, "end_va": 8791619977215, "entry_point": 8791619952684, "filename": "\\Windows\\System32\\npmproxy.dll", "id": "region_6158", "name": "npmproxy.dll", "norm_filename": "c:\\windows\\system32\\npmproxy.dll", "region_type": "memory_mapped_file", "start_va": 8791619928064, "timestamp": "00:01:30.671", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 65536, "start_va": 8791646797824, "type": "region", "version": 1 }, "end_va": 8791646863359, "entry_point": 8791646797824, "filename": "\\Windows\\System32\\pautoenr.dll", "id": "region_6159", "name": "pautoenr.dll", "norm_filename": "c:\\windows\\system32\\pautoenr.dll", "region_type": "memory_mapped_file", "start_va": 8791646797824, "timestamp": "00:01:30.677", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 12288, "start_va": 33226752, "type": "region", "version": 1 }, "end_va": 33239039, "entry_point": 0, "filename": null, "id": "region_6161", "name": "pagefile_0x0000000001fb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 33226752, "timestamp": "00:01:30.707", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 335872, "start_va": 8791763058688, "type": "region", "version": 1 }, "end_va": 8791763394559, "entry_point": 8791763062996, "filename": "\\Windows\\System32\\Wldap32.dll", "id": "region_6162", "name": "wldap32.dll", "norm_filename": "c:\\windows\\system32\\wldap32.dll", "region_type": "memory_mapped_file", "start_va": 8791763058688, "timestamp": "00:01:30.708", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 475136, "start_va": 8791644962816, "type": "region", "version": 1 }, "end_va": 8791645437951, "entry_point": 8791644962816, "filename": "\\Windows\\System32\\certcli.dll", "id": "region_6163", "name": "certcli.dll", "norm_filename": "c:\\windows\\system32\\certcli.dll", "region_type": "memory_mapped_file", "start_va": 8791644962816, "timestamp": "00:01:30.715", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 8791719084032, "type": "region", "version": 1 }, "end_va": 8791719186431, "entry_point": 8791719088552, "filename": "\\Windows\\System32\\atl.dll", "id": "region_6164", "name": "atl.dll", "norm_filename": "c:\\windows\\system32\\atl.dll", "region_type": "memory_mapped_file", "start_va": 8791719084032, "timestamp": "00:01:30.741", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1470464, "start_va": 8791760044032, "type": "region", "version": 1 }, "end_va": 8791761514495, "entry_point": 8791760048320, "filename": "\\Windows\\System32\\crypt32.dll", "id": "region_6165", "name": "crypt32.dll", "norm_filename": "c:\\windows\\system32\\crypt32.dll", "region_type": "memory_mapped_file", "start_va": 8791760044032, "timestamp": "00:01:30.742", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 61440, "start_va": 8791758864384, "type": "region", "version": 1 }, "end_va": 8791758925823, "entry_point": 8791758868512, "filename": "\\Windows\\System32\\msasn1.dll", "id": "region_6166", "name": "msasn1.dll", "norm_filename": "c:\\windows\\system32\\msasn1.dll", "region_type": "memory_mapped_file", "start_va": 8791758864384, "timestamp": "00:01:30.744", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1990656, "start_va": 8791602233344, "type": "region", "version": 1 }, "end_va": 8791604223999, "entry_point": 8791602233344, "filename": "\\Windows\\System32\\CertEnroll.dll", "id": "region_6167", "name": "certenroll.dll", "norm_filename": "c:\\windows\\system32\\certenroll.dll", "region_type": "memory_mapped_file", "start_va": 8791602233344, "timestamp": "00:01:30.762", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 8791718952960, "type": "region", "version": 1 }, "end_va": 8791719002111, "entry_point": 8791718958552, "filename": "\\Windows\\System32\\dsrole.dll", "id": "region_6168", "name": "dsrole.dll", "norm_filename": "c:\\windows\\system32\\dsrole.dll", "region_type": "memory_mapped_file", "start_va": 8791718952960, "timestamp": "00:01:30.820", "type": "region", "version": 1 } ], "terminate_reason": "timeout", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "C:\\Windows\\system32\\userinit.exe", "filename": "c:\\windows\\system32\\userinit.exe", "id": "proc_42", "image_name": "userinit.exe", "monitor_reason": "child_process", "monitored_id": 42, "origin_monitor_id": 25, "ref_parent_process": { "ref_id": "proc_25", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_3776", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:01:10.906", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 28672, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 159743, "entry_point": 0, "filename": null, "id": "region_3777", "name": "pagefile_0x0000000000020000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 131072, "timestamp": "00:01:10.906", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 212991, "entry_point": 0, "filename": null, "id": "region_3778", "name": "pagefile_0x0000000000030000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 196608, "timestamp": "00:01:10.906", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 266239, "entry_point": 0, "filename": null, "id": "region_3779", "name": "pagefile_0x0000000000040000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 262144, "timestamp": "00:01:10.906", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 327680, "type": "region", "version": 1 }, "end_va": 335871, "entry_point": 0, "filename": null, "id": "region_3780", "name": "pagefile_0x0000000000050000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 327680, "timestamp": "00:01:10.906", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 393216, "type": "region", "version": 1 }, "end_va": 397311, "entry_point": 0, "filename": null, "id": "region_3781", "name": "private_0x0000000000060000", "norm_filename": null, "region_type": "private_memory", "start_va": 393216, "timestamp": "00:01:10.906", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 458752, "type": "region", "version": 1 }, "end_va": 462847, "entry_point": 0, "filename": null, "id": "region_3782", "name": "private_0x0000000000070000", "norm_filename": null, "region_type": "private_memory", "start_va": 458752, "timestamp": "00:01:10.906", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 524288, "type": "region", "version": 1 }, "end_va": 1572863, "entry_point": 0, "filename": null, "id": "region_3783", "name": "private_0x0000000000080000", "norm_filename": null, "region_type": "private_memory", "start_va": 524288, "timestamp": "00:01:10.906", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 1638400, "type": "region", "version": 1 }, "end_va": 2162687, "entry_point": 0, "filename": null, "id": "region_3784", "name": "private_0x0000000000190000", "norm_filename": null, "region_type": "private_memory", "start_va": 1638400, "timestamp": "00:01:10.906", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 2162688, "type": "region", "version": 1 }, "end_va": 2584575, "entry_point": 2162688, "filename": "\\Windows\\System32\\locale.nls", "id": "region_3785", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 2162688, "timestamp": "00:01:10.906", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2621440, "type": "region", "version": 1 }, "end_va": 3670015, "entry_point": 0, "filename": null, "id": "region_3786", "name": "private_0x0000000000280000", "norm_filename": null, "region_type": "private_memory", "start_va": 2621440, "timestamp": "00:01:10.907", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 3801088, "type": "region", "version": 1 }, "end_va": 3866623, "entry_point": 0, "filename": null, "id": "region_3787", "name": "private_0x00000000003a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 3801088, "timestamp": "00:01:10.907", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 3866624, "type": "region", "version": 1 }, "end_va": 5472255, "entry_point": 0, "filename": null, "id": "region_3788", "name": "pagefile_0x00000000003b0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 3866624, "timestamp": "00:01:10.907", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 5505024, "type": "region", "version": 1 }, "end_va": 7081983, "entry_point": 0, "filename": null, "id": "region_3789", "name": "pagefile_0x0000000000540000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 5505024, "timestamp": "00:01:10.907", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20971520, "start_va": 7143424, "type": "region", "version": 1 }, "end_va": 28114943, "entry_point": 0, "filename": null, "id": "region_3790", "name": "pagefile_0x00000000006d0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 7143424, "timestamp": "00:01:10.907", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4141056, "start_va": 28114944, "type": "region", "version": 1 }, "end_va": 32255999, "entry_point": 0, "filename": null, "id": "region_3791", "name": "pagefile_0x0000000001ad0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 28114944, "timestamp": "00:01:10.907", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 913408, "start_va": 32309248, "type": "region", "version": 1 }, "end_va": 33222655, "entry_point": 0, "filename": null, "id": "region_3792", "name": "pagefile_0x0000000001ed0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 32309248, "timestamp": "00:01:10.907", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 34013184, "type": "region", "version": 1 }, "end_va": 34537471, "entry_point": 0, "filename": null, "id": "region_3793", "name": "private_0x0000000002070000", "norm_filename": null, "region_type": "private_memory", "start_va": 34013184, "timestamp": "00:01:10.907", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1024000, "start_va": 2005467136, "type": "region", "version": 1 }, "end_va": 2006491135, "entry_point": 2005574344, "filename": "\\Windows\\System32\\user32.dll", "id": "region_3794", "name": "user32.dll", "norm_filename": "c:\\windows\\system32\\user32.dll", "region_type": "memory_mapped_file", "start_va": 2005467136, "timestamp": "00:01:10.907", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1175552, "start_va": 2006515712, "type": "region", "version": 1 }, "end_va": 2007691263, "entry_point": 2006605472, "filename": "\\Windows\\System32\\kernel32.dll", "id": "region_3795", "name": "kernel32.dll", "norm_filename": "c:\\windows\\system32\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 2006515712, "timestamp": "00:01:10.908", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 2007695360, "type": "region", "version": 1 }, "end_va": 2009436159, "entry_point": 2007695360, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_3796", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2007695360, "timestamp": "00:01:10.909", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2131623935, "entry_point": 0, "filename": null, "id": "region_3797", "name": "pagefile_0x000000007efe0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130575360, "timestamp": "00:01:10.909", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 15728640, "start_va": 2131623936, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_3798", "name": "private_0x000000007f0e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2131623936, "timestamp": "00:01:10.910", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable" ], "ref_process_dump": null, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_3799", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:01:10.910", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 4281270272, "type": "region", "version": 1 }, "end_va": 4281319423, "entry_point": 4281270272, "filename": "\\Windows\\System32\\userinit.exe", "id": "region_3800", "name": "userinit.exe", "norm_filename": "c:\\windows\\system32\\userinit.exe", "region_type": "memory_mapped_file", "start_va": 4281270272, "timestamp": "00:01:10.910", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 98304, "start_va": 8791729831936, "type": "region", "version": 1 }, "end_va": 8791729930239, "entry_point": 8791729836336, "filename": "\\Windows\\System32\\dwmapi.dll", "id": "region_3801", "name": "dwmapi.dll", "norm_filename": "c:\\windows\\system32\\dwmapi.dll", "region_type": "memory_mapped_file", "start_va": 8791729831936, "timestamp": "00:01:10.918", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 352256, "start_va": 8791734222848, "type": "region", "version": 1 }, "end_va": 8791734575103, "entry_point": 8791734270912, "filename": "\\Windows\\System32\\uxtheme.dll", "id": "region_3802", "name": "uxtheme.dll", "norm_filename": "c:\\windows\\system32\\uxtheme.dll", "region_type": "memory_mapped_file", "start_va": 8791734222848, "timestamp": "00:01:10.919", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 122880, "start_va": 8791745232896, "type": "region", "version": 1 }, "end_va": 8791745355775, "entry_point": 8791745237944, "filename": "\\Windows\\System32\\userenv.dll", "id": "region_3803", "name": "userenv.dll", "norm_filename": "c:\\windows\\system32\\userenv.dll", "region_type": "memory_mapped_file", "start_va": 8791745232896, "timestamp": "00:01:10.920", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 61440, "start_va": 8791758209024, "type": "region", "version": 1 }, "end_va": 8791758270463, "entry_point": 8791758215600, "filename": "\\Windows\\System32\\profapi.dll", "id": "region_3804", "name": "profapi.dll", "norm_filename": "c:\\windows\\system32\\profapi.dll", "region_type": "memory_mapped_file", "start_va": 8791758209024, "timestamp": "00:01:10.920", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 438272, "start_va": 8791759060992, "type": "region", "version": 1 }, "end_va": 8791759499263, "entry_point": 8791759073504, "filename": "\\Windows\\System32\\KernelBase.dll", "id": "region_3805", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\system32\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 8791759060992, "timestamp": "00:01:10.924", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 823296, "start_va": 8791762206720, "type": "region", "version": 1 }, "end_va": 8791763030015, "entry_point": 8791762708596, "filename": "\\Windows\\System32\\usp10.dll", "id": "region_3806", "name": "usp10.dll", "norm_filename": "c:\\windows\\system32\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 8791762206720, "timestamp": "00:01:10.925", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1085440, "start_va": 8791763451904, "type": "region", "version": 1 }, "end_va": 8791764537343, "entry_point": 8791763456100, "filename": "\\Windows\\System32\\msctf.dll", "id": "region_3807", "name": "msctf.dll", "norm_filename": "c:\\windows\\system32\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 8791763451904, "timestamp": "00:01:10.925", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 57344, "start_va": 8791764566016, "type": "region", "version": 1 }, "end_va": 8791764623359, "entry_point": 8791764570240, "filename": "\\Windows\\System32\\lpk.dll", "id": "region_3808", "name": "lpk.dll", "norm_filename": "c:\\windows\\system32\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 8791764566016, "timestamp": "00:01:10.926", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 188416, "start_va": 8791766007808, "type": "region", "version": 1 }, "end_va": 8791766196223, "entry_point": 8791766011920, "filename": "\\Windows\\System32\\imm32.dll", "id": "region_3809", "name": "imm32.dll", "norm_filename": "c:\\windows\\system32\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 8791766007808, "timestamp": "00:01:10.926", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1232896, "start_va": 8791786520576, "type": "region", "version": 1 }, "end_va": 8791787753471, "entry_point": 8791786843472, "filename": "\\Windows\\System32\\rpcrt4.dll", "id": "region_3810", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\system32\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 8791786520576, "timestamp": "00:01:10.927", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 651264, "start_va": 8791791435776, "type": "region", "version": 1 }, "end_va": 8791792087039, "entry_point": 8791791445408, "filename": "\\Windows\\System32\\msvcrt.dll", "id": "region_3811", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\system32\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 8791791435776, "timestamp": "00:01:10.928", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 421888, "start_va": 8791794778112, "type": "region", "version": 1 }, "end_va": 8791795199999, "entry_point": 8791794823228, "filename": "\\Windows\\System32\\gdi32.dll", "id": "region_3812", "name": "gdi32.dll", "norm_filename": "c:\\windows\\system32\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 8791794778112, "timestamp": "00:01:10.928", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 8791795761152, "type": "region", "version": 1 }, "end_va": 8791795765247, "entry_point": 8791795761152, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_3813", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 8791795761152, "timestamp": "00:01:10.929", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 8796092694528, "type": "region", "version": 1 }, "end_va": 8796092837887, "entry_point": 0, "filename": null, "id": "region_3814", "name": "pagefile_0x000007fffffb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 8796092694528, "timestamp": "00:01:10.932", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 8796092846080, "type": "region", "version": 1 }, "end_va": 8796092850175, "entry_point": 0, "filename": null, "id": "region_3815", "name": "private_0x000007fffffd5000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092846080, "timestamp": "00:01:10.932", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092882944, "type": "region", "version": 1 }, "end_va": 8796092891135, "entry_point": 0, "filename": null, "id": "region_3816", "name": "private_0x000007fffffde000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092882944, "timestamp": "00:01:10.932", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1470464, "start_va": 8791760044032, "type": "region", "version": 1 }, "end_va": 8791761514495, "entry_point": 8791760048320, "filename": "\\Windows\\System32\\crypt32.dll", "id": "region_5785", "name": "crypt32.dll", "norm_filename": "c:\\windows\\system32\\crypt32.dll", "region_type": "memory_mapped_file", "start_va": 8791760044032, "timestamp": "00:01:28.198", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 61440, "start_va": 8791758864384, "type": "region", "version": 1 }, "end_va": 8791758925823, "entry_point": 8791758868512, "filename": "\\Windows\\System32\\msasn1.dll", "id": "region_5786", "name": "msasn1.dll", "norm_filename": "c:\\windows\\system32\\msasn1.dll", "region_type": "memory_mapped_file", "start_va": 8791758864384, "timestamp": "00:01:28.199", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 61440, "start_va": 8791757094912, "type": "region", "version": 1 }, "end_va": 8791757156351, "entry_point": 8791757099024, "filename": "\\Windows\\System32\\cryptbase.dll", "id": "region_6120", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\system32\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 8791757094912, "timestamp": "00:01:30.540", "type": "region", "version": 1 } ], "terminate_reason": "timeout", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "\"C:\\Windows\\system32\\Dwm.exe\"", "filename": "c:\\windows\\system32\\dwm.exe", "id": "proc_43", "image_name": "dwm.exe", "monitor_reason": "child_process", "monitored_id": 43, "origin_monitor_id": 33, "ref_parent_process": { "ref_id": "proc_33", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_3522", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:01:10.182", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 28672, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 159743, "entry_point": 0, "filename": null, "id": "region_3523", "name": "pagefile_0x0000000000020000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 131072, "timestamp": "00:01:10.182", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 720895, "entry_point": 0, "filename": null, "id": "region_3524", "name": "private_0x0000000000030000", "norm_filename": null, "region_type": "private_memory", "start_va": 196608, "timestamp": "00:01:10.182", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 720896, "type": "region", "version": 1 }, "end_va": 737279, "entry_point": 0, "filename": null, "id": "region_3525", "name": "pagefile_0x00000000000b0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 720896, "timestamp": "00:01:10.182", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 786432, "type": "region", "version": 1 }, "end_va": 794623, "entry_point": 0, "filename": null, "id": "region_3526", "name": "pagefile_0x00000000000c0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 786432, "timestamp": "00:01:10.182", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 851968, "type": "region", "version": 1 }, "end_va": 1273855, "entry_point": 851968, "filename": "\\Windows\\System32\\locale.nls", "id": "region_3527", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 851968, "timestamp": "00:01:10.182", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 1310720, "type": "region", "version": 1 }, "end_va": 1318911, "entry_point": 0, "filename": null, "id": "region_3528", "name": "pagefile_0x0000000000140000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1310720, "timestamp": "00:01:10.182", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 1376256, "type": "region", "version": 1 }, "end_va": 1380351, "entry_point": 0, "filename": null, "id": "region_3529", "name": "private_0x0000000000150000", "norm_filename": null, "region_type": "private_memory", "start_va": 1376256, "timestamp": "00:01:10.182", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 1441792, "type": "region", "version": 1 }, "end_va": 1445887, "entry_point": 0, "filename": null, "id": "region_3530", "name": "private_0x0000000000160000", "norm_filename": null, "region_type": "private_memory", "start_va": 1441792, "timestamp": "00:01:10.182", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 1507328, "type": "region", "version": 1 }, "end_va": 2031615, "entry_point": 0, "filename": null, "id": "region_3531", "name": "private_0x0000000000170000", "norm_filename": null, "region_type": "private_memory", "start_va": 1507328, "timestamp": "00:01:10.182", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 2031616, "type": "region", "version": 1 }, "end_va": 2097151, "entry_point": 0, "filename": null, "id": "region_3532", "name": "private_0x00000000001f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2031616, "timestamp": "00:01:10.182", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2097152, "type": "region", "version": 1 }, "end_va": 2101247, "entry_point": 0, "filename": null, "id": "region_3533", "name": "private_0x0000000000200000", "norm_filename": null, "region_type": "private_memory", "start_va": 2097152, "timestamp": "00:01:10.182", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2162688, "type": "region", "version": 1 }, "end_va": 2166783, "entry_point": 0, "filename": null, "id": "region_3534", "name": "private_0x0000000000210000", "norm_filename": null, "region_type": "private_memory", "start_va": 2162688, "timestamp": "00:01:10.182", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2621440, "type": "region", "version": 1 }, "end_va": 3670015, "entry_point": 0, "filename": null, "id": "region_3535", "name": "private_0x0000000000280000", "norm_filename": null, "region_type": "private_memory", "start_va": 2621440, "timestamp": "00:01:10.182", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 3670016, "type": "region", "version": 1 }, "end_va": 5275647, "entry_point": 0, "filename": null, "id": "region_3536", "name": "pagefile_0x0000000000380000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 3670016, "timestamp": "00:01:10.183", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 5308416, "type": "region", "version": 1 }, "end_va": 6885375, "entry_point": 0, "filename": null, "id": "region_3537", "name": "pagefile_0x0000000000510000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 5308416, "timestamp": "00:01:10.183", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20971520, "start_va": 6946816, "type": "region", "version": 1 }, "end_va": 27918335, "entry_point": 0, "filename": null, "id": "region_3538", "name": "pagefile_0x00000000006a0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 6946816, "timestamp": "00:01:10.183", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4141056, "start_va": 27918336, "type": "region", "version": 1 }, "end_va": 32059391, "entry_point": 0, "filename": null, "id": "region_3539", "name": "pagefile_0x0000000001aa0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 27918336, "timestamp": "00:01:10.183", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 32112640, "type": "region", "version": 1 }, "end_va": 33161215, "entry_point": 0, "filename": null, "id": "region_3540", "name": "private_0x0000000001ea0000", "norm_filename": null, "region_type": "private_memory", "start_va": 32112640, "timestamp": "00:01:10.183", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 913408, "start_va": 33161216, "type": "region", "version": 1 }, "end_va": 34074623, "entry_point": 0, "filename": null, "id": "region_3541", "name": "pagefile_0x0000000001fa0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 33161216, "timestamp": "00:01:10.183", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 34603008, "type": "region", "version": 1 }, "end_va": 35127295, "entry_point": 0, "filename": null, "id": "region_3542", "name": "private_0x0000000002100000", "norm_filename": null, "region_type": "private_memory", "start_va": 34603008, "timestamp": "00:01:10.183", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 35127296, "type": "region", "version": 1 }, "end_va": 36175871, "entry_point": 0, "filename": null, "id": "region_3543", "name": "private_0x0000000002180000", "norm_filename": null, "region_type": "private_memory", "start_va": 35127296, "timestamp": "00:01:10.183", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 36634624, "type": "region", "version": 1 }, "end_va": 37158911, "entry_point": 0, "filename": null, "id": "region_3544", "name": "private_0x00000000022f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 36634624, "timestamp": "00:01:10.183", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2945024, "start_va": 37748736, "type": "region", "version": 1 }, "end_va": 40693759, "entry_point": 37748736, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_3545", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 37748736, "timestamp": "00:01:10.184", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1024000, "start_va": 2005467136, "type": "region", "version": 1 }, "end_va": 2006491135, "entry_point": 2005574344, "filename": "\\Windows\\System32\\user32.dll", "id": "region_3546", "name": "user32.dll", "norm_filename": "c:\\windows\\system32\\user32.dll", "region_type": "memory_mapped_file", "start_va": 2005467136, "timestamp": "00:01:10.185", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1175552, "start_va": 2006515712, "type": "region", "version": 1 }, "end_va": 2007691263, "entry_point": 2006605472, "filename": "\\Windows\\System32\\kernel32.dll", "id": "region_3547", "name": "kernel32.dll", "norm_filename": "c:\\windows\\system32\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 2006515712, "timestamp": "00:01:10.185", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 2007695360, "type": "region", "version": 1 }, "end_va": 2009436159, "entry_point": 2007695360, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_3548", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2007695360, "timestamp": "00:01:10.186", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 28672, "start_va": 2009530368, "type": "region", "version": 1 }, "end_va": 2009559039, "entry_point": 2009534572, "filename": "\\Windows\\System32\\psapi.dll", "id": "region_3549", "name": "psapi.dll", "norm_filename": "c:\\windows\\system32\\psapi.dll", "region_type": "memory_mapped_file", "start_va": 2009530368, "timestamp": "00:01:10.187", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2131623935, "entry_point": 0, "filename": null, "id": "region_3550", "name": "pagefile_0x000000007efe0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130575360, "timestamp": "00:01:10.190", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 15728640, "start_va": 2131623936, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_3551", "name": "private_0x000000007f0e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2131623936, "timestamp": "00:01:10.190", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable" ], "ref_process_dump": null, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_3552", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:01:10.190", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 143360, "start_va": 4283236352, "type": "region", "version": 1 }, "end_va": 4283379711, "entry_point": 4283236352, "filename": "\\Windows\\System32\\dwm.exe", "id": "region_3553", "name": "dwm.exe", "norm_filename": "c:\\windows\\system32\\dwm.exe", "region_type": "memory_mapped_file", "start_va": 4283236352, "timestamp": "00:01:10.191", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 684032, "start_va": 8791708336128, "type": "region", "version": 1 }, "end_va": 8791709020159, "entry_point": 8791708336128, "filename": "\\Windows\\System32\\dxgi.dll", "id": "region_3554", "name": "dxgi.dll", "norm_filename": "c:\\windows\\system32\\dxgi.dll", "region_type": "memory_mapped_file", "start_va": 8791708336128, "timestamp": "00:01:10.202", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 348160, "start_va": 8791709057024, "type": "region", "version": 1 }, "end_va": 8791709405183, "entry_point": 8791709057024, "filename": "\\Windows\\System32\\d3d10_1core.dll", "id": "region_3555", "name": "d3d10_1core.dll", "norm_filename": "c:\\windows\\system32\\d3d10_1core.dll", "region_type": "memory_mapped_file", "start_va": 8791709057024, "timestamp": "00:01:10.248", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 212992, "start_va": 8791709450240, "type": "region", "version": 1 }, "end_va": 8791709663231, "entry_point": 8791709450240, "filename": "\\Windows\\System32\\d3d10_1.dll", "id": "region_3556", "name": "d3d10_1.dll", "norm_filename": "c:\\windows\\system32\\d3d10_1.dll", "region_type": "memory_mapped_file", "start_va": 8791709450240, "timestamp": "00:01:10.314", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1646592, "start_va": 8791709712384, "type": "region", "version": 1 }, "end_va": 8791711358975, "entry_point": 8791709712384, "filename": "\\Windows\\System32\\dwmcore.dll", "id": "region_3557", "name": "dwmcore.dll", "norm_filename": "c:\\windows\\system32\\dwmcore.dll", "region_type": "memory_mapped_file", "start_va": 8791709712384, "timestamp": "00:01:10.324", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 159744, "start_va": 8791711416320, "type": "region", "version": 1 }, "end_va": 8791711576063, "entry_point": 8791711416320, "filename": "\\Windows\\System32\\dwmredir.dll", "id": "region_3558", "name": "dwmredir.dll", "norm_filename": "c:\\windows\\system32\\dwmredir.dll", "region_type": "memory_mapped_file", "start_va": 8791711416320, "timestamp": "00:01:10.334", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1220608, "start_va": 8791728324608, "type": "region", "version": 1 }, "end_va": 8791729545215, "entry_point": 8791728338960, "filename": "\\Windows\\System32\\WindowsCodecs.dll", "id": "region_3559", "name": "windowscodecs.dll", "norm_filename": "c:\\windows\\system32\\windowscodecs.dll", "region_type": "memory_mapped_file", "start_va": 8791728324608, "timestamp": "00:01:10.345", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 98304, "start_va": 8791729831936, "type": "region", "version": 1 }, "end_va": 8791729930239, "entry_point": 8791729836336, "filename": "\\Windows\\System32\\dwmapi.dll", "id": "region_3560", "name": "dwmapi.dll", "norm_filename": "c:\\windows\\system32\\dwmapi.dll", "region_type": "memory_mapped_file", "start_va": 8791729831936, "timestamp": "00:01:10.345", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 352256, "start_va": 8791734222848, "type": "region", "version": 1 }, "end_va": 8791734575103, "entry_point": 8791734270912, "filename": "\\Windows\\System32\\uxtheme.dll", "id": "region_3561", "name": "uxtheme.dll", "norm_filename": "c:\\windows\\system32\\uxtheme.dll", "region_type": "memory_mapped_file", "start_va": 8791734222848, "timestamp": "00:01:10.346", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 8791743266816, "type": "region", "version": 1 }, "end_va": 8791743315967, "entry_point": 8791743271012, "filename": "\\Windows\\System32\\version.dll", "id": "region_3562", "name": "version.dll", "norm_filename": "c:\\windows\\system32\\version.dll", "region_type": "memory_mapped_file", "start_va": 8791743266816, "timestamp": "00:01:10.346", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 61440, "start_va": 8791758864384, "type": "region", "version": 1 }, "end_va": 8791758925823, "entry_point": 8791758868512, "filename": "\\Windows\\System32\\msasn1.dll", "id": "region_3563", "name": "msasn1.dll", "norm_filename": "c:\\windows\\system32\\msasn1.dll", "region_type": "memory_mapped_file", "start_va": 8791758864384, "timestamp": "00:01:10.347", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 438272, "start_va": 8791759060992, "type": "region", "version": 1 }, "end_va": 8791759499263, "entry_point": 8791759073504, "filename": "\\Windows\\System32\\KernelBase.dll", "id": "region_3564", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\system32\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 8791759060992, "timestamp": "00:01:10.347", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 237568, "start_va": 8791759781888, "type": "region", "version": 1 }, "end_va": 8791760019455, "entry_point": 8791759786784, "filename": "\\Windows\\System32\\wintrust.dll", "id": "region_3565", "name": "wintrust.dll", "norm_filename": "c:\\windows\\system32\\wintrust.dll", "region_type": "memory_mapped_file", "start_va": 8791759781888, "timestamp": "00:01:10.348", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1470464, "start_va": 8791760044032, "type": "region", "version": 1 }, "end_va": 8791761514495, "entry_point": 8791760048320, "filename": "\\Windows\\System32\\crypt32.dll", "id": "region_3566", "name": "crypt32.dll", "norm_filename": "c:\\windows\\system32\\crypt32.dll", "region_type": "memory_mapped_file", "start_va": 8791760044032, "timestamp": "00:01:10.349", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 823296, "start_va": 8791762206720, "type": "region", "version": 1 }, "end_va": 8791763030015, "entry_point": 8791762708596, "filename": "\\Windows\\System32\\usp10.dll", "id": "region_3567", "name": "usp10.dll", "norm_filename": "c:\\windows\\system32\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 8791762206720, "timestamp": "00:01:10.349", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1085440, "start_va": 8791763451904, "type": "region", "version": 1 }, "end_va": 8791764537343, "entry_point": 8791763456100, "filename": "\\Windows\\System32\\msctf.dll", "id": "region_3568", "name": "msctf.dll", "norm_filename": "c:\\windows\\system32\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 8791763451904, "timestamp": "00:01:10.350", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 57344, "start_va": 8791764566016, "type": "region", "version": 1 }, "end_va": 8791764623359, "entry_point": 8791764570240, "filename": "\\Windows\\System32\\lpk.dll", "id": "region_3569", "name": "lpk.dll", "norm_filename": "c:\\windows\\system32\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 8791764566016, "timestamp": "00:01:10.350", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 126976, "start_va": 8791765876736, "type": "region", "version": 1 }, "end_va": 8791766003711, "entry_point": 8791765901544, "filename": "\\Windows\\System32\\sechost.dll", "id": "region_3570", "name": "sechost.dll", "norm_filename": "c:\\windows\\system32\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 8791765876736, "timestamp": "00:01:10.351", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 188416, "start_va": 8791766007808, "type": "region", "version": 1 }, "end_va": 8791766196223, "entry_point": 8791766011920, "filename": "\\Windows\\System32\\imm32.dll", "id": "region_3571", "name": "imm32.dll", "norm_filename": "c:\\windows\\system32\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 8791766007808, "timestamp": "00:01:10.352", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 897024, "start_va": 8791785603072, "type": "region", "version": 1 }, "end_va": 8791786500095, "entry_point": 8791785736032, "filename": "\\Windows\\System32\\advapi32.dll", "id": "region_3572", "name": "advapi32.dll", "norm_filename": "c:\\windows\\system32\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 8791785603072, "timestamp": "00:01:10.352", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1232896, "start_va": 8791786520576, "type": "region", "version": 1 }, "end_va": 8791787753471, "entry_point": 8791786843472, "filename": "\\Windows\\System32\\rpcrt4.dll", "id": "region_3573", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\system32\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 8791786520576, "timestamp": "00:01:10.353", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 651264, "start_va": 8791791435776, "type": "region", "version": 1 }, "end_va": 8791792087039, "entry_point": 8791791445408, "filename": "\\Windows\\System32\\msvcrt.dll", "id": "region_3574", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\system32\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 8791791435776, "timestamp": "00:01:10.353", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2109440, "start_va": 8791792091136, "type": "region", "version": 1 }, "end_va": 8791794200575, "entry_point": 8791792235312, "filename": "\\Windows\\System32\\ole32.dll", "id": "region_3575", "name": "ole32.dll", "norm_filename": "c:\\windows\\system32\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 8791792091136, "timestamp": "00:01:10.354", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 421888, "start_va": 8791794778112, "type": "region", "version": 1 }, "end_va": 8791795199999, "entry_point": 8791794823228, "filename": "\\Windows\\System32\\gdi32.dll", "id": "region_3576", "name": "gdi32.dll", "norm_filename": "c:\\windows\\system32\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 8791794778112, "timestamp": "00:01:10.354", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 8791795761152, "type": "region", "version": 1 }, "end_va": 8791795765247, "entry_point": 8791795761152, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_3577", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 8791795761152, "timestamp": "00:01:10.355", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 8796092694528, "type": "region", "version": 1 }, "end_va": 8796092837887, "entry_point": 0, "filename": null, "id": "region_3578", "name": "pagefile_0x000007fffffb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 8796092694528, "timestamp": "00:01:10.358", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092862464, "type": "region", "version": 1 }, "end_va": 8796092870655, "entry_point": 0, "filename": null, "id": "region_3579", "name": "private_0x000007fffffd9000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092862464, "timestamp": "00:01:10.358", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092870656, "type": "region", "version": 1 }, "end_va": 8796092878847, "entry_point": 0, "filename": null, "id": "region_3580", "name": "private_0x000007fffffdb000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092870656, "timestamp": "00:01:10.358", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092878848, "type": "region", "version": 1 }, "end_va": 8796092887039, "entry_point": 0, "filename": null, "id": "region_3581", "name": "private_0x000007fffffdd000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092878848, "timestamp": "00:01:10.358", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 8796092887040, "type": "region", "version": 1 }, "end_va": 8796092891135, "entry_point": 0, "filename": null, "id": "region_3582", "name": "private_0x000007fffffdf000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092887040, "timestamp": "00:01:10.358", "type": "region", "version": 1 } ], "terminate_reason": "timeout", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "C:\\Windows\\Explorer.EXE", "filename": "c:\\windows\\explorer.exe", "id": "proc_44", "image_name": "explorer.exe", "monitor_reason": "child_process", "monitored_id": 44, "origin_monitor_id": 42, "ref_parent_process": { "ref_id": "proc_42", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_2948", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:01:09.107", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 139263, "entry_point": 0, "filename": null, "id": "region_2949", "name": "pagefile_0x0000000000020000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 131072, "timestamp": "00:01:09.107", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 212991, "entry_point": 0, "filename": null, "id": "region_2950", "name": "pagefile_0x0000000000030000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 196608, "timestamp": "00:01:09.107", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 270335, "entry_point": 0, "filename": null, "id": "region_2951", "name": "pagefile_0x0000000000040000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 262144, "timestamp": "00:01:09.107", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 327680, "type": "region", "version": 1 }, "end_va": 749567, "entry_point": 327680, "filename": "\\Windows\\System32\\locale.nls", "id": "region_2952", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 327680, "timestamp": "00:01:09.107", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 28672, "start_va": 786432, "type": "region", "version": 1 }, "end_va": 815103, "entry_point": 0, "filename": null, "id": "region_2953", "name": "pagefile_0x00000000000c0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 786432, "timestamp": "00:01:09.108", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 851968, "type": "region", "version": 1 }, "end_va": 860159, "entry_point": 0, "filename": null, "id": "region_2954", "name": "pagefile_0x00000000000d0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 851968, "timestamp": "00:01:09.108", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 917504, "type": "region", "version": 1 }, "end_va": 921599, "entry_point": 0, "filename": null, "id": "region_2955", "name": "private_0x00000000000e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 917504, "timestamp": "00:01:09.108", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 983040, "type": "region", "version": 1 }, "end_va": 987135, "entry_point": 0, "filename": null, "id": "region_2956", "name": "private_0x00000000000f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 983040, "timestamp": "00:01:09.108", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 1048576, "type": "region", "version": 1 }, "end_va": 1052671, "entry_point": 0, "filename": null, "id": "region_2957", "name": "pagefile_0x0000000000100000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1048576, "timestamp": "00:01:09.108", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 1114112, "type": "region", "version": 1 }, "end_va": 1179647, "entry_point": 0, "filename": null, "id": "region_2958", "name": "private_0x0000000000110000", "norm_filename": null, "region_type": "private_memory", "start_va": 1114112, "timestamp": "00:01:09.108", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 1179648, "type": "region", "version": 1 }, "end_va": 1441791, "entry_point": 0, "filename": null, "id": "region_2959", "name": "private_0x0000000000120000", "norm_filename": null, "region_type": "private_memory", "start_va": 1179648, "timestamp": "00:01:09.108", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 1441792, "type": "region", "version": 1 }, "end_va": 1449983, "entry_point": 0, "filename": null, "id": "region_2960", "name": "pagefile_0x0000000000160000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1441792, "timestamp": "00:01:09.108", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 1507328, "type": "region", "version": 1 }, "end_va": 1511423, "entry_point": 0, "filename": null, "id": "region_2961", "name": "pagefile_0x0000000000170000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1507328, "timestamp": "00:01:09.108", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 1572864, "type": "region", "version": 1 }, "end_va": 1581055, "entry_point": 0, "filename": null, "id": "region_2962", "name": "pagefile_0x0000000000180000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1572864, "timestamp": "00:01:09.108", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 98304, "start_va": 1638400, "type": "region", "version": 1 }, "end_va": 1736703, "entry_point": 0, "filename": null, "id": "region_2963", "name": "private_0x0000000000190000", "norm_filename": null, "region_type": "private_memory", "start_va": 1638400, "timestamp": "00:01:09.108", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 1769472, "type": "region", "version": 1 }, "end_va": 1773567, "entry_point": 0, "filename": null, "id": "region_2964", "name": "pagefile_0x00000000001b0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1769472, "timestamp": "00:01:09.108", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 1835008, "type": "region", "version": 1 }, "end_va": 1839103, "entry_point": 0, "filename": null, "id": "region_2965", "name": "private_0x00000000001c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1835008, "timestamp": "00:01:09.108", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 1900544, "type": "region", "version": 1 }, "end_va": 2424831, "entry_point": 0, "filename": null, "id": "region_2966", "name": "private_0x00000000001d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1900544, "timestamp": "00:01:09.108", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2424832, "type": "region", "version": 1 }, "end_va": 3473407, "entry_point": 0, "filename": null, "id": "region_2967", "name": "private_0x0000000000250000", "norm_filename": null, "region_type": "private_memory", "start_va": 2424832, "timestamp": "00:01:09.108", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 114688, "start_va": 3473408, "type": "region", "version": 1 }, "end_va": 3588095, "entry_point": 0, "filename": null, "id": "region_2968", "name": "private_0x0000000000350000", "norm_filename": null, "region_type": "private_memory", "start_va": 3473408, "timestamp": "00:01:09.108", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 12288, "start_va": 3604480, "type": "region", "version": 1 }, "end_va": 3616767, "entry_point": 0, "filename": null, "id": "region_2969", "name": "pagefile_0x0000000000370000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 3604480, "timestamp": "00:01:09.108", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 20480, "start_va": 3670016, "type": "region", "version": 1 }, "end_va": 3690495, "entry_point": 0, "filename": null, "id": "region_2970", "name": "private_0x0000000000380000", "norm_filename": null, "region_type": "private_memory", "start_va": 3670016, "timestamp": "00:01:09.108", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 196608, "start_va": 3735552, "type": "region", "version": 1 }, "end_va": 3932159, "entry_point": 0, "filename": null, "id": "region_2971", "name": "private_0x0000000000390000", "norm_filename": null, "region_type": "private_memory", "start_va": 3735552, "timestamp": "00:01:09.108", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 3932160, "type": "region", "version": 1 }, "end_va": 3997695, "entry_point": 0, "filename": null, "id": "region_2972", "name": "private_0x00000000003c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 3932160, "timestamp": "00:01:09.108", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 3997696, "type": "region", "version": 1 }, "end_va": 4001791, "entry_point": 0, "filename": null, "id": "region_2973", "name": "private_0x00000000003d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 3997696, "timestamp": "00:01:09.108", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 4063232, "type": "region", "version": 1 }, "end_va": 5111807, "entry_point": 0, "filename": null, "id": "region_2974", "name": "private_0x00000000003e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 4063232, "timestamp": "00:01:09.108", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 5111808, "type": "region", "version": 1 }, "end_va": 6717439, "entry_point": 0, "filename": null, "id": "region_2975", "name": "pagefile_0x00000000004e0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 5111808, "timestamp": "00:01:09.108", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 6750208, "type": "region", "version": 1 }, "end_va": 8327167, "entry_point": 0, "filename": null, "id": "region_2976", "name": "pagefile_0x0000000000670000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 6750208, "timestamp": "00:01:09.108", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20971520, "start_va": 8388608, "type": "region", "version": 1 }, "end_va": 29360127, "entry_point": 0, "filename": null, "id": "region_2977", "name": "pagefile_0x0000000000800000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 8388608, "timestamp": "00:01:09.108", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4141056, "start_va": 29360128, "type": "region", "version": 1 }, "end_va": 33501183, "entry_point": 0, "filename": null, "id": "region_2978", "name": "pagefile_0x0000000001c00000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 29360128, "timestamp": "00:01:09.108", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "" ], "ref_process_dump": null, "size": 65536, "start_va": 33554432, "type": "region", "version": 1 }, "end_va": 33619967, "entry_point": 0, "filename": null, "id": "region_2979", "name": "private_0x0000000002000000", "norm_filename": null, "region_type": "private_memory", "start_va": 33554432, "timestamp": "00:01:09.108", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 33619968, "type": "region", "version": 1 }, "end_va": 33685503, "entry_point": 0, "filename": null, "id": "region_2980", "name": "private_0x0000000002010000", "norm_filename": null, "region_type": "private_memory", "start_va": 33619968, "timestamp": "00:01:09.108", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 33685504, "type": "region", "version": 1 }, "end_va": 33751039, "entry_point": 0, "filename": null, "id": "region_2981", "name": "private_0x0000000002020000", "norm_filename": null, "region_type": "private_memory", "start_va": 33685504, "timestamp": "00:01:09.108", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 33751040, "type": "region", "version": 1 }, "end_va": 33816575, "entry_point": 0, "filename": null, "id": "region_2982", "name": "private_0x0000000002030000", "norm_filename": null, "region_type": "private_memory", "start_va": 33751040, "timestamp": "00:01:09.108", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 33816576, "type": "region", "version": 1 }, "end_va": 34340863, "entry_point": 0, "filename": null, "id": "region_2983", "name": "private_0x0000000002040000", "norm_filename": null, "region_type": "private_memory", "start_va": 33816576, "timestamp": "00:01:09.109", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 913408, "start_va": 34340864, "type": "region", "version": 1 }, "end_va": 35254271, "entry_point": 0, "filename": null, "id": "region_2984", "name": "pagefile_0x00000000020c0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 34340864, "timestamp": "00:01:09.109", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 393216, "start_va": 35258368, "type": "region", "version": 1 }, "end_va": 35651583, "entry_point": 0, "filename": null, "id": "region_2985", "name": "private_0x00000000021a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 35258368, "timestamp": "00:01:09.109", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 442368, "start_va": 35651584, "type": "region", "version": 1 }, "end_va": 36093951, "entry_point": 0, "filename": null, "id": "region_2986", "name": "private_0x0000000002200000", "norm_filename": null, "region_type": "private_memory", "start_va": 35651584, "timestamp": "00:01:09.109", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 36110336, "type": "region", "version": 1 }, "end_va": 36175871, "entry_point": 0, "filename": null, "id": "region_2987", "name": "private_0x0000000002270000", "norm_filename": null, "region_type": "private_memory", "start_va": 36110336, "timestamp": "00:01:09.109", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 36175872, "type": "region", "version": 1 }, "end_va": 36700159, "entry_point": 0, "filename": null, "id": "region_2988", "name": "private_0x0000000002280000", "norm_filename": null, "region_type": "private_memory", "start_va": 36175872, "timestamp": "00:01:09.109", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2945024, "start_va": 36700160, "type": "region", "version": 1 }, "end_va": 39645183, "entry_point": 36700160, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_2989", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 36700160, "timestamp": "00:01:09.109", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 39649280, "type": "region", "version": 1 }, "end_va": 39657471, "entry_point": 0, "filename": null, "id": "region_2990", "name": "pagefile_0x00000000025d0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 39649280, "timestamp": "00:01:09.109", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 39714816, "type": "region", "version": 1 }, "end_va": 40239103, "entry_point": 0, "filename": null, "id": "region_2991", "name": "private_0x00000000025e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 39714816, "timestamp": "00:01:09.109", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 40239104, "type": "region", "version": 1 }, "end_va": 40247295, "entry_point": 0, "filename": null, "id": "region_2992", "name": "pagefile_0x0000000002660000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 40239104, "timestamp": "00:01:09.109", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 40304640, "type": "region", "version": 1 }, "end_va": 40316927, "entry_point": 40304640, "filename": "\\Windows\\winsxs\\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_en-us_106f9be843a9b4e3\\comctl32.dll.mui", "id": "region_2993", "name": "comctl32.dll.mui", "norm_filename": "c:\\windows\\winsxs\\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_en-us_106f9be843a9b4e3\\comctl32.dll.mui", "region_type": "memory_mapped_file", "start_va": 40304640, "timestamp": "00:01:09.109", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 40370176, "type": "region", "version": 1 }, "end_va": 40374271, "entry_point": 0, "filename": null, "id": "region_2994", "name": "private_0x0000000002680000", "norm_filename": null, "region_type": "private_memory", "start_va": 40370176, "timestamp": "00:01:09.119", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 114688, "start_va": 40435712, "type": "region", "version": 1 }, "end_va": 40550399, "entry_point": 0, "filename": null, "id": "region_2995", "name": "private_0x0000000002690000", "norm_filename": null, "region_type": "private_memory", "start_va": 40435712, "timestamp": "00:01:09.119", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 40566784, "type": "region", "version": 1 }, "end_va": 40570879, "entry_point": 0, "filename": null, "id": "region_2996", "name": "private_0x00000000026b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 40566784, "timestamp": "00:01:09.119", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 36864, "start_va": 40632320, "type": "region", "version": 1 }, "end_va": 40669183, "entry_point": 0, "filename": null, "id": "region_2997", "name": "private_0x00000000026c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 40632320, "timestamp": "00:01:09.119", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 40697856, "type": "region", "version": 1 }, "end_va": 41746431, "entry_point": 0, "filename": null, "id": "region_2998", "name": "private_0x00000000026d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 40697856, "timestamp": "00:01:09.119", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 41746432, "type": "region", "version": 1 }, "end_va": 41811967, "entry_point": 0, "filename": null, "id": "region_2999", "name": "private_0x00000000027d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 41746432, "timestamp": "00:01:09.119", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 41811968, "type": "region", "version": 1 }, "end_va": 41877503, "entry_point": 0, "filename": null, "id": "region_3000", "name": "private_0x00000000027e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 41811968, "timestamp": "00:01:09.119", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 41877504, "type": "region", "version": 1 }, "end_va": 41943039, "entry_point": 0, "filename": null, "id": "region_3001", "name": "private_0x00000000027f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 41877504, "timestamp": "00:01:09.119", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 41943040, "type": "region", "version": 1 }, "end_va": 42008575, "entry_point": 0, "filename": null, "id": "region_3002", "name": "private_0x0000000002800000", "norm_filename": null, "region_type": "private_memory", "start_va": 41943040, "timestamp": "00:01:09.119", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 42008576, "type": "region", "version": 1 }, "end_va": 42074111, "entry_point": 0, "filename": null, "id": "region_3003", "name": "private_0x0000000002810000", "norm_filename": null, "region_type": "private_memory", "start_va": 42008576, "timestamp": "00:01:09.119", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 42074112, "type": "region", "version": 1 }, "end_va": 43122687, "entry_point": 0, "filename": null, "id": "region_3004", "name": "private_0x0000000002820000", "norm_filename": null, "region_type": "private_memory", "start_va": 42074112, "timestamp": "00:01:09.119", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 43122688, "type": "region", "version": 1 }, "end_va": 43188223, "entry_point": 0, "filename": null, "id": "region_3005", "name": "private_0x0000000002920000", "norm_filename": null, "region_type": "private_memory", "start_va": 43122688, "timestamp": "00:01:09.119", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 43188224, "type": "region", "version": 1 }, "end_va": 43196415, "entry_point": 0, "filename": null, "id": "region_3006", "name": "pagefile_0x0000000002930000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 43188224, "timestamp": "00:01:09.119", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 43253760, "type": "region", "version": 1 }, "end_va": 43257855, "entry_point": 0, "filename": null, "id": "region_3007", "name": "private_0x0000000002940000", "norm_filename": null, "region_type": "private_memory", "start_va": 43253760, "timestamp": "00:01:09.119", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 43319296, "type": "region", "version": 1 }, "end_va": 43323391, "entry_point": 0, "filename": null, "id": "region_3008", "name": "private_0x0000000002950000", "norm_filename": null, "region_type": "private_memory", "start_va": 43319296, "timestamp": "00:01:09.119", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 32768, "start_va": 43384832, "type": "region", "version": 1 }, "end_va": 43417599, "entry_point": 0, "filename": null, "id": "region_3009", "name": "private_0x0000000002960000", "norm_filename": null, "region_type": "private_memory", "start_va": 43384832, "timestamp": "00:01:09.119", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable" ], "ref_process_dump": null, "size": 196608, "start_va": 43450368, "type": "region", "version": 1 }, "end_va": 43646975, "entry_point": 43450368, "filename": "\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Caches\\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000010.db", "id": "region_3010", "name": "{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000010.db", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\caches\\{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000010.db", "region_type": "memory_mapped_file", "start_va": 43450368, "timestamp": "00:01:09.119", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 43646976, "type": "region", "version": 1 }, "end_va": 43651071, "entry_point": 0, "filename": null, "id": "region_3011", "name": "pagefile_0x00000000029a0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 43646976, "timestamp": "00:01:09.120", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 43712512, "type": "region", "version": 1 }, "end_va": 43728895, "entry_point": 43712512, "filename": "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db", "id": "region_3012", "name": "cversions.2.db", "norm_filename": "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db", "region_type": "memory_mapped_file", "start_va": 43712512, "timestamp": "00:01:09.120", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 43778048, "type": "region", "version": 1 }, "end_va": 43794431, "entry_point": 43778048, "filename": "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db", "id": "region_3013", "name": "cversions.2.db", "norm_filename": "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db", "region_type": "memory_mapped_file", "start_va": 43778048, "timestamp": "00:01:09.120", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 43843584, "type": "region", "version": 1 }, "end_va": 43851775, "entry_point": 0, "filename": null, "id": "region_3014", "name": "pagefile_0x00000000029d0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 43843584, "timestamp": "00:01:09.120", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 43909120, "type": "region", "version": 1 }, "end_va": 43974655, "entry_point": 0, "filename": null, "id": "region_3015", "name": "private_0x00000000029e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 43909120, "timestamp": "00:01:09.120", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 43974656, "type": "region", "version": 1 }, "end_va": 45023231, "entry_point": 0, "filename": null, "id": "region_3016", "name": "private_0x00000000029f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 43974656, "timestamp": "00:01:09.120", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable" ], "ref_process_dump": null, "size": 196608, "start_va": 45023232, "type": "region", "version": 1 }, "end_va": 45219839, "entry_point": 45023232, "filename": "\\ProgramData\\Microsoft\\Windows\\Caches\\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000012.db", "id": "region_3017", "name": "{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000012.db", "norm_filename": "c:\\programdata\\microsoft\\windows\\caches\\{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000012.db", "region_type": "memory_mapped_file", "start_va": 45023232, "timestamp": "00:01:09.120", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 45219840, "type": "region", "version": 1 }, "end_va": 45744127, "entry_point": 0, "filename": null, "id": "region_3018", "name": "private_0x0000000002b20000", "norm_filename": null, "region_type": "private_memory", "start_va": 45219840, "timestamp": "00:01:09.121", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 45744128, "type": "region", "version": 1 }, "end_va": 46792703, "entry_point": 0, "filename": null, "id": "region_3019", "name": "private_0x0000000002ba0000", "norm_filename": null, "region_type": "private_memory", "start_va": 45744128, "timestamp": "00:01:09.121", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 2097152, "start_va": 46792704, "type": "region", "version": 1 }, "end_va": 48889855, "entry_point": 0, "filename": null, "id": "region_3020", "name": "private_0x0000000002ca0000", "norm_filename": null, "region_type": "private_memory", "start_va": 46792704, "timestamp": "00:01:09.121", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 3420160, "start_va": 48889856, "type": "region", "version": 1 }, "end_va": 52310015, "entry_point": 0, "filename": null, "id": "region_3021", "name": "pagefile_0x0000000002ea0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 48889856, "timestamp": "00:01:09.121", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 52363264, "type": "region", "version": 1 }, "end_va": 52371455, "entry_point": 0, "filename": null, "id": "region_3022", "name": "pagefile_0x00000000031f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 52363264, "timestamp": "00:01:09.121", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 16384, "start_va": 52428800, "type": "region", "version": 1 }, "end_va": 52445183, "entry_point": 0, "filename": null, "id": "region_3023", "name": "private_0x0000000003200000", "norm_filename": null, "region_type": "private_memory", "start_va": 52428800, "timestamp": "00:01:09.121", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 16384, "start_va": 52494336, "type": "region", "version": 1 }, "end_va": 52510719, "entry_point": 0, "filename": null, "id": "region_3024", "name": "private_0x0000000003210000", "norm_filename": null, "region_type": "private_memory", "start_va": 52494336, "timestamp": "00:01:09.121", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 52559872, "type": "region", "version": 1 }, "end_va": 52563967, "entry_point": 0, "filename": null, "id": "region_3025", "name": "private_0x0000000003220000", "norm_filename": null, "region_type": "private_memory", "start_va": 52559872, "timestamp": "00:01:09.121", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 52625408, "type": "region", "version": 1 }, "end_va": 52629503, "entry_point": 0, "filename": null, "id": "region_3026", "name": "private_0x0000000003230000", "norm_filename": null, "region_type": "private_memory", "start_va": 52625408, "timestamp": "00:01:09.121", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 52690944, "type": "region", "version": 1 }, "end_va": 53215231, "entry_point": 0, "filename": null, "id": "region_3027", "name": "private_0x0000000003240000", "norm_filename": null, "region_type": "private_memory", "start_va": 52690944, "timestamp": "00:01:09.121", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 53215232, "type": "region", "version": 1 }, "end_va": 53219327, "entry_point": 0, "filename": null, "id": "region_3028", "name": "private_0x00000000032c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 53215232, "timestamp": "00:01:09.121", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 53280768, "type": "region", "version": 1 }, "end_va": 53284863, "entry_point": 0, "filename": null, "id": "region_3029", "name": "private_0x00000000032d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 53280768, "timestamp": "00:01:09.121", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 53346304, "type": "region", "version": 1 }, "end_va": 53350399, "entry_point": 0, "filename": null, "id": "region_3030", "name": "private_0x00000000032e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 53346304, "timestamp": "00:01:09.121", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 53411840, "type": "region", "version": 1 }, "end_va": 53936127, "entry_point": 0, "filename": null, "id": "region_3031", "name": "private_0x00000000032f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 53411840, "timestamp": "00:01:09.121", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 53936128, "type": "region", "version": 1 }, "end_va": 53940223, "entry_point": 0, "filename": null, "id": "region_3032", "name": "private_0x0000000003370000", "norm_filename": null, "region_type": "private_memory", "start_va": 53936128, "timestamp": "00:01:09.121", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 54001664, "type": "region", "version": 1 }, "end_va": 54005759, "entry_point": 0, "filename": null, "id": "region_3033", "name": "private_0x0000000003380000", "norm_filename": null, "region_type": "private_memory", "start_va": 54001664, "timestamp": "00:01:09.121", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 54067200, "type": "region", "version": 1 }, "end_va": 54071295, "entry_point": 0, "filename": null, "id": "region_3034", "name": "private_0x0000000003390000", "norm_filename": null, "region_type": "private_memory", "start_va": 54067200, "timestamp": "00:01:09.121", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 54132736, "type": "region", "version": 1 }, "end_va": 54657023, "entry_point": 0, "filename": null, "id": "region_3035", "name": "private_0x00000000033a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 54132736, "timestamp": "00:01:09.121", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 54657024, "type": "region", "version": 1 }, "end_va": 54661119, "entry_point": 0, "filename": null, "id": "region_3036", "name": "pagefile_0x0000000003420000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 54657024, "timestamp": "00:01:09.121", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 54722560, "type": "region", "version": 1 }, "end_va": 54730751, "entry_point": 0, "filename": null, "id": "region_3037", "name": "pagefile_0x0000000003430000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 54722560, "timestamp": "00:01:09.121", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 54788096, "type": "region", "version": 1 }, "end_va": 54804479, "entry_point": 54788096, "filename": "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db", "id": "region_3038", "name": "cversions.2.db", "norm_filename": "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db", "region_type": "memory_mapped_file", "start_va": 54788096, "timestamp": "00:01:09.121", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 54853632, "type": "region", "version": 1 }, "end_va": 54861823, "entry_point": 0, "filename": null, "id": "region_3039", "name": "pagefile_0x0000000003450000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 54853632, "timestamp": "00:01:09.121", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 54919168, "type": "region", "version": 1 }, "end_va": 54923263, "entry_point": 54919168, "filename": "\\ProgramData\\Microsoft\\Windows\\Caches\\{40FC8D7D-05ED-4FEB-B03B-6C100659EF5C}.2.ver0x0000000000000001.db", "id": "region_3040", "name": "{40fc8d7d-05ed-4feb-b03b-6c100659ef5c}.2.ver0x0000000000000001.db", "norm_filename": "c:\\programdata\\microsoft\\windows\\caches\\{40fc8d7d-05ed-4feb-b03b-6c100659ef5c}.2.ver0x0000000000000001.db", "region_type": "memory_mapped_file", "start_va": 54919168, "timestamp": "00:01:09.121", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 54984704, "type": "region", "version": 1 }, "end_va": 55001087, "entry_point": 54984704, "filename": "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db", "id": "region_3041", "name": "cversions.2.db", "norm_filename": "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db", "region_type": "memory_mapped_file", "start_va": 54984704, "timestamp": "00:01:09.122", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 55050240, "type": "region", "version": 1 }, "end_va": 55054335, "entry_point": 0, "filename": null, "id": "region_3042", "name": "private_0x0000000003480000", "norm_filename": null, "region_type": "private_memory", "start_va": 55050240, "timestamp": "00:01:09.122", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 55115776, "type": "region", "version": 1 }, "end_va": 55119871, "entry_point": 0, "filename": null, "id": "region_3043", "name": "private_0x0000000003490000", "norm_filename": null, "region_type": "private_memory", "start_va": 55115776, "timestamp": "00:01:09.122", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 55181312, "type": "region", "version": 1 }, "end_va": 55185407, "entry_point": 0, "filename": null, "id": "region_3044", "name": "private_0x00000000034a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 55181312, "timestamp": "00:01:09.122", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 55246848, "type": "region", "version": 1 }, "end_va": 55250943, "entry_point": 0, "filename": null, "id": "region_3045", "name": "private_0x00000000034b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 55246848, "timestamp": "00:01:09.122", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 55312384, "type": "region", "version": 1 }, "end_va": 55316479, "entry_point": 0, "filename": null, "id": "region_3046", "name": "private_0x00000000034c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 55312384, "timestamp": "00:01:09.122", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 55377920, "type": "region", "version": 1 }, "end_va": 55902207, "entry_point": 0, "filename": null, "id": "region_3047", "name": "private_0x00000000034d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 55377920, "timestamp": "00:01:09.122", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 55902208, "type": "region", "version": 1 }, "end_va": 55906303, "entry_point": 0, "filename": null, "id": "region_3048", "name": "private_0x0000000003550000", "norm_filename": null, "region_type": "private_memory", "start_va": 55902208, "timestamp": "00:01:09.122", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 55967744, "type": "region", "version": 1 }, "end_va": 55971839, "entry_point": 0, "filename": null, "id": "region_3049", "name": "private_0x0000000003560000", "norm_filename": null, "region_type": "private_memory", "start_va": 55967744, "timestamp": "00:01:09.122", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 56033280, "type": "region", "version": 1 }, "end_va": 56037375, "entry_point": 56033280, "filename": "\\ProgramData\\Microsoft\\Windows\\Caches\\{3978EA0A-1C7E-4449-8AE1-E1265F039002}.2.ver0x0000000000000003.db", "id": "region_3050", "name": "{3978ea0a-1c7e-4449-8ae1-e1265f039002}.2.ver0x0000000000000003.db", "norm_filename": "c:\\programdata\\microsoft\\windows\\caches\\{3978ea0a-1c7e-4449-8ae1-e1265f039002}.2.ver0x0000000000000003.db", "region_type": "memory_mapped_file", "start_va": 56033280, "timestamp": "00:01:09.122", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 56098816, "type": "region", "version": 1 }, "end_va": 56115199, "entry_point": 56098816, "filename": "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db", "id": "region_3051", "name": "cversions.2.db", "norm_filename": "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db", "region_type": "memory_mapped_file", "start_va": 56098816, "timestamp": "00:01:09.122", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 56164352, "type": "region", "version": 1 }, "end_va": 56688639, "entry_point": 0, "filename": null, "id": "region_3052", "name": "private_0x0000000003590000", "norm_filename": null, "region_type": "private_memory", "start_va": 56164352, "timestamp": "00:01:09.122", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 9633792, "start_va": 56688640, "type": "region", "version": 1 }, "end_va": 66322431, "entry_point": 56688640, "filename": "\\Windows\\Fonts\\StaticCache.dat", "id": "region_3053", "name": "staticcache.dat", "norm_filename": "c:\\windows\\fonts\\staticcache.dat", "region_type": "memory_mapped_file", "start_va": 56688640, "timestamp": "00:01:09.123", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable" ], "ref_process_dump": null, "size": 417792, "start_va": 66322432, "type": "region", "version": 1 }, "end_va": 66740223, "entry_point": 66322432, "filename": "\\ProgramData\\Microsoft\\Windows\\Caches\\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000002.db", "id": "region_3054", "name": "{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000002.db", "norm_filename": "c:\\programdata\\microsoft\\windows\\caches\\{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000002.db", "region_type": "memory_mapped_file", "start_va": 66322432, "timestamp": "00:01:09.123", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 66781184, "type": "region", "version": 1 }, "end_va": 66785279, "entry_point": 66781184, "filename": "\\ProgramData\\Microsoft\\Windows\\Caches\\{4E36EA69-73D1-4458-9D16-50F8E31A69A0}.2.ver0x0000000000000001.db", "id": "region_3055", "name": "{4e36ea69-73d1-4458-9d16-50f8e31a69a0}.2.ver0x0000000000000001.db", "norm_filename": "c:\\programdata\\microsoft\\windows\\caches\\{4e36ea69-73d1-4458-9d16-50f8e31a69a0}.2.ver0x0000000000000001.db", "region_type": "memory_mapped_file", "start_va": 66781184, "timestamp": "00:01:09.123", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 327680, "start_va": 66846720, "type": "region", "version": 1 }, "end_va": 67174399, "entry_point": 0, "filename": null, "id": "region_3056", "name": "private_0x0000000003fc0000", "norm_filename": null, "region_type": "private_memory", "start_va": 66846720, "timestamp": "00:01:09.124", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 67371008, "type": "region", "version": 1 }, "end_va": 67895295, "entry_point": 0, "filename": null, "id": "region_3057", "name": "private_0x0000000004040000", "norm_filename": null, "region_type": "private_memory", "start_va": 67371008, "timestamp": "00:01:09.124", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 68419584, "type": "region", "version": 1 }, "end_va": 68943871, "entry_point": 0, "filename": null, "id": "region_3058", "name": "private_0x0000000004140000", "norm_filename": null, "region_type": "private_memory", "start_va": 68419584, "timestamp": "00:01:09.124", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 69664768, "type": "region", "version": 1 }, "end_va": 70189055, "entry_point": 0, "filename": null, "id": "region_3059", "name": "private_0x0000000004270000", "norm_filename": null, "region_type": "private_memory", "start_va": 69664768, "timestamp": "00:01:09.124", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 70189056, "type": "region", "version": 1 }, "end_va": 70713343, "entry_point": 0, "filename": null, "id": "region_3060", "name": "private_0x00000000042f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 70189056, "timestamp": "00:01:09.124", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 70909952, "type": "region", "version": 1 }, "end_va": 71434239, "entry_point": 0, "filename": null, "id": "region_3061", "name": "private_0x00000000043a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 70909952, "timestamp": "00:01:09.124", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 71892992, "type": "region", "version": 1 }, "end_va": 72417279, "entry_point": 0, "filename": null, "id": "region_3062", "name": "private_0x0000000004490000", "norm_filename": null, "region_type": "private_memory", "start_va": 71892992, "timestamp": "00:01:09.124", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 72417280, "type": "region", "version": 1 }, "end_va": 72941567, "entry_point": 0, "filename": null, "id": "region_3063", "name": "private_0x0000000004510000", "norm_filename": null, "region_type": "private_memory", "start_va": 72417280, "timestamp": "00:01:09.124", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 74055680, "type": "region", "version": 1 }, "end_va": 74579967, "entry_point": 0, "filename": null, "id": "region_3064", "name": "private_0x00000000046a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 74055680, "timestamp": "00:01:09.124", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 75169792, "type": "region", "version": 1 }, "end_va": 75694079, "entry_point": 0, "filename": null, "id": "region_3065", "name": "private_0x00000000047b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 75169792, "timestamp": "00:01:09.124", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 76021760, "type": "region", "version": 1 }, "end_va": 76546047, "entry_point": 0, "filename": null, "id": "region_3066", "name": "private_0x0000000004880000", "norm_filename": null, "region_type": "private_memory", "start_va": 76021760, "timestamp": "00:01:09.124", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 524288, "start_va": 78249984, "type": "region", "version": 1 }, "end_va": 78774271, "entry_point": 0, "filename": null, "id": "region_3067", "name": "private_0x0000000004aa0000", "norm_filename": null, "region_type": "private_memory", "start_va": 78249984, "timestamp": "00:01:09.124", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 2097152, "start_va": 78774272, "type": "region", "version": 1 }, "end_va": 80871423, "entry_point": 0, "filename": null, "id": "region_3068", "name": "private_0x0000000004b20000", "norm_filename": null, "region_type": "private_memory", "start_va": 78774272, "timestamp": "00:01:09.124", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 192512, "start_va": 1948975104, "type": "region", "version": 1 }, "end_va": 1949167615, "entry_point": 1948975104, "filename": "\\Windows\\winsxs\\amd64_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.6161_none_0a1fd3a3a768b895\\ATL90.dll", "id": "region_3069", "name": "atl90.dll", "norm_filename": "c:\\windows\\winsxs\\amd64_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.6161_none_0a1fd3a3a768b895\\atl90.dll", "region_type": "memory_mapped_file", "start_va": 1948975104, "timestamp": "00:01:09.124", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 864256, "start_va": 1949171712, "type": "region", "version": 1 }, "end_va": 1950035967, "entry_point": 1949171712, "filename": "\\Windows\\winsxs\\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_08e61857a83bc251\\msvcp90.dll", "id": "region_3070", "name": "msvcp90.dll", "norm_filename": "c:\\windows\\winsxs\\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_08e61857a83bc251\\msvcp90.dll", "region_type": "memory_mapped_file", "start_va": 1949171712, "timestamp": "00:01:09.135", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 667648, "start_va": 1950089216, "type": "region", "version": 1 }, "end_va": 1950756863, "entry_point": 1950099188, "filename": "\\Windows\\winsxs\\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_08e61857a83bc251\\msvcr90.dll", "id": "region_3071", "name": "msvcr90.dll", "norm_filename": "c:\\windows\\winsxs\\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_08e61857a83bc251\\msvcr90.dll", "region_type": "memory_mapped_file", "start_va": 1950089216, "timestamp": "00:01:09.169", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1024000, "start_va": 2005467136, "type": "region", "version": 1 }, "end_va": 2006491135, "entry_point": 2005574344, "filename": "\\Windows\\System32\\user32.dll", "id": "region_3072", "name": "user32.dll", "norm_filename": "c:\\windows\\system32\\user32.dll", "region_type": "memory_mapped_file", "start_va": 2005467136, "timestamp": "00:01:09.169", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1175552, "start_va": 2006515712, "type": "region", "version": 1 }, "end_va": 2007691263, "entry_point": 2006605472, "filename": "\\Windows\\System32\\kernel32.dll", "id": "region_3073", "name": "kernel32.dll", "norm_filename": "c:\\windows\\system32\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 2006515712, "timestamp": "00:01:09.170", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 2007695360, "type": "region", "version": 1 }, "end_va": 2009436159, "entry_point": 2007695360, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_3074", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2007695360, "timestamp": "00:01:09.170", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2131623935, "entry_point": 0, "filename": null, "id": "region_3075", "name": "pagefile_0x000000007efe0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130575360, "timestamp": "00:01:09.171", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 15728640, "start_va": 2131623936, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_3076", "name": "private_0x000000007f0e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2131623936, "timestamp": "00:01:09.171", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable" ], "ref_process_dump": null, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_3077", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:01:09.171", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2883584, "start_va": 4282646528, "type": "region", "version": 1 }, "end_va": 4285530111, "entry_point": 4282646528, "filename": "\\Windows\\explorer.exe", "id": "region_3078", "name": "explorer.exe", "norm_filename": "c:\\windows\\explorer.exe", "region_type": "memory_mapped_file", "start_va": 4282646528, "timestamp": "00:01:09.171", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 520192, "start_va": 8791665475584, "type": "region", "version": 1 }, "end_va": 8791665995775, "entry_point": 8791665475584, "filename": "\\Program Files\\Common Files\\Microsoft Shared\\ink\\tiptsf.dll", "id": "region_3079", "name": "tiptsf.dll", "norm_filename": "c:\\program files\\common files\\microsoft shared\\ink\\tiptsf.dll", "region_type": "memory_mapped_file", "start_va": 8791665475584, "timestamp": "00:01:09.180", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 241664, "start_va": 8791665999872, "type": "region", "version": 1 }, "end_va": 8791666241535, "entry_point": 8791665999872, "filename": "\\Windows\\System32\\msls31.dll", "id": "region_3080", "name": "msls31.dll", "norm_filename": "c:\\windows\\system32\\msls31.dll", "region_type": "memory_mapped_file", "start_va": 8791665999872, "timestamp": "00:01:09.194", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 811008, "start_va": 8791666262016, "type": "region", "version": 1 }, "end_va": 8791667073023, "entry_point": 8791666262016, "filename": "\\Windows\\System32\\msftedit.dll", "id": "region_3081", "name": "msftedit.dll", "norm_filename": "c:\\windows\\system32\\msftedit.dll", "region_type": "memory_mapped_file", "start_va": 8791666262016, "timestamp": "00:01:09.201", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 3235840, "start_va": 8791667113984, "type": "region", "version": 1 }, "end_va": 8791670349823, "entry_point": 8791667113984, "filename": "\\Windows\\System32\\msi.dll", "id": "region_3082", "name": "msi.dll", "norm_filename": "c:\\windows\\system32\\msi.dll", "region_type": "memory_mapped_file", "start_va": 8791667113984, "timestamp": "00:01:09.212", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 36864, "start_va": 8791670390784, "type": "region", "version": 1 }, "end_va": 8791670427647, "entry_point": 8791670390784, "filename": "\\Windows\\System32\\msiltcfg.dll", "id": "region_3083", "name": "msiltcfg.dll", "norm_filename": "c:\\windows\\system32\\msiltcfg.dll", "region_type": "memory_mapped_file", "start_va": 8791670390784, "timestamp": "00:01:09.227", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 507904, "start_va": 8791670456320, "type": "region", "version": 1 }, "end_va": 8791670964223, "entry_point": 8791670456320, "filename": "\\Windows\\System32\\wer.dll", "id": "region_3084", "name": "wer.dll", "norm_filename": "c:\\windows\\system32\\wer.dll", "region_type": "memory_mapped_file", "start_va": 8791670456320, "timestamp": "00:01:09.235", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2764800, "start_va": 8791670980608, "type": "region", "version": 1 }, "end_va": 8791673745407, "entry_point": 8791670980608, "filename": "\\Windows\\System32\\gameux.dll", "id": "region_3085", "name": "gameux.dll", "norm_filename": "c:\\windows\\system32\\gameux.dll", "region_type": "memory_mapped_file", "start_va": 8791670980608, "timestamp": "00:01:09.247", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 8791673798656, "type": "region", "version": 1 }, "end_va": 8791673847807, "entry_point": 8791673798656, "filename": "\\Windows\\System32\\linkinfo.dll", "id": "region_3086", "name": "linkinfo.dll", "norm_filename": "c:\\windows\\system32\\linkinfo.dll", "region_type": "memory_mapped_file", "start_va": 8791673798656, "timestamp": "00:01:09.260", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 212992, "start_va": 8791673864192, "type": "region", "version": 1 }, "end_va": 8791674077183, "entry_point": 8791673864192, "filename": "\\Windows\\System32\\shdocvw.dll", "id": "region_3087", "name": "shdocvw.dll", "norm_filename": "c:\\windows\\system32\\shdocvw.dll", "region_type": "memory_mapped_file", "start_va": 8791673864192, "timestamp": "00:01:09.269", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 974848, "start_va": 8791678648320, "type": "region", "version": 1 }, "end_va": 8791679623167, "entry_point": 8791678653088, "filename": "\\Windows\\System32\\actxprxy.dll", "id": "region_3088", "name": "actxprxy.dll", "norm_filename": "c:\\windows\\system32\\actxprxy.dll", "region_type": "memory_mapped_file", "start_va": 8791678648320, "timestamp": "00:01:09.281", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 536576, "start_va": 8791679696896, "type": "region", "version": 1 }, "end_va": 8791680233471, "entry_point": 8791679696896, "filename": "\\Windows\\System32\\timedate.cpl", "id": "region_3089", "name": "timedate.cpl", "norm_filename": "c:\\windows\\system32\\timedate.cpl", "region_type": "memory_mapped_file", "start_va": 8791679696896, "timestamp": "00:01:09.282", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2957312, "start_va": 8791680286720, "type": "region", "version": 1 }, "end_va": 8791683244031, "entry_point": 8791680286720, "filename": "\\Windows\\System32\\themeui.dll", "id": "region_3090", "name": "themeui.dll", "norm_filename": "c:\\windows\\system32\\themeui.dll", "region_type": "memory_mapped_file", "start_va": 8791680286720, "timestamp": "00:01:09.293", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 8791684153344, "type": "region", "version": 1 }, "end_va": 8791684186111, "entry_point": 8791684153344, "filename": "\\Windows\\System32\\IconCodecService.dll", "id": "region_3091", "name": "iconcodecservice.dll", "norm_filename": "c:\\windows\\system32\\iconcodecservice.dll", "region_type": "memory_mapped_file", "start_va": 8791684153344, "timestamp": "00:01:09.304", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 524288, "start_va": 8791684218880, "type": "region", "version": 1 }, "end_va": 8791684743167, "entry_point": 8791684218880, "filename": "\\Windows\\System32\\ntshrui.dll", "id": "region_3092", "name": "ntshrui.dll", "norm_filename": "c:\\windows\\system32\\ntshrui.dll", "region_type": "memory_mapped_file", "start_va": 8791684218880, "timestamp": "00:01:09.313", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 61440, "start_va": 8791684743168, "type": "region", "version": 1 }, "end_va": 8791684804607, "entry_point": 8791684743168, "filename": "\\Windows\\System32\\cscapi.dll", "id": "region_3093", "name": "cscapi.dll", "norm_filename": "c:\\windows\\system32\\cscapi.dll", "region_type": "memory_mapped_file", "start_va": 8791684743168, "timestamp": "00:01:09.325", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 8791684808704, "type": "region", "version": 1 }, "end_va": 8791684857855, "entry_point": 8791684808704, "filename": "\\Windows\\System32\\cscdll.dll", "id": "region_3094", "name": "cscdll.dll", "norm_filename": "c:\\windows\\system32\\cscdll.dll", "region_type": "memory_mapped_file", "start_va": 8791684808704, "timestamp": "00:01:09.335", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 516096, "start_va": 8791684874240, "type": "region", "version": 1 }, "end_va": 8791685390335, "entry_point": 8791684874240, "filename": "\\Windows\\System32\\cscui.dll", "id": "region_3095", "name": "cscui.dll", "norm_filename": "c:\\windows\\system32\\cscui.dll", "region_type": "memory_mapped_file", "start_va": 8791684874240, "timestamp": "00:01:09.346", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 8798208, "start_va": 8791685398528, "type": "region", "version": 1 }, "end_va": 8791694196735, "entry_point": 8791685398528, "filename": "\\PROGRA~1\\MICROS~1\\Office14\\1033\\GrooveIntlResource.dll", "id": "region_3096", "name": "grooveintlresource.dll", "norm_filename": "c:\\progra~1\\micros~1\\office14\\1033\\grooveintlresource.dll", "region_type": "memory_mapped_file", "start_va": 8791685398528, "timestamp": "00:01:09.357", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4300800, "start_va": 8791694245888, "type": "region", "version": 1 }, "end_va": 8791698546687, "entry_point": 8791694245888, "filename": "\\PROGRA~1\\COMMON~1\\MICROS~1\\OFFICE14\\Cultures\\OFFICE.ODF", "id": "region_3097", "name": "office.odf", "norm_filename": "c:\\progra~1\\common~1\\micros~1\\office14\\cultures\\office.odf", "region_type": "memory_mapped_file", "start_va": 8791694245888, "timestamp": "00:01:09.360", "type": "region", "version": 1 } ], "terminate_reason": "timeout", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "\"C:\\Program Files\\Microsoft Office\\Office14\\BCSSync.exe\" /DelayServices", "filename": "c:\\program files\\microsoft office\\office14\\bcssync.exe", "id": "proc_45", "image_name": "bcssync.exe", "monitor_reason": "child_process", "monitored_id": 45, "origin_monitor_id": 44, "ref_parent_process": { "ref_id": "proc_44", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_2897", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:01:09.039", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 135167, "entry_point": 0, "filename": null, "id": "region_2898", "name": "private_0x0000000000020000", "norm_filename": null, "region_type": "private_memory", "start_va": 131072, "timestamp": "00:01:09.039", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 212991, "entry_point": 0, "filename": null, "id": "region_2899", "name": "pagefile_0x0000000000030000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 196608, "timestamp": "00:01:09.039", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 12288, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 274431, "entry_point": 0, "filename": null, "id": "region_2900", "name": "pagefile_0x0000000000040000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 262144, "timestamp": "00:01:09.039", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 327680, "type": "region", "version": 1 }, "end_va": 331775, "entry_point": 0, "filename": null, "id": "region_2901", "name": "private_0x0000000000050000", "norm_filename": null, "region_type": "private_memory", "start_va": 327680, "timestamp": "00:01:09.039", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 458752, "type": "region", "version": 1 }, "end_va": 1507327, "entry_point": 0, "filename": null, "id": "region_2902", "name": "private_0x0000000000070000", "norm_filename": null, "region_type": "private_memory", "start_va": 458752, "timestamp": "00:01:09.039", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 1507328, "type": "region", "version": 1 }, "end_va": 1929215, "entry_point": 1507328, "filename": "\\Windows\\System32\\locale.nls", "id": "region_2903", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 1507328, "timestamp": "00:01:09.039", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 1966080, "type": "region", "version": 1 }, "end_va": 1974271, "entry_point": 0, "filename": null, "id": "region_2904", "name": "pagefile_0x00000000001e0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1966080, "timestamp": "00:01:09.040", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 2293760, "type": "region", "version": 1 }, "end_va": 2359295, "entry_point": 0, "filename": null, "id": "region_2905", "name": "private_0x0000000000230000", "norm_filename": null, "region_type": "private_memory", "start_va": 2293760, "timestamp": "00:01:09.040", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2686976, "type": "region", "version": 1 }, "end_va": 3735551, "entry_point": 0, "filename": null, "id": "region_2906", "name": "private_0x0000000000290000", "norm_filename": null, "region_type": "private_memory", "start_va": 2686976, "timestamp": "00:01:09.040", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 3735552, "type": "region", "version": 1 }, "end_va": 4784127, "entry_point": 0, "filename": null, "id": "region_2907", "name": "private_0x0000000000390000", "norm_filename": null, "region_type": "private_memory", "start_va": 3735552, "timestamp": "00:01:09.040", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 4784128, "type": "region", "version": 1 }, "end_va": 4849663, "entry_point": 0, "filename": null, "id": "region_2908", "name": "private_0x0000000000490000", "norm_filename": null, "region_type": "private_memory", "start_va": 4784128, "timestamp": "00:01:09.040", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 4849664, "type": "region", "version": 1 }, "end_va": 5898239, "entry_point": 0, "filename": null, "id": "region_2909", "name": "private_0x00000000004a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 4849664, "timestamp": "00:01:09.040", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 5898240, "type": "region", "version": 1 }, "end_va": 7503871, "entry_point": 0, "filename": null, "id": "region_2910", "name": "pagefile_0x00000000005a0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 5898240, "timestamp": "00:01:09.040", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 7536640, "type": "region", "version": 1 }, "end_va": 9113599, "entry_point": 0, "filename": null, "id": "region_2911", "name": "pagefile_0x0000000000730000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 7536640, "timestamp": "00:01:09.040", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20971520, "start_va": 9175040, "type": "region", "version": 1 }, "end_va": 30146559, "entry_point": 0, "filename": null, "id": "region_2912", "name": "pagefile_0x00000000008c0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 9175040, "timestamp": "00:01:09.040", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 30146560, "type": "region", "version": 1 }, "end_va": 31195135, "entry_point": 0, "filename": null, "id": "region_2913", "name": "private_0x0000000001cc0000", "norm_filename": null, "region_type": "private_memory", "start_va": 30146560, "timestamp": "00:01:09.040", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 31522816, "type": "region", "version": 1 }, "end_va": 31588351, "entry_point": 0, "filename": null, "id": "region_2914", "name": "private_0x0000000001e10000", "norm_filename": null, "region_type": "private_memory", "start_va": 31522816, "timestamp": "00:01:09.040", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 32702464, "type": "region", "version": 1 }, "end_va": 33226751, "entry_point": 0, "filename": null, "id": "region_2915", "name": "private_0x0000000001f30000", "norm_filename": null, "region_type": "private_memory", "start_va": 32702464, "timestamp": "00:01:09.040", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 524288, "start_va": 33423360, "type": "region", "version": 1 }, "end_va": 33947647, "entry_point": 0, "filename": null, "id": "region_2916", "name": "private_0x0000000001fe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 33423360, "timestamp": "00:01:09.040", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 667648, "start_va": 1950089216, "type": "region", "version": 1 }, "end_va": 1950756863, "entry_point": 1950089216, "filename": "\\Windows\\winsxs\\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_08e61857a83bc251\\msvcr90.dll", "id": "region_2917", "name": "msvcr90.dll", "norm_filename": "c:\\windows\\winsxs\\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_08e61857a83bc251\\msvcr90.dll", "region_type": "memory_mapped_file", "start_va": 1950089216, "timestamp": "00:01:09.040", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1024000, "start_va": 2005467136, "type": "region", "version": 1 }, "end_va": 2006491135, "entry_point": 2005574344, "filename": "\\Windows\\System32\\user32.dll", "id": "region_2918", "name": "user32.dll", "norm_filename": "c:\\windows\\system32\\user32.dll", "region_type": "memory_mapped_file", "start_va": 2005467136, "timestamp": "00:01:09.059", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1175552, "start_va": 2006515712, "type": "region", "version": 1 }, "end_va": 2007691263, "entry_point": 2006605472, "filename": "\\Windows\\System32\\kernel32.dll", "id": "region_2919", "name": "kernel32.dll", "norm_filename": "c:\\windows\\system32\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 2006515712, "timestamp": "00:01:09.060", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 2007695360, "type": "region", "version": 1 }, "end_va": 2009436159, "entry_point": 2007695360, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_2920", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2007695360, "timestamp": "00:01:09.060", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 28672, "start_va": 2009530368, "type": "region", "version": 1 }, "end_va": 2009559039, "entry_point": 2009534572, "filename": "\\Windows\\System32\\psapi.dll", "id": "region_2921", "name": "psapi.dll", "norm_filename": "c:\\windows\\system32\\psapi.dll", "region_type": "memory_mapped_file", "start_va": 2009530368, "timestamp": "00:01:09.061", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2131623935, "entry_point": 0, "filename": null, "id": "region_2922", "name": "pagefile_0x000000007efe0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130575360, "timestamp": "00:01:09.061", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 15728640, "start_va": 2131623936, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_2923", "name": "private_0x000000007f0e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2131623936, "timestamp": "00:01:09.062", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable" ], "ref_process_dump": null, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_2924", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:01:09.062", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 126976, "start_va": 5363531776, "type": "region", "version": 1 }, "end_va": 5363658751, "entry_point": 5363531776, "filename": "\\Program Files\\Microsoft Office\\Office14\\BCSSync.exe", "id": "region_2925", "name": "bcssync.exe", "norm_filename": "c:\\program files\\microsoft office\\office14\\bcssync.exe", "region_type": "memory_mapped_file", "start_va": 5363531776, "timestamp": "00:01:09.062", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 454656, "start_va": 8791662526464, "type": "region", "version": 1 }, "end_va": 8791662981119, "entry_point": 8791662526464, "filename": "\\Windows\\System32\\mscoree.dll", "id": "region_2926", "name": "mscoree.dll", "norm_filename": "c:\\windows\\system32\\mscoree.dll", "region_type": "memory_mapped_file", "start_va": 8791662526464, "timestamp": "00:01:09.073", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 352256, "start_va": 8791734222848, "type": "region", "version": 1 }, "end_va": 8791734575103, "entry_point": 8791734270912, "filename": "\\Windows\\System32\\uxtheme.dll", "id": "region_2927", "name": "uxtheme.dll", "norm_filename": "c:\\windows\\system32\\uxtheme.dll", "region_type": "memory_mapped_file", "start_va": 8791734222848, "timestamp": "00:01:09.089", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2048000, "start_va": 8791736188928, "type": "region", "version": 1 }, "end_va": 8791738236927, "entry_point": 8791737813284, "filename": "\\Windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\\comctl32.dll", "id": "region_2928", "name": "comctl32.dll", "norm_filename": "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\\comctl32.dll", "region_type": "memory_mapped_file", "start_va": 8791736188928, "timestamp": "00:01:09.090", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 61440, "start_va": 8791757094912, "type": "region", "version": 1 }, "end_va": 8791757156351, "entry_point": 8791757099024, "filename": "\\Windows\\System32\\cryptbase.dll", "id": "region_2929", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\system32\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 8791757094912, "timestamp": "00:01:09.090", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 438272, "start_va": 8791759060992, "type": "region", "version": 1 }, "end_va": 8791759499263, "entry_point": 8791759073504, "filename": "\\Windows\\System32\\KernelBase.dll", "id": "region_2930", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\system32\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 8791759060992, "timestamp": "00:01:09.091", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 823296, "start_va": 8791762206720, "type": "region", "version": 1 }, "end_va": 8791763030015, "entry_point": 8791762708596, "filename": "\\Windows\\System32\\usp10.dll", "id": "region_2931", "name": "usp10.dll", "norm_filename": "c:\\windows\\system32\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 8791762206720, "timestamp": "00:01:09.092", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1085440, "start_va": 8791763451904, "type": "region", "version": 1 }, "end_va": 8791764537343, "entry_point": 8791763456100, "filename": "\\Windows\\System32\\msctf.dll", "id": "region_2932", "name": "msctf.dll", "norm_filename": "c:\\windows\\system32\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 8791763451904, "timestamp": "00:01:09.092", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 57344, "start_va": 8791764566016, "type": "region", "version": 1 }, "end_va": 8791764623359, "entry_point": 8791764570240, "filename": "\\Windows\\System32\\lpk.dll", "id": "region_2933", "name": "lpk.dll", "norm_filename": "c:\\windows\\system32\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 8791764566016, "timestamp": "00:01:09.093", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 126976, "start_va": 8791765876736, "type": "region", "version": 1 }, "end_va": 8791766003711, "entry_point": 8791765901544, "filename": "\\Windows\\System32\\sechost.dll", "id": "region_2934", "name": "sechost.dll", "norm_filename": "c:\\windows\\system32\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 8791765876736, "timestamp": "00:01:09.093", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 188416, "start_va": 8791766007808, "type": "region", "version": 1 }, "end_va": 8791766196223, "entry_point": 8791766011920, "filename": "\\Windows\\System32\\imm32.dll", "id": "region_2935", "name": "imm32.dll", "norm_filename": "c:\\windows\\system32\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 8791766007808, "timestamp": "00:01:09.094", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 14188544, "start_va": 8791767777280, "type": "region", "version": 1 }, "end_va": 8791781965823, "entry_point": 8791768288956, "filename": "\\Windows\\System32\\shell32.dll", "id": "region_2936", "name": "shell32.dll", "norm_filename": "c:\\windows\\system32\\shell32.dll", "region_type": "memory_mapped_file", "start_va": 8791767777280, "timestamp": "00:01:09.095", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 880640, "start_va": 8791784685568, "type": "region", "version": 1 }, "end_va": 8791785566207, "entry_point": 8791784698484, "filename": "\\Windows\\System32\\oleaut32.dll", "id": "region_2937", "name": "oleaut32.dll", "norm_filename": "c:\\windows\\system32\\oleaut32.dll", "region_type": "memory_mapped_file", "start_va": 8791784685568, "timestamp": "00:01:09.095", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 897024, "start_va": 8791785603072, "type": "region", "version": 1 }, "end_va": 8791786500095, "entry_point": 8791785736032, "filename": "\\Windows\\System32\\advapi32.dll", "id": "region_2938", "name": "advapi32.dll", "norm_filename": "c:\\windows\\system32\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 8791785603072, "timestamp": "00:01:09.096", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1232896, "start_va": 8791786520576, "type": "region", "version": 1 }, "end_va": 8791787753471, "entry_point": 8791786843472, "filename": "\\Windows\\System32\\rpcrt4.dll", "id": "region_2939", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\system32\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 8791786520576, "timestamp": "00:01:09.096", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 651264, "start_va": 8791791435776, "type": "region", "version": 1 }, "end_va": 8791792087039, "entry_point": 8791791445408, "filename": "\\Windows\\System32\\msvcrt.dll", "id": "region_2940", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\system32\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 8791791435776, "timestamp": "00:01:09.097", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2109440, "start_va": 8791792091136, "type": "region", "version": 1 }, "end_va": 8791794200575, "entry_point": 8791792235312, "filename": "\\Windows\\System32\\ole32.dll", "id": "region_2941", "name": "ole32.dll", "norm_filename": "c:\\windows\\system32\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 8791792091136, "timestamp": "00:01:09.097", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 462848, "start_va": 8791794253824, "type": "region", "version": 1 }, "end_va": 8791794716671, "entry_point": 8791794327072, "filename": "\\Windows\\System32\\shlwapi.dll", "id": "region_2942", "name": "shlwapi.dll", "norm_filename": "c:\\windows\\system32\\shlwapi.dll", "region_type": "memory_mapped_file", "start_va": 8791794253824, "timestamp": "00:01:09.098", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 421888, "start_va": 8791794778112, "type": "region", "version": 1 }, "end_va": 8791795199999, "entry_point": 8791794823228, "filename": "\\Windows\\System32\\gdi32.dll", "id": "region_2943", "name": "gdi32.dll", "norm_filename": "c:\\windows\\system32\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 8791794778112, "timestamp": "00:01:09.099", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 8791795761152, "type": "region", "version": 1 }, "end_va": 8791795765247, "entry_point": 8791795761152, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_2944", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 8791795761152, "timestamp": "00:01:09.099", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 8796092694528, "type": "region", "version": 1 }, "end_va": 8796092837887, "entry_point": 0, "filename": null, "id": "region_2945", "name": "pagefile_0x000007fffffb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 8796092694528, "timestamp": "00:01:09.103", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 8796092846080, "type": "region", "version": 1 }, "end_va": 8796092850175, "entry_point": 0, "filename": null, "id": "region_2946", "name": "private_0x000007fffffd5000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092846080, "timestamp": "00:01:09.103", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092882944, "type": "region", "version": 1 }, "end_va": 8796092891135, "entry_point": 0, "filename": null, "id": "region_2947", "name": "private_0x000007fffffde000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092882944, "timestamp": "00:01:09.103", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 913408, "start_va": 31588352, "type": "region", "version": 1 }, "end_va": 32501759, "entry_point": 0, "filename": null, "id": "region_3676", "name": "pagefile_0x0000000001e20000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 31588352, "timestamp": "00:01:10.635", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 626688, "start_va": 8791661871104, "type": "region", "version": 1 }, "end_va": 8791662497791, "entry_point": 8791661871104, "filename": "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\mscoreei.dll", "id": "region_3677", "name": "mscoreei.dll", "norm_filename": "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\mscoreei.dll", "region_type": "memory_mapped_file", "start_va": 8791661871104, "timestamp": "00:01:10.650", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "C:\\Windows\\SysWOW64\\runonce.exe /Run6432", "filename": "c:\\windows\\syswow64\\runonce.exe", "id": "proc_46", "image_name": "runonce.exe", "monitor_reason": "child_process", "monitored_id": 46, "origin_monitor_id": 44, "ref_parent_process": { "ref_id": "proc_44", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_2504", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:01:06.968", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 28672, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 159743, "entry_point": 0, "filename": null, "id": "region_2505", "name": "pagefile_0x0000000000020000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 131072, "timestamp": "00:01:06.968", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 204799, "entry_point": 0, "filename": null, "id": "region_2506", "name": "pagefile_0x0000000000030000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 196608, "timestamp": "00:01:06.969", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 266239, "entry_point": 262144, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_2507", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 262144, "timestamp": "00:01:06.969", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 327680, "type": "region", "version": 1 }, "end_va": 344063, "entry_point": 0, "filename": null, "id": "region_2508", "name": "pagefile_0x0000000000050000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 327680, "timestamp": "00:01:06.972", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 393216, "type": "region", "version": 1 }, "end_va": 401407, "entry_point": 0, "filename": null, "id": "region_2509", "name": "pagefile_0x0000000000060000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 393216, "timestamp": "00:01:06.972", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 458752, "type": "region", "version": 1 }, "end_va": 880639, "entry_point": 458752, "filename": "\\Windows\\System32\\locale.nls", "id": "region_2510", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 458752, "timestamp": "00:01:06.972", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 917504, "type": "region", "version": 1 }, "end_va": 921599, "entry_point": 917504, "filename": "\\Windows\\SysWOW64\\en-US\\runonce.exe.mui", "id": "region_2511", "name": "runonce.exe.mui", "norm_filename": "c:\\windows\\syswow64\\en-us\\runonce.exe.mui", "region_type": "memory_mapped_file", "start_va": 917504, "timestamp": "00:01:06.972", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 983040, "type": "region", "version": 1 }, "end_va": 987135, "entry_point": 0, "filename": null, "id": "region_2512", "name": "private_0x00000000000f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 983040, "timestamp": "00:01:06.978", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 1048576, "type": "region", "version": 1 }, "end_va": 1052671, "entry_point": 0, "filename": null, "id": "region_2513", "name": "private_0x0000000000100000", "norm_filename": null, "region_type": "private_memory", "start_va": 1048576, "timestamp": "00:01:06.979", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 1179648, "type": "region", "version": 1 }, "end_va": 1187839, "entry_point": 0, "filename": null, "id": "region_2514", "name": "pagefile_0x0000000000120000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1179648, "timestamp": "00:01:06.979", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 1441792, "type": "region", "version": 1 }, "end_va": 1966079, "entry_point": 0, "filename": null, "id": "region_2515", "name": "private_0x0000000000160000", "norm_filename": null, "region_type": "private_memory", "start_va": 1441792, "timestamp": "00:01:06.979", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 2162688, "type": "region", "version": 1 }, "end_va": 2424831, "entry_point": 0, "filename": null, "id": "region_2516", "name": "private_0x0000000000210000", "norm_filename": null, "region_type": "private_memory", "start_va": 2162688, "timestamp": "00:01:06.979", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 2752512, "type": "region", "version": 1 }, "end_va": 3014655, "entry_point": 0, "filename": null, "id": "region_2517", "name": "private_0x00000000002a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2752512, "timestamp": "00:01:06.979", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 4456448, "type": "region", "version": 1 }, "end_va": 4521983, "entry_point": 0, "filename": null, "id": "region_2518", "name": "private_0x0000000000440000", "norm_filename": null, "region_type": "private_memory", "start_va": 4456448, "timestamp": "00:01:06.979", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 61440, "start_va": 4784128, "type": "region", "version": 1 }, "end_va": 4845567, "entry_point": 4784128, "filename": "\\Windows\\SysWOW64\\runonce.exe", "id": "region_2519", "name": "runonce.exe", "norm_filename": "c:\\windows\\syswow64\\runonce.exe", "region_type": "memory_mapped_file", "start_va": 4784128, "timestamp": "00:01:06.979", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 5832704, "type": "region", "version": 1 }, "end_va": 6881279, "entry_point": 0, "filename": null, "id": "region_2520", "name": "private_0x0000000000590000", "norm_filename": null, "region_type": "private_memory", "start_va": 5832704, "timestamp": "00:01:06.986", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 6881280, "type": "region", "version": 1 }, "end_va": 8486911, "entry_point": 0, "filename": null, "id": "region_2521", "name": "pagefile_0x0000000000690000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 6881280, "timestamp": "00:01:06.986", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 8519680, "type": "region", "version": 1 }, "end_va": 10096639, "entry_point": 0, "filename": null, "id": "region_2522", "name": "pagefile_0x0000000000820000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 8519680, "timestamp": "00:01:06.987", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20971520, "start_va": 10158080, "type": "region", "version": 1 }, "end_va": 31129599, "entry_point": 0, "filename": null, "id": "region_2523", "name": "pagefile_0x00000000009b0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 10158080, "timestamp": "00:01:06.987", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1695744, "start_va": 1946550272, "type": "region", "version": 1 }, "end_va": 1948246015, "entry_point": 1946550272, "filename": "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll", "id": "region_2524", "name": "comctl32.dll", "norm_filename": "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll", "region_type": "memory_mapped_file", "start_va": 1946550272, "timestamp": "00:01:06.987", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1948254208, "type": "region", "version": 1 }, "end_va": 1948286975, "entry_point": 1948254208, "filename": "\\Windows\\System32\\wow64cpu.dll", "id": "region_2525", "name": "wow64cpu.dll", "norm_filename": "c:\\windows\\system32\\wow64cpu.dll", "region_type": "memory_mapped_file", "start_va": 1948254208, "timestamp": "00:01:06.993", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 376832, "start_va": 1948319744, "type": "region", "version": 1 }, "end_va": 1948696575, "entry_point": 1948319744, "filename": "\\Windows\\System32\\wow64win.dll", "id": "region_2526", "name": "wow64win.dll", "norm_filename": "c:\\windows\\system32\\wow64win.dll", "region_type": "memory_mapped_file", "start_va": 1948319744, "timestamp": "00:01:07.002", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 258048, "start_va": 1948712960, "type": "region", "version": 1 }, "end_va": 1948971007, "entry_point": 1948712960, "filename": "\\Windows\\System32\\wow64.dll", "id": "region_2527", "name": "wow64.dll", "norm_filename": "c:\\windows\\system32\\wow64.dll", "region_type": "memory_mapped_file", "start_va": 1948712960, "timestamp": "00:01:07.006", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1971191808, "type": "region", "version": 1 }, "end_va": 1971240959, "entry_point": 1971191808, "filename": "\\Windows\\SysWOW64\\cryptbase.dll", "id": "region_2528", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\syswow64\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 1971191808, "timestamp": "00:01:07.011", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1971257344, "type": "region", "version": 1 }, "end_va": 1971650559, "entry_point": 1971257344, "filename": "\\Windows\\SysWOW64\\sspicli.dll", "id": "region_2529", "name": "sspicli.dll", "norm_filename": "c:\\windows\\syswow64\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 1971257344, "timestamp": "00:01:07.015", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 983040, "start_va": 1975844864, "type": "region", "version": 1 }, "end_va": 1976827903, "entry_point": 1975844864, "filename": "\\Windows\\SysWOW64\\rpcrt4.dll", "id": "region_2530", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\syswow64\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 1975844864, "timestamp": "00:01:07.021", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 356352, "start_va": 1976827904, "type": "region", "version": 1 }, "end_va": 1977184255, "entry_point": 1976827904, "filename": "\\Windows\\SysWOW64\\shlwapi.dll", "id": "region_2531", "name": "shlwapi.dll", "norm_filename": "c:\\windows\\syswow64\\shlwapi.dll", "region_type": "memory_mapped_file", "start_va": 1976827904, "timestamp": "00:01:07.029", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 286720, "start_va": 1977221120, "type": "region", "version": 1 }, "end_va": 1977507839, "entry_point": 1977221120, "filename": "\\Windows\\SysWOW64\\KernelBase.dll", "id": "region_2532", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\syswow64\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 1977221120, "timestamp": "00:01:07.096", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1114112, "start_va": 1977548800, "type": "region", "version": 1 }, "end_va": 1978662911, "entry_point": 1977548800, "filename": "\\Windows\\SysWOW64\\kernel32.dll", "id": "region_2533", "name": "kernel32.dll", "norm_filename": "c:\\windows\\syswow64\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1977548800, "timestamp": "00:01:07.145", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1980760064, "type": "region", "version": 1 }, "end_va": 1981153279, "entry_point": 1980760064, "filename": "\\Windows\\SysWOW64\\imm32.dll", "id": "region_2534", "name": "imm32.dll", "norm_filename": "c:\\windows\\syswow64\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 1980760064, "timestamp": "00:01:07.325", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 589824, "start_va": 1982464000, "type": "region", "version": 1 }, "end_va": 1983053823, "entry_point": 1982464000, "filename": "\\Windows\\SysWOW64\\gdi32.dll", "id": "region_2535", "name": "gdi32.dll", "norm_filename": "c:\\windows\\syswow64\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 1982464000, "timestamp": "00:01:07.331", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 643072, "start_va": 1984430080, "type": "region", "version": 1 }, "end_va": 1985073151, "entry_point": 1984430080, "filename": "\\Windows\\SysWOW64\\usp10.dll", "id": "region_2536", "name": "usp10.dll", "norm_filename": "c:\\windows\\syswow64\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 1984430080, "timestamp": "00:01:07.368", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 12886016, "start_va": 1985675264, "type": "region", "version": 1 }, "end_va": 1998561279, "entry_point": 1985675264, "filename": "\\Windows\\SysWOW64\\shell32.dll", "id": "region_2537", "name": "shell32.dll", "norm_filename": "c:\\windows\\syswow64\\shell32.dll", "region_type": "memory_mapped_file", "start_va": 1985675264, "timestamp": "00:01:07.374", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 704512, "start_va": 1998585856, "type": "region", "version": 1 }, "end_va": 1999290367, "entry_point": 1998585856, "filename": "\\Windows\\SysWOW64\\msvcrt.dll", "id": "region_2538", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\syswow64\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 1998585856, "timestamp": "00:01:08.182", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 1999503360, "type": "region", "version": 1 }, "end_va": 1999605759, "entry_point": 1999503360, "filename": "\\Windows\\SysWOW64\\sechost.dll", "id": "region_2539", "name": "sechost.dll", "norm_filename": "c:\\windows\\syswow64\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 1999503360, "timestamp": "00:01:08.194", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1999634432, "type": "region", "version": 1 }, "end_va": 1999675391, "entry_point": 1999634432, "filename": "\\Windows\\SysWOW64\\lpk.dll", "id": "region_2540", "name": "lpk.dll", "norm_filename": "c:\\windows\\syswow64\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 1999634432, "timestamp": "00:01:08.199", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1425408, "start_va": 2000093184, "type": "region", "version": 1 }, "end_va": 2001518591, "entry_point": 2000093184, "filename": "\\Windows\\SysWOW64\\ole32.dll", "id": "region_2541", "name": "ole32.dll", "norm_filename": "c:\\windows\\syswow64\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 2000093184, "timestamp": "00:01:08.205", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 655360, "start_va": 2001534976, "type": "region", "version": 1 }, "end_va": 2002190335, "entry_point": 2001534976, "filename": "\\Windows\\SysWOW64\\advapi32.dll", "id": "region_2542", "name": "advapi32.dll", "norm_filename": "c:\\windows\\syswow64\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 2001534976, "timestamp": "00:01:08.506", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 835584, "start_va": 2003238912, "type": "region", "version": 1 }, "end_va": 2004074495, "entry_point": 2003238912, "filename": "\\Windows\\SysWOW64\\msctf.dll", "id": "region_2543", "name": "msctf.dll", "norm_filename": "c:\\windows\\syswow64\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 2003238912, "timestamp": "00:01:08.571", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2004418560, "type": "region", "version": 1 }, "end_va": 2005467135, "entry_point": 2004418560, "filename": "\\Windows\\SysWOW64\\user32.dll", "id": "region_2544", "name": "user32.dll", "norm_filename": "c:\\windows\\syswow64\\user32.dll", "region_type": "memory_mapped_file", "start_va": 2004418560, "timestamp": "00:01:08.576", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1024000, "start_va": 2005467136, "type": "region", "version": 1 }, "end_va": 2006491135, "entry_point": 0, "filename": null, "id": "region_2545", "name": "private_0x0000000077890000", "norm_filename": null, "region_type": "private_memory", "start_va": 2005467136, "timestamp": "00:01:08.623", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1175552, "start_va": 2006515712, "type": "region", "version": 1 }, "end_va": 2007691263, "entry_point": 0, "filename": null, "id": "region_2546", "name": "private_0x0000000077990000", "norm_filename": null, "region_type": "private_memory", "start_va": 2006515712, "timestamp": "00:01:08.623", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 2007695360, "type": "region", "version": 1 }, "end_va": 2009436159, "entry_point": 2007695360, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_2547", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2007695360, "timestamp": "00:01:08.623", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1572864, "start_va": 2009661440, "type": "region", "version": 1 }, "end_va": 2011234303, "entry_point": 2009661440, "filename": "\\Windows\\SysWOW64\\ntdll.dll", "id": "region_2548", "name": "ntdll.dll", "norm_filename": "c:\\windows\\syswow64\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2009661440, "timestamp": "00:01:08.624", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 2130378752, "type": "region", "version": 1 }, "end_va": 2130522111, "entry_point": 0, "filename": null, "id": "region_2549", "name": "pagefile_0x000000007efb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130378752, "timestamp": "00:01:08.624", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130554880, "type": "region", "version": 1 }, "end_va": 2130567167, "entry_point": 0, "filename": null, "id": "region_2550", "name": "private_0x000000007efdb000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130554880, "timestamp": "00:01:08.624", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2130567168, "type": "region", "version": 1 }, "end_va": 2130571263, "entry_point": 0, "filename": null, "id": "region_2551", "name": "private_0x000000007efde000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130567168, "timestamp": "00:01:08.624", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2130571264, "type": "region", "version": 1 }, "end_va": 2130575359, "entry_point": 0, "filename": null, "id": "region_2552", "name": "private_0x000000007efdf000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130571264, "timestamp": "00:01:08.624", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2131623935, "entry_point": 0, "filename": null, "id": "region_2553", "name": "pagefile_0x000000007efe0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130575360, "timestamp": "00:01:08.624", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 15728640, "start_va": 2131623936, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_2554", "name": "private_0x000000007f0e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2131623936, "timestamp": "00:01:08.625", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable" ], "ref_process_dump": null, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_2555", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:01:08.625", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "ignored_region" ], "info": "No dump was created because this is an ignored region", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8793945538560, "start_va": 2147418112, "type": "region", "version": 1 }, "end_va": 8796092956671, "entry_point": 0, "filename": null, "id": "region_2556", "name": "private_0x000000007fff0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147418112, "timestamp": "00:01:08.625", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 196608, "start_va": 1245184, "type": "region", "version": 1 }, "end_va": 1441791, "entry_point": 0, "filename": null, "id": "region_3180", "name": "private_0x0000000000130000", "norm_filename": null, "region_type": "private_memory", "start_va": 1245184, "timestamp": "00:01:09.523", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 3145728, "type": "region", "version": 1 }, "end_va": 3407871, "entry_point": 0, "filename": null, "id": "region_3181", "name": "private_0x0000000000300000", "norm_filename": null, "region_type": "private_memory", "start_va": 3145728, "timestamp": "00:01:09.554", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 3801088, "type": "region", "version": 1 }, "end_va": 4063231, "entry_point": 0, "filename": null, "id": "region_3182", "name": "private_0x00000000003a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 3801088, "timestamp": "00:01:09.554", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130542592, "type": "region", "version": 1 }, "end_va": 2130554879, "entry_point": 0, "filename": null, "id": "region_3183", "name": "private_0x000000007efd8000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130542592, "timestamp": "00:01:09.554", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 524288, "start_va": 1946025984, "type": "region", "version": 1 }, "end_va": 1946550271, "entry_point": 1946025984, "filename": "\\Windows\\SysWOW64\\uxtheme.dll", "id": "region_3184", "name": "uxtheme.dll", "norm_filename": "c:\\windows\\syswow64\\uxtheme.dll", "region_type": "memory_mapped_file", "start_va": 1946025984, "timestamp": "00:01:09.554", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 2031616, "start_va": 31129600, "type": "region", "version": 1 }, "end_va": 33161215, "entry_point": 0, "filename": null, "id": "region_3185", "name": "private_0x0000000001db0000", "norm_filename": null, "region_type": "private_memory", "start_va": 31129600, "timestamp": "00:01:09.582", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 913408, "start_va": 4849664, "type": "region", "version": 1 }, "end_va": 5763071, "entry_point": 0, "filename": null, "id": "region_3659", "name": "pagefile_0x00000000004a0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 4849664, "timestamp": "00:01:10.403", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 1114112, "type": "region", "version": 1 }, "end_va": 1118207, "entry_point": 0, "filename": null, "id": "region_3660", "name": "pagefile_0x0000000000110000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1114112, "timestamp": "00:01:10.460", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2945024, "start_va": 33161216, "type": "region", "version": 1 }, "end_va": 36106239, "entry_point": 33161216, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_3661", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 33161216, "timestamp": "00:01:10.462", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 1966080, "type": "region", "version": 1 }, "end_va": 1974271, "entry_point": 0, "filename": null, "id": "region_3663", "name": "pagefile_0x00000000001e0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1966080, "timestamp": "00:01:10.514", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 585728, "start_va": 1985085440, "type": "region", "version": 1 }, "end_va": 1985671167, "entry_point": 1985085440, "filename": "\\Windows\\SysWOW64\\oleaut32.dll", "id": "region_3664", "name": "oleaut32.dll", "norm_filename": "c:\\windows\\syswow64\\oleaut32.dll", "region_type": "memory_mapped_file", "start_va": 1985085440, "timestamp": "00:01:10.514", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 2031616, "type": "region", "version": 1 }, "end_va": 2035711, "entry_point": 0, "filename": null, "id": "region_3665", "name": "pagefile_0x00000000001f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2031616, "timestamp": "00:01:10.580", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 4521984, "type": "region", "version": 1 }, "end_va": 4784127, "entry_point": 0, "filename": null, "id": "region_3666", "name": "private_0x0000000000450000", "norm_filename": null, "region_type": "private_memory", "start_va": 4521984, "timestamp": "00:01:10.580", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 31653888, "type": "region", "version": 1 }, "end_va": 31916031, "entry_point": 0, "filename": null, "id": "region_3667", "name": "private_0x0000000001e30000", "norm_filename": null, "region_type": "private_memory", "start_va": 31653888, "timestamp": "00:01:10.580", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 32899072, "type": "region", "version": 1 }, "end_va": 33161215, "entry_point": 0, "filename": null, "id": "region_3668", "name": "private_0x0000000001f60000", "norm_filename": null, "region_type": "private_memory", "start_va": 32899072, "timestamp": "00:01:10.580", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130530304, "type": "region", "version": 1 }, "end_va": 2130542591, "entry_point": 0, "filename": null, "id": "region_3669", "name": "private_0x000000007efd5000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130530304, "timestamp": "00:01:10.580", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 536576, "start_va": 1981677568, "type": "region", "version": 1 }, "end_va": 1982214143, "entry_point": 1981677568, "filename": "\\Windows\\SysWOW64\\clbcatq.dll", "id": "region_3670", "name": "clbcatq.dll", "norm_filename": "c:\\windows\\syswow64\\clbcatq.dll", "region_type": "memory_mapped_file", "start_va": 1981677568, "timestamp": "00:01:10.580", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 2097152, "type": "region", "version": 1 }, "end_va": 2101247, "entry_point": 0, "filename": null, "id": "region_3671", "name": "pagefile_0x0000000000200000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2097152, "timestamp": "00:01:10.600", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1003520, "start_va": 1944977408, "type": "region", "version": 1 }, "end_va": 1945980927, "entry_point": 1944977408, "filename": "\\Windows\\SysWOW64\\propsys.dll", "id": "region_3672", "name": "propsys.dll", "norm_filename": "c:\\windows\\syswow64\\propsys.dll", "region_type": "memory_mapped_file", "start_va": 1944977408, "timestamp": "00:01:10.620", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1691648, "start_va": 1971650560, "type": "region", "version": 1 }, "end_va": 1973342207, "entry_point": 1971650560, "filename": "\\Windows\\SysWOW64\\setupapi.dll", "id": "region_3928", "name": "setupapi.dll", "norm_filename": "c:\\windows\\syswow64\\setupapi.dll", "region_type": "memory_mapped_file", "start_va": 1971650560, "timestamp": "00:01:11.126", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 159744, "start_va": 1982267392, "type": "region", "version": 1 }, "end_va": 1982427135, "entry_point": 1982267392, "filename": "\\Windows\\SysWOW64\\cfgmgr32.dll", "id": "region_3929", "name": "cfgmgr32.dll", "norm_filename": "c:\\windows\\syswow64\\cfgmgr32.dll", "region_type": "memory_mapped_file", "start_va": 1982267392, "timestamp": "00:01:11.173", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 73728, "start_va": 1983053824, "type": "region", "version": 1 }, "end_va": 1983127551, "entry_point": 1983053824, "filename": "\\Windows\\SysWOW64\\devobj.dll", "id": "region_3930", "name": "devobj.dll", "norm_filename": "c:\\windows\\syswow64\\devobj.dll", "region_type": "memory_mapped_file", "start_va": 1983053824, "timestamp": "00:01:11.198", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4141056, "start_va": 36110336, "type": "region", "version": 1 }, "end_va": 40251391, "entry_point": 0, "filename": null, "id": "region_3931", "name": "pagefile_0x0000000002270000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 36110336, "timestamp": "00:01:11.289", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 135168, "start_va": 1944780800, "type": "region", "version": 1 }, "end_va": 1944915967, "entry_point": 1944780800, "filename": "\\Windows\\SysWOW64\\ntmarta.dll", "id": "region_3932", "name": "ntmarta.dll", "norm_filename": "c:\\windows\\syswow64\\ntmarta.dll", "region_type": "memory_mapped_file", "start_va": 1944780800, "timestamp": "00:01:11.289", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 282624, "start_va": 2004090880, "type": "region", "version": 1 }, "end_va": 2004373503, "entry_point": 2004090880, "filename": "\\Windows\\SysWOW64\\Wldap32.dll", "id": "region_3933", "name": "wldap32.dll", "norm_filename": "c:\\windows\\syswow64\\wldap32.dll", "region_type": "memory_mapped_file", "start_va": 2004090880, "timestamp": "00:01:11.318", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 2424832, "type": "region", "version": 1 }, "end_va": 2441215, "entry_point": 2424832, "filename": "\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Caches\\cversions.1.db", "id": "region_3942", "name": "cversions.1.db", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\caches\\cversions.1.db", "region_type": "memory_mapped_file", "start_va": 2424832, "timestamp": "00:01:11.423", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable" ], "ref_process_dump": null, "size": 196608, "start_va": 2490368, "type": "region", "version": 1 }, "end_va": 2686975, "entry_point": 2490368, "filename": "\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Caches\\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000010.db", "id": "region_3943", "name": "{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000010.db", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\caches\\{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000010.db", "region_type": "memory_mapped_file", "start_va": 2490368, "timestamp": "00:01:11.424", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2686976, "type": "region", "version": 1 }, "end_va": 2691071, "entry_point": 0, "filename": null, "id": "region_3944", "name": "pagefile_0x0000000000290000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2686976, "timestamp": "00:01:11.442", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1052672, "start_va": 40304640, "type": "region", "version": 1 }, "end_va": 41357311, "entry_point": 0, "filename": null, "id": "region_3945", "name": "private_0x0000000002670000", "norm_filename": null, "region_type": "private_memory", "start_va": 40304640, "timestamp": "00:01:11.479", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 45056, "start_va": 1944715264, "type": "region", "version": 1 }, "end_va": 1944760319, "entry_point": 1944715264, "filename": "\\Windows\\SysWOW64\\profapi.dll", "id": "region_3948", "name": "profapi.dll", "norm_filename": "c:\\windows\\syswow64\\profapi.dll", "region_type": "memory_mapped_file", "start_va": 1944715264, "timestamp": "00:01:11.488", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 31129600, "type": "region", "version": 1 }, "end_va": 31391743, "entry_point": 0, "filename": null, "id": "region_3952", "name": "private_0x0000000001db0000", "norm_filename": null, "region_type": "private_memory", "start_va": 31129600, "timestamp": "00:01:11.561", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 40501248, "type": "region", "version": 1 }, "end_va": 40763391, "entry_point": 0, "filename": null, "id": "region_3953", "name": "private_0x00000000026a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 40501248, "timestamp": "00:01:11.561", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130366464, "type": "region", "version": 1 }, "end_va": 2130378751, "entry_point": 0, "filename": null, "id": "region_3954", "name": "private_0x000000007efad000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130366464, "timestamp": "00:01:11.561", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 311296, "start_va": 1944387584, "type": "region", "version": 1 }, "end_va": 1944698879, "entry_point": 1944387584, "filename": "\\Windows\\SysWOW64\\apphelp.dll", "id": "region_3985", "name": "apphelp.dll", "norm_filename": "c:\\windows\\syswow64\\apphelp.dll", "region_type": "memory_mapped_file", "start_va": 1944387584, "timestamp": "00:01:12.056", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4231168, "start_va": 1940127744, "type": "region", "version": 1 }, "end_va": 1944358911, "entry_point": 1940127744, "filename": "\\PROGRA~2\\MICROS~1\\Office14\\GROOVEEX.DLL", "id": "region_4031", "name": "grooveex.dll", "norm_filename": "c:\\progra~2\\micros~1\\office14\\grooveex.dll", "region_type": "memory_mapped_file", "start_va": 1940127744, "timestamp": "00:01:12.568", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 12288, "start_va": 2424832, "type": "region", "version": 1 }, "end_va": 2437119, "entry_point": 0, "filename": null, "id": "region_4033", "name": "pagefile_0x0000000000250000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2424832, "timestamp": "00:01:12.646", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 667648, "start_va": 1939406848, "type": "region", "version": 1 }, "end_va": 1940074495, "entry_point": 1939406848, "filename": "\\Windows\\winsxs\\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\\msvcr90.dll", "id": "region_4034", "name": "msvcr90.dll", "norm_filename": "c:\\windows\\winsxs\\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\\msvcr90.dll", "region_type": "memory_mapped_file", "start_va": 1939406848, "timestamp": "00:01:12.662", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 581632, "start_va": 1938817024, "type": "region", "version": 1 }, "end_va": 1939398655, "entry_point": 1938817024, "filename": "\\Windows\\winsxs\\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\\msvcp90.dll", "id": "region_4035", "name": "msvcp90.dll", "norm_filename": "c:\\windows\\winsxs\\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\\msvcp90.dll", "region_type": "memory_mapped_file", "start_va": 1938817024, "timestamp": "00:01:12.711", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 176128, "start_va": 1938620416, "type": "region", "version": 1 }, "end_va": 1938796543, "entry_point": 1938620416, "filename": "\\Windows\\winsxs\\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.6161_none_51cd0a7abbe4e19b\\ATL90.dll", "id": "region_4189", "name": "atl90.dll", "norm_filename": "c:\\windows\\winsxs\\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.6161_none_51cd0a7abbe4e19b\\atl90.dll", "region_type": "memory_mapped_file", "start_va": 1938620416, "timestamp": "00:01:13.027", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 2031616, "start_va": 40763392, "type": "region", "version": 1 }, "end_va": 42795007, "entry_point": 0, "filename": null, "id": "region_4190", "name": "private_0x00000000026e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 40763392, "timestamp": "00:01:13.122", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 720896, "start_va": 31916032, "type": "region", "version": 1 }, "end_va": 32636927, "entry_point": 0, "filename": null, "id": "region_4211", "name": "private_0x0000000001e70000", "norm_filename": null, "region_type": "private_memory", "start_va": 31916032, "timestamp": "00:01:13.796", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 16384, "start_va": 3014656, "type": "region", "version": 1 }, "end_va": 3031039, "entry_point": 0, "filename": null, "id": "region_4217", "name": "private_0x00000000002e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 3014656, "timestamp": "00:01:13.966", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 98304, "start_va": 3407872, "type": "region", "version": 1 }, "end_va": 3506175, "entry_point": 0, "filename": null, "id": "region_4218", "name": "private_0x0000000000340000", "norm_filename": null, "region_type": "private_memory", "start_va": 3407872, "timestamp": "00:01:13.967", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 3080192, "type": "region", "version": 1 }, "end_va": 3145727, "entry_point": 0, "filename": null, "id": "region_4219", "name": "private_0x00000000002f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 3080192, "timestamp": "00:01:13.968", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 3538944, "type": "region", "version": 1 }, "end_va": 3543039, "entry_point": 0, "filename": null, "id": "region_4220", "name": "private_0x0000000000360000", "norm_filename": null, "region_type": "private_memory", "start_va": 3538944, "timestamp": "00:01:13.968", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "" ], "ref_process_dump": null, "size": 65536, "start_va": 3604480, "type": "region", "version": 1 }, "end_va": 3670015, "entry_point": 0, "filename": null, "id": "region_4221", "name": "private_0x0000000000370000", "norm_filename": null, "region_type": "private_memory", "start_va": 3604480, "timestamp": "00:01:13.968", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 3670016, "type": "region", "version": 1 }, "end_va": 3735551, "entry_point": 0, "filename": null, "id": "region_4222", "name": "private_0x0000000000380000", "norm_filename": null, "region_type": "private_memory", "start_va": 3670016, "timestamp": "00:01:13.974", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 3735552, "type": "region", "version": 1 }, "end_va": 3801087, "entry_point": 0, "filename": null, "id": "region_4223", "name": "private_0x0000000000390000", "norm_filename": null, "region_type": "private_memory", "start_va": 3735552, "timestamp": "00:01:13.975", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 4063232, "type": "region", "version": 1 }, "end_va": 4128767, "entry_point": 0, "filename": null, "id": "region_4224", "name": "private_0x00000000003e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 4063232, "timestamp": "00:01:13.975", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 4128768, "type": "region", "version": 1 }, "end_va": 4194303, "entry_point": 0, "filename": null, "id": "region_4225", "name": "private_0x00000000003f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 4128768, "timestamp": "00:01:13.976", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "" ], "ref_process_dump": null, "size": 65536, "start_va": 4194304, "type": "region", "version": 1 }, "end_va": 4259839, "entry_point": 0, "filename": null, "id": "region_4226", "name": "private_0x0000000000400000", "norm_filename": null, "region_type": "private_memory", "start_va": 4194304, "timestamp": "00:01:13.976", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1835008, "start_va": 40763392, "type": "region", "version": 1 }, "end_va": 42598399, "entry_point": 0, "filename": null, "id": "region_4256", "name": "private_0x00000000026e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 40763392, "timestamp": "00:01:14.410", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 42729472, "type": "region", "version": 1 }, "end_va": 42795007, "entry_point": 0, "filename": null, "id": "region_4257", "name": "private_0x00000000028c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 42729472, "timestamp": "00:01:14.410", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 90112, "start_va": 1970995200, "type": "region", "version": 1 }, "end_va": 1971085311, "entry_point": 1970995200, "filename": "\\Windows\\SysWOW64\\cryptsp.dll", "id": "region_4258", "name": "cryptsp.dll", "norm_filename": "c:\\windows\\syswow64\\cryptsp.dll", "region_type": "memory_mapped_file", "start_va": 1970995200, "timestamp": "00:01:14.413", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 245760, "start_va": 31391744, "type": "region", "version": 1 }, "end_va": 31637503, "entry_point": 31391744, "filename": "\\Windows\\SysWOW64\\rsaenh.dll", "id": "region_4259", "name": "rsaenh.dll", "norm_filename": "c:\\windows\\syswow64\\rsaenh.dll", "region_type": "memory_mapped_file", "start_va": 31391744, "timestamp": "00:01:14.432", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 245760, "start_va": 31391744, "type": "region", "version": 1 }, "end_va": 31637503, "entry_point": 31396493, "filename": "\\Windows\\SysWOW64\\rsaenh.dll", "id": "region_4260", "name": "rsaenh.dll", "norm_filename": "c:\\windows\\syswow64\\rsaenh.dll", "region_type": "memory_mapped_file", "start_va": 31391744, "timestamp": "00:01:14.441", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 241664, "start_va": 1970733056, "type": "region", "version": 1 }, "end_va": 1970974719, "entry_point": 1970737805, "filename": "\\Windows\\SysWOW64\\rsaenh.dll", "id": "region_4307", "name": "rsaenh.dll", "norm_filename": "c:\\windows\\syswow64\\rsaenh.dll", "region_type": "memory_mapped_file", "start_va": 1970733056, "timestamp": "00:01:14.855", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 4259840, "type": "region", "version": 1 }, "end_va": 4325375, "entry_point": 0, "filename": null, "id": "region_4308", "name": "private_0x0000000000410000", "norm_filename": null, "region_type": "private_memory", "start_va": 4259840, "timestamp": "00:01:14.882", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4300800, "start_va": 1966407680, "type": "region", "version": 1 }, "end_va": 1970708479, "entry_point": 1966407680, "filename": "\\PROGRA~2\\COMMON~1\\MICROS~1\\OFFICE14\\Cultures\\OFFICE.ODF", "id": "region_4309", "name": "office.odf", "norm_filename": "c:\\progra~2\\common~1\\micros~1\\office14\\cultures\\office.odf", "region_type": "memory_mapped_file", "start_va": 1966407680, "timestamp": "00:01:14.898", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 4325376, "type": "region", "version": 1 }, "end_va": 4390911, "entry_point": 0, "filename": null, "id": "region_4348", "name": "private_0x0000000000420000", "norm_filename": null, "region_type": "private_memory", "start_va": 4325376, "timestamp": "00:01:15.045", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 4390912, "type": "region", "version": 1 }, "end_va": 4456447, "entry_point": 0, "filename": null, "id": "region_4349", "name": "private_0x0000000000430000", "norm_filename": null, "region_type": "private_memory", "start_va": 4390912, "timestamp": "00:01:15.051", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4300800, "start_va": 1962082304, "type": "region", "version": 1 }, "end_va": 1966383103, "entry_point": 1962082304, "filename": "\\PROGRA~2\\COMMON~1\\MICROS~1\\OFFICE14\\Cultures\\OFFICE.ODF", "id": "region_4350", "name": "office.odf", "norm_filename": "c:\\progra~2\\common~1\\micros~1\\office14\\cultures\\office.odf", "region_type": "memory_mapped_file", "start_va": 1962082304, "timestamp": "00:01:15.054", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 5767168, "type": "region", "version": 1 }, "end_va": 5783551, "entry_point": 5767168, "filename": "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db", "id": "region_4383", "name": "cversions.2.db", "norm_filename": "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db", "region_type": "memory_mapped_file", "start_va": 5767168, "timestamp": "00:01:15.129", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable" ], "ref_process_dump": null, "size": 196608, "start_va": 31391744, "type": "region", "version": 1 }, "end_va": 31588351, "entry_point": 31391744, "filename": "\\ProgramData\\Microsoft\\Windows\\Caches\\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000012.db", "id": "region_4384", "name": "{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000012.db", "norm_filename": "c:\\programdata\\microsoft\\windows\\caches\\{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000012.db", "region_type": "memory_mapped_file", "start_va": 31391744, "timestamp": "00:01:15.130", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 31588352, "type": "region", "version": 1 }, "end_va": 31604735, "entry_point": 31588352, "filename": "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db", "id": "region_4385", "name": "cversions.2.db", "norm_filename": "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db", "region_type": "memory_mapped_file", "start_va": 31588352, "timestamp": "00:01:15.134", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable" ], "ref_process_dump": null, "size": 417792, "start_va": 31916032, "type": "region", "version": 1 }, "end_va": 32333823, "entry_point": 31916032, "filename": "\\ProgramData\\Microsoft\\Windows\\Caches\\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000002.db", "id": "region_4386", "name": "{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000002.db", "norm_filename": "c:\\programdata\\microsoft\\windows\\caches\\{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000002.db", "region_type": "memory_mapped_file", "start_va": 31916032, "timestamp": "00:01:15.135", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 32571392, "type": "region", "version": 1 }, "end_va": 32636927, "entry_point": 0, "filename": null, "id": "region_4387", "name": "private_0x0000000001f10000", "norm_filename": null, "region_type": "private_memory", "start_va": 32571392, "timestamp": "00:01:15.135", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1269760, "start_va": 1974272000, "type": "region", "version": 1 }, "end_va": 1975541759, "entry_point": 1974272000, "filename": "\\Windows\\SysWOW64\\urlmon.dll", "id": "region_4425", "name": "urlmon.dll", "norm_filename": "c:\\windows\\syswow64\\urlmon.dll", "region_type": "memory_mapped_file", "start_va": 1974272000, "timestamp": "00:01:15.359", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1003520, "start_va": 2002190336, "type": "region", "version": 1 }, "end_va": 2003193855, "entry_point": 2002190336, "filename": "\\Windows\\SysWOW64\\wininet.dll", "id": "region_4426", "name": "wininet.dll", "norm_filename": "c:\\windows\\syswow64\\wininet.dll", "region_type": "memory_mapped_file", "start_va": 2002190336, "timestamp": "00:01:15.390", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2076672, "start_va": 1978662912, "type": "region", "version": 1 }, "end_va": 1980739583, "entry_point": 1978662912, "filename": "\\Windows\\SysWOW64\\iertutil.dll", "id": "region_4435", "name": "iertutil.dll", "norm_filename": "c:\\windows\\syswow64\\iertutil.dll", "region_type": "memory_mapped_file", "start_va": 1978662912, "timestamp": "00:01:15.525", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1167360, "start_va": 1983250432, "type": "region", "version": 1 }, "end_va": 1984417791, "entry_point": 1983250432, "filename": "\\Windows\\SysWOW64\\crypt32.dll", "id": "region_4436", "name": "crypt32.dll", "norm_filename": "c:\\windows\\syswow64\\crypt32.dll", "region_type": "memory_mapped_file", "start_va": 1983250432, "timestamp": "00:01:15.542", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1983184896, "type": "region", "version": 1 }, "end_va": 1983234047, "entry_point": 1983184896, "filename": "\\Windows\\SysWOW64\\msasn1.dll", "id": "region_4437", "name": "msasn1.dll", "norm_filename": "c:\\windows\\syswow64\\msasn1.dll", "region_type": "memory_mapped_file", "start_va": 1983184896, "timestamp": "00:01:15.561", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 40763392, "type": "region", "version": 1 }, "end_va": 41811967, "entry_point": 0, "filename": null, "id": "region_4438", "name": "private_0x00000000026e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 40763392, "timestamp": "00:01:15.578", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 262144, "start_va": 42336256, "type": "region", "version": 1 }, "end_va": 42598399, "entry_point": 0, "filename": null, "id": "region_4439", "name": "private_0x0000000002860000", "norm_filename": null, "region_type": "private_memory", "start_va": 42336256, "timestamp": "00:01:15.578", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 32374784, "type": "region", "version": 1 }, "end_va": 32378879, "entry_point": 0, "filename": null, "id": "region_4456", "name": "pagefile_0x0000000001ee0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 32374784, "timestamp": "00:01:15.806", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 43319296, "type": "region", "version": 1 }, "end_va": 43581439, "entry_point": 0, "filename": null, "id": "region_4468", "name": "private_0x0000000002950000", "norm_filename": null, "region_type": "private_memory", "start_va": 43319296, "timestamp": "00:01:15.927", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 44695552, "type": "region", "version": 1 }, "end_va": 44957695, "entry_point": 0, "filename": null, "id": "region_4469", "name": "private_0x0000000002aa0000", "norm_filename": null, "region_type": "private_memory", "start_va": 44695552, "timestamp": "00:01:15.927", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130354176, "type": "region", "version": 1 }, "end_va": 2130366463, "entry_point": 0, "filename": null, "id": "region_4470", "name": "private_0x000000007efaa000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130354176, "timestamp": "00:01:15.927", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "C:\\Windows\\system32\\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}", "filename": "c:\\windows\\system32\\dllhost.exe", "id": "proc_47", "image_name": "dllhost.exe", "monitor_reason": "child_process", "monitored_id": 47, "origin_monitor_id": 29, "ref_parent_process": { "ref_id": "proc_29", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 131072, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_4271", "name": "private_0x0000000000010000", "norm_filename": null, "region_type": "private_memory", "start_va": 65536, "timestamp": "00:01:14.538", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 212991, "entry_point": 0, "filename": null, "id": "region_4272", "name": "pagefile_0x0000000000030000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 196608, "timestamp": "00:01:14.538", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 1638400, "type": "region", "version": 1 }, "end_va": 2686975, "entry_point": 0, "filename": null, "id": "region_4273", "name": "private_0x0000000000190000", "norm_filename": null, "region_type": "private_memory", "start_va": 1638400, "timestamp": "00:01:14.538", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 2007695360, "type": "region", "version": 1 }, "end_va": 2009436159, "entry_point": 2007695360, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_4274", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2007695360, "timestamp": "00:01:14.539", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16777216, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_4275", "name": "private_0x000000007efe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130575360, "timestamp": "00:01:14.540", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable" ], "ref_process_dump": null, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_4276", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:01:14.540", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 28672, "start_va": 4283301888, "type": "region", "version": 1 }, "end_va": 4283330559, "entry_point": 4283306572, "filename": "\\Windows\\System32\\dllhost.exe", "id": "region_4277", "name": "dllhost.exe", "norm_filename": "c:\\windows\\system32\\dllhost.exe", "region_type": "memory_mapped_file", "start_va": 4283301888, "timestamp": "00:01:14.540", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 8791795761152, "type": "region", "version": 1 }, "end_va": 8791795765247, "entry_point": 8791795761152, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_4278", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 8791795761152, "timestamp": "00:01:14.541", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 8796092694528, "type": "region", "version": 1 }, "end_va": 8796092837887, "entry_point": 0, "filename": null, "id": "region_4279", "name": "pagefile_0x000007fffffb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 8796092694528, "timestamp": "00:01:14.544", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 8796092874752, "type": "region", "version": 1 }, "end_va": 8796092878847, "entry_point": 0, "filename": null, "id": "region_4280", "name": "private_0x000007fffffdc000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092874752, "timestamp": "00:01:14.544", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092882944, "type": "region", "version": 1 }, "end_va": 8796092891135, "entry_point": 0, "filename": null, "id": "region_4281", "name": "private_0x000007fffffde000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092882944, "timestamp": "00:01:14.544", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 4128768, "type": "region", "version": 1 }, "end_va": 5177343, "entry_point": 0, "filename": null, "id": "region_4310", "name": "private_0x00000000003f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 4128768, "timestamp": "00:01:14.915", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1175552, "start_va": 2006515712, "type": "region", "version": 1 }, "end_va": 2007691263, "entry_point": 2006605472, "filename": "\\Windows\\System32\\kernel32.dll", "id": "region_4311", "name": "kernel32.dll", "norm_filename": "c:\\windows\\system32\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 2006515712, "timestamp": "00:01:14.915", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 438272, "start_va": 8791759060992, "type": "region", "version": 1 }, "end_va": 8791759499263, "entry_point": 8791759073504, "filename": "\\Windows\\System32\\KernelBase.dll", "id": "region_4312", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\system32\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 8791759060992, "timestamp": "00:01:14.916", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_4313", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:01:14.917", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2131623935, "entry_point": 0, "filename": null, "id": "region_4314", "name": "pagefile_0x000000007efe0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130575360, "timestamp": "00:01:14.918", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 15728640, "start_va": 2131623936, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_4315", "name": "private_0x000000007f0e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2131623936, "timestamp": "00:01:14.918", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 684031, "entry_point": 262144, "filename": "\\Windows\\System32\\locale.nls", "id": "region_4316", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 262144, "timestamp": "00:01:14.920", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 651264, "start_va": 8791791435776, "type": "region", "version": 1 }, "end_va": 8791792087039, "entry_point": 8791791445408, "filename": "\\Windows\\System32\\msvcrt.dll", "id": "region_4317", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\system32\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 8791791435776, "timestamp": "00:01:14.920", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2109440, "start_va": 8791792091136, "type": "region", "version": 1 }, "end_va": 8791794200575, "entry_point": 8791792235312, "filename": "\\Windows\\System32\\ole32.dll", "id": "region_4318", "name": "ole32.dll", "norm_filename": "c:\\windows\\system32\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 8791792091136, "timestamp": "00:01:14.922", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 421888, "start_va": 8791794778112, "type": "region", "version": 1 }, "end_va": 8791795199999, "entry_point": 8791794823228, "filename": "\\Windows\\System32\\gdi32.dll", "id": "region_4319", "name": "gdi32.dll", "norm_filename": "c:\\windows\\system32\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 8791794778112, "timestamp": "00:01:14.923", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1024000, "start_va": 2005467136, "type": "region", "version": 1 }, "end_va": 2006491135, "entry_point": 2005574344, "filename": "\\Windows\\System32\\user32.dll", "id": "region_4320", "name": "user32.dll", "norm_filename": "c:\\windows\\system32\\user32.dll", "region_type": "memory_mapped_file", "start_va": 2005467136, "timestamp": "00:01:14.924", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 57344, "start_va": 8791764566016, "type": "region", "version": 1 }, "end_va": 8791764623359, "entry_point": 8791764570240, "filename": "\\Windows\\System32\\lpk.dll", "id": "region_4321", "name": "lpk.dll", "norm_filename": "c:\\windows\\system32\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 8791764566016, "timestamp": "00:01:14.926", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 823296, "start_va": 8791762206720, "type": "region", "version": 1 }, "end_va": 8791763030015, "entry_point": 8791762708596, "filename": "\\Windows\\System32\\usp10.dll", "id": "region_4322", "name": "usp10.dll", "norm_filename": "c:\\windows\\system32\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 8791762206720, "timestamp": "00:01:14.927", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1232896, "start_va": 8791786520576, "type": "region", "version": 1 }, "end_va": 8791787753471, "entry_point": 8791786843472, "filename": "\\Windows\\System32\\rpcrt4.dll", "id": "region_4323", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\system32\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 8791786520576, "timestamp": "00:01:14.928", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1441792, "start_va": 2686976, "type": "region", "version": 1 }, "end_va": 4128767, "entry_point": 0, "filename": null, "id": "region_4324", "name": "private_0x0000000000290000", "norm_filename": null, "region_type": "private_memory", "start_va": 2686976, "timestamp": "00:01:14.930", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2686976, "type": "region", "version": 1 }, "end_va": 3735551, "entry_point": 0, "filename": null, "id": "region_4325", "name": "private_0x0000000000290000", "norm_filename": null, "region_type": "private_memory", "start_va": 2686976, "timestamp": "00:01:14.930", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 4063232, "type": "region", "version": 1 }, "end_va": 4128767, "entry_point": 0, "filename": null, "id": "region_4326", "name": "private_0x00000000003e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 4063232, "timestamp": "00:01:14.930", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 167936, "start_va": 720896, "type": "region", "version": 1 }, "end_va": 888831, "entry_point": 725008, "filename": "\\Windows\\System32\\imm32.dll", "id": "region_4327", "name": "imm32.dll", "norm_filename": "c:\\windows\\system32\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 720896, "timestamp": "00:01:14.933", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 5177344, "type": "region", "version": 1 }, "end_va": 6782975, "entry_point": 0, "filename": null, "id": "region_4328", "name": "pagefile_0x00000000004f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 5177344, "timestamp": "00:01:14.934", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 188416, "start_va": 8791766007808, "type": "region", "version": 1 }, "end_va": 8791766196223, "entry_point": 8791766011920, "filename": "\\Windows\\System32\\imm32.dll", "id": "region_4330", "name": "imm32.dll", "norm_filename": "c:\\windows\\system32\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 8791766007808, "timestamp": "00:01:14.936", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1085440, "start_va": 8791763451904, "type": "region", "version": 1 }, "end_va": 8791764537343, "entry_point": 8791763456100, "filename": "\\Windows\\System32\\msctf.dll", "id": "region_4331", "name": "msctf.dll", "norm_filename": "c:\\windows\\system32\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 8791763451904, "timestamp": "00:01:14.938", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 6815744, "type": "region", "version": 1 }, "end_va": 8392703, "entry_point": 0, "filename": null, "id": "region_4332", "name": "pagefile_0x0000000000680000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 6815744, "timestamp": "00:01:14.941", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20971520, "start_va": 8454144, "type": "region", "version": 1 }, "end_va": 29425663, "entry_point": 0, "filename": null, "id": "region_4333", "name": "pagefile_0x0000000000810000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 8454144, "timestamp": "00:01:14.941", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 135167, "entry_point": 0, "filename": null, "id": "region_4334", "name": "private_0x0000000000020000", "norm_filename": null, "region_type": "private_memory", "start_va": 131072, "timestamp": "00:01:14.944", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 720896, "type": "region", "version": 1 }, "end_va": 724991, "entry_point": 0, "filename": null, "id": "region_4335", "name": "private_0x00000000000b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 720896, "timestamp": "00:01:14.944", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 512000, "start_va": 786432, "type": "region", "version": 1 }, "end_va": 1298431, "entry_point": 839368, "filename": "\\Windows\\System32\\rpcss.dll", "id": "region_4395", "name": "rpcss.dll", "norm_filename": "c:\\windows\\system32\\rpcss.dll", "region_type": "memory_mapped_file", "start_va": 786432, "timestamp": "00:01:15.192", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 61440, "start_va": 8791757094912, "type": "region", "version": 1 }, "end_va": 8791757156351, "entry_point": 8791757099024, "filename": "\\Windows\\System32\\cryptbase.dll", "id": "region_4397", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\system32\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 8791757094912, "timestamp": "00:01:15.194", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 786432, "type": "region", "version": 1 }, "end_va": 790527, "entry_point": 0, "filename": null, "id": "region_4398", "name": "pagefile_0x00000000000c0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 786432, "timestamp": "00:01:15.197", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 626688, "start_va": 8791790256128, "type": "region", "version": 1 }, "end_va": 8791790882815, "entry_point": 8791790263312, "filename": "\\Windows\\System32\\clbcatq.dll", "id": "region_4399", "name": "clbcatq.dll", "norm_filename": "c:\\windows\\system32\\clbcatq.dll", "region_type": "memory_mapped_file", "start_va": 8791790256128, "timestamp": "00:01:15.197", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 897024, "start_va": 8791785603072, "type": "region", "version": 1 }, "end_va": 8791786500095, "entry_point": 8791785736032, "filename": "\\Windows\\System32\\advapi32.dll", "id": "region_4400", "name": "advapi32.dll", "norm_filename": "c:\\windows\\system32\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 8791785603072, "timestamp": "00:01:15.198", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 126976, "start_va": 8791765876736, "type": "region", "version": 1 }, "end_va": 8791766003711, "entry_point": 8791765901544, "filename": "\\Windows\\System32\\sechost.dll", "id": "region_4401", "name": "sechost.dll", "norm_filename": "c:\\windows\\system32\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 8791765876736, "timestamp": "00:01:15.199", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 880640, "start_va": 8791784685568, "type": "region", "version": 1 }, "end_va": 8791785566207, "entry_point": 8791784698484, "filename": "\\Windows\\System32\\oleaut32.dll", "id": "region_4402", "name": "oleaut32.dll", "norm_filename": "c:\\windows\\system32\\oleaut32.dll", "region_type": "memory_mapped_file", "start_va": 8791784685568, "timestamp": "00:01:15.200", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 851968, "type": "region", "version": 1 }, "end_va": 856063, "entry_point": 0, "filename": null, "id": "region_4403", "name": "pagefile_0x00000000000d0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 851968, "timestamp": "00:01:15.203", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 29949952, "type": "region", "version": 1 }, "end_va": 30998527, "entry_point": 0, "filename": null, "id": "region_4427", "name": "private_0x0000000001c90000", "norm_filename": null, "region_type": "private_memory", "start_va": 29949952, "timestamp": "00:01:15.409", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092866560, "type": "region", "version": 1 }, "end_va": 8796092874751, "entry_point": 0, "filename": null, "id": "region_4428", "name": "private_0x000007fffffda000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092866560, "timestamp": "00:01:15.409", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 31784960, "type": "region", "version": 1 }, "end_va": 32833535, "entry_point": 0, "filename": null, "id": "region_4440", "name": "private_0x0000000001e50000", "norm_filename": null, "region_type": "private_memory", "start_va": 31784960, "timestamp": "00:01:15.595", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 94208, "start_va": 8791750803456, "type": "region", "version": 1 }, "end_va": 8791750897663, "entry_point": 8791750816440, "filename": "\\Windows\\System32\\cryptsp.dll", "id": "region_4441", "name": "cryptsp.dll", "norm_filename": "c:\\windows\\system32\\cryptsp.dll", "region_type": "memory_mapped_file", "start_va": 8791750803456, "timestamp": "00:01:15.595", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092858368, "type": "region", "version": 1 }, "end_va": 8796092866559, "entry_point": 0, "filename": null, "id": "region_4442", "name": "private_0x000007fffffd8000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092858368, "timestamp": "00:01:15.595", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 282624, "start_va": 917504, "type": "region", "version": 1 }, "end_va": 1200127, "entry_point": 921700, "filename": "\\Windows\\System32\\rsaenh.dll", "id": "region_4443", "name": "rsaenh.dll", "norm_filename": "c:\\windows\\system32\\rsaenh.dll", "region_type": "memory_mapped_file", "start_va": 917504, "timestamp": "00:01:15.596", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 290816, "start_va": 8791747657728, "type": "region", "version": 1 }, "end_va": 8791747948543, "entry_point": 8791747661924, "filename": "\\Windows\\System32\\rsaenh.dll", "id": "region_4448", "name": "rsaenh.dll", "norm_filename": "c:\\windows\\system32\\rsaenh.dll", "region_type": "memory_mapped_file", "start_va": 8791747657728, "timestamp": "00:01:15.606", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2945024, "start_va": 32833536, "type": "region", "version": 1 }, "end_va": 35778559, "entry_point": 32833536, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_4449", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 32833536, "timestamp": "00:01:15.608", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 81920, "start_va": 8791758077952, "type": "region", "version": 1 }, "end_va": 8791758159871, "entry_point": 8791758082272, "filename": "\\Windows\\System32\\RpcRtRemote.dll", "id": "region_4450", "name": "rpcrtremote.dll", "norm_filename": "c:\\windows\\system32\\rpcrtremote.dll", "region_type": "memory_mapped_file", "start_va": 8791758077952, "timestamp": "00:01:15.611", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 37486592, "type": "region", "version": 1 }, "end_va": 38535167, "entry_point": 0, "filename": null, "id": "region_4465", "name": "private_0x00000000023c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 37486592, "timestamp": "00:01:15.876", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092850176, "type": "region", "version": 1 }, "end_va": 8796092858367, "entry_point": 0, "filename": null, "id": "region_4466", "name": "private_0x000007fffffd6000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092850176, "timestamp": "00:01:15.876", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 39387136, "type": "region", "version": 1 }, "end_va": 40435711, "entry_point": 0, "filename": null, "id": "region_4500", "name": "private_0x0000000002590000", "norm_filename": null, "region_type": "private_memory", "start_va": 39387136, "timestamp": "00:01:16.147", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 41025536, "type": "region", "version": 1 }, "end_va": 42074111, "entry_point": 0, "filename": null, "id": "region_4501", "name": "private_0x0000000002720000", "norm_filename": null, "region_type": "private_memory", "start_va": 41025536, "timestamp": "00:01:16.147", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092686336, "type": "region", "version": 1 }, "end_va": 8796092694527, "entry_point": 0, "filename": null, "id": "region_4502", "name": "private_0x000007fffffae000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092686336, "timestamp": "00:01:16.147", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092841984, "type": "region", "version": 1 }, "end_va": 8796092850175, "entry_point": 0, "filename": null, "id": "region_4503", "name": "private_0x000007fffffd4000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092841984, "timestamp": "00:01:16.147", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 352256, "start_va": 8791734222848, "type": "region", "version": 1 }, "end_va": 8791734575103, "entry_point": 8791734270912, "filename": "\\Windows\\System32\\uxtheme.dll", "id": "region_4504", "name": "uxtheme.dll", "norm_filename": "c:\\windows\\system32\\uxtheme.dll", "region_type": "memory_mapped_file", "start_va": 8791734222848, "timestamp": "00:01:16.149", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1114112, "start_va": 35782656, "type": "region", "version": 1 }, "end_va": 36896767, "entry_point": 0, "filename": null, "id": "region_4505", "name": "private_0x0000000002220000", "norm_filename": null, "region_type": "private_memory", "start_va": 35782656, "timestamp": "00:01:16.150", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 913408, "start_va": 42074112, "type": "region", "version": 1 }, "end_va": 42987519, "entry_point": 0, "filename": null, "id": "region_4514", "name": "pagefile_0x0000000002820000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 42074112, "timestamp": "00:01:16.296", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 126976, "start_va": 8791713251328, "type": "region", "version": 1 }, "end_va": 8791713378303, "entry_point": 8791713273784, "filename": "\\Windows\\System32\\thumbcache.dll", "id": "region_4807", "name": "thumbcache.dll", "norm_filename": "c:\\windows\\system32\\thumbcache.dll", "region_type": "memory_mapped_file", "start_va": 8791713251328, "timestamp": "00:01:17.688", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 14188544, "start_va": 8791767777280, "type": "region", "version": 1 }, "end_va": 8791781965823, "entry_point": 8791768288956, "filename": "\\Windows\\System32\\shell32.dll", "id": "region_4808", "name": "shell32.dll", "norm_filename": "c:\\windows\\system32\\shell32.dll", "region_type": "memory_mapped_file", "start_va": 8791767777280, "timestamp": "00:01:17.690", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 462848, "start_va": 8791794253824, "type": "region", "version": 1 }, "end_va": 8791794716671, "entry_point": 8791794327072, "filename": "\\Windows\\System32\\shlwapi.dll", "id": "region_4809", "name": "shlwapi.dll", "norm_filename": "c:\\windows\\system32\\shlwapi.dll", "region_type": "memory_mapped_file", "start_va": 8791794253824, "timestamp": "00:01:17.691", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 655360, "start_va": 8791654727680, "type": "region", "version": 1 }, "end_va": 8791655383039, "entry_point": 8791655246624, "filename": "\\Windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_a4d6a923711520a9\\comctl32.dll", "id": "region_4810", "name": "comctl32.dll", "norm_filename": "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_a4d6a923711520a9\\comctl32.dll", "region_type": "memory_mapped_file", "start_va": 8791654727680, "timestamp": "00:01:17.693", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 28672, "start_va": 2009530368, "type": "region", "version": 1 }, "end_va": 2009559039, "entry_point": 2009534572, "filename": "\\Windows\\System32\\psapi.dll", "id": "region_4811", "name": "psapi.dll", "norm_filename": "c:\\windows\\system32\\psapi.dll", "region_type": "memory_mapped_file", "start_va": 2009530368, "timestamp": "00:01:17.694", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1228800, "start_va": 8791734616064, "type": "region", "version": 1 }, "end_va": 8791735844863, "entry_point": 8791734654140, "filename": "\\Windows\\System32\\propsys.dll", "id": "region_4812", "name": "propsys.dll", "norm_filename": "c:\\windows\\system32\\propsys.dll", "region_type": "memory_mapped_file", "start_va": 8791734616064, "timestamp": "00:01:17.696", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1835008, "start_va": 42991616, "type": "region", "version": 1 }, "end_va": 44826623, "entry_point": 0, "filename": null, "id": "region_4813", "name": "private_0x0000000002900000", "norm_filename": null, "region_type": "private_memory", "start_va": 42991616, "timestamp": "00:01:17.698", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 42991616, "type": "region", "version": 1 }, "end_va": 44040191, "entry_point": 0, "filename": null, "id": "region_4814", "name": "private_0x0000000002900000", "norm_filename": null, "region_type": "private_memory", "start_va": 42991616, "timestamp": "00:01:17.699", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 44761088, "type": "region", "version": 1 }, "end_va": 44826623, "entry_point": 0, "filename": null, "id": "region_4815", "name": "private_0x0000000002ab0000", "norm_filename": null, "region_type": "private_memory", "start_va": 44761088, "timestamp": "00:01:17.699", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 438272, "start_va": 8791654268928, "type": "region", "version": 1 }, "end_va": 8791654707199, "entry_point": 8791654268928, "filename": "\\Windows\\System32\\PhotoMetadataHandler.dll", "id": "region_4835", "name": "photometadatahandler.dll", "norm_filename": "c:\\windows\\system32\\photometadatahandler.dll", "region_type": "memory_mapped_file", "start_va": 8791654268928, "timestamp": "00:01:17.885", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1220608, "start_va": 8791728324608, "type": "region", "version": 1 }, "end_va": 8791729545215, "entry_point": 8791728338960, "filename": "\\Windows\\System32\\WindowsCodecs.dll", "id": "region_4836", "name": "windowscodecs.dll", "norm_filename": "c:\\windows\\system32\\windowscodecs.dll", "region_type": "memory_mapped_file", "start_va": 8791728324608, "timestamp": "00:01:17.910", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 974848, "start_va": 8791678648320, "type": "region", "version": 1 }, "end_va": 8791679623167, "entry_point": 8791678653088, "filename": "\\Windows\\System32\\actxprxy.dll", "id": "region_4837", "name": "actxprxy.dll", "norm_filename": "c:\\windows\\system32\\actxprxy.dll", "region_type": "memory_mapped_file", "start_va": 8791678648320, "timestamp": "00:01:17.927", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 917504, "type": "region", "version": 1 }, "end_va": 921599, "entry_point": 0, "filename": null, "id": "region_5048", "name": "private_0x00000000000e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 917504, "timestamp": "00:01:19.354", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 983040, "type": "region", "version": 1 }, "end_va": 987135, "entry_point": 0, "filename": null, "id": "region_5049", "name": "private_0x00000000000f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 983040, "timestamp": "00:01:19.354", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 1048576, "type": "region", "version": 1 }, "end_va": 1052671, "entry_point": 0, "filename": null, "id": "region_5113", "name": "pagefile_0x0000000000100000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1048576, "timestamp": "00:01:19.924", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 1114112, "type": "region", "version": 1 }, "end_va": 1122303, "entry_point": 0, "filename": null, "id": "region_5114", "name": "pagefile_0x0000000000110000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1114112, "timestamp": "00:01:19.926", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2048000, "start_va": 8791736188928, "type": "region", "version": 1 }, "end_va": 8791738236927, "entry_point": 8791737813284, "filename": "\\Windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\\comctl32.dll", "id": "region_5115", "name": "comctl32.dll", "norm_filename": "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\\comctl32.dll", "region_type": "memory_mapped_file", "start_va": 8791736188928, "timestamp": "00:01:19.927", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 1179648, "type": "region", "version": 1 }, "end_va": 1183743, "entry_point": 1179648, "filename": "\\Windows\\WindowsShell.Manifest", "id": "region_5116", "name": "windowsshell.manifest", "norm_filename": "c:\\windows\\windowsshell.manifest", "region_type": "memory_mapped_file", "start_va": 1179648, "timestamp": "00:01:19.929", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 1245184, "type": "region", "version": 1 }, "end_va": 1253375, "entry_point": 0, "filename": null, "id": "region_5117", "name": "pagefile_0x0000000000130000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1245184, "timestamp": "00:01:19.930", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 356352, "start_va": 8791705649152, "type": "region", "version": 1 }, "end_va": 8791706005503, "entry_point": 8791705653528, "filename": "\\Windows\\System32\\apphelp.dll", "id": "region_5118", "name": "apphelp.dll", "norm_filename": "c:\\windows\\system32\\apphelp.dll", "region_type": "memory_mapped_file", "start_va": 8791705649152, "timestamp": "00:01:19.945", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4132864, "start_va": 8791642734592, "type": "region", "version": 1 }, "end_va": 8791646867455, "entry_point": 8791642734592, "filename": "\\Windows\\System32\\mf.dll", "id": "region_5119", "name": "mf.dll", "norm_filename": "c:\\windows\\system32\\mf.dll", "region_type": "memory_mapped_file", "start_va": 8791642734592, "timestamp": "00:01:19.973", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 8791719084032, "type": "region", "version": 1 }, "end_va": 8791719186431, "entry_point": 8791719088552, "filename": "\\Windows\\System32\\atl.dll", "id": "region_5120", "name": "atl.dll", "norm_filename": "c:\\windows\\system32\\atl.dll", "region_type": "memory_mapped_file", "start_va": 8791719084032, "timestamp": "00:01:19.991", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 442368, "start_va": 8791650140160, "type": "region", "version": 1 }, "end_va": 8791650582527, "entry_point": 8791650144272, "filename": "\\Windows\\System32\\mfplat.dll", "id": "region_5121", "name": "mfplat.dll", "norm_filename": "c:\\windows\\system32\\mfplat.dll", "region_type": "memory_mapped_file", "start_va": 8791650140160, "timestamp": "00:01:19.992", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 315392, "start_va": 8791795236864, "type": "region", "version": 1 }, "end_va": 8791795552255, "entry_point": 8791795241072, "filename": "\\Windows\\System32\\ws2_32.dll", "id": "region_5122", "name": "ws2_32.dll", "norm_filename": "c:\\windows\\system32\\ws2_32.dll", "region_type": "memory_mapped_file", "start_va": 8791795236864, "timestamp": "00:01:19.993", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 8791781998592, "type": "region", "version": 1 }, "end_va": 8791782031359, "entry_point": 8791782003972, "filename": "\\Windows\\System32\\nsi.dll", "id": "region_5123", "name": "nsi.dll", "norm_filename": "c:\\windows\\system32\\nsi.dll", "region_type": "memory_mapped_file", "start_va": 8791781998592, "timestamp": "00:01:19.994", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 36864, "start_va": 8791723016192, "type": "region", "version": 1 }, "end_va": 8791723053055, "entry_point": 8791723020304, "filename": "\\Windows\\System32\\avrt.dll", "id": "region_5124", "name": "avrt.dll", "norm_filename": "c:\\windows\\system32\\avrt.dll", "region_type": "memory_mapped_file", "start_va": 8791723016192, "timestamp": "00:01:19.995", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 8791743266816, "type": "region", "version": 1 }, "end_va": 8791743315967, "entry_point": 8791743271012, "filename": "\\Windows\\System32\\version.dll", "id": "region_5125", "name": "version.dll", "norm_filename": "c:\\windows\\system32\\version.dll", "region_type": "memory_mapped_file", "start_va": 8791743266816, "timestamp": "00:01:19.996", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 24576, "start_va": 1938554880, "type": "region", "version": 1 }, "end_va": 1938579455, "entry_point": 1938558992, "filename": "\\Windows\\System32\\ksuser.dll", "id": "region_5126", "name": "ksuser.dll", "norm_filename": "c:\\windows\\system32\\ksuser.dll", "region_type": "memory_mapped_file", "start_va": 1938554880, "timestamp": "00:01:19.998", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "\"C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\reader_sl.exe\" ", "filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\reader_sl.exe", "id": "proc_48", "image_name": "reader_sl.exe", "monitor_reason": "child_process", "monitored_id": 48, "origin_monitor_id": 46, "ref_parent_process": { "ref_id": "proc_46", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 131072, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_4471", "name": "private_0x0000000000010000", "norm_filename": null, "region_type": "private_memory", "start_va": 65536, "timestamp": "00:01:15.981", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 204799, "entry_point": 0, "filename": null, "id": "region_4472", "name": "private_0x0000000000030000", "norm_filename": null, "region_type": "private_memory", "start_va": 196608, "timestamp": "00:01:15.981", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 266239, "entry_point": 262144, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_4473", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 262144, "timestamp": "00:01:15.981", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 327680, "type": "region", "version": 1 }, "end_va": 589823, "entry_point": 0, "filename": null, "id": "region_4474", "name": "private_0x0000000000050000", "norm_filename": null, "region_type": "private_memory", "start_va": 327680, "timestamp": "00:01:15.984", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 589824, "type": "region", "version": 1 }, "end_va": 1638399, "entry_point": 0, "filename": null, "id": "region_4475", "name": "private_0x0000000000090000", "norm_filename": null, "region_type": "private_memory", "start_va": 589824, "timestamp": "00:01:15.984", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 1638400, "type": "region", "version": 1 }, "end_va": 1654783, "entry_point": 0, "filename": null, "id": "region_4476", "name": "pagefile_0x0000000000190000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1638400, "timestamp": "00:01:15.984", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 4194304, "type": "region", "version": 1 }, "end_va": 4235263, "entry_point": 4194304, "filename": "\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\reader_sl.exe", "id": "region_4477", "name": "reader_sl.exe", "norm_filename": "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\reader_sl.exe", "region_type": "memory_mapped_file", "start_va": 4194304, "timestamp": "00:01:15.985", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 2007695360, "type": "region", "version": 1 }, "end_va": 2009436159, "entry_point": 2007695360, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_4478", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2007695360, "timestamp": "00:01:15.995", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1572864, "start_va": 2009661440, "type": "region", "version": 1 }, "end_va": 2011234303, "entry_point": 2009661440, "filename": "\\Windows\\SysWOW64\\ntdll.dll", "id": "region_4479", "name": "ntdll.dll", "norm_filename": "c:\\windows\\syswow64\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2009661440, "timestamp": "00:01:15.996", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 2130378752, "type": "region", "version": 1 }, "end_va": 2130522111, "entry_point": 0, "filename": null, "id": "region_4480", "name": "pagefile_0x000000007efb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130378752, "timestamp": "00:01:15.997", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130554880, "type": "region", "version": 1 }, "end_va": 2130567167, "entry_point": 0, "filename": null, "id": "region_4481", "name": "private_0x000000007efdb000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130554880, "timestamp": "00:01:15.997", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2130567168, "type": "region", "version": 1 }, "end_va": 2130571263, "entry_point": 0, "filename": null, "id": "region_4482", "name": "private_0x000000007efde000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130567168, "timestamp": "00:01:15.997", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2130571264, "type": "region", "version": 1 }, "end_va": 2130575359, "entry_point": 0, "filename": null, "id": "region_4483", "name": "private_0x000000007efdf000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130571264, "timestamp": "00:01:15.997", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16777216, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_4484", "name": "private_0x000000007efe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130575360, "timestamp": "00:01:15.997", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable" ], "ref_process_dump": null, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_4485", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:01:15.997", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "ignored_region" ], "info": "No dump was created because this is an ignored region", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8793945538560, "start_va": 2147418112, "type": "region", "version": 1 }, "end_va": 8796092956671, "entry_point": 0, "filename": null, "id": "region_4486", "name": "private_0x000000007fff0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147418112, "timestamp": "00:01:15.997", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 1703936, "type": "region", "version": 1 }, "end_va": 1708031, "entry_point": 0, "filename": null, "id": "region_4488", "name": "pagefile_0x00000000001a0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1703936, "timestamp": "00:01:16.008", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 2162688, "start_va": 1769472, "type": "region", "version": 1 }, "end_va": 3932159, "entry_point": 0, "filename": null, "id": "region_4515", "name": "private_0x00000000001b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1769472, "timestamp": "00:01:16.303", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 258048, "start_va": 1948712960, "type": "region", "version": 1 }, "end_va": 1948971007, "entry_point": 1948900984, "filename": "\\Windows\\System32\\wow64.dll", "id": "region_4516", "name": "wow64.dll", "norm_filename": "c:\\windows\\system32\\wow64.dll", "region_type": "memory_mapped_file", "start_va": 1948712960, "timestamp": "00:01:16.305", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 376832, "start_va": 1948319744, "type": "region", "version": 1 }, "end_va": 1948696575, "entry_point": 1948579736, "filename": "\\Windows\\System32\\wow64win.dll", "id": "region_4517", "name": "wow64win.dll", "norm_filename": "c:\\windows\\system32\\wow64win.dll", "region_type": "memory_mapped_file", "start_va": 1948319744, "timestamp": "00:01:16.307", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1948254208, "type": "region", "version": 1 }, "end_va": 1948286975, "entry_point": 1948262648, "filename": "\\Windows\\System32\\wow64cpu.dll", "id": "region_4518", "name": "wow64cpu.dll", "norm_filename": "c:\\windows\\system32\\wow64cpu.dll", "region_type": "memory_mapped_file", "start_va": 1948254208, "timestamp": "00:01:16.308", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1175552, "start_va": 2006515712, "type": "region", "version": 1 }, "end_va": 2007691263, "entry_point": 2006605472, "filename": "\\Windows\\System32\\kernel32.dll", "id": "region_4519", "name": "kernel32.dll", "norm_filename": "c:\\windows\\system32\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 2006515712, "timestamp": "00:01:16.310", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1114112, "start_va": 1977548800, "type": "region", "version": 1 }, "end_va": 1978662911, "entry_point": 1977627347, "filename": "\\Windows\\SysWOW64\\kernel32.dll", "id": "region_4520", "name": "kernel32.dll", "norm_filename": "c:\\windows\\syswow64\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1977548800, "timestamp": "00:01:16.311", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1175552, "start_va": 2006515712, "type": "region", "version": 1 }, "end_va": 2007691263, "entry_point": 0, "filename": null, "id": "region_4522", "name": "private_0x0000000077990000", "norm_filename": null, "region_type": "private_memory", "start_va": 2006515712, "timestamp": "00:01:16.313", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1024000, "start_va": 2005467136, "type": "region", "version": 1 }, "end_va": 2006491135, "entry_point": 2005574344, "filename": "\\Windows\\System32\\user32.dll", "id": "region_4523", "name": "user32.dll", "norm_filename": "c:\\windows\\system32\\user32.dll", "region_type": "memory_mapped_file", "start_va": 2005467136, "timestamp": "00:01:16.314", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1024000, "start_va": 2005467136, "type": "region", "version": 1 }, "end_va": 2006491135, "entry_point": 0, "filename": null, "id": "region_4524", "name": "private_0x0000000077890000", "norm_filename": null, "region_type": "private_memory", "start_va": 2005467136, "timestamp": "00:01:16.314", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 2686976, "start_va": 4259840, "type": "region", "version": 1 }, "end_va": 6946815, "entry_point": 0, "filename": null, "id": "region_4525", "name": "private_0x0000000000410000", "norm_filename": null, "region_type": "private_memory", "start_va": 4259840, "timestamp": "00:01:16.317", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 286720, "start_va": 1977221120, "type": "region", "version": 1 }, "end_va": 1977507839, "entry_point": 1977250936, "filename": "\\Windows\\SysWOW64\\KernelBase.dll", "id": "region_4527", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\syswow64\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 1977221120, "timestamp": "00:01:16.320", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_4528", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:01:16.322", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2131623935, "entry_point": 0, "filename": null, "id": "region_4529", "name": "pagefile_0x000000007efe0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130575360, "timestamp": "00:01:16.322", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 15728640, "start_va": 2131623936, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_4530", "name": "private_0x000000007f0e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2131623936, "timestamp": "00:01:16.322", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 1769472, "type": "region", "version": 1 }, "end_va": 2191359, "entry_point": 1769472, "filename": "\\Windows\\System32\\locale.nls", "id": "region_4531", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 1769472, "timestamp": "00:01:16.325", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 3407872, "type": "region", "version": 1 }, "end_va": 3932159, "entry_point": 0, "filename": null, "id": "region_4532", "name": "private_0x0000000000340000", "norm_filename": null, "region_type": "private_memory", "start_va": 3407872, "timestamp": "00:01:16.325", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2004418560, "type": "region", "version": 1 }, "end_va": 2005467135, "entry_point": 2004530925, "filename": "\\Windows\\SysWOW64\\user32.dll", "id": "region_4533", "name": "user32.dll", "norm_filename": "c:\\windows\\syswow64\\user32.dll", "region_type": "memory_mapped_file", "start_va": 2004418560, "timestamp": "00:01:16.325", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 589824, "start_va": 1982464000, "type": "region", "version": 1 }, "end_va": 1983053823, "entry_point": 1982554947, "filename": "\\Windows\\SysWOW64\\gdi32.dll", "id": "region_4534", "name": "gdi32.dll", "norm_filename": "c:\\windows\\syswow64\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 1982464000, "timestamp": "00:01:16.327", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1999634432, "type": "region", "version": 1 }, "end_va": 1999675391, "entry_point": 1999648416, "filename": "\\Windows\\SysWOW64\\lpk.dll", "id": "region_4535", "name": "lpk.dll", "norm_filename": "c:\\windows\\syswow64\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 1999634432, "timestamp": "00:01:16.328", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 643072, "start_va": 1984430080, "type": "region", "version": 1 }, "end_va": 1985073151, "entry_point": 1984643031, "filename": "\\Windows\\SysWOW64\\usp10.dll", "id": "region_4536", "name": "usp10.dll", "norm_filename": "c:\\windows\\syswow64\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 1984430080, "timestamp": "00:01:16.329", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 704512, "start_va": 1998585856, "type": "region", "version": 1 }, "end_va": 1999290367, "entry_point": 1998627954, "filename": "\\Windows\\SysWOW64\\msvcrt.dll", "id": "region_4537", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\syswow64\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 1998585856, "timestamp": "00:01:16.330", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 655360, "start_va": 2001534976, "type": "region", "version": 1 }, "end_va": 2002190335, "entry_point": 2001619429, "filename": "\\Windows\\SysWOW64\\advapi32.dll", "id": "region_4538", "name": "advapi32.dll", "norm_filename": "c:\\windows\\syswow64\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 2001534976, "timestamp": "00:01:16.332", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 1999503360, "type": "region", "version": 1 }, "end_va": 1999605759, "entry_point": 1999522165, "filename": "\\Windows\\SysWOW64\\sechost.dll", "id": "region_4539", "name": "sechost.dll", "norm_filename": "c:\\windows\\syswow64\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 1999503360, "timestamp": "00:01:16.333", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 983040, "start_va": 1975844864, "type": "region", "version": 1 }, "end_va": 1976827903, "entry_point": 1975911785, "filename": "\\Windows\\SysWOW64\\rpcrt4.dll", "id": "region_4540", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\syswow64\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 1975844864, "timestamp": "00:01:16.334", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1971257344, "type": "region", "version": 1 }, "end_va": 1971650559, "entry_point": 1971364787, "filename": "\\Windows\\SysWOW64\\sspicli.dll", "id": "region_4541", "name": "sspicli.dll", "norm_filename": "c:\\windows\\syswow64\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 1971257344, "timestamp": "00:01:16.336", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1971191808, "type": "region", "version": 1 }, "end_va": 1971240959, "entry_point": 1971196129, "filename": "\\Windows\\SysWOW64\\cryptbase.dll", "id": "region_4542", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\syswow64\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 1971191808, "timestamp": "00:01:16.337", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 12886016, "start_va": 1985675264, "type": "region", "version": 1 }, "end_va": 1998561279, "entry_point": 1986205185, "filename": "\\Windows\\SysWOW64\\shell32.dll", "id": "region_4543", "name": "shell32.dll", "norm_filename": "c:\\windows\\syswow64\\shell32.dll", "region_type": "memory_mapped_file", "start_va": 1985675264, "timestamp": "00:01:16.339", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 356352, "start_va": 1976827904, "type": "region", "version": 1 }, "end_va": 1977184255, "entry_point": 1976933286, "filename": "\\Windows\\SysWOW64\\shlwapi.dll", "id": "region_4544", "name": "shlwapi.dll", "norm_filename": "c:\\windows\\syswow64\\shlwapi.dll", "region_type": "memory_mapped_file", "start_va": 1976827904, "timestamp": "00:01:16.340", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 581632, "start_va": 1938817024, "type": "region", "version": 1 }, "end_va": 1939398655, "entry_point": 1939054023, "filename": "\\Windows\\winsxs\\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\\msvcp90.dll", "id": "region_4545", "name": "msvcp90.dll", "norm_filename": "c:\\windows\\winsxs\\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\\msvcp90.dll", "region_type": "memory_mapped_file", "start_va": 1938817024, "timestamp": "00:01:16.342", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 667648, "start_va": 1939406848, "type": "region", "version": 1 }, "end_va": 1940074495, "entry_point": 1939549504, "filename": "\\Windows\\winsxs\\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\\msvcr90.dll", "id": "region_4546", "name": "msvcr90.dll", "norm_filename": "c:\\windows\\winsxs\\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\\msvcr90.dll", "region_type": "memory_mapped_file", "start_va": 1939406848, "timestamp": "00:01:16.343", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_4547", "name": "private_0x0000000000020000", "norm_filename": null, "region_type": "private_memory", "start_va": 131072, "timestamp": "00:01:16.346", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 4259840, "type": "region", "version": 1 }, "end_va": 5865471, "entry_point": 0, "filename": null, "id": "region_4572", "name": "pagefile_0x0000000000410000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 4259840, "timestamp": "00:01:16.529", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 5898240, "type": "region", "version": 1 }, "end_va": 6946815, "entry_point": 0, "filename": null, "id": "region_4573", "name": "private_0x00000000005a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 5898240, "timestamp": "00:01:16.529", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 122880, "start_va": 2228224, "type": "region", "version": 1 }, "end_va": 2351103, "entry_point": 2299279, "filename": "\\Windows\\SysWOW64\\imm32.dll", "id": "region_4574", "name": "imm32.dll", "norm_filename": "c:\\windows\\syswow64\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 2228224, "timestamp": "00:01:16.529", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1980760064, "type": "region", "version": 1 }, "end_va": 1981153279, "entry_point": 1980831119, "filename": "\\Windows\\SysWOW64\\imm32.dll", "id": "region_4576", "name": "imm32.dll", "norm_filename": "c:\\windows\\syswow64\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 1980760064, "timestamp": "00:01:16.532", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 835584, "start_va": 2003238912, "type": "region", "version": 1 }, "end_va": 2004074495, "entry_point": 2003244683, "filename": "\\Windows\\SysWOW64\\msctf.dll", "id": "region_4577", "name": "msctf.dll", "norm_filename": "c:\\windows\\syswow64\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 2003238912, "timestamp": "00:01:16.533", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 6946816, "type": "region", "version": 1 }, "end_va": 8523775, "entry_point": 0, "filename": null, "id": "region_4578", "name": "pagefile_0x00000000006a0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 6946816, "timestamp": "00:01:16.538", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20971520, "start_va": 8585216, "type": "region", "version": 1 }, "end_va": 29556735, "entry_point": 0, "filename": null, "id": "region_4579", "name": "pagefile_0x0000000000830000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 8585216, "timestamp": "00:01:16.538", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 200703, "entry_point": 0, "filename": null, "id": "region_4580", "name": "private_0x0000000000030000", "norm_filename": null, "region_type": "private_memory", "start_va": 196608, "timestamp": "00:01:16.540", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2228224, "type": "region", "version": 1 }, "end_va": 2232319, "entry_point": 0, "filename": null, "id": "region_4581", "name": "private_0x0000000000220000", "norm_filename": null, "region_type": "private_memory", "start_va": 2228224, "timestamp": "00:01:16.540", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 2293760, "type": "region", "version": 1 }, "end_va": 2555903, "entry_point": 0, "filename": null, "id": "region_4582", "name": "private_0x0000000000230000", "norm_filename": null, "region_type": "private_memory", "start_va": 2293760, "timestamp": "00:01:16.540", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 524288, "start_va": 1946025984, "type": "region", "version": 1 }, "end_va": 1946550271, "entry_point": 1946105801, "filename": "\\Windows\\SysWOW64\\uxtheme.dll", "id": "region_4583", "name": "uxtheme.dll", "norm_filename": "c:\\windows\\syswow64\\uxtheme.dll", "region_type": "memory_mapped_file", "start_va": 1946025984, "timestamp": "00:01:16.554", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1507328, "start_va": 29556736, "type": "region", "version": 1 }, "end_va": 31064063, "entry_point": 0, "filename": null, "id": "region_4584", "name": "private_0x0000000001c30000", "norm_filename": null, "region_type": "private_memory", "start_va": 29556736, "timestamp": "00:01:16.555", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 913408, "start_va": 29556736, "type": "region", "version": 1 }, "end_va": 30470143, "entry_point": 0, "filename": null, "id": "region_4620", "name": "pagefile_0x0000000001c30000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 29556736, "timestamp": "00:01:16.652", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 30801920, "type": "region", "version": 1 }, "end_va": 31064063, "entry_point": 0, "filename": null, "id": "region_4621", "name": "private_0x0000000001d60000", "norm_filename": null, "region_type": "private_memory", "start_va": 30801920, "timestamp": "00:01:16.652", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 77824, "start_va": 1970601984, "type": "region", "version": 1 }, "end_va": 1970679807, "entry_point": 1970601984, "filename": "\\Windows\\SysWOW64\\dwmapi.dll", "id": "region_4622", "name": "dwmapi.dll", "norm_filename": "c:\\windows\\syswow64\\dwmapi.dll", "region_type": "memory_mapped_file", "start_va": 1970601984, "timestamp": "00:01:16.670", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 2555904, "type": "region", "version": 1 }, "end_va": 2818047, "entry_point": 0, "filename": null, "id": "region_5264", "name": "private_0x0000000000270000", "norm_filename": null, "region_type": "private_memory", "start_va": 2555904, "timestamp": "00:01:22.564", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 31064064, "type": "region", "version": 1 }, "end_va": 32112639, "entry_point": 0, "filename": null, "id": "region_5265", "name": "private_0x0000000001da0000", "norm_filename": null, "region_type": "private_memory", "start_va": 31064064, "timestamp": "00:01:22.564", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130542592, "type": "region", "version": 1 }, "end_va": 2130554879, "entry_point": 0, "filename": null, "id": "region_5266", "name": "private_0x000000007efd8000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130542592, "timestamp": "00:01:22.564", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 2818048, "type": "region", "version": 1 }, "end_va": 3080191, "entry_point": 0, "filename": null, "id": "region_5599", "name": "private_0x00000000002b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2818048, "timestamp": "00:01:26.640", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 32112640, "type": "region", "version": 1 }, "end_va": 33161215, "entry_point": 0, "filename": null, "id": "region_5600", "name": "private_0x0000000001ea0000", "norm_filename": null, "region_type": "private_memory", "start_va": 32112640, "timestamp": "00:01:26.640", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130530304, "type": "region", "version": 1 }, "end_va": 2130542591, "entry_point": 0, "filename": null, "id": "region_5601", "name": "private_0x000000007efd5000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130530304, "timestamp": "00:01:26.640", "type": "region", "version": 1 } ], "terminate_reason": "timeout", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "\"C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\" ", "filename": "c:\\program files (x86)\\common files\\adobe\\arm\\1.0\\adobearm.exe", "id": "proc_49", "image_name": "adobearm.exe", "monitor_reason": "child_process", "monitored_id": 49, "origin_monitor_id": 46, "ref_parent_process": { "ref_id": "proc_46", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 131072, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_4548", "name": "private_0x0000000000010000", "norm_filename": null, "region_type": "private_memory", "start_va": 65536, "timestamp": "00:01:16.386", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 204799, "entry_point": 0, "filename": null, "id": "region_4549", "name": "private_0x0000000000030000", "norm_filename": null, "region_type": "private_memory", "start_va": 196608, "timestamp": "00:01:16.386", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 266239, "entry_point": 262144, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_4550", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 262144, "timestamp": "00:01:16.386", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 327680, "type": "region", "version": 1 }, "end_va": 344063, "entry_point": 0, "filename": null, "id": "region_4551", "name": "pagefile_0x0000000000050000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 327680, "timestamp": "00:01:16.389", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 1114112, "type": "region", "version": 1 }, "end_va": 1376255, "entry_point": 0, "filename": null, "id": "region_4552", "name": "private_0x0000000000110000", "norm_filename": null, "region_type": "private_memory", "start_va": 1114112, "timestamp": "00:01:16.389", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2949120, "type": "region", "version": 1 }, "end_va": 3997695, "entry_point": 0, "filename": null, "id": "region_4553", "name": "private_0x00000000002d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2949120, "timestamp": "00:01:16.389", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 958464, "start_va": 17039360, "type": "region", "version": 1 }, "end_va": 17997823, "entry_point": 17039360, "filename": "\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe", "id": "region_4554", "name": "adobearm.exe", "norm_filename": "c:\\program files (x86)\\common files\\adobe\\arm\\1.0\\adobearm.exe", "region_type": "memory_mapped_file", "start_va": 17039360, "timestamp": "00:01:16.390", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 2007695360, "type": "region", "version": 1 }, "end_va": 2009436159, "entry_point": 2007695360, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_4555", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2007695360, "timestamp": "00:01:16.399", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1572864, "start_va": 2009661440, "type": "region", "version": 1 }, "end_va": 2011234303, "entry_point": 2009661440, "filename": "\\Windows\\SysWOW64\\ntdll.dll", "id": "region_4556", "name": "ntdll.dll", "norm_filename": "c:\\windows\\syswow64\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2009661440, "timestamp": "00:01:16.400", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 2130378752, "type": "region", "version": 1 }, "end_va": 2130522111, "entry_point": 0, "filename": null, "id": "region_4557", "name": "pagefile_0x000000007efb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130378752, "timestamp": "00:01:16.400", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130554880, "type": "region", "version": 1 }, "end_va": 2130567167, "entry_point": 0, "filename": null, "id": "region_4558", "name": "private_0x000000007efdb000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130554880, "timestamp": "00:01:16.400", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2130567168, "type": "region", "version": 1 }, "end_va": 2130571263, "entry_point": 0, "filename": null, "id": "region_4559", "name": "private_0x000000007efde000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130567168, "timestamp": "00:01:16.400", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2130571264, "type": "region", "version": 1 }, "end_va": 2130575359, "entry_point": 0, "filename": null, "id": "region_4560", "name": "private_0x000000007efdf000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130571264, "timestamp": "00:01:16.400", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16777216, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_4561", "name": "private_0x000000007efe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130575360, "timestamp": "00:01:16.401", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable" ], "ref_process_dump": null, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_4562", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:01:16.401", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "ignored_region" ], "info": "No dump was created because this is an ignored region", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8793945538560, "start_va": 2147418112, "type": "region", "version": 1 }, "end_va": 8796092956671, "entry_point": 0, "filename": null, "id": "region_4563", "name": "private_0x000000007fff0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147418112, "timestamp": "00:01:16.401", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 393216, "type": "region", "version": 1 }, "end_va": 401407, "entry_point": 0, "filename": null, "id": "region_4566", "name": "pagefile_0x0000000000060000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 393216, "timestamp": "00:01:16.423", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 2555904, "start_va": 3997696, "type": "region", "version": 1 }, "end_va": 6553599, "entry_point": 0, "filename": null, "id": "region_4585", "name": "private_0x00000000003d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 3997696, "timestamp": "00:01:16.565", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 258048, "start_va": 1948712960, "type": "region", "version": 1 }, "end_va": 1948971007, "entry_point": 1948900984, "filename": "\\Windows\\System32\\wow64.dll", "id": "region_4586", "name": "wow64.dll", "norm_filename": "c:\\windows\\system32\\wow64.dll", "region_type": "memory_mapped_file", "start_va": 1948712960, "timestamp": "00:01:16.567", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 376832, "start_va": 1948319744, "type": "region", "version": 1 }, "end_va": 1948696575, "entry_point": 1948579736, "filename": "\\Windows\\System32\\wow64win.dll", "id": "region_4587", "name": "wow64win.dll", "norm_filename": "c:\\windows\\system32\\wow64win.dll", "region_type": "memory_mapped_file", "start_va": 1948319744, "timestamp": "00:01:16.568", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1948254208, "type": "region", "version": 1 }, "end_va": 1948286975, "entry_point": 1948262648, "filename": "\\Windows\\System32\\wow64cpu.dll", "id": "region_4588", "name": "wow64cpu.dll", "norm_filename": "c:\\windows\\system32\\wow64cpu.dll", "region_type": "memory_mapped_file", "start_va": 1948254208, "timestamp": "00:01:16.569", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1175552, "start_va": 2006515712, "type": "region", "version": 1 }, "end_va": 2007691263, "entry_point": 2006605472, "filename": "\\Windows\\System32\\kernel32.dll", "id": "region_4589", "name": "kernel32.dll", "norm_filename": "c:\\windows\\system32\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 2006515712, "timestamp": "00:01:16.572", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1114112, "start_va": 1977548800, "type": "region", "version": 1 }, "end_va": 1978662911, "entry_point": 1977627347, "filename": "\\Windows\\SysWOW64\\kernel32.dll", "id": "region_4590", "name": "kernel32.dll", "norm_filename": "c:\\windows\\syswow64\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1977548800, "timestamp": "00:01:16.573", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1175552, "start_va": 2006515712, "type": "region", "version": 1 }, "end_va": 2007691263, "entry_point": 0, "filename": null, "id": "region_4592", "name": "private_0x0000000077990000", "norm_filename": null, "region_type": "private_memory", "start_va": 2006515712, "timestamp": "00:01:16.575", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1024000, "start_va": 2005467136, "type": "region", "version": 1 }, "end_va": 2006491135, "entry_point": 2005574344, "filename": "\\Windows\\System32\\user32.dll", "id": "region_4593", "name": "user32.dll", "norm_filename": "c:\\windows\\system32\\user32.dll", "region_type": "memory_mapped_file", "start_va": 2005467136, "timestamp": "00:01:16.575", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1024000, "start_va": 2005467136, "type": "region", "version": 1 }, "end_va": 2006491135, "entry_point": 0, "filename": null, "id": "region_4594", "name": "private_0x0000000077890000", "norm_filename": null, "region_type": "private_memory", "start_va": 2005467136, "timestamp": "00:01:16.576", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 3080192, "start_va": 6553600, "type": "region", "version": 1 }, "end_va": 9633791, "entry_point": 0, "filename": null, "id": "region_4595", "name": "private_0x0000000000640000", "norm_filename": null, "region_type": "private_memory", "start_va": 6553600, "timestamp": "00:01:16.578", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 286720, "start_va": 1977221120, "type": "region", "version": 1 }, "end_va": 1977507839, "entry_point": 1977250936, "filename": "\\Windows\\SysWOW64\\KernelBase.dll", "id": "region_4597", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\syswow64\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 1977221120, "timestamp": "00:01:16.582", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_4598", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:01:16.585", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2131623935, "entry_point": 0, "filename": null, "id": "region_4599", "name": "pagefile_0x000000007efe0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130575360, "timestamp": "00:01:16.585", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 15728640, "start_va": 2131623936, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_4600", "name": "private_0x000000007f0e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2131623936, "timestamp": "00:01:16.585", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 458752, "type": "region", "version": 1 }, "end_va": 880639, "entry_point": 458752, "filename": "\\Windows\\System32\\locale.nls", "id": "region_4685", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 458752, "timestamp": "00:01:16.854", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2359296, "start_va": 1968242688, "type": "region", "version": 1 }, "end_va": 1970601983, "entry_point": 1968242688, "filename": "\\Windows\\SysWOW64\\msi.dll", "id": "region_4686", "name": "msi.dll", "norm_filename": "c:\\windows\\syswow64\\msi.dll", "region_type": "memory_mapped_file", "start_va": 1968242688, "timestamp": "00:01:16.856", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 704512, "start_va": 1998585856, "type": "region", "version": 1 }, "end_va": 1999290367, "entry_point": 1998627954, "filename": "\\Windows\\SysWOW64\\msvcrt.dll", "id": "region_4687", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\syswow64\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 1998585856, "timestamp": "00:01:16.884", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 655360, "start_va": 2001534976, "type": "region", "version": 1 }, "end_va": 2002190335, "entry_point": 2001619429, "filename": "\\Windows\\SysWOW64\\advapi32.dll", "id": "region_4688", "name": "advapi32.dll", "norm_filename": "c:\\windows\\syswow64\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 2001534976, "timestamp": "00:01:16.893", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 1999503360, "type": "region", "version": 1 }, "end_va": 1999605759, "entry_point": 1999522165, "filename": "\\Windows\\SysWOW64\\sechost.dll", "id": "region_4689", "name": "sechost.dll", "norm_filename": "c:\\windows\\syswow64\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 1999503360, "timestamp": "00:01:16.894", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 983040, "start_va": 1975844864, "type": "region", "version": 1 }, "end_va": 1976827903, "entry_point": 1975911785, "filename": "\\Windows\\SysWOW64\\rpcrt4.dll", "id": "region_4744", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\syswow64\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 1975844864, "timestamp": "00:01:17.161", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1971257344, "type": "region", "version": 1 }, "end_va": 1971650559, "entry_point": 1971364787, "filename": "\\Windows\\SysWOW64\\sspicli.dll", "id": "region_4745", "name": "sspicli.dll", "norm_filename": "c:\\windows\\syswow64\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 1971257344, "timestamp": "00:01:17.163", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1971191808, "type": "region", "version": 1 }, "end_va": 1971240959, "entry_point": 1971196129, "filename": "\\Windows\\SysWOW64\\cryptbase.dll", "id": "region_4746", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\syswow64\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 1971191808, "timestamp": "00:01:17.165", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2004418560, "type": "region", "version": 1 }, "end_va": 2005467135, "entry_point": 2004530925, "filename": "\\Windows\\SysWOW64\\user32.dll", "id": "region_4747", "name": "user32.dll", "norm_filename": "c:\\windows\\syswow64\\user32.dll", "region_type": "memory_mapped_file", "start_va": 2004418560, "timestamp": "00:01:17.167", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 589824, "start_va": 1982464000, "type": "region", "version": 1 }, "end_va": 1983053823, "entry_point": 1982554947, "filename": "\\Windows\\SysWOW64\\gdi32.dll", "id": "region_4748", "name": "gdi32.dll", "norm_filename": "c:\\windows\\syswow64\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 1982464000, "timestamp": "00:01:17.168", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1999634432, "type": "region", "version": 1 }, "end_va": 1999675391, "entry_point": 1999648416, "filename": "\\Windows\\SysWOW64\\lpk.dll", "id": "region_4749", "name": "lpk.dll", "norm_filename": "c:\\windows\\syswow64\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 1999634432, "timestamp": "00:01:17.169", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 643072, "start_va": 1984430080, "type": "region", "version": 1 }, "end_va": 1985073151, "entry_point": 1984643031, "filename": "\\Windows\\SysWOW64\\usp10.dll", "id": "region_4750", "name": "usp10.dll", "norm_filename": "c:\\windows\\syswow64\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 1984430080, "timestamp": "00:01:17.171", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 356352, "start_va": 1976827904, "type": "region", "version": 1 }, "end_va": 1977184255, "entry_point": 1976933286, "filename": "\\Windows\\SysWOW64\\shlwapi.dll", "id": "region_4751", "name": "shlwapi.dll", "norm_filename": "c:\\windows\\syswow64\\shlwapi.dll", "region_type": "memory_mapped_file", "start_va": 1976827904, "timestamp": "00:01:17.172", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1425408, "start_va": 2000093184, "type": "region", "version": 1 }, "end_va": 2001518591, "entry_point": 2000403005, "filename": "\\Windows\\SysWOW64\\ole32.dll", "id": "region_4752", "name": "ole32.dll", "norm_filename": "c:\\windows\\syswow64\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 2000093184, "timestamp": "00:01:17.174", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 20480, "start_va": 1975779328, "type": "region", "version": 1 }, "end_va": 1975799807, "entry_point": 1975779328, "filename": "\\Windows\\SysWOW64\\psapi.dll", "id": "region_4753", "name": "psapi.dll", "norm_filename": "c:\\windows\\syswow64\\psapi.dll", "region_type": "memory_mapped_file", "start_va": 1975779328, "timestamp": "00:01:17.175", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 36864, "start_va": 1968177152, "type": "region", "version": 1 }, "end_va": 1968214015, "entry_point": 1968177152, "filename": "\\Windows\\SysWOW64\\version.dll", "id": "region_4754", "name": "version.dll", "norm_filename": "c:\\windows\\syswow64\\version.dll", "region_type": "memory_mapped_file", "start_va": 1968177152, "timestamp": "00:01:17.189", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 503808, "start_va": 1981153280, "type": "region", "version": 1 }, "end_va": 1981657087, "entry_point": 1981153280, "filename": "\\Windows\\SysWOW64\\comdlg32.dll", "id": "region_4784", "name": "comdlg32.dll", "norm_filename": "c:\\windows\\syswow64\\comdlg32.dll", "region_type": "memory_mapped_file", "start_va": 1981153280, "timestamp": "00:01:17.491", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1695744, "start_va": 1966473216, "type": "region", "version": 1 }, "end_va": 1968168959, "entry_point": 1966663349, "filename": "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll", "id": "region_4785", "name": "comctl32.dll", "norm_filename": "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll", "region_type": "memory_mapped_file", "start_va": 1966473216, "timestamp": "00:01:17.526", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 12886016, "start_va": 1985675264, "type": "region", "version": 1 }, "end_va": 1998561279, "entry_point": 1986205185, "filename": "\\Windows\\SysWOW64\\shell32.dll", "id": "region_4786", "name": "shell32.dll", "norm_filename": "c:\\windows\\syswow64\\shell32.dll", "region_type": "memory_mapped_file", "start_va": 1985675264, "timestamp": "00:01:17.528", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 331776, "start_va": 1970733056, "type": "region", "version": 1 }, "end_va": 1971064831, "entry_point": 1970733056, "filename": "\\Windows\\SysWOW64\\winspool.drv", "id": "region_4787", "name": "winspool.drv", "norm_filename": "c:\\windows\\syswow64\\winspool.drv", "region_type": "memory_mapped_file", "start_va": 1970733056, "timestamp": "00:01:17.535", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 114688, "start_va": 1966342144, "type": "region", "version": 1 }, "end_va": 1966456831, "entry_point": 1966342144, "filename": "\\Windows\\SysWOW64\\oledlg.dll", "id": "region_4823", "name": "oledlg.dll", "norm_filename": "c:\\windows\\syswow64\\oledlg.dll", "region_type": "memory_mapped_file", "start_va": 1966342144, "timestamp": "00:01:17.768", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 585728, "start_va": 1985085440, "type": "region", "version": 1 }, "end_va": 1985671167, "entry_point": 1985101745, "filename": "\\Windows\\SysWOW64\\oleaut32.dll", "id": "region_4824", "name": "oleaut32.dll", "norm_filename": "c:\\windows\\syswow64\\oleaut32.dll", "region_type": "memory_mapped_file", "start_va": 1985085440, "timestamp": "00:01:17.795", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1269760, "start_va": 1974272000, "type": "region", "version": 1 }, "end_va": 1975541759, "entry_point": 1974278965, "filename": "\\Windows\\SysWOW64\\urlmon.dll", "id": "region_4825", "name": "urlmon.dll", "norm_filename": "c:\\windows\\syswow64\\urlmon.dll", "region_type": "memory_mapped_file", "start_va": 1974272000, "timestamp": "00:01:17.796", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1003520, "start_va": 2002190336, "type": "region", "version": 1 }, "end_va": 2003193855, "entry_point": 2002196581, "filename": "\\Windows\\SysWOW64\\wininet.dll", "id": "region_4826", "name": "wininet.dll", "norm_filename": "c:\\windows\\syswow64\\wininet.dll", "region_type": "memory_mapped_file", "start_va": 2002190336, "timestamp": "00:01:17.797", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2076672, "start_va": 1978662912, "type": "region", "version": 1 }, "end_va": 1980739583, "entry_point": 1978671833, "filename": "\\Windows\\SysWOW64\\iertutil.dll", "id": "region_4827", "name": "iertutil.dll", "norm_filename": "c:\\windows\\syswow64\\iertutil.dll", "region_type": "memory_mapped_file", "start_va": 1978662912, "timestamp": "00:01:17.799", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1167360, "start_va": 1983250432, "type": "region", "version": 1 }, "end_va": 1984417791, "entry_point": 1983255946, "filename": "\\Windows\\SysWOW64\\crypt32.dll", "id": "region_4828", "name": "crypt32.dll", "norm_filename": "c:\\windows\\syswow64\\crypt32.dll", "region_type": "memory_mapped_file", "start_va": 1983250432, "timestamp": "00:01:17.801", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1983184896, "type": "region", "version": 1 }, "end_va": 1983234047, "entry_point": 1983193998, "filename": "\\Windows\\SysWOW64\\msasn1.dll", "id": "region_4829", "name": "msasn1.dll", "norm_filename": "c:\\windows\\syswow64\\msasn1.dll", "region_type": "memory_mapped_file", "start_va": 1983184896, "timestamp": "00:01:17.804", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 184320, "start_va": 1999306752, "type": "region", "version": 1 }, "end_va": 1999491071, "entry_point": 1999306752, "filename": "\\Windows\\SysWOW64\\wintrust.dll", "id": "region_4830", "name": "wintrust.dll", "norm_filename": "c:\\windows\\syswow64\\wintrust.dll", "region_type": "memory_mapped_file", "start_va": 1999306752, "timestamp": "00:01:17.805", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 94208, "start_va": 1966211072, "type": "region", "version": 1 }, "end_va": 1966305279, "entry_point": 1966211072, "filename": "\\Windows\\SysWOW64\\userenv.dll", "id": "region_4857", "name": "userenv.dll", "norm_filename": "c:\\windows\\syswow64\\userenv.dll", "region_type": "memory_mapped_file", "start_va": 1966211072, "timestamp": "00:01:17.976", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 45056, "start_va": 1966145536, "type": "region", "version": 1 }, "end_va": 1966190591, "entry_point": 1966152082, "filename": "\\Windows\\SysWOW64\\profapi.dll", "id": "region_4858", "name": "profapi.dll", "norm_filename": "c:\\windows\\syswow64\\profapi.dll", "region_type": "memory_mapped_file", "start_va": 1966145536, "timestamp": "00:01:18.008", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 917504, "start_va": 1376256, "type": "region", "version": 1 }, "end_va": 2293759, "entry_point": 0, "filename": null, "id": "region_4885", "name": "private_0x0000000000150000", "norm_filename": null, "region_type": "private_memory", "start_va": 1376256, "timestamp": "00:01:18.290", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 3997696, "type": "region", "version": 1 }, "end_va": 5603327, "entry_point": 0, "filename": null, "id": "region_4886", "name": "pagefile_0x00000000003d0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 3997696, "timestamp": "00:01:18.293", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 6029312, "type": "region", "version": 1 }, "end_va": 6553599, "entry_point": 0, "filename": null, "id": "region_4887", "name": "private_0x00000000005c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 6029312, "timestamp": "00:01:18.293", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 122880, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 253951, "entry_point": 202127, "filename": "\\Windows\\SysWOW64\\imm32.dll", "id": "region_4888", "name": "imm32.dll", "norm_filename": "c:\\windows\\syswow64\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 131072, "timestamp": "00:01:18.294", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1980760064, "type": "region", "version": 1 }, "end_va": 1981153279, "entry_point": 1980831119, "filename": "\\Windows\\SysWOW64\\imm32.dll", "id": "region_4890", "name": "imm32.dll", "norm_filename": "c:\\windows\\syswow64\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 1980760064, "timestamp": "00:01:18.298", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 835584, "start_va": 2003238912, "type": "region", "version": 1 }, "end_va": 2004074495, "entry_point": 2003244683, "filename": "\\Windows\\SysWOW64\\msctf.dll", "id": "region_4891", "name": "msctf.dll", "norm_filename": "c:\\windows\\syswow64\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 2003238912, "timestamp": "00:01:18.300", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 6553600, "type": "region", "version": 1 }, "end_va": 8130559, "entry_point": 0, "filename": null, "id": "region_4892", "name": "pagefile_0x0000000000640000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 6553600, "timestamp": "00:01:18.305", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 8585216, "type": "region", "version": 1 }, "end_va": 9633791, "entry_point": 0, "filename": null, "id": "region_4893", "name": "private_0x0000000000830000", "norm_filename": null, "region_type": "private_memory", "start_va": 8585216, "timestamp": "00:01:18.305", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20971520, "start_va": 18022400, "type": "region", "version": 1 }, "end_va": 38993919, "entry_point": 0, "filename": null, "id": "region_4894", "name": "pagefile_0x0000000001130000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 18022400, "timestamp": "00:01:18.306", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 135167, "entry_point": 0, "filename": null, "id": "region_4928", "name": "private_0x0000000000020000", "norm_filename": null, "region_type": "private_memory", "start_va": 131072, "timestamp": "00:01:18.591", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 200703, "entry_point": 0, "filename": null, "id": "region_4929", "name": "private_0x0000000000030000", "norm_filename": null, "region_type": "private_memory", "start_va": 196608, "timestamp": "00:01:18.591", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 917504, "type": "region", "version": 1 }, "end_va": 921599, "entry_point": 917504, "filename": "\\Windows\\WindowsShell.Manifest", "id": "region_4930", "name": "windowsshell.manifest", "norm_filename": "c:\\windows\\windowsshell.manifest", "region_type": "memory_mapped_file", "start_va": 917504, "timestamp": "00:01:18.592", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 983040, "type": "region", "version": 1 }, "end_va": 991231, "entry_point": 0, "filename": null, "id": "region_4931", "name": "pagefile_0x00000000000f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 983040, "timestamp": "00:01:18.593", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 458752, "start_va": 1376256, "type": "region", "version": 1 }, "end_va": 1835007, "entry_point": 0, "filename": null, "id": "region_4932", "name": "private_0x0000000000150000", "norm_filename": null, "region_type": "private_memory", "start_va": 1376256, "timestamp": "00:01:18.612", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 2228224, "type": "region", "version": 1 }, "end_va": 2293759, "entry_point": 0, "filename": null, "id": "region_4933", "name": "private_0x0000000000220000", "norm_filename": null, "region_type": "private_memory", "start_va": 2228224, "timestamp": "00:01:18.612", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 196608, "start_va": 1376256, "type": "region", "version": 1 }, "end_va": 1572863, "entry_point": 0, "filename": null, "id": "region_4934", "name": "private_0x0000000000150000", "norm_filename": null, "region_type": "private_memory", "start_va": 1376256, "timestamp": "00:01:18.626", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 1769472, "type": "region", "version": 1 }, "end_va": 1835007, "entry_point": 0, "filename": null, "id": "region_4935", "name": "private_0x00000000001b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1769472, "timestamp": "00:01:18.626", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 2293760, "type": "region", "version": 1 }, "end_va": 2818047, "entry_point": 0, "filename": null, "id": "region_4936", "name": "private_0x0000000000230000", "norm_filename": null, "region_type": "private_memory", "start_va": 2293760, "timestamp": "00:01:18.668", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 524288, "start_va": 1946025984, "type": "region", "version": 1 }, "end_va": 1946550271, "entry_point": 1946105801, "filename": "\\Windows\\SysWOW64\\uxtheme.dll", "id": "region_4937", "name": "uxtheme.dll", "norm_filename": "c:\\windows\\syswow64\\uxtheme.dll", "region_type": "memory_mapped_file", "start_va": 1946025984, "timestamp": "00:01:18.681", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 2031616, "start_va": 9633792, "type": "region", "version": 1 }, "end_va": 11665407, "entry_point": 0, "filename": null, "id": "region_4938", "name": "private_0x0000000000930000", "norm_filename": null, "region_type": "private_memory", "start_va": 9633792, "timestamp": "00:01:18.683", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 913408, "start_va": 9633792, "type": "region", "version": 1 }, "end_va": 10547199, "entry_point": 0, "filename": null, "id": "region_4975", "name": "pagefile_0x0000000000930000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 9633792, "timestamp": "00:01:18.933", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 11403264, "type": "region", "version": 1 }, "end_va": 11665407, "entry_point": 0, "filename": null, "id": "region_4976", "name": "private_0x0000000000ae0000", "norm_filename": null, "region_type": "private_memory", "start_va": 11403264, "timestamp": "00:01:18.933", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 917504, "type": "region", "version": 1 }, "end_va": 925695, "entry_point": 0, "filename": null, "id": "region_4977", "name": "pagefile_0x00000000000e0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 917504, "timestamp": "00:01:18.964", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 1048576, "type": "region", "version": 1 }, "end_va": 1052671, "entry_point": 0, "filename": null, "id": "region_4978", "name": "pagefile_0x0000000000100000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1048576, "timestamp": "00:01:18.965", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 11665408, "type": "region", "version": 1 }, "end_va": 12713983, "entry_point": 0, "filename": null, "id": "region_4979", "name": "private_0x0000000000b20000", "norm_filename": null, "region_type": "private_memory", "start_va": 11665408, "timestamp": "00:01:18.975", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 1376256, "type": "region", "version": 1 }, "end_va": 1380351, "entry_point": 1376256, "filename": "\\Windows\\SysWOW64\\tzres.dll", "id": "region_4980", "name": "tzres.dll", "norm_filename": "c:\\windows\\syswow64\\tzres.dll", "region_type": "memory_mapped_file", "start_va": 1376256, "timestamp": "00:01:18.980", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 1507328, "type": "region", "version": 1 }, "end_va": 1572863, "entry_point": 0, "filename": null, "id": "region_4981", "name": "private_0x0000000000170000", "norm_filename": null, "region_type": "private_memory", "start_va": 1507328, "timestamp": "00:01:18.985", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 28672, "start_va": 1441792, "type": "region", "version": 1 }, "end_va": 1470463, "entry_point": 0, "filename": null, "id": "region_4982", "name": "pagefile_0x0000000000160000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1441792, "timestamp": "00:01:18.987", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 1572864, "type": "region", "version": 1 }, "end_va": 1581055, "entry_point": 0, "filename": null, "id": "region_4983", "name": "pagefile_0x0000000000180000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1572864, "timestamp": "00:01:18.987", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4141056, "start_va": 12713984, "type": "region", "version": 1 }, "end_va": 16855039, "entry_point": 0, "filename": null, "id": "region_4984", "name": "pagefile_0x0000000000c20000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 12713984, "timestamp": "00:01:18.987", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2945024, "start_va": 38993920, "type": "region", "version": 1 }, "end_va": 41938943, "entry_point": 38993920, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_4986", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 38993920, "timestamp": "00:01:18.990", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1200128, "start_va": 41943040, "type": "region", "version": 1 }, "end_va": 43143167, "entry_point": 0, "filename": null, "id": "region_4987", "name": "private_0x0000000002800000", "norm_filename": null, "region_type": "private_memory", "start_va": 41943040, "timestamp": "00:01:19.059", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 42139648, "type": "region", "version": 1 }, "end_va": 42401791, "entry_point": 0, "filename": null, "id": "region_5127", "name": "private_0x0000000002830000", "norm_filename": null, "region_type": "private_memory", "start_va": 42139648, "timestamp": "00:01:20.020", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 44105728, "type": "region", "version": 1 }, "end_va": 45154303, "entry_point": 0, "filename": null, "id": "region_5128", "name": "private_0x0000000002a10000", "norm_filename": null, "region_type": "private_memory", "start_va": 44105728, "timestamp": "00:01:20.020", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130542592, "type": "region", "version": 1 }, "end_va": 2130554879, "entry_point": 0, "filename": null, "id": "region_5129", "name": "private_0x000000007efd8000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130542592, "timestamp": "00:01:20.020", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "\"C:\\Program Files (x86)\\Common Files\\Java\\Java Update\\jusched.exe\" ", "filename": "c:\\program files (x86)\\common files\\java\\java update\\jusched.exe", "id": "proc_50", "image_name": "jusched.exe", "monitor_reason": "child_process", "monitored_id": 50, "origin_monitor_id": 46, "ref_parent_process": { "ref_id": "proc_46", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 131072, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_4601", "name": "private_0x0000000000010000", "norm_filename": null, "region_type": "private_memory", "start_va": 65536, "timestamp": "00:01:16.628", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 204799, "entry_point": 0, "filename": null, "id": "region_4602", "name": "private_0x0000000000030000", "norm_filename": null, "region_type": "private_memory", "start_va": 196608, "timestamp": "00:01:16.628", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 266239, "entry_point": 262144, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_4603", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 262144, "timestamp": "00:01:16.628", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 327680, "type": "region", "version": 1 }, "end_va": 589823, "entry_point": 0, "filename": null, "id": "region_4604", "name": "private_0x0000000000050000", "norm_filename": null, "region_type": "private_memory", "start_va": 327680, "timestamp": "00:01:16.631", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 589824, "type": "region", "version": 1 }, "end_va": 1638399, "entry_point": 0, "filename": null, "id": "region_4605", "name": "private_0x0000000000090000", "norm_filename": null, "region_type": "private_memory", "start_va": 589824, "timestamp": "00:01:16.631", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 1638400, "type": "region", "version": 1 }, "end_va": 1654783, "entry_point": 0, "filename": null, "id": "region_4606", "name": "pagefile_0x0000000000190000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1638400, "timestamp": "00:01:16.631", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 266240, "start_va": 4194304, "type": "region", "version": 1 }, "end_va": 4460543, "entry_point": 4194304, "filename": "\\Program Files (x86)\\Common Files\\Java\\Java Update\\jusched.exe", "id": "region_4607", "name": "jusched.exe", "norm_filename": "c:\\program files (x86)\\common files\\java\\java update\\jusched.exe", "region_type": "memory_mapped_file", "start_va": 4194304, "timestamp": "00:01:16.631", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 2007695360, "type": "region", "version": 1 }, "end_va": 2009436159, "entry_point": 2007695360, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_4608", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2007695360, "timestamp": "00:01:16.640", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1572864, "start_va": 2009661440, "type": "region", "version": 1 }, "end_va": 2011234303, "entry_point": 2009661440, "filename": "\\Windows\\SysWOW64\\ntdll.dll", "id": "region_4609", "name": "ntdll.dll", "norm_filename": "c:\\windows\\syswow64\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2009661440, "timestamp": "00:01:16.640", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 2130378752, "type": "region", "version": 1 }, "end_va": 2130522111, "entry_point": 0, "filename": null, "id": "region_4610", "name": "pagefile_0x000000007efb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130378752, "timestamp": "00:01:16.641", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130554880, "type": "region", "version": 1 }, "end_va": 2130567167, "entry_point": 0, "filename": null, "id": "region_4611", "name": "private_0x000000007efdb000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130554880, "timestamp": "00:01:16.641", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2130567168, "type": "region", "version": 1 }, "end_va": 2130571263, "entry_point": 0, "filename": null, "id": "region_4612", "name": "private_0x000000007efde000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130567168, "timestamp": "00:01:16.641", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2130571264, "type": "region", "version": 1 }, "end_va": 2130575359, "entry_point": 0, "filename": null, "id": "region_4613", "name": "private_0x000000007efdf000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130571264, "timestamp": "00:01:16.641", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16777216, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_4614", "name": "private_0x000000007efe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130575360, "timestamp": "00:01:16.641", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable" ], "ref_process_dump": null, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_4615", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:01:16.641", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "ignored_region" ], "info": "No dump was created because this is an ignored region", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8793945538560, "start_va": 2147418112, "type": "region", "version": 1 }, "end_va": 8796092956671, "entry_point": 0, "filename": null, "id": "region_4616", "name": "private_0x000000007fff0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147418112, "timestamp": "00:01:16.641", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 1703936, "type": "region", "version": 1 }, "end_va": 1708031, "entry_point": 0, "filename": null, "id": "region_4619", "name": "pagefile_0x00000000001a0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1703936, "timestamp": "00:01:16.643", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1966080, "start_va": 1769472, "type": "region", "version": 1 }, "end_va": 3735551, "entry_point": 0, "filename": null, "id": "region_4690", "name": "private_0x00000000001b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1769472, "timestamp": "00:01:16.900", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 258048, "start_va": 1948712960, "type": "region", "version": 1 }, "end_va": 1948971007, "entry_point": 1948900984, "filename": "\\Windows\\System32\\wow64.dll", "id": "region_4691", "name": "wow64.dll", "norm_filename": "c:\\windows\\system32\\wow64.dll", "region_type": "memory_mapped_file", "start_va": 1948712960, "timestamp": "00:01:16.902", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 376832, "start_va": 1948319744, "type": "region", "version": 1 }, "end_va": 1948696575, "entry_point": 1948579736, "filename": "\\Windows\\System32\\wow64win.dll", "id": "region_4692", "name": "wow64win.dll", "norm_filename": "c:\\windows\\system32\\wow64win.dll", "region_type": "memory_mapped_file", "start_va": 1948319744, "timestamp": "00:01:16.904", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1948254208, "type": "region", "version": 1 }, "end_va": 1948286975, "entry_point": 1948262648, "filename": "\\Windows\\System32\\wow64cpu.dll", "id": "region_4693", "name": "wow64cpu.dll", "norm_filename": "c:\\windows\\system32\\wow64cpu.dll", "region_type": "memory_mapped_file", "start_va": 1948254208, "timestamp": "00:01:16.905", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1175552, "start_va": 2006515712, "type": "region", "version": 1 }, "end_va": 2007691263, "entry_point": 2006605472, "filename": "\\Windows\\System32\\kernel32.dll", "id": "region_4694", "name": "kernel32.dll", "norm_filename": "c:\\windows\\system32\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 2006515712, "timestamp": "00:01:16.907", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1114112, "start_va": 1977548800, "type": "region", "version": 1 }, "end_va": 1978662911, "entry_point": 1977627347, "filename": "\\Windows\\SysWOW64\\kernel32.dll", "id": "region_4695", "name": "kernel32.dll", "norm_filename": "c:\\windows\\syswow64\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1977548800, "timestamp": "00:01:16.908", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1175552, "start_va": 2006515712, "type": "region", "version": 1 }, "end_va": 2007691263, "entry_point": 0, "filename": null, "id": "region_4697", "name": "private_0x0000000077990000", "norm_filename": null, "region_type": "private_memory", "start_va": 2006515712, "timestamp": "00:01:16.910", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1024000, "start_va": 2005467136, "type": "region", "version": 1 }, "end_va": 2006491135, "entry_point": 2005574344, "filename": "\\Windows\\System32\\user32.dll", "id": "region_4698", "name": "user32.dll", "norm_filename": "c:\\windows\\system32\\user32.dll", "region_type": "memory_mapped_file", "start_va": 2005467136, "timestamp": "00:01:16.911", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1024000, "start_va": 2005467136, "type": "region", "version": 1 }, "end_va": 2006491135, "entry_point": 0, "filename": null, "id": "region_4699", "name": "private_0x0000000077890000", "norm_filename": null, "region_type": "private_memory", "start_va": 2005467136, "timestamp": "00:01:16.911", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 2490368, "start_va": 4521984, "type": "region", "version": 1 }, "end_va": 7012351, "entry_point": 0, "filename": null, "id": "region_4700", "name": "private_0x0000000000450000", "norm_filename": null, "region_type": "private_memory", "start_va": 4521984, "timestamp": "00:01:16.914", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 286720, "start_va": 1977221120, "type": "region", "version": 1 }, "end_va": 1977507839, "entry_point": 1977250936, "filename": "\\Windows\\SysWOW64\\KernelBase.dll", "id": "region_4702", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\syswow64\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 1977221120, "timestamp": "00:01:16.917", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_4703", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:01:16.919", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2131623935, "entry_point": 0, "filename": null, "id": "region_4704", "name": "pagefile_0x000000007efe0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130575360, "timestamp": "00:01:16.919", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 15728640, "start_va": 2131623936, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_4705", "name": "private_0x000000007f0e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2131623936, "timestamp": "00:01:16.920", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 1769472, "type": "region", "version": 1 }, "end_va": 2191359, "entry_point": 1769472, "filename": "\\Windows\\System32\\locale.nls", "id": "region_4706", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 1769472, "timestamp": "00:01:16.924", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 3211264, "type": "region", "version": 1 }, "end_va": 3735551, "entry_point": 0, "filename": null, "id": "region_4707", "name": "private_0x0000000000310000", "norm_filename": null, "region_type": "private_memory", "start_va": 3211264, "timestamp": "00:01:16.925", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 655360, "start_va": 2001534976, "type": "region", "version": 1 }, "end_va": 2002190335, "entry_point": 2001619429, "filename": "\\Windows\\SysWOW64\\advapi32.dll", "id": "region_4708", "name": "advapi32.dll", "norm_filename": "c:\\windows\\syswow64\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 2001534976, "timestamp": "00:01:16.925", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 704512, "start_va": 1998585856, "type": "region", "version": 1 }, "end_va": 1999290367, "entry_point": 1998627954, "filename": "\\Windows\\SysWOW64\\msvcrt.dll", "id": "region_4709", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\syswow64\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 1998585856, "timestamp": "00:01:16.926", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 1999503360, "type": "region", "version": 1 }, "end_va": 1999605759, "entry_point": 1999522165, "filename": "\\Windows\\SysWOW64\\sechost.dll", "id": "region_4710", "name": "sechost.dll", "norm_filename": "c:\\windows\\syswow64\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 1999503360, "timestamp": "00:01:16.928", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 983040, "start_va": 1975844864, "type": "region", "version": 1 }, "end_va": 1976827903, "entry_point": 1975911785, "filename": "\\Windows\\SysWOW64\\rpcrt4.dll", "id": "region_4711", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\syswow64\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 1975844864, "timestamp": "00:01:16.929", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1971257344, "type": "region", "version": 1 }, "end_va": 1971650559, "entry_point": 1971364787, "filename": "\\Windows\\SysWOW64\\sspicli.dll", "id": "region_4712", "name": "sspicli.dll", "norm_filename": "c:\\windows\\syswow64\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 1971257344, "timestamp": "00:01:16.932", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1971191808, "type": "region", "version": 1 }, "end_va": 1971240959, "entry_point": 1971196129, "filename": "\\Windows\\SysWOW64\\cryptbase.dll", "id": "region_4713", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\syswow64\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 1971191808, "timestamp": "00:01:16.934", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 589824, "start_va": 1982464000, "type": "region", "version": 1 }, "end_va": 1983053823, "entry_point": 1982554947, "filename": "\\Windows\\SysWOW64\\gdi32.dll", "id": "region_4714", "name": "gdi32.dll", "norm_filename": "c:\\windows\\syswow64\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 1982464000, "timestamp": "00:01:16.935", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2004418560, "type": "region", "version": 1 }, "end_va": 2005467135, "entry_point": 2004530925, "filename": "\\Windows\\SysWOW64\\user32.dll", "id": "region_4715", "name": "user32.dll", "norm_filename": "c:\\windows\\syswow64\\user32.dll", "region_type": "memory_mapped_file", "start_va": 2004418560, "timestamp": "00:01:16.936", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1999634432, "type": "region", "version": 1 }, "end_va": 1999675391, "entry_point": 1999648416, "filename": "\\Windows\\SysWOW64\\lpk.dll", "id": "region_4716", "name": "lpk.dll", "norm_filename": "c:\\windows\\syswow64\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 1999634432, "timestamp": "00:01:16.938", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 643072, "start_va": 1984430080, "type": "region", "version": 1 }, "end_va": 1985073151, "entry_point": 1984643031, "filename": "\\Windows\\SysWOW64\\usp10.dll", "id": "region_4717", "name": "usp10.dll", "norm_filename": "c:\\windows\\syswow64\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 1984430080, "timestamp": "00:01:16.939", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1003520, "start_va": 2002190336, "type": "region", "version": 1 }, "end_va": 2003193855, "entry_point": 2002196581, "filename": "\\Windows\\SysWOW64\\wininet.dll", "id": "region_4718", "name": "wininet.dll", "norm_filename": "c:\\windows\\syswow64\\wininet.dll", "region_type": "memory_mapped_file", "start_va": 2002190336, "timestamp": "00:01:16.940", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 356352, "start_va": 1976827904, "type": "region", "version": 1 }, "end_va": 1977184255, "entry_point": 1976933286, "filename": "\\Windows\\SysWOW64\\shlwapi.dll", "id": "region_4719", "name": "shlwapi.dll", "norm_filename": "c:\\windows\\syswow64\\shlwapi.dll", "region_type": "memory_mapped_file", "start_va": 1976827904, "timestamp": "00:01:16.941", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1269760, "start_va": 1974272000, "type": "region", "version": 1 }, "end_va": 1975541759, "entry_point": 1974278965, "filename": "\\Windows\\SysWOW64\\urlmon.dll", "id": "region_4755", "name": "urlmon.dll", "norm_filename": "c:\\windows\\syswow64\\urlmon.dll", "region_type": "memory_mapped_file", "start_va": 1974272000, "timestamp": "00:01:17.197", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1425408, "start_va": 2000093184, "type": "region", "version": 1 }, "end_va": 2001518591, "entry_point": 2000403005, "filename": "\\Windows\\SysWOW64\\ole32.dll", "id": "region_4756", "name": "ole32.dll", "norm_filename": "c:\\windows\\syswow64\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 2000093184, "timestamp": "00:01:17.199", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 585728, "start_va": 1985085440, "type": "region", "version": 1 }, "end_va": 1985671167, "entry_point": 1985101745, "filename": "\\Windows\\SysWOW64\\oleaut32.dll", "id": "region_4757", "name": "oleaut32.dll", "norm_filename": "c:\\windows\\syswow64\\oleaut32.dll", "region_type": "memory_mapped_file", "start_va": 1985085440, "timestamp": "00:01:17.201", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1167360, "start_va": 1983250432, "type": "region", "version": 1 }, "end_va": 1984417791, "entry_point": 1983255946, "filename": "\\Windows\\SysWOW64\\crypt32.dll", "id": "region_4758", "name": "crypt32.dll", "norm_filename": "c:\\windows\\syswow64\\crypt32.dll", "region_type": "memory_mapped_file", "start_va": 1983250432, "timestamp": "00:01:17.202", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1983184896, "type": "region", "version": 1 }, "end_va": 1983234047, "entry_point": 1983193998, "filename": "\\Windows\\SysWOW64\\msasn1.dll", "id": "region_4759", "name": "msasn1.dll", "norm_filename": "c:\\windows\\syswow64\\msasn1.dll", "region_type": "memory_mapped_file", "start_va": 1983184896, "timestamp": "00:01:17.203", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2076672, "start_va": 1978662912, "type": "region", "version": 1 }, "end_va": 1980739583, "entry_point": 1978671833, "filename": "\\Windows\\SysWOW64\\iertutil.dll", "id": "region_4760", "name": "iertutil.dll", "norm_filename": "c:\\windows\\syswow64\\iertutil.dll", "region_type": "memory_mapped_file", "start_va": 1978662912, "timestamp": "00:01:17.204", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 12886016, "start_va": 1985675264, "type": "region", "version": 1 }, "end_va": 1998561279, "entry_point": 1986205185, "filename": "\\Windows\\SysWOW64\\shell32.dll", "id": "region_4761", "name": "shell32.dll", "norm_filename": "c:\\windows\\syswow64\\shell32.dll", "region_type": "memory_mapped_file", "start_va": 1985675264, "timestamp": "00:01:17.205", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 131072, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 262143, "entry_point": 0, "filename": null, "id": "region_4762", "name": "private_0x0000000000020000", "norm_filename": null, "region_type": "private_memory", "start_va": 131072, "timestamp": "00:01:17.208", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 122880, "start_va": 2228224, "type": "region", "version": 1 }, "end_va": 2351103, "entry_point": 2299279, "filename": "\\Windows\\SysWOW64\\imm32.dll", "id": "region_4763", "name": "imm32.dll", "norm_filename": "c:\\windows\\syswow64\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 2228224, "timestamp": "00:01:17.212", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 7012352, "type": "region", "version": 1 }, "end_va": 8617983, "entry_point": 0, "filename": null, "id": "region_4764", "name": "pagefile_0x00000000006b0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 7012352, "timestamp": "00:01:17.213", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1980760064, "type": "region", "version": 1 }, "end_va": 1981153279, "entry_point": 1980831119, "filename": "\\Windows\\SysWOW64\\imm32.dll", "id": "region_4766", "name": "imm32.dll", "norm_filename": "c:\\windows\\syswow64\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 1980760064, "timestamp": "00:01:17.216", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 835584, "start_va": 2003238912, "type": "region", "version": 1 }, "end_va": 2004074495, "entry_point": 2003244683, "filename": "\\Windows\\SysWOW64\\msctf.dll", "id": "region_4767", "name": "msctf.dll", "norm_filename": "c:\\windows\\syswow64\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 2003238912, "timestamp": "00:01:17.217", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 135167, "entry_point": 0, "filename": null, "id": "region_4768", "name": "private_0x0000000000020000", "norm_filename": null, "region_type": "private_memory", "start_va": 131072, "timestamp": "00:01:17.222", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 262143, "entry_point": 0, "filename": null, "id": "region_4769", "name": "private_0x0000000000030000", "norm_filename": null, "region_type": "private_memory", "start_va": 196608, "timestamp": "00:01:17.222", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2228224, "type": "region", "version": 1 }, "end_va": 2232319, "entry_point": 0, "filename": null, "id": "region_4770", "name": "private_0x0000000000220000", "norm_filename": null, "region_type": "private_memory", "start_va": 2228224, "timestamp": "00:01:17.222", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 8650752, "type": "region", "version": 1 }, "end_va": 10227711, "entry_point": 0, "filename": null, "id": "region_4771", "name": "pagefile_0x0000000000840000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 8650752, "timestamp": "00:01:17.222", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20971520, "start_va": 10289152, "type": "region", "version": 1 }, "end_va": 31260671, "entry_point": 0, "filename": null, "id": "region_4772", "name": "pagefile_0x00000000009d0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 10289152, "timestamp": "00:01:17.223", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1179648, "start_va": 4521984, "type": "region", "version": 1 }, "end_va": 5701631, "entry_point": 0, "filename": null, "id": "region_4773", "name": "private_0x0000000000450000", "norm_filename": null, "region_type": "private_memory", "start_va": 4521984, "timestamp": "00:01:17.239", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 5963776, "type": "region", "version": 1 }, "end_va": 7012351, "entry_point": 0, "filename": null, "id": "region_4774", "name": "private_0x00000000005b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 5963776, "timestamp": "00:01:17.239", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 524288, "start_va": 1946025984, "type": "region", "version": 1 }, "end_va": 1946550271, "entry_point": 1946105801, "filename": "\\Windows\\SysWOW64\\uxtheme.dll", "id": "region_4775", "name": "uxtheme.dll", "norm_filename": "c:\\windows\\syswow64\\uxtheme.dll", "region_type": "memory_mapped_file", "start_va": 1946025984, "timestamp": "00:01:17.275", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 2031616, "start_va": 31260672, "type": "region", "version": 1 }, "end_va": 33292287, "entry_point": 0, "filename": null, "id": "region_4776", "name": "private_0x0000000001dd0000", "norm_filename": null, "region_type": "private_memory", "start_va": 31260672, "timestamp": "00:01:17.277", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 913408, "start_va": 2293760, "type": "region", "version": 1 }, "end_va": 3207167, "entry_point": 0, "filename": null, "id": "region_4779", "name": "pagefile_0x0000000000230000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2293760, "timestamp": "00:01:17.389", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "taskhost.exe SYSTEM", "filename": "c:\\windows\\system32\\taskhost.exe", "id": "proc_51", "image_name": "taskhost.exe", "monitor_reason": "child_process", "monitored_id": 51, "origin_monitor_id": 26, "ref_parent_process": { "ref_id": "proc_26", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 131072, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_5547", "name": "private_0x0000000000010000", "norm_filename": null, "region_type": "private_memory", "start_va": 65536, "timestamp": "00:01:26.408", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 212991, "entry_point": 0, "filename": null, "id": "region_5548", "name": "pagefile_0x0000000000030000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 196608, "timestamp": "00:01:26.408", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 1114112, "type": "region", "version": 1 }, "end_va": 1638399, "entry_point": 0, "filename": null, "id": "region_5549", "name": "private_0x0000000000110000", "norm_filename": null, "region_type": "private_memory", "start_va": 1114112, "timestamp": "00:01:26.408", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 2007695360, "type": "region", "version": 1 }, "end_va": 2009436159, "entry_point": 2007695360, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_5550", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2007695360, "timestamp": "00:01:26.408", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16777216, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_5551", "name": "private_0x000000007efe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130575360, "timestamp": "00:01:26.409", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable" ], "ref_process_dump": null, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_5552", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:01:26.409", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 81920, "start_va": 4287889408, "type": "region", "version": 1 }, "end_va": 4287971327, "entry_point": 4287900896, "filename": "\\Windows\\System32\\taskhost.exe", "id": "region_5553", "name": "taskhost.exe", "norm_filename": "c:\\windows\\system32\\taskhost.exe", "region_type": "memory_mapped_file", "start_va": 4287889408, "timestamp": "00:01:26.409", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 8791795761152, "type": "region", "version": 1 }, "end_va": 8791795765247, "entry_point": 8791795761152, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_5554", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 8791795761152, "timestamp": "00:01:26.410", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 8796092694528, "type": "region", "version": 1 }, "end_va": 8796092837887, "entry_point": 0, "filename": null, "id": "region_5555", "name": "pagefile_0x000007fffffb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 8796092694528, "timestamp": "00:01:26.413", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 8796092874752, "type": "region", "version": 1 }, "end_va": 8796092878847, "entry_point": 0, "filename": null, "id": "region_5556", "name": "private_0x000007fffffdc000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092874752, "timestamp": "00:01:26.413", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092882944, "type": "region", "version": 1 }, "end_va": 8796092891135, "entry_point": 0, "filename": null, "id": "region_5557", "name": "private_0x000007fffffde000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092882944, "timestamp": "00:01:26.413", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2752512, "type": "region", "version": 1 }, "end_va": 3801087, "entry_point": 0, "filename": null, "id": "region_6095", "name": "private_0x00000000002a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2752512, "timestamp": "00:01:30.497", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1175552, "start_va": 2006515712, "type": "region", "version": 1 }, "end_va": 2007691263, "entry_point": 2006605472, "filename": "\\Windows\\System32\\kernel32.dll", "id": "region_6096", "name": "kernel32.dll", "norm_filename": "c:\\windows\\system32\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 2006515712, "timestamp": "00:01:30.497", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 438272, "start_va": 8791759060992, "type": "region", "version": 1 }, "end_va": 8791759499263, "entry_point": 8791759073504, "filename": "\\Windows\\System32\\KernelBase.dll", "id": "region_6097", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\system32\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 8791759060992, "timestamp": "00:01:30.498", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_6098", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:01:30.499", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2131623935, "entry_point": 0, "filename": null, "id": "region_6099", "name": "pagefile_0x000000007efe0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130575360, "timestamp": "00:01:30.499", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 15728640, "start_va": 2131623936, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_6100", "name": "private_0x000000007f0e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2131623936, "timestamp": "00:01:30.500", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 684031, "entry_point": 262144, "filename": "\\Windows\\System32\\locale.nls", "id": "region_6101", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 262144, "timestamp": "00:01:30.502", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 651264, "start_va": 8791791435776, "type": "region", "version": 1 }, "end_va": 8791792087039, "entry_point": 8791791445408, "filename": "\\Windows\\System32\\msvcrt.dll", "id": "region_6102", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\system32\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 8791791435776, "timestamp": "00:01:30.502", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2109440, "start_va": 8791792091136, "type": "region", "version": 1 }, "end_va": 8791794200575, "entry_point": 8791792235312, "filename": "\\Windows\\System32\\ole32.dll", "id": "region_6103", "name": "ole32.dll", "norm_filename": "c:\\windows\\system32\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 8791792091136, "timestamp": "00:01:30.504", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 421888, "start_va": 8791794778112, "type": "region", "version": 1 }, "end_va": 8791795199999, "entry_point": 8791794823228, "filename": "\\Windows\\System32\\gdi32.dll", "id": "region_6104", "name": "gdi32.dll", "norm_filename": "c:\\windows\\system32\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 8791794778112, "timestamp": "00:01:30.505", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1024000, "start_va": 2005467136, "type": "region", "version": 1 }, "end_va": 2006491135, "entry_point": 2005574344, "filename": "\\Windows\\System32\\user32.dll", "id": "region_6105", "name": "user32.dll", "norm_filename": "c:\\windows\\system32\\user32.dll", "region_type": "memory_mapped_file", "start_va": 2005467136, "timestamp": "00:01:30.505", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 57344, "start_va": 8791764566016, "type": "region", "version": 1 }, "end_va": 8791764623359, "entry_point": 8791764570240, "filename": "\\Windows\\System32\\lpk.dll", "id": "region_6106", "name": "lpk.dll", "norm_filename": "c:\\windows\\system32\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 8791764566016, "timestamp": "00:01:30.507", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 823296, "start_va": 8791762206720, "type": "region", "version": 1 }, "end_va": 8791763030015, "entry_point": 8791762708596, "filename": "\\Windows\\System32\\usp10.dll", "id": "region_6107", "name": "usp10.dll", "norm_filename": "c:\\windows\\system32\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 8791762206720, "timestamp": "00:01:30.508", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1232896, "start_va": 8791786520576, "type": "region", "version": 1 }, "end_va": 8791787753471, "entry_point": 8791786843472, "filename": "\\Windows\\System32\\rpcrt4.dll", "id": "region_6108", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\system32\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 8791786520576, "timestamp": "00:01:30.510", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 880640, "start_va": 8791784685568, "type": "region", "version": 1 }, "end_va": 8791785566207, "entry_point": 8791784698484, "filename": "\\Windows\\System32\\oleaut32.dll", "id": "region_6109", "name": "oleaut32.dll", "norm_filename": "c:\\windows\\system32\\oleaut32.dll", "region_type": "memory_mapped_file", "start_va": 8791784685568, "timestamp": "00:01:30.511", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1179648, "start_va": 3801088, "type": "region", "version": 1 }, "end_va": 4980735, "entry_point": 0, "filename": null, "id": "region_6110", "name": "private_0x00000000003a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 3801088, "timestamp": "00:01:30.512", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 1638400, "type": "region", "version": 1 }, "end_va": 2686975, "entry_point": 0, "filename": null, "id": "region_6111", "name": "private_0x0000000000190000", "norm_filename": null, "region_type": "private_memory", "start_va": 1638400, "timestamp": "00:01:30.512", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 167936, "start_va": 720896, "type": "region", "version": 1 }, "end_va": 888831, "entry_point": 725008, "filename": "\\Windows\\System32\\imm32.dll", "id": "region_6112", "name": "imm32.dll", "norm_filename": "c:\\windows\\system32\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 720896, "timestamp": "00:01:30.515", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 4980736, "type": "region", "version": 1 }, "end_va": 6586367, "entry_point": 0, "filename": null, "id": "region_6113", "name": "pagefile_0x00000000004c0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 4980736, "timestamp": "00:01:30.515", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 188416, "start_va": 8791766007808, "type": "region", "version": 1 }, "end_va": 8791766196223, "entry_point": 8791766011920, "filename": "\\Windows\\System32\\imm32.dll", "id": "region_6115", "name": "imm32.dll", "norm_filename": "c:\\windows\\system32\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 8791766007808, "timestamp": "00:01:30.518", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1085440, "start_va": 8791763451904, "type": "region", "version": 1 }, "end_va": 8791764537343, "entry_point": 8791763456100, "filename": "\\Windows\\System32\\msctf.dll", "id": "region_6116", "name": "msctf.dll", "norm_filename": "c:\\windows\\system32\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 8791763451904, "timestamp": "00:01:30.519", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 786432, "start_va": 3801088, "type": "region", "version": 1 }, "end_va": 4587519, "entry_point": 0, "filename": null, "id": "region_6117", "name": "pagefile_0x00000000003a0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 3801088, "timestamp": "00:01:30.521", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 4915200, "type": "region", "version": 1 }, "end_va": 4980735, "entry_point": 0, "filename": null, "id": "region_6118", "name": "private_0x00000000004b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 4915200, "timestamp": "00:01:30.521", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 6619136, "type": "region", "version": 1 }, "end_va": 8196095, "entry_point": 0, "filename": null, "id": "region_6119", "name": "pagefile_0x0000000000650000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 6619136, "timestamp": "00:01:30.521", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 28672, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 159743, "entry_point": 0, "filename": null, "id": "region_6121", "name": "pagefile_0x0000000000020000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 131072, "timestamp": "00:01:30.545", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 720896, "type": "region", "version": 1 }, "end_va": 729087, "entry_point": 0, "filename": null, "id": "region_6122", "name": "pagefile_0x00000000000b0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 720896, "timestamp": "00:01:30.545", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 786432, "type": "region", "version": 1 }, "end_va": 790527, "entry_point": 0, "filename": null, "id": "region_6123", "name": "private_0x00000000000c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 786432, "timestamp": "00:01:30.545", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 851968, "type": "region", "version": 1 }, "end_va": 856063, "entry_point": 0, "filename": null, "id": "region_6124", "name": "private_0x00000000000d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 851968, "timestamp": "00:01:30.545", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4141056, "start_va": 8257536, "type": "region", "version": 1 }, "end_va": 12398591, "entry_point": 0, "filename": null, "id": "region_6125", "name": "pagefile_0x00000000007e0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 8257536, "timestamp": "00:01:30.545", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 512000, "start_va": 12451840, "type": "region", "version": 1 }, "end_va": 12963839, "entry_point": 12504776, "filename": "\\Windows\\System32\\rpcss.dll", "id": "region_6126", "name": "rpcss.dll", "norm_filename": "c:\\windows\\system32\\rpcss.dll", "region_type": "memory_mapped_file", "start_va": 12451840, "timestamp": "00:01:30.547", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 61440, "start_va": 8791757094912, "type": "region", "version": 1 }, "end_va": 8791757156351, "entry_point": 8791757099024, "filename": "\\Windows\\System32\\cryptbase.dll", "id": "region_6128", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\system32\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 8791757094912, "timestamp": "00:01:30.550", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 126976, "start_va": 8791765876736, "type": "region", "version": 1 }, "end_va": 8791766003711, "entry_point": 8791765901544, "filename": "\\Windows\\System32\\sechost.dll", "id": "region_6129", "name": "sechost.dll", "norm_filename": "c:\\windows\\system32\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 8791765876736, "timestamp": "00:01:30.553", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 14024704, "type": "region", "version": 1 }, "end_va": 14548991, "entry_point": 0, "filename": null, "id": "region_6130", "name": "private_0x0000000000d60000", "norm_filename": null, "region_type": "private_memory", "start_va": 14024704, "timestamp": "00:01:30.558", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092866560, "type": "region", "version": 1 }, "end_va": 8796092874751, "entry_point": 0, "filename": null, "id": "region_6131", "name": "private_0x000007fffffda000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092866560, "timestamp": "00:01:30.558", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 897024, "start_va": 8791785603072, "type": "region", "version": 1 }, "end_va": 8791786500095, "entry_point": 8791785736032, "filename": "\\Windows\\System32\\advapi32.dll", "id": "region_6132", "name": "advapi32.dll", "norm_filename": "c:\\windows\\system32\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 8791785603072, "timestamp": "00:01:30.560", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 12713984, "type": "region", "version": 1 }, "end_va": 13238271, "entry_point": 0, "filename": null, "id": "region_6133", "name": "private_0x0000000000c20000", "norm_filename": null, "region_type": "private_memory", "start_va": 12713984, "timestamp": "00:01:30.566", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092858368, "type": "region", "version": 1 }, "end_va": 8796092866559, "entry_point": 0, "filename": null, "id": "region_6134", "name": "private_0x000007fffffd8000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092858368, "timestamp": "00:01:30.566", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 14614528, "type": "region", "version": 1 }, "end_va": 15138815, "entry_point": 0, "filename": null, "id": "region_6135", "name": "private_0x0000000000df0000", "norm_filename": null, "region_type": "private_memory", "start_va": 14614528, "timestamp": "00:01:30.567", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1179648, "start_va": 15138816, "type": "region", "version": 1 }, "end_va": 16318463, "entry_point": 0, "filename": null, "id": "region_6136", "name": "private_0x0000000000e70000", "norm_filename": null, "region_type": "private_memory", "start_va": 15138816, "timestamp": "00:01:30.567", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092850176, "type": "region", "version": 1 }, "end_va": 8796092858367, "entry_point": 0, "filename": null, "id": "region_6137", "name": "private_0x000007fffffd6000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092850176, "timestamp": "00:01:30.567", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 16449536, "type": "region", "version": 1 }, "end_va": 16973823, "entry_point": 0, "filename": null, "id": "region_6169", "name": "private_0x0000000000fb0000", "norm_filename": null, "region_type": "private_memory", "start_va": 16449536, "timestamp": "00:01:30.880", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092841984, "type": "region", "version": 1 }, "end_va": 8796092850175, "entry_point": 0, "filename": null, "id": "region_6170", "name": "private_0x000007fffffd4000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092841984, "timestamp": "00:01:30.880", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 917504, "type": "region", "version": 1 }, "end_va": 921599, "entry_point": 0, "filename": null, "id": "region_6171", "name": "pagefile_0x00000000000e0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 917504, "timestamp": "00:01:30.881", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 626688, "start_va": 8791790256128, "type": "region", "version": 1 }, "end_va": 8791790882815, "entry_point": 8791790263312, "filename": "\\Windows\\System32\\clbcatq.dll", "id": "region_6172", "name": "clbcatq.dll", "norm_filename": "c:\\windows\\system32\\clbcatq.dll", "region_type": "memory_mapped_file", "start_va": 8791790256128, "timestamp": "00:01:30.882", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 983040, "type": "region", "version": 1 }, "end_va": 987135, "entry_point": 0, "filename": null, "id": "region_6173", "name": "pagefile_0x00000000000f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 983040, "timestamp": "00:01:30.884", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 57344, "start_va": 8791646863360, "type": "region", "version": 1 }, "end_va": 8791646920703, "entry_point": 8791646887208, "filename": "\\Windows\\System32\\dimsjob.dll", "id": "region_6174", "name": "dimsjob.dll", "norm_filename": "c:\\windows\\system32\\dimsjob.dll", "region_type": "memory_mapped_file", "start_va": 8791646863360, "timestamp": "00:01:30.886", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 462848, "start_va": 8791794253824, "type": "region", "version": 1 }, "end_va": 8791794716671, "entry_point": 8791794327072, "filename": "\\Windows\\System32\\shlwapi.dll", "id": "region_6175", "name": "shlwapi.dll", "norm_filename": "c:\\windows\\system32\\shlwapi.dll", "region_type": "memory_mapped_file", "start_va": 8791794253824, "timestamp": "00:01:30.887", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1208320, "start_va": 8791720722432, "type": "region", "version": 1 }, "end_va": 8791721930751, "entry_point": 8791720726764, "filename": "\\Windows\\System32\\taskschd.dll", "id": "region_6215", "name": "taskschd.dll", "norm_filename": "c:\\windows\\system32\\taskschd.dll", "region_type": "memory_mapped_file", "start_va": 8791720722432, "timestamp": "00:01:30.999", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 151552, "start_va": 8791756898304, "type": "region", "version": 1 }, "end_va": 8791757049855, "entry_point": 8791756936792, "filename": "\\Windows\\System32\\sspicli.dll", "id": "region_6216", "name": "sspicli.dll", "norm_filename": "c:\\windows\\system32\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 8791756898304, "timestamp": "00:01:31.002", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 475136, "start_va": 8791624187904, "type": "region", "version": 1 }, "end_va": 8791624663039, "entry_point": 8791624214256, "filename": "\\Windows\\System32\\netprofm.dll", "id": "region_6217", "name": "netprofm.dll", "norm_filename": "c:\\windows\\system32\\netprofm.dll", "region_type": "memory_mapped_file", "start_va": 8791624187904, "timestamp": "00:01:31.018", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 8791781998592, "type": "region", "version": 1 }, "end_va": 8791782031359, "entry_point": 8791782003972, "filename": "\\Windows\\System32\\nsi.dll", "id": "region_6218", "name": "nsi.dll", "norm_filename": "c:\\windows\\system32\\nsi.dll", "region_type": "memory_mapped_file", "start_va": 8791781998592, "timestamp": "00:01:31.020", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 86016, "start_va": 8791719739392, "type": "region", "version": 1 }, "end_va": 8791719825407, "entry_point": 8791719764184, "filename": "\\Windows\\System32\\nlaapi.dll", "id": "region_6219", "name": "nlaapi.dll", "norm_filename": "c:\\windows\\system32\\nlaapi.dll", "region_type": "memory_mapped_file", "start_va": 8791719739392, "timestamp": "00:01:31.021", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 655360, "start_va": 13238272, "type": "region", "version": 1 }, "end_va": 13893631, "entry_point": 0, "filename": null, "id": "region_6220", "name": "private_0x0000000000ca0000", "norm_filename": null, "region_type": "private_memory", "start_va": 13238272, "timestamp": "00:01:31.022", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 94208, "start_va": 8791750803456, "type": "region", "version": 1 }, "end_va": 8791750897663, "entry_point": 8791750816440, "filename": "\\Windows\\System32\\cryptsp.dll", "id": "region_6221", "name": "cryptsp.dll", "norm_filename": "c:\\windows\\system32\\cryptsp.dll", "region_type": "memory_mapped_file", "start_va": 8791750803456, "timestamp": "00:01:31.025", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 282624, "start_va": 4587520, "type": "region", "version": 1 }, "end_va": 4870143, "entry_point": 4591716, "filename": "\\Windows\\System32\\rsaenh.dll", "id": "region_6222", "name": "rsaenh.dll", "norm_filename": "c:\\windows\\system32\\rsaenh.dll", "region_type": "memory_mapped_file", "start_va": 4587520, "timestamp": "00:01:31.027", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 290816, "start_va": 8791747657728, "type": "region", "version": 1 }, "end_va": 8791747948543, "entry_point": 8791747661924, "filename": "\\Windows\\System32\\rsaenh.dll", "id": "region_6227", "name": "rsaenh.dll", "norm_filename": "c:\\windows\\system32\\rsaenh.dll", "region_type": "memory_mapped_file", "start_va": 8791747657728, "timestamp": "00:01:31.039", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2945024, "start_va": 16973824, "type": "region", "version": 1 }, "end_va": 19918847, "entry_point": 16973824, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_6228", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 16973824, "timestamp": "00:01:31.042", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 81920, "start_va": 8791758077952, "type": "region", "version": 1 }, "end_va": 8791758159871, "entry_point": 8791758082272, "filename": "\\Windows\\System32\\RpcRtRemote.dll", "id": "region_6229", "name": "rpcrtremote.dll", "norm_filename": "c:\\windows\\system32\\rpcrtremote.dll", "region_type": "memory_mapped_file", "start_va": 8791758077952, "timestamp": "00:01:31.044", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 20774912, "type": "region", "version": 1 }, "end_va": 21299199, "entry_point": 0, "filename": null, "id": "region_6230", "name": "private_0x00000000013d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 20774912, "timestamp": "00:01:31.050", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092686336, "type": "region", "version": 1 }, "end_va": 8796092694527, "entry_point": 0, "filename": null, "id": "region_6231", "name": "private_0x000007fffffae000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092686336, "timestamp": "00:01:31.050", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 8791619928064, "type": "region", "version": 1 }, "end_va": 8791619977215, "entry_point": 8791619952684, "filename": "\\Windows\\System32\\npmproxy.dll", "id": "region_6232", "name": "npmproxy.dll", "norm_filename": "c:\\windows\\system32\\npmproxy.dll", "region_type": "memory_mapped_file", "start_va": 8791619928064, "timestamp": "00:01:31.054", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 65536, "start_va": 8791646732288, "type": "region", "version": 1 }, "end_va": 8791646797823, "entry_point": 8791646757452, "filename": "\\Windows\\System32\\pautoenr.dll", "id": "region_6233", "name": "pautoenr.dll", "norm_filename": "c:\\windows\\system32\\pautoenr.dll", "region_type": "memory_mapped_file", "start_va": 8791646732288, "timestamp": "00:01:31.060", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 12288, "start_va": 1048576, "type": "region", "version": 1 }, "end_va": 1060863, "entry_point": 0, "filename": null, "id": "region_6235", "name": "pagefile_0x0000000000100000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1048576, "timestamp": "00:01:31.071", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 335872, "start_va": 8791763058688, "type": "region", "version": 1 }, "end_va": 8791763394559, "entry_point": 8791763062996, "filename": "\\Windows\\System32\\Wldap32.dll", "id": "region_6300", "name": "wldap32.dll", "norm_filename": "c:\\windows\\system32\\wldap32.dll", "region_type": "memory_mapped_file", "start_va": 8791763058688, "timestamp": "00:01:31.265", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 475136, "start_va": 8791644110848, "type": "region", "version": 1 }, "end_va": 8791644585983, "entry_point": 8791644117772, "filename": "\\Windows\\System32\\certcli.dll", "id": "region_6301", "name": "certcli.dll", "norm_filename": "c:\\windows\\system32\\certcli.dll", "region_type": "memory_mapped_file", "start_va": 8791644110848, "timestamp": "00:01:31.266", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 8791719084032, "type": "region", "version": 1 }, "end_va": 8791719186431, "entry_point": 8791719088552, "filename": "\\Windows\\System32\\atl.dll", "id": "region_6302", "name": "atl.dll", "norm_filename": "c:\\windows\\system32\\atl.dll", "region_type": "memory_mapped_file", "start_va": 8791719084032, "timestamp": "00:01:31.268", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1470464, "start_va": 8791760044032, "type": "region", "version": 1 }, "end_va": 8791761514495, "entry_point": 8791760048320, "filename": "\\Windows\\System32\\crypt32.dll", "id": "region_6303", "name": "crypt32.dll", "norm_filename": "c:\\windows\\system32\\crypt32.dll", "region_type": "memory_mapped_file", "start_va": 8791760044032, "timestamp": "00:01:31.269", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 61440, "start_va": 8791758864384, "type": "region", "version": 1 }, "end_va": 8791758925823, "entry_point": 8791758868512, "filename": "\\Windows\\System32\\msasn1.dll", "id": "region_6304", "name": "msasn1.dll", "norm_filename": "c:\\windows\\system32\\msasn1.dll", "region_type": "memory_mapped_file", "start_va": 8791758864384, "timestamp": "00:01:31.270", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1990656, "start_va": 8791600201728, "type": "region", "version": 1 }, "end_va": 8791602192383, "entry_point": 8791600206352, "filename": "\\Windows\\System32\\CertEnroll.dll", "id": "region_6305", "name": "certenroll.dll", "norm_filename": "c:\\windows\\system32\\certenroll.dll", "region_type": "memory_mapped_file", "start_va": 8791600201728, "timestamp": "00:01:31.272", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 8791718952960, "type": "region", "version": 1 }, "end_va": 8791719002111, "entry_point": 8791718958552, "filename": "\\Windows\\System32\\dsrole.dll", "id": "region_6306", "name": "dsrole.dll", "norm_filename": "c:\\windows\\system32\\dsrole.dll", "region_type": "memory_mapped_file", "start_va": 8791718952960, "timestamp": "00:01:31.279", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 21364736, "type": "region", "version": 1 }, "end_va": 21889023, "entry_point": 0, "filename": null, "id": "region_6307", "name": "private_0x0000000001460000", "norm_filename": null, "region_type": "private_memory", "start_va": 21364736, "timestamp": "00:01:31.327", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092678144, "type": "region", "version": 1 }, "end_va": 8796092686335, "entry_point": 0, "filename": null, "id": "region_6308", "name": "private_0x000007fffffac000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092678144, "timestamp": "00:01:31.327", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "C:\\Windows\\system32\\cmd.exe /C Start \"\" \"C:\\Windows\\dispci.exe\" -id 1550063777 && exit", "filename": "c:\\windows\\system32\\cmd.exe", "id": "proc_52", "image_name": "cmd.exe", "monitor_reason": "child_process", "monitored_id": 52, "origin_monitor_id": 19, "ref_parent_process": { "ref_id": "proc_19", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 131072, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_6198", "name": "private_0x0000000000010000", "norm_filename": null, "region_type": "private_memory", "start_va": 65536, "timestamp": "00:01:30.975", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 212991, "entry_point": 0, "filename": null, "id": "region_6199", "name": "pagefile_0x0000000000030000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 196608, "timestamp": "00:01:30.975", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 1769472, "type": "region", "version": 1 }, "end_va": 2818047, "entry_point": 0, "filename": null, "id": "region_6200", "name": "private_0x00000000001b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1769472, "timestamp": "00:01:30.975", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 364544, "start_va": 1250230272, "type": "region", "version": 1 }, "end_va": 1250594815, "entry_point": 1250230272, "filename": "\\Windows\\System32\\cmd.exe", "id": "region_6201", "name": "cmd.exe", "norm_filename": "c:\\windows\\system32\\cmd.exe", "region_type": "memory_mapped_file", "start_va": 1250230272, "timestamp": "00:01:30.975", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 2007695360, "type": "region", "version": 1 }, "end_va": 2009436159, "entry_point": 2007695360, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_6202", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2007695360, "timestamp": "00:01:30.983", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16777216, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_6203", "name": "private_0x000000007efe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130575360, "timestamp": "00:01:30.984", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable" ], "ref_process_dump": null, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_6204", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:01:30.984", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 8791795761152, "type": "region", "version": 1 }, "end_va": 8791795765247, "entry_point": 8791795761152, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_6205", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 8791795761152, "timestamp": "00:01:30.985", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 8796092694528, "type": "region", "version": 1 }, "end_va": 8796092837887, "entry_point": 0, "filename": null, "id": "region_6206", "name": "pagefile_0x000007fffffb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 8796092694528, "timestamp": "00:01:30.989", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 8796092854272, "type": "region", "version": 1 }, "end_va": 8796092858367, "entry_point": 0, "filename": null, "id": "region_6207", "name": "private_0x000007fffffd7000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092854272, "timestamp": "00:01:30.989", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092882944, "type": "region", "version": 1 }, "end_va": 8796092891135, "entry_point": 0, "filename": null, "id": "region_6208", "name": "private_0x000007fffffde000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092882944, "timestamp": "00:01:30.989", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 266239, "entry_point": 0, "filename": null, "id": "region_6211", "name": "pagefile_0x0000000000040000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 262144, "timestamp": "00:01:30.991", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 3538944, "type": "region", "version": 1 }, "end_va": 4587519, "entry_point": 0, "filename": null, "id": "region_6212", "name": "private_0x0000000000360000", "norm_filename": null, "region_type": "private_memory", "start_va": 3538944, "timestamp": "00:01:30.996", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1175552, "start_va": 2006515712, "type": "region", "version": 1 }, "end_va": 2007691263, "entry_point": 2006605472, "filename": "\\Windows\\System32\\kernel32.dll", "id": "region_6213", "name": "kernel32.dll", "norm_filename": "c:\\windows\\system32\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 2006515712, "timestamp": "00:01:30.996", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 438272, "start_va": 8791759060992, "type": "region", "version": 1 }, "end_va": 8791759499263, "entry_point": 8791759073504, "filename": "\\Windows\\System32\\KernelBase.dll", "id": "region_6214", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\system32\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 8791759060992, "timestamp": "00:01:30.997", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_6236", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:01:31.074", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2131623935, "entry_point": 0, "filename": null, "id": "region_6237", "name": "pagefile_0x000000007efe0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130575360, "timestamp": "00:01:31.074", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 15728640, "start_va": 2131623936, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_6238", "name": "private_0x000000007f0e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2131623936, "timestamp": "00:01:31.074", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_6297", "name": "pagefile_0x0000000000020000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 131072, "timestamp": "00:01:31.261", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 327680, "type": "region", "version": 1 }, "end_va": 749567, "entry_point": 327680, "filename": "\\Windows\\System32\\locale.nls", "id": "region_6298", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 327680, "timestamp": "00:01:31.261", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 651264, "start_va": 8791791435776, "type": "region", "version": 1 }, "end_va": 8791792087039, "entry_point": 8791791445408, "filename": "\\Windows\\System32\\msvcrt.dll", "id": "region_6299", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\system32\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 8791791435776, "timestamp": "00:01:31.262", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 8791646732288, "type": "region", "version": 1 }, "end_va": 8791646765055, "entry_point": 8791646736800, "filename": "\\Windows\\System32\\winbrand.dll", "id": "region_6309", "name": "winbrand.dll", "norm_filename": "c:\\windows\\system32\\winbrand.dll", "region_type": "memory_mapped_file", "start_va": 8791646732288, "timestamp": "00:01:31.333", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1024000, "start_va": 2005467136, "type": "region", "version": 1 }, "end_va": 2006491135, "entry_point": 2005574344, "filename": "\\Windows\\System32\\user32.dll", "id": "region_6310", "name": "user32.dll", "norm_filename": "c:\\windows\\system32\\user32.dll", "region_type": "memory_mapped_file", "start_va": 2005467136, "timestamp": "00:01:31.334", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 421888, "start_va": 8791794778112, "type": "region", "version": 1 }, "end_va": 8791795199999, "entry_point": 8791794823228, "filename": "\\Windows\\System32\\gdi32.dll", "id": "region_6311", "name": "gdi32.dll", "norm_filename": "c:\\windows\\system32\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 8791794778112, "timestamp": "00:01:31.335", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 57344, "start_va": 8791764566016, "type": "region", "version": 1 }, "end_va": 8791764623359, "entry_point": 8791764570240, "filename": "\\Windows\\System32\\lpk.dll", "id": "region_6312", "name": "lpk.dll", "norm_filename": "c:\\windows\\system32\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 8791764566016, "timestamp": "00:01:31.337", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 823296, "start_va": 8791762206720, "type": "region", "version": 1 }, "end_va": 8791763030015, "entry_point": 8791762708596, "filename": "\\Windows\\System32\\usp10.dll", "id": "region_6313", "name": "usp10.dll", "norm_filename": "c:\\windows\\system32\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 8791762206720, "timestamp": "00:01:31.339", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1703936, "start_va": 4587520, "type": "region", "version": 1 }, "end_va": 6291455, "entry_point": 0, "filename": null, "id": "region_6314", "name": "private_0x0000000000460000", "norm_filename": null, "region_type": "private_memory", "start_va": 4587520, "timestamp": "00:01:31.340", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 4587520, "type": "region", "version": 1 }, "end_va": 5636095, "entry_point": 0, "filename": null, "id": "region_6315", "name": "private_0x0000000000460000", "norm_filename": null, "region_type": "private_memory", "start_va": 4587520, "timestamp": "00:01:31.341", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 6225920, "type": "region", "version": 1 }, "end_va": 6291455, "entry_point": 0, "filename": null, "id": "region_6316", "name": "private_0x00000000005f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 6225920, "timestamp": "00:01:31.341", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 167936, "start_va": 786432, "type": "region", "version": 1 }, "end_va": 954367, "entry_point": 790544, "filename": "\\Windows\\System32\\imm32.dll", "id": "region_6317", "name": "imm32.dll", "norm_filename": "c:\\windows\\system32\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 786432, "timestamp": "00:01:31.344", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 6291456, "type": "region", "version": 1 }, "end_va": 7897087, "entry_point": 0, "filename": null, "id": "region_6318", "name": "pagefile_0x0000000000600000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 6291456, "timestamp": "00:01:31.345", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 188416, "start_va": 8791766007808, "type": "region", "version": 1 }, "end_va": 8791766196223, "entry_point": 8791766011920, "filename": "\\Windows\\System32\\imm32.dll", "id": "region_6320", "name": "imm32.dll", "norm_filename": "c:\\windows\\system32\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 8791766007808, "timestamp": "00:01:31.347", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1085440, "start_va": 8791763451904, "type": "region", "version": 1 }, "end_va": 8791764537343, "entry_point": 8791763456100, "filename": "\\Windows\\System32\\msctf.dll", "id": "region_6321", "name": "msctf.dll", "norm_filename": "c:\\windows\\system32\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 8791763451904, "timestamp": "00:01:31.348", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 786432, "start_va": 786432, "type": "region", "version": 1 }, "end_va": 1572863, "entry_point": 0, "filename": null, "id": "region_6322", "name": "pagefile_0x00000000000c0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 786432, "timestamp": "00:01:31.351", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 7929856, "type": "region", "version": 1 }, "end_va": 9506815, "entry_point": 0, "filename": null, "id": "region_6323", "name": "pagefile_0x0000000000790000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 7929856, "timestamp": "00:01:31.351", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 28672, "start_va": 1572864, "type": "region", "version": 1 }, "end_va": 1601535, "entry_point": 0, "filename": null, "id": "region_6324", "name": "pagefile_0x0000000000180000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1572864, "timestamp": "00:01:31.355", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 1638400, "type": "region", "version": 1 }, "end_va": 1646591, "entry_point": 0, "filename": null, "id": "region_6325", "name": "pagefile_0x0000000000190000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1638400, "timestamp": "00:01:31.355", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 1703936, "type": "region", "version": 1 }, "end_va": 1708031, "entry_point": 0, "filename": null, "id": "region_6326", "name": "private_0x00000000001a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1703936, "timestamp": "00:01:31.355", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2818048, "type": "region", "version": 1 }, "end_va": 2822143, "entry_point": 0, "filename": null, "id": "region_6327", "name": "private_0x00000000002b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2818048, "timestamp": "00:01:31.355", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 3420160, "start_va": 9568256, "type": "region", "version": 1 }, "end_va": 12988415, "entry_point": 0, "filename": null, "id": "region_6328", "name": "pagefile_0x0000000000920000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 9568256, "timestamp": "00:01:31.355", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "\"C:\\Windows\\dispci.exe\" -id 1550063777 ", "filename": "c:\\windows\\dispci.exe", "id": "proc_54", "image_name": "dispci.exe", "monitor_reason": "child_process", "monitored_id": 54, "origin_monitor_id": 52, "ref_parent_process": { "ref_id": "proc_52", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 131072, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_6330", "name": "private_0x0000000000010000", "norm_filename": null, "region_type": "private_memory", "start_va": 65536, "timestamp": "00:01:31.462", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 204799, "entry_point": 0, "filename": null, "id": "region_6331", "name": "private_0x0000000000030000", "norm_filename": null, "region_type": "private_memory", "start_va": 196608, "timestamp": "00:01:31.462", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 266239, "entry_point": 262144, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_6332", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 262144, "timestamp": "00:01:31.462", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 327680, "type": "region", "version": 1 }, "end_va": 344063, "entry_point": 0, "filename": null, "id": "region_6333", "name": "pagefile_0x0000000000050000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 327680, "timestamp": "00:01:31.465", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 1376256, "type": "region", "version": 1 }, "end_va": 1638399, "entry_point": 0, "filename": null, "id": "region_6334", "name": "private_0x0000000000150000", "norm_filename": null, "region_type": "private_memory", "start_va": 1376256, "timestamp": "00:01:31.465", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2883584, "type": "region", "version": 1 }, "end_va": 3932159, "entry_point": 0, "filename": null, "id": "region_6335", "name": "private_0x00000000002c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2883584, "timestamp": "00:01:31.465", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 368640, "start_va": 8454144, "type": "region", "version": 1 }, "end_va": 8822783, "entry_point": 8454144, "filename": "\\Windows\\dispci.exe", "id": "region_6336", "name": "dispci.exe", "norm_filename": "c:\\windows\\dispci.exe", "region_type": "memory_mapped_file", "start_va": 8454144, "timestamp": "00:01:31.466", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 2007695360, "type": "region", "version": 1 }, "end_va": 2009436159, "entry_point": 2007695360, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_6337", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2007695360, "timestamp": "00:01:31.471", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1572864, "start_va": 2009661440, "type": "region", "version": 1 }, "end_va": 2011234303, "entry_point": 2009661440, "filename": "\\Windows\\SysWOW64\\ntdll.dll", "id": "region_6338", "name": "ntdll.dll", "norm_filename": "c:\\windows\\syswow64\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2009661440, "timestamp": "00:01:31.472", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 2130378752, "type": "region", "version": 1 }, "end_va": 2130522111, "entry_point": 0, "filename": null, "id": "region_6339", "name": "pagefile_0x000000007efb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130378752, "timestamp": "00:01:31.473", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130554880, "type": "region", "version": 1 }, "end_va": 2130567167, "entry_point": 0, "filename": null, "id": "region_6340", "name": "private_0x000000007efdb000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130554880, "timestamp": "00:01:31.473", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2130567168, "type": "region", "version": 1 }, "end_va": 2130571263, "entry_point": 0, "filename": null, "id": "region_6341", "name": "private_0x000000007efde000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130567168, "timestamp": "00:01:31.473", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2130571264, "type": "region", "version": 1 }, "end_va": 2130575359, "entry_point": 0, "filename": null, "id": "region_6342", "name": "private_0x000000007efdf000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130571264, "timestamp": "00:01:31.473", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16777216, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_6343", "name": "private_0x000000007efe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130575360, "timestamp": "00:01:31.473", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable" ], "ref_process_dump": null, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_6344", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:01:31.473", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "ignored_region" ], "info": "No dump was created because this is an ignored region", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8793945538560, "start_va": 2147418112, "type": "region", "version": 1 }, "end_va": 8796092956671, "entry_point": 0, "filename": null, "id": "region_6345", "name": "private_0x000000007fff0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147418112, "timestamp": "00:01:31.473", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 393216, "type": "region", "version": 1 }, "end_va": 397311, "entry_point": 0, "filename": null, "id": "region_6347", "name": "pagefile_0x0000000000060000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 393216, "timestamp": "00:01:31.475", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1179648, "start_va": 1638400, "type": "region", "version": 1 }, "end_va": 2818047, "entry_point": 0, "filename": null, "id": "region_6348", "name": "private_0x0000000000190000", "norm_filename": null, "region_type": "private_memory", "start_va": 1638400, "timestamp": "00:01:31.501", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 258048, "start_va": 1948712960, "type": "region", "version": 1 }, "end_va": 1948971007, "entry_point": 1948900984, "filename": "\\Windows\\System32\\wow64.dll", "id": "region_6349", "name": "wow64.dll", "norm_filename": "c:\\windows\\system32\\wow64.dll", "region_type": "memory_mapped_file", "start_va": 1948712960, "timestamp": "00:01:31.504", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 376832, "start_va": 1948319744, "type": "region", "version": 1 }, "end_va": 1948696575, "entry_point": 1948579736, "filename": "\\Windows\\System32\\wow64win.dll", "id": "region_6350", "name": "wow64win.dll", "norm_filename": "c:\\windows\\system32\\wow64win.dll", "region_type": "memory_mapped_file", "start_va": 1948319744, "timestamp": "00:01:31.505", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1948254208, "type": "region", "version": 1 }, "end_va": 1948286975, "entry_point": 1948262648, "filename": "\\Windows\\System32\\wow64cpu.dll", "id": "region_6351", "name": "wow64cpu.dll", "norm_filename": "c:\\windows\\system32\\wow64cpu.dll", "region_type": "memory_mapped_file", "start_va": 1948254208, "timestamp": "00:01:31.508", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1175552, "start_va": 2006515712, "type": "region", "version": 1 }, "end_va": 2007691263, "entry_point": 2006605472, "filename": "\\Windows\\System32\\kernel32.dll", "id": "region_6352", "name": "kernel32.dll", "norm_filename": "c:\\windows\\system32\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 2006515712, "timestamp": "00:01:31.510", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1114112, "start_va": 1977548800, "type": "region", "version": 1 }, "end_va": 1978662911, "entry_point": 1977627347, "filename": "\\Windows\\SysWOW64\\kernel32.dll", "id": "region_6353", "name": "kernel32.dll", "norm_filename": "c:\\windows\\syswow64\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1977548800, "timestamp": "00:01:31.512", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1175552, "start_va": 2006515712, "type": "region", "version": 1 }, "end_va": 2007691263, "entry_point": 0, "filename": null, "id": "region_6355", "name": "private_0x0000000077990000", "norm_filename": null, "region_type": "private_memory", "start_va": 2006515712, "timestamp": "00:01:31.514", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1024000, "start_va": 2005467136, "type": "region", "version": 1 }, "end_va": 2006491135, "entry_point": 2005574344, "filename": "\\Windows\\System32\\user32.dll", "id": "region_6356", "name": "user32.dll", "norm_filename": "c:\\windows\\system32\\user32.dll", "region_type": "memory_mapped_file", "start_va": 2005467136, "timestamp": "00:01:31.514", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1024000, "start_va": 2005467136, "type": "region", "version": 1 }, "end_va": 2006491135, "entry_point": 0, "filename": null, "id": "region_6357", "name": "private_0x0000000077890000", "norm_filename": null, "region_type": "private_memory", "start_va": 2005467136, "timestamp": "00:01:31.515", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1703936, "start_va": 3932160, "type": "region", "version": 1 }, "end_va": 5636095, "entry_point": 0, "filename": null, "id": "region_6358", "name": "private_0x00000000003c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 3932160, "timestamp": "00:01:31.517", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 286720, "start_va": 1977221120, "type": "region", "version": 1 }, "end_va": 1977507839, "entry_point": 1977250936, "filename": "\\Windows\\SysWOW64\\KernelBase.dll", "id": "region_6360", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\syswow64\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 1977221120, "timestamp": "00:01:31.520", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_6361", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:01:31.522", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2131623935, "entry_point": 0, "filename": null, "id": "region_6362", "name": "pagefile_0x000000007efe0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130575360, "timestamp": "00:01:31.522", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 15728640, "start_va": 2131623936, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_6363", "name": "private_0x000000007f0e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2131623936, "timestamp": "00:01:31.523", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_6410", "name": "pagefile_0x0000000000020000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 131072, "timestamp": "00:01:31.589", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 458752, "type": "region", "version": 1 }, "end_va": 880639, "entry_point": 458752, "filename": "\\Windows\\System32\\locale.nls", "id": "region_6411", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 458752, "timestamp": "00:01:31.589", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2004418560, "type": "region", "version": 1 }, "end_va": 2005467135, "entry_point": 2004530925, "filename": "\\Windows\\SysWOW64\\user32.dll", "id": "region_6412", "name": "user32.dll", "norm_filename": "c:\\windows\\syswow64\\user32.dll", "region_type": "memory_mapped_file", "start_va": 2004418560, "timestamp": "00:01:31.589", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 589824, "start_va": 1982464000, "type": "region", "version": 1 }, "end_va": 1983053823, "entry_point": 1982554947, "filename": "\\Windows\\SysWOW64\\gdi32.dll", "id": "region_6413", "name": "gdi32.dll", "norm_filename": "c:\\windows\\syswow64\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 1982464000, "timestamp": "00:01:31.591", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1999634432, "type": "region", "version": 1 }, "end_va": 1999675391, "entry_point": 1999648416, "filename": "\\Windows\\SysWOW64\\lpk.dll", "id": "region_6414", "name": "lpk.dll", "norm_filename": "c:\\windows\\syswow64\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 1999634432, "timestamp": "00:01:31.592", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 643072, "start_va": 1984430080, "type": "region", "version": 1 }, "end_va": 1985073151, "entry_point": 1984643031, "filename": "\\Windows\\SysWOW64\\usp10.dll", "id": "region_6415", "name": "usp10.dll", "norm_filename": "c:\\windows\\syswow64\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 1984430080, "timestamp": "00:01:31.593", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 704512, "start_va": 1998585856, "type": "region", "version": 1 }, "end_va": 1999290367, "entry_point": 1998627954, "filename": "\\Windows\\SysWOW64\\msvcrt.dll", "id": "region_6416", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\syswow64\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 1998585856, "timestamp": "00:01:31.594", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 655360, "start_va": 2001534976, "type": "region", "version": 1 }, "end_va": 2002190335, "entry_point": 2001619429, "filename": "\\Windows\\SysWOW64\\advapi32.dll", "id": "region_6417", "name": "advapi32.dll", "norm_filename": "c:\\windows\\syswow64\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 2001534976, "timestamp": "00:01:31.596", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 1999503360, "type": "region", "version": 1 }, "end_va": 1999605759, "entry_point": 1999522165, "filename": "\\Windows\\SysWOW64\\sechost.dll", "id": "region_6418", "name": "sechost.dll", "norm_filename": "c:\\windows\\syswow64\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 1999503360, "timestamp": "00:01:31.597", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 983040, "start_va": 1975844864, "type": "region", "version": 1 }, "end_va": 1976827903, "entry_point": 1975911785, "filename": "\\Windows\\SysWOW64\\rpcrt4.dll", "id": "region_6419", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\syswow64\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 1975844864, "timestamp": "00:01:31.599", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1971257344, "type": "region", "version": 1 }, "end_va": 1971650559, "entry_point": 1971364787, "filename": "\\Windows\\SysWOW64\\sspicli.dll", "id": "region_6420", "name": "sspicli.dll", "norm_filename": "c:\\windows\\syswow64\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 1971257344, "timestamp": "00:01:31.600", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1971191808, "type": "region", "version": 1 }, "end_va": 1971240959, "entry_point": 1971196129, "filename": "\\Windows\\SysWOW64\\cryptbase.dll", "id": "region_6421", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\syswow64\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 1971191808, "timestamp": "00:01:31.603", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1425408, "start_va": 2000093184, "type": "region", "version": 1 }, "end_va": 2001518591, "entry_point": 2000403005, "filename": "\\Windows\\SysWOW64\\ole32.dll", "id": "region_6422", "name": "ole32.dll", "norm_filename": "c:\\windows\\syswow64\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 2000093184, "timestamp": "00:01:31.605", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1167360, "start_va": 1983250432, "type": "region", "version": 1 }, "end_va": 1984417791, "entry_point": 1983255946, "filename": "\\Windows\\SysWOW64\\crypt32.dll", "id": "region_6423", "name": "crypt32.dll", "norm_filename": "c:\\windows\\syswow64\\crypt32.dll", "region_type": "memory_mapped_file", "start_va": 1983250432, "timestamp": "00:01:31.607", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1983184896, "type": "region", "version": 1 }, "end_va": 1983234047, "entry_point": 1983193998, "filename": "\\Windows\\SysWOW64\\msasn1.dll", "id": "region_6424", "name": "msasn1.dll", "norm_filename": "c:\\windows\\syswow64\\msasn1.dll", "region_type": "memory_mapped_file", "start_va": 1983184896, "timestamp": "00:01:31.608", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 356352, "start_va": 1976827904, "type": "region", "version": 1 }, "end_va": 1977184255, "entry_point": 1976933286, "filename": "\\Windows\\SysWOW64\\shlwapi.dll", "id": "region_6425", "name": "shlwapi.dll", "norm_filename": "c:\\windows\\syswow64\\shlwapi.dll", "region_type": "memory_mapped_file", "start_va": 1976827904, "timestamp": "00:01:31.610", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 20480, "start_va": 1975779328, "type": "region", "version": 1 }, "end_va": 1975799807, "entry_point": 1975784504, "filename": "\\Windows\\SysWOW64\\psapi.dll", "id": "region_6426", "name": "psapi.dll", "norm_filename": "c:\\windows\\syswow64\\psapi.dll", "region_type": "memory_mapped_file", "start_va": 1975779328, "timestamp": "00:01:31.611", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 69632, "start_va": 1970798592, "type": "region", "version": 1 }, "end_va": 1970868223, "entry_point": 1970798592, "filename": "\\Windows\\SysWOW64\\netapi32.dll", "id": "region_6427", "name": "netapi32.dll", "norm_filename": "c:\\windows\\syswow64\\netapi32.dll", "region_type": "memory_mapped_file", "start_va": 1970798592, "timestamp": "00:01:31.616", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 36864, "start_va": 1970995200, "type": "region", "version": 1 }, "end_va": 1971032063, "entry_point": 1970995200, "filename": "\\Windows\\SysWOW64\\netutils.dll", "id": "region_6431", "name": "netutils.dll", "norm_filename": "c:\\windows\\syswow64\\netutils.dll", "region_type": "memory_mapped_file", "start_va": 1970995200, "timestamp": "00:01:31.685", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 1969487872, "type": "region", "version": 1 }, "end_va": 1969590271, "entry_point": 1969487872, "filename": "\\Windows\\SysWOW64\\srvcli.dll", "id": "region_6433", "name": "srvcli.dll", "norm_filename": "c:\\windows\\syswow64\\srvcli.dll", "region_type": "memory_mapped_file", "start_va": 1969487872, "timestamp": "00:01:31.745", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 61440, "start_va": 1970733056, "type": "region", "version": 1 }, "end_va": 1970794495, "entry_point": 1970733056, "filename": "\\Windows\\SysWOW64\\wkscli.dll", "id": "region_6436", "name": "wkscli.dll", "norm_filename": "c:\\windows\\syswow64\\wkscli.dll", "region_type": "memory_mapped_file", "start_va": 1970733056, "timestamp": "00:01:31.807", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 262143, "entry_point": 0, "filename": null, "id": "region_6437", "name": "private_0x0000000000030000", "norm_filename": null, "region_type": "private_memory", "start_va": 196608, "timestamp": "00:01:31.879", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 122880, "start_va": 917504, "type": "region", "version": 1 }, "end_va": 1040383, "entry_point": 988559, "filename": "\\Windows\\SysWOW64\\imm32.dll", "id": "region_6477", "name": "imm32.dll", "norm_filename": "c:\\windows\\syswow64\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 917504, "timestamp": "00:01:31.926", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 5636096, "type": "region", "version": 1 }, "end_va": 7241727, "entry_point": 0, "filename": null, "id": "region_6478", "name": "pagefile_0x0000000000560000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 5636096, "timestamp": "00:01:31.926", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1980760064, "type": "region", "version": 1 }, "end_va": 1981153279, "entry_point": 1980831119, "filename": "\\Windows\\SysWOW64\\imm32.dll", "id": "region_6480", "name": "imm32.dll", "norm_filename": "c:\\windows\\syswow64\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 1980760064, "timestamp": "00:01:31.929", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 835584, "start_va": 2003238912, "type": "region", "version": 1 }, "end_va": 2004074495, "entry_point": 2003244683, "filename": "\\Windows\\SysWOW64\\msctf.dll", "id": "region_6481", "name": "msctf.dll", "norm_filename": "c:\\windows\\syswow64\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 2003238912, "timestamp": "00:01:31.930", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 786432, "start_va": 7274496, "type": "region", "version": 1 }, "end_va": 8060927, "entry_point": 0, "filename": null, "id": "region_6482", "name": "pagefile_0x00000000006f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 7274496, "timestamp": "00:01:31.934", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 8847360, "type": "region", "version": 1 }, "end_va": 10424319, "entry_point": 0, "filename": null, "id": "region_6483", "name": "pagefile_0x0000000000870000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 8847360, "timestamp": "00:01:31.934", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 917504, "type": "region", "version": 1 }, "end_va": 921599, "entry_point": 0, "filename": null, "id": "region_6484", "name": "private_0x00000000000e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 917504, "timestamp": "00:01:31.936", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 983040, "type": "region", "version": 1 }, "end_va": 987135, "entry_point": 0, "filename": null, "id": "region_6485", "name": "private_0x00000000000f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 983040, "timestamp": "00:01:31.936", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 2097152, "start_va": 10485760, "type": "region", "version": 1 }, "end_va": 12582911, "entry_point": 0, "filename": null, "id": "region_6486", "name": "private_0x0000000000a00000", "norm_filename": null, "region_type": "private_memory", "start_va": 10485760, "timestamp": "00:01:31.939", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 8192, "start_va": 1048576, "type": "region", "version": 1 }, "end_va": 1056767, "entry_point": 0, "filename": null, "id": "region_6487", "name": "private_0x0000000000100000", "norm_filename": null, "region_type": "private_memory", "start_va": 1048576, "timestamp": "00:01:31.948", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 90112, "start_va": 1969356800, "type": "region", "version": 1 }, "end_va": 1969446911, "entry_point": 1969368515, "filename": "\\Windows\\SysWOW64\\cryptsp.dll", "id": "region_6488", "name": "cryptsp.dll", "norm_filename": "c:\\windows\\syswow64\\cryptsp.dll", "region_type": "memory_mapped_file", "start_va": 1969356800, "timestamp": "00:01:31.949", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 245760, "start_va": 1114112, "type": "region", "version": 1 }, "end_va": 1359871, "entry_point": 1118861, "filename": "\\Windows\\SysWOW64\\rsaenh.dll", "id": "region_6489", "name": "rsaenh.dll", "norm_filename": "c:\\windows\\syswow64\\rsaenh.dll", "region_type": "memory_mapped_file", "start_va": 1114112, "timestamp": "00:01:31.951", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 241664, "start_va": 1969094656, "type": "region", "version": 1 }, "end_va": 1969336319, "entry_point": 1969099405, "filename": "\\Windows\\SysWOW64\\rsaenh.dll", "id": "region_6494", "name": "rsaenh.dll", "norm_filename": "c:\\windows\\syswow64\\rsaenh.dll", "region_type": "memory_mapped_file", "start_va": 1969094656, "timestamp": "00:01:31.961", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2945024, "start_va": 12582912, "type": "region", "version": 1 }, "end_va": 15527935, "entry_point": 12582912, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_6495", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 12582912, "timestamp": "00:01:31.967", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 12886016, "start_va": 1985675264, "type": "region", "version": 1 }, "end_va": 1998561279, "entry_point": 1986205185, "filename": "\\Windows\\SysWOW64\\shell32.dll", "id": "region_6496", "name": "shell32.dll", "norm_filename": "c:\\windows\\syswow64\\shell32.dll", "region_type": "memory_mapped_file", "start_va": 1985675264, "timestamp": "00:01:31.969", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 1114112, "type": "region", "version": 1 }, "end_va": 1118207, "entry_point": 0, "filename": null, "id": "region_6497", "name": "pagefile_0x0000000000110000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1114112, "timestamp": "00:01:31.971", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 45056, "start_va": 1969029120, "type": "region", "version": 1 }, "end_va": 1969074175, "entry_point": 1969035666, "filename": "\\Windows\\SysWOW64\\profapi.dll", "id": "region_6498", "name": "profapi.dll", "norm_filename": "c:\\windows\\syswow64\\profapi.dll", "region_type": "memory_mapped_file", "start_va": 1969029120, "timestamp": "00:01:31.972", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 1638400, "type": "region", "version": 1 }, "end_va": 1900543, "entry_point": 0, "filename": null, "id": "region_6499", "name": "private_0x0000000000190000", "norm_filename": null, "region_type": "private_memory", "start_va": 1638400, "timestamp": "00:01:31.985", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 2293760, "type": "region", "version": 1 }, "end_va": 2818047, "entry_point": 0, "filename": null, "id": "region_6500", "name": "private_0x0000000000230000", "norm_filename": null, "region_type": "private_memory", "start_va": 2293760, "timestamp": "00:01:31.985", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 15794176, "type": "region", "version": 1 }, "end_va": 16842751, "entry_point": 0, "filename": null, "id": "region_6501", "name": "private_0x0000000000f10000", "norm_filename": null, "region_type": "private_memory", "start_va": 15794176, "timestamp": "00:01:31.985", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130542592, "type": "region", "version": 1 }, "end_va": 2130554879, "entry_point": 0, "filename": null, "id": "region_6502", "name": "private_0x000000007efd8000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130542592, "timestamp": "00:01:31.985", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 1179648, "type": "region", "version": 1 }, "end_va": 1183743, "entry_point": 0, "filename": null, "id": "region_6538", "name": "private_0x0000000000120000", "norm_filename": null, "region_type": "private_memory", "start_va": 1179648, "timestamp": "00:01:32.013", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 11206656, "type": "region", "version": 1 }, "end_va": 11468799, "entry_point": 0, "filename": null, "id": "region_6539", "name": "private_0x0000000000ab0000", "norm_filename": null, "region_type": "private_memory", "start_va": 11206656, "timestamp": "00:01:32.013", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 12517376, "type": "region", "version": 1 }, "end_va": 12582911, "entry_point": 0, "filename": null, "id": "region_6540", "name": "private_0x0000000000bf0000", "norm_filename": null, "region_type": "private_memory", "start_va": 12517376, "timestamp": "00:01:32.013", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 17170432, "type": "region", "version": 1 }, "end_va": 18219007, "entry_point": 0, "filename": null, "id": "region_6541", "name": "private_0x0000000001060000", "norm_filename": null, "region_type": "private_memory", "start_va": 17170432, "timestamp": "00:01:32.013", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130530304, "type": "region", "version": 1 }, "end_va": 2130542591, "entry_point": 0, "filename": null, "id": "region_6542", "name": "private_0x000000007efd5000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130530304, "timestamp": "00:01:32.013", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 1245184, "type": "region", "version": 1 }, "end_va": 1249279, "entry_point": 1245184, "filename": "\\Windows\\SysWOW64\\tzres.dll", "id": "region_6597", "name": "tzres.dll", "norm_filename": "c:\\windows\\syswow64\\tzres.dll", "region_type": "memory_mapped_file", "start_va": 1245184, "timestamp": "00:01:32.075", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 28672, "start_va": 1310720, "type": "region", "version": 1 }, "end_va": 1339391, "entry_point": 0, "filename": null, "id": "region_6598", "name": "pagefile_0x0000000000140000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1310720, "timestamp": "00:01:32.077", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 1900544, "type": "region", "version": 1 }, "end_va": 1908735, "entry_point": 0, "filename": null, "id": "region_6599", "name": "pagefile_0x00000000001d0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1900544, "timestamp": "00:01:32.077", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4141056, "start_va": 18219008, "type": "region", "version": 1 }, "end_va": 22360063, "entry_point": 0, "filename": null, "id": "region_6600", "name": "pagefile_0x0000000001160000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 18219008, "timestamp": "00:01:32.077", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 10616832, "type": "region", "version": 1 }, "end_va": 10878975, "entry_point": 0, "filename": null, "id": "region_6602", "name": "private_0x0000000000a20000", "norm_filename": null, "region_type": "private_memory", "start_va": 10616832, "timestamp": "00:01:32.081", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 22478848, "type": "region", "version": 1 }, "end_va": 23527423, "entry_point": 0, "filename": null, "id": "region_6603", "name": "private_0x0000000001570000", "norm_filename": null, "region_type": "private_memory", "start_va": 22478848, "timestamp": "00:01:32.081", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 45056, "start_va": 1968963584, "type": "region", "version": 1 }, "end_va": 1969008639, "entry_point": 1968963584, "filename": "\\Windows\\SysWOW64\\cscapi.dll", "id": "region_6604", "name": "cscapi.dll", "norm_filename": "c:\\windows\\syswow64\\cscapi.dll", "region_type": "memory_mapped_file", "start_va": 1968963584, "timestamp": "00:01:32.082", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130366464, "type": "region", "version": 1 }, "end_va": 2130378751, "entry_point": 0, "filename": null, "id": "region_6605", "name": "private_0x000000007efad000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130366464, "timestamp": "00:01:32.087", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 1245184, "type": "region", "version": 1 }, "end_va": 1249279, "entry_point": 0, "filename": null, "id": "region_6680", "name": "private_0x0000000000130000", "norm_filename": null, "region_type": "private_memory", "start_va": 1245184, "timestamp": "00:01:32.185", "type": "region", "version": 1 } ], "terminate_reason": "timeout", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "/c schtasks /Delete /F /TN rhaegal", "filename": "c:\\windows\\syswow64\\cmd.exe", "id": "proc_56", "image_name": "cmd.exe", "monitor_reason": "child_process", "monitored_id": 56, "origin_monitor_id": 54, "ref_parent_process": { "ref_id": "proc_54", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 131072, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_6503", "name": "private_0x0000000000010000", "norm_filename": null, "region_type": "private_memory", "start_va": 65536, "timestamp": "00:01:31.992", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 204799, "entry_point": 0, "filename": null, "id": "region_6504", "name": "private_0x0000000000030000", "norm_filename": null, "region_type": "private_memory", "start_va": 196608, "timestamp": "00:01:31.992", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 266239, "entry_point": 262144, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_6505", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 262144, "timestamp": "00:01:31.992", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 327680, "type": "region", "version": 1 }, "end_va": 344063, "entry_point": 0, "filename": null, "id": "region_6506", "name": "pagefile_0x0000000000050000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 327680, "timestamp": "00:01:31.995", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 983040, "type": "region", "version": 1 }, "end_va": 1245183, "entry_point": 0, "filename": null, "id": "region_6507", "name": "private_0x00000000000f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 983040, "timestamp": "00:01:31.995", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2162688, "type": "region", "version": 1 }, "end_va": 3211263, "entry_point": 0, "filename": null, "id": "region_6508", "name": "private_0x0000000000210000", "norm_filename": null, "region_type": "private_memory", "start_va": 2162688, "timestamp": "00:01:31.995", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 311296, "start_va": 1248067584, "type": "region", "version": 1 }, "end_va": 1248378879, "entry_point": 1248067584, "filename": "\\Windows\\SysWOW64\\cmd.exe", "id": "region_6509", "name": "cmd.exe", "norm_filename": "c:\\windows\\syswow64\\cmd.exe", "region_type": "memory_mapped_file", "start_va": 1248067584, "timestamp": "00:01:31.995", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 2007695360, "type": "region", "version": 1 }, "end_va": 2009436159, "entry_point": 2007695360, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_6510", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2007695360, "timestamp": "00:01:31.999", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1572864, "start_va": 2009661440, "type": "region", "version": 1 }, "end_va": 2011234303, "entry_point": 2009661440, "filename": "\\Windows\\SysWOW64\\ntdll.dll", "id": "region_6511", "name": "ntdll.dll", "norm_filename": "c:\\windows\\syswow64\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2009661440, "timestamp": "00:01:32.000", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 2130378752, "type": "region", "version": 1 }, "end_va": 2130522111, "entry_point": 0, "filename": null, "id": "region_6512", "name": "pagefile_0x000000007efb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130378752, "timestamp": "00:01:32.000", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130554880, "type": "region", "version": 1 }, "end_va": 2130567167, "entry_point": 0, "filename": null, "id": "region_6513", "name": "private_0x000000007efdb000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130554880, "timestamp": "00:01:32.000", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2130567168, "type": "region", "version": 1 }, "end_va": 2130571263, "entry_point": 0, "filename": null, "id": "region_6514", "name": "private_0x000000007efde000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130567168, "timestamp": "00:01:32.000", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2130571264, "type": "region", "version": 1 }, "end_va": 2130575359, "entry_point": 0, "filename": null, "id": "region_6515", "name": "private_0x000000007efdf000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130571264, "timestamp": "00:01:32.000", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16777216, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_6516", "name": "private_0x000000007efe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130575360, "timestamp": "00:01:32.001", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable" ], "ref_process_dump": null, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_6517", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:01:32.001", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "ignored_region" ], "info": "No dump was created because this is an ignored region", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8793945538560, "start_va": 2147418112, "type": "region", "version": 1 }, "end_va": 8796092956671, "entry_point": 0, "filename": null, "id": "region_6518", "name": "private_0x000000007fff0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147418112, "timestamp": "00:01:32.001", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 393216, "type": "region", "version": 1 }, "end_va": 397311, "entry_point": 0, "filename": null, "id": "region_6520", "name": "pagefile_0x0000000000060000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 393216, "timestamp": "00:01:32.002", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1114112, "start_va": 3211264, "type": "region", "version": 1 }, "end_va": 4325375, "entry_point": 0, "filename": null, "id": "region_6543", "name": "private_0x0000000000310000", "norm_filename": null, "region_type": "private_memory", "start_va": 3211264, "timestamp": "00:01:32.018", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 258048, "start_va": 1948712960, "type": "region", "version": 1 }, "end_va": 1948971007, "entry_point": 1948900984, "filename": "\\Windows\\System32\\wow64.dll", "id": "region_6544", "name": "wow64.dll", "norm_filename": "c:\\windows\\system32\\wow64.dll", "region_type": "memory_mapped_file", "start_va": 1948712960, "timestamp": "00:01:32.019", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 376832, "start_va": 1948319744, "type": "region", "version": 1 }, "end_va": 1948696575, "entry_point": 1948579736, "filename": "\\Windows\\System32\\wow64win.dll", "id": "region_6545", "name": "wow64win.dll", "norm_filename": "c:\\windows\\system32\\wow64win.dll", "region_type": "memory_mapped_file", "start_va": 1948319744, "timestamp": "00:01:32.021", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1948254208, "type": "region", "version": 1 }, "end_va": 1948286975, "entry_point": 1948262648, "filename": "\\Windows\\System32\\wow64cpu.dll", "id": "region_6546", "name": "wow64cpu.dll", "norm_filename": "c:\\windows\\system32\\wow64cpu.dll", "region_type": "memory_mapped_file", "start_va": 1948254208, "timestamp": "00:01:32.022", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1175552, "start_va": 2006515712, "type": "region", "version": 1 }, "end_va": 2007691263, "entry_point": 2006605472, "filename": "\\Windows\\System32\\kernel32.dll", "id": "region_6547", "name": "kernel32.dll", "norm_filename": "c:\\windows\\system32\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 2006515712, "timestamp": "00:01:32.024", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1114112, "start_va": 1977548800, "type": "region", "version": 1 }, "end_va": 1978662911, "entry_point": 1977627347, "filename": "\\Windows\\SysWOW64\\kernel32.dll", "id": "region_6548", "name": "kernel32.dll", "norm_filename": "c:\\windows\\syswow64\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1977548800, "timestamp": "00:01:32.025", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1175552, "start_va": 2006515712, "type": "region", "version": 1 }, "end_va": 2007691263, "entry_point": 0, "filename": null, "id": "region_6550", "name": "private_0x0000000077990000", "norm_filename": null, "region_type": "private_memory", "start_va": 2006515712, "timestamp": "00:01:32.029", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1024000, "start_va": 2005467136, "type": "region", "version": 1 }, "end_va": 2006491135, "entry_point": 2005574344, "filename": "\\Windows\\System32\\user32.dll", "id": "region_6551", "name": "user32.dll", "norm_filename": "c:\\windows\\system32\\user32.dll", "region_type": "memory_mapped_file", "start_va": 2005467136, "timestamp": "00:01:32.029", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1024000, "start_va": 2005467136, "type": "region", "version": 1 }, "end_va": 2006491135, "entry_point": 0, "filename": null, "id": "region_6552", "name": "private_0x0000000077890000", "norm_filename": null, "region_type": "private_memory", "start_va": 2005467136, "timestamp": "00:01:32.029", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1638400, "start_va": 4325376, "type": "region", "version": 1 }, "end_va": 5963775, "entry_point": 0, "filename": null, "id": "region_6553", "name": "private_0x0000000000420000", "norm_filename": null, "region_type": "private_memory", "start_va": 4325376, "timestamp": "00:01:32.031", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 286720, "start_va": 1977221120, "type": "region", "version": 1 }, "end_va": 1977507839, "entry_point": 1977250936, "filename": "\\Windows\\SysWOW64\\KernelBase.dll", "id": "region_6555", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\syswow64\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 1977221120, "timestamp": "00:01:32.034", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_6556", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:01:32.036", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2131623935, "entry_point": 0, "filename": null, "id": "region_6557", "name": "pagefile_0x000000007efe0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130575360, "timestamp": "00:01:32.036", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 15728640, "start_va": 2131623936, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_6558", "name": "private_0x000000007f0e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2131623936, "timestamp": "00:01:32.037", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_6613", "name": "pagefile_0x0000000000020000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 131072, "timestamp": "00:01:32.098", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 458752, "type": "region", "version": 1 }, "end_va": 880639, "entry_point": 458752, "filename": "\\Windows\\System32\\locale.nls", "id": "region_6614", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 458752, "timestamp": "00:01:32.098", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 704512, "start_va": 1998585856, "type": "region", "version": 1 }, "end_va": 1999290367, "entry_point": 1998627954, "filename": "\\Windows\\SysWOW64\\msvcrt.dll", "id": "region_6615", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\syswow64\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 1998585856, "timestamp": "00:01:32.098", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 28672, "start_va": 1968898048, "type": "region", "version": 1 }, "end_va": 1968926719, "entry_point": 1968898048, "filename": "\\Windows\\SysWOW64\\winbrand.dll", "id": "region_6844", "name": "winbrand.dll", "norm_filename": "c:\\windows\\syswow64\\winbrand.dll", "region_type": "memory_mapped_file", "start_va": 1968898048, "timestamp": "00:01:33.618", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2004418560, "type": "region", "version": 1 }, "end_va": 2005467135, "entry_point": 2004530925, "filename": "\\Windows\\SysWOW64\\user32.dll", "id": "region_6845", "name": "user32.dll", "norm_filename": "c:\\windows\\syswow64\\user32.dll", "region_type": "memory_mapped_file", "start_va": 2004418560, "timestamp": "00:01:33.670", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 589824, "start_va": 1982464000, "type": "region", "version": 1 }, "end_va": 1983053823, "entry_point": 1982554947, "filename": "\\Windows\\SysWOW64\\gdi32.dll", "id": "region_6846", "name": "gdi32.dll", "norm_filename": "c:\\windows\\syswow64\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 1982464000, "timestamp": "00:01:33.686", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1999634432, "type": "region", "version": 1 }, "end_va": 1999675391, "entry_point": 1999648416, "filename": "\\Windows\\SysWOW64\\lpk.dll", "id": "region_6847", "name": "lpk.dll", "norm_filename": "c:\\windows\\syswow64\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 1999634432, "timestamp": "00:01:33.702", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 643072, "start_va": 1984430080, "type": "region", "version": 1 }, "end_va": 1985073151, "entry_point": 1984643031, "filename": "\\Windows\\SysWOW64\\usp10.dll", "id": "region_6848", "name": "usp10.dll", "norm_filename": "c:\\windows\\syswow64\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 1984430080, "timestamp": "00:01:33.717", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 655360, "start_va": 2001534976, "type": "region", "version": 1 }, "end_va": 2002190335, "entry_point": 2001619429, "filename": "\\Windows\\SysWOW64\\advapi32.dll", "id": "region_6849", "name": "advapi32.dll", "norm_filename": "c:\\windows\\syswow64\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 2001534976, "timestamp": "00:01:33.747", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 1999503360, "type": "region", "version": 1 }, "end_va": 1999605759, "entry_point": 1999522165, "filename": "\\Windows\\SysWOW64\\sechost.dll", "id": "region_6850", "name": "sechost.dll", "norm_filename": "c:\\windows\\syswow64\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 1999503360, "timestamp": "00:01:33.763", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 983040, "start_va": 1975844864, "type": "region", "version": 1 }, "end_va": 1976827903, "entry_point": 1975911785, "filename": "\\Windows\\SysWOW64\\rpcrt4.dll", "id": "region_6851", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\syswow64\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 1975844864, "timestamp": "00:01:33.791", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1971257344, "type": "region", "version": 1 }, "end_va": 1971650559, "entry_point": 1971364787, "filename": "\\Windows\\SysWOW64\\sspicli.dll", "id": "region_6852", "name": "sspicli.dll", "norm_filename": "c:\\windows\\syswow64\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 1971257344, "timestamp": "00:01:33.794", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1971191808, "type": "region", "version": 1 }, "end_va": 1971240959, "entry_point": 1971196129, "filename": "\\Windows\\SysWOW64\\cryptbase.dll", "id": "region_6853", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\syswow64\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 1971191808, "timestamp": "00:01:33.808", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1441792, "start_va": 5963776, "type": "region", "version": 1 }, "end_va": 7405567, "entry_point": 0, "filename": null, "id": "region_7117", "name": "private_0x00000000005b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 5963776, "timestamp": "00:01:35.726", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 122880, "start_va": 1245184, "type": "region", "version": 1 }, "end_va": 1368063, "entry_point": 1316239, "filename": "\\Windows\\SysWOW64\\imm32.dll", "id": "region_7118", "name": "imm32.dll", "norm_filename": "c:\\windows\\syswow64\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 1245184, "timestamp": "00:01:35.729", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 7405568, "type": "region", "version": 1 }, "end_va": 9011199, "entry_point": 0, "filename": null, "id": "region_7119", "name": "pagefile_0x0000000000710000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 7405568, "timestamp": "00:01:35.730", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1980760064, "type": "region", "version": 1 }, "end_va": 1981153279, "entry_point": 1980831119, "filename": "\\Windows\\SysWOW64\\imm32.dll", "id": "region_7121", "name": "imm32.dll", "norm_filename": "c:\\windows\\syswow64\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 1980760064, "timestamp": "00:01:35.732", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 835584, "start_va": 2003238912, "type": "region", "version": 1 }, "end_va": 2004074495, "entry_point": 2003244683, "filename": "\\Windows\\SysWOW64\\msctf.dll", "id": "region_7122", "name": "msctf.dll", "norm_filename": "c:\\windows\\syswow64\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 2003238912, "timestamp": "00:01:35.732", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 786432, "start_va": 1245184, "type": "region", "version": 1 }, "end_va": 2031615, "entry_point": 0, "filename": null, "id": "region_7123", "name": "pagefile_0x0000000000130000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1245184, "timestamp": "00:01:35.735", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 9043968, "type": "region", "version": 1 }, "end_va": 10620927, "entry_point": 0, "filename": null, "id": "region_7124", "name": "pagefile_0x00000000008a0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 9043968, "timestamp": "00:01:35.735", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 28672, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 225279, "entry_point": 0, "filename": null, "id": "region_7125", "name": "pagefile_0x0000000000030000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 196608, "timestamp": "00:01:35.740", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 917504, "type": "region", "version": 1 }, "end_va": 925695, "entry_point": 0, "filename": null, "id": "region_7126", "name": "pagefile_0x00000000000e0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 917504, "timestamp": "00:01:35.740", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2031616, "type": "region", "version": 1 }, "end_va": 2035711, "entry_point": 0, "filename": null, "id": "region_7127", "name": "private_0x00000000001f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2031616, "timestamp": "00:01:35.740", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2097152, "type": "region", "version": 1 }, "end_va": 2101247, "entry_point": 0, "filename": null, "id": "region_7128", "name": "private_0x0000000000200000", "norm_filename": null, "region_type": "private_memory", "start_va": 2097152, "timestamp": "00:01:35.740", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 3420160, "start_va": 10682368, "type": "region", "version": 1 }, "end_va": 14102527, "entry_point": 0, "filename": null, "id": "region_7129", "name": "pagefile_0x0000000000a30000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 10682368, "timestamp": "00:01:35.740", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2945024, "start_va": 14155776, "type": "region", "version": 1 }, "end_va": 17100799, "entry_point": 14155776, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_7130", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 14155776, "timestamp": "00:01:35.776", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "/c schtasks /Delete /F /TN drogon", "filename": "c:\\windows\\syswow64\\cmd.exe", "id": "proc_57", "image_name": "cmd.exe", "monitor_reason": "child_process", "monitored_id": 57, "origin_monitor_id": 54, "ref_parent_process": { "ref_id": "proc_54", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 131072, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_6521", "name": "private_0x0000000000010000", "norm_filename": null, "region_type": "private_memory", "start_va": 65536, "timestamp": "00:01:32.006", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 204799, "entry_point": 0, "filename": null, "id": "region_6522", "name": "private_0x0000000000030000", "norm_filename": null, "region_type": "private_memory", "start_va": 196608, "timestamp": "00:01:32.006", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 266239, "entry_point": 262144, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_6523", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 262144, "timestamp": "00:01:32.006", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 327680, "type": "region", "version": 1 }, "end_va": 344063, "entry_point": 0, "filename": null, "id": "region_6524", "name": "pagefile_0x0000000000050000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 327680, "timestamp": "00:01:32.009", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 720896, "type": "region", "version": 1 }, "end_va": 983039, "entry_point": 0, "filename": null, "id": "region_6525", "name": "private_0x00000000000b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 720896, "timestamp": "00:01:32.009", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 1638400, "type": "region", "version": 1 }, "end_va": 2686975, "entry_point": 0, "filename": null, "id": "region_6526", "name": "private_0x0000000000190000", "norm_filename": null, "region_type": "private_memory", "start_va": 1638400, "timestamp": "00:01:32.009", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 311296, "start_va": 1248067584, "type": "region", "version": 1 }, "end_va": 1248378879, "entry_point": 1248101018, "filename": "\\Windows\\SysWOW64\\cmd.exe", "id": "region_6527", "name": "cmd.exe", "norm_filename": "c:\\windows\\syswow64\\cmd.exe", "region_type": "memory_mapped_file", "start_va": 1248067584, "timestamp": "00:01:32.009", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 2007695360, "type": "region", "version": 1 }, "end_va": 2009436159, "entry_point": 2007695360, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_6528", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2007695360, "timestamp": "00:01:32.009", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1572864, "start_va": 2009661440, "type": "region", "version": 1 }, "end_va": 2011234303, "entry_point": 2009661440, "filename": "\\Windows\\SysWOW64\\ntdll.dll", "id": "region_6529", "name": "ntdll.dll", "norm_filename": "c:\\windows\\syswow64\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2009661440, "timestamp": "00:01:32.010", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 2130378752, "type": "region", "version": 1 }, "end_va": 2130522111, "entry_point": 0, "filename": null, "id": "region_6530", "name": "pagefile_0x000000007efb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130378752, "timestamp": "00:01:32.011", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130554880, "type": "region", "version": 1 }, "end_va": 2130567167, "entry_point": 0, "filename": null, "id": "region_6531", "name": "private_0x000000007efdb000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130554880, "timestamp": "00:01:32.011", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2130567168, "type": "region", "version": 1 }, "end_va": 2130571263, "entry_point": 0, "filename": null, "id": "region_6532", "name": "private_0x000000007efde000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130567168, "timestamp": "00:01:32.011", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2130571264, "type": "region", "version": 1 }, "end_va": 2130575359, "entry_point": 0, "filename": null, "id": "region_6533", "name": "private_0x000000007efdf000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130571264, "timestamp": "00:01:32.011", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16777216, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_6534", "name": "private_0x000000007efe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130575360, "timestamp": "00:01:32.011", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable" ], "ref_process_dump": null, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_6535", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:01:32.011", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "ignored_region" ], "info": "No dump was created because this is an ignored region", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8793945538560, "start_va": 2147418112, "type": "region", "version": 1 }, "end_va": 8796092956671, "entry_point": 0, "filename": null, "id": "region_6536", "name": "private_0x000000007fff0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147418112, "timestamp": "00:01:32.011", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 393216, "type": "region", "version": 1 }, "end_va": 397311, "entry_point": 0, "filename": null, "id": "region_6537", "name": "pagefile_0x0000000000060000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 393216, "timestamp": "00:01:32.011", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 2359296, "start_va": 2686976, "type": "region", "version": 1 }, "end_va": 5046271, "entry_point": 0, "filename": null, "id": "region_6616", "name": "private_0x0000000000290000", "norm_filename": null, "region_type": "private_memory", "start_va": 2686976, "timestamp": "00:01:32.101", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 258048, "start_va": 1948712960, "type": "region", "version": 1 }, "end_va": 1948971007, "entry_point": 1948900984, "filename": "\\Windows\\System32\\wow64.dll", "id": "region_6617", "name": "wow64.dll", "norm_filename": "c:\\windows\\system32\\wow64.dll", "region_type": "memory_mapped_file", "start_va": 1948712960, "timestamp": "00:01:32.103", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 376832, "start_va": 1948319744, "type": "region", "version": 1 }, "end_va": 1948696575, "entry_point": 1948579736, "filename": "\\Windows\\System32\\wow64win.dll", "id": "region_6618", "name": "wow64win.dll", "norm_filename": "c:\\windows\\system32\\wow64win.dll", "region_type": "memory_mapped_file", "start_va": 1948319744, "timestamp": "00:01:32.104", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1948254208, "type": "region", "version": 1 }, "end_va": 1948286975, "entry_point": 1948262648, "filename": "\\Windows\\System32\\wow64cpu.dll", "id": "region_6619", "name": "wow64cpu.dll", "norm_filename": "c:\\windows\\system32\\wow64cpu.dll", "region_type": "memory_mapped_file", "start_va": 1948254208, "timestamp": "00:01:32.105", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1175552, "start_va": 2006515712, "type": "region", "version": 1 }, "end_va": 2007691263, "entry_point": 2006605472, "filename": "\\Windows\\System32\\kernel32.dll", "id": "region_6620", "name": "kernel32.dll", "norm_filename": "c:\\windows\\system32\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 2006515712, "timestamp": "00:01:32.107", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1114112, "start_va": 1977548800, "type": "region", "version": 1 }, "end_va": 1978662911, "entry_point": 1977627347, "filename": "\\Windows\\SysWOW64\\kernel32.dll", "id": "region_6621", "name": "kernel32.dll", "norm_filename": "c:\\windows\\syswow64\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1977548800, "timestamp": "00:01:32.108", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1175552, "start_va": 2006515712, "type": "region", "version": 1 }, "end_va": 2007691263, "entry_point": 0, "filename": null, "id": "region_6623", "name": "private_0x0000000077990000", "norm_filename": null, "region_type": "private_memory", "start_va": 2006515712, "timestamp": "00:01:32.109", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1024000, "start_va": 2005467136, "type": "region", "version": 1 }, "end_va": 2006491135, "entry_point": 2005574344, "filename": "\\Windows\\System32\\user32.dll", "id": "region_6624", "name": "user32.dll", "norm_filename": "c:\\windows\\system32\\user32.dll", "region_type": "memory_mapped_file", "start_va": 2005467136, "timestamp": "00:01:32.110", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1024000, "start_va": 2005467136, "type": "region", "version": 1 }, "end_va": 2006491135, "entry_point": 0, "filename": null, "id": "region_6625", "name": "private_0x0000000077890000", "norm_filename": null, "region_type": "private_memory", "start_va": 2005467136, "timestamp": "00:01:32.111", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 2883584, "start_va": 5046272, "type": "region", "version": 1 }, "end_va": 7929855, "entry_point": 0, "filename": null, "id": "region_6626", "name": "private_0x00000000004d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 5046272, "timestamp": "00:01:32.112", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 286720, "start_va": 1977221120, "type": "region", "version": 1 }, "end_va": 1977507839, "entry_point": 1977250936, "filename": "\\Windows\\SysWOW64\\KernelBase.dll", "id": "region_6628", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\syswow64\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 1977221120, "timestamp": "00:01:32.116", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_6629", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:01:32.118", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2131623935, "entry_point": 0, "filename": null, "id": "region_6630", "name": "pagefile_0x000000007efe0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130575360, "timestamp": "00:01:32.118", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 15728640, "start_va": 2131623936, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_6631", "name": "private_0x000000007f0e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2131623936, "timestamp": "00:01:32.118", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_6677", "name": "pagefile_0x0000000000020000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 131072, "timestamp": "00:01:32.181", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 983040, "type": "region", "version": 1 }, "end_va": 1404927, "entry_point": 983040, "filename": "\\Windows\\System32\\locale.nls", "id": "region_6678", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 983040, "timestamp": "00:01:32.182", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 704512, "start_va": 1998585856, "type": "region", "version": 1 }, "end_va": 1999290367, "entry_point": 1998627954, "filename": "\\Windows\\SysWOW64\\msvcrt.dll", "id": "region_6679", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\syswow64\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 1998585856, "timestamp": "00:01:32.182", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 28672, "start_va": 1968898048, "type": "region", "version": 1 }, "end_va": 1968926719, "entry_point": 1968902704, "filename": "\\Windows\\SysWOW64\\winbrand.dll", "id": "region_6854", "name": "winbrand.dll", "norm_filename": "c:\\windows\\syswow64\\winbrand.dll", "region_type": "memory_mapped_file", "start_va": 1968898048, "timestamp": "00:01:33.862", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2004418560, "type": "region", "version": 1 }, "end_va": 2005467135, "entry_point": 2004530925, "filename": "\\Windows\\SysWOW64\\user32.dll", "id": "region_7098", "name": "user32.dll", "norm_filename": "c:\\windows\\syswow64\\user32.dll", "region_type": "memory_mapped_file", "start_va": 2004418560, "timestamp": "00:01:35.408", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 589824, "start_va": 1982464000, "type": "region", "version": 1 }, "end_va": 1983053823, "entry_point": 1982554947, "filename": "\\Windows\\SysWOW64\\gdi32.dll", "id": "region_7099", "name": "gdi32.dll", "norm_filename": "c:\\windows\\syswow64\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 1982464000, "timestamp": "00:01:35.425", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1999634432, "type": "region", "version": 1 }, "end_va": 1999675391, "entry_point": 1999648416, "filename": "\\Windows\\SysWOW64\\lpk.dll", "id": "region_7100", "name": "lpk.dll", "norm_filename": "c:\\windows\\syswow64\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 1999634432, "timestamp": "00:01:35.466", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 643072, "start_va": 1984430080, "type": "region", "version": 1 }, "end_va": 1985073151, "entry_point": 1984643031, "filename": "\\Windows\\SysWOW64\\usp10.dll", "id": "region_7101", "name": "usp10.dll", "norm_filename": "c:\\windows\\syswow64\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 1984430080, "timestamp": "00:01:35.481", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 655360, "start_va": 2001534976, "type": "region", "version": 1 }, "end_va": 2002190335, "entry_point": 2001619429, "filename": "\\Windows\\SysWOW64\\advapi32.dll", "id": "region_7102", "name": "advapi32.dll", "norm_filename": "c:\\windows\\syswow64\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 2001534976, "timestamp": "00:01:35.499", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 1999503360, "type": "region", "version": 1 }, "end_va": 1999605759, "entry_point": 1999522165, "filename": "\\Windows\\SysWOW64\\sechost.dll", "id": "region_7103", "name": "sechost.dll", "norm_filename": "c:\\windows\\syswow64\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 1999503360, "timestamp": "00:01:35.527", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 983040, "start_va": 1975844864, "type": "region", "version": 1 }, "end_va": 1976827903, "entry_point": 1975911785, "filename": "\\Windows\\SysWOW64\\rpcrt4.dll", "id": "region_7104", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\syswow64\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 1975844864, "timestamp": "00:01:35.561", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1971257344, "type": "region", "version": 1 }, "end_va": 1971650559, "entry_point": 1971364787, "filename": "\\Windows\\SysWOW64\\sspicli.dll", "id": "region_7105", "name": "sspicli.dll", "norm_filename": "c:\\windows\\syswow64\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 1971257344, "timestamp": "00:01:35.591", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1971191808, "type": "region", "version": 1 }, "end_va": 1971240959, "entry_point": 1971196129, "filename": "\\Windows\\SysWOW64\\cryptbase.dll", "id": "region_7106", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\syswow64\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 1971191808, "timestamp": "00:01:35.617", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 983040, "start_va": 2686976, "type": "region", "version": 1 }, "end_va": 3670015, "entry_point": 0, "filename": null, "id": "region_7168", "name": "private_0x0000000000290000", "norm_filename": null, "region_type": "private_memory", "start_va": 2686976, "timestamp": "00:01:36.973", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 4521984, "type": "region", "version": 1 }, "end_va": 5046271, "entry_point": 0, "filename": null, "id": "region_7169", "name": "private_0x0000000000450000", "norm_filename": null, "region_type": "private_memory", "start_va": 4521984, "timestamp": "00:01:36.973", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 122880, "start_va": 458752, "type": "region", "version": 1 }, "end_va": 581631, "entry_point": 529807, "filename": "\\Windows\\SysWOW64\\imm32.dll", "id": "region_7171", "name": "imm32.dll", "norm_filename": "c:\\windows\\syswow64\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 458752, "timestamp": "00:01:37.082", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 5046272, "type": "region", "version": 1 }, "end_va": 6651903, "entry_point": 0, "filename": null, "id": "region_7172", "name": "pagefile_0x00000000004d0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 5046272, "timestamp": "00:01:37.082", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 6881280, "type": "region", "version": 1 }, "end_va": 7929855, "entry_point": 0, "filename": null, "id": "region_7173", "name": "private_0x0000000000690000", "norm_filename": null, "region_type": "private_memory", "start_va": 6881280, "timestamp": "00:01:37.082", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1980760064, "type": "region", "version": 1 }, "end_va": 1981153279, "entry_point": 1980831119, "filename": "\\Windows\\SysWOW64\\imm32.dll", "id": "region_7175", "name": "imm32.dll", "norm_filename": "c:\\windows\\syswow64\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 1980760064, "timestamp": "00:01:37.130", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 835584, "start_va": 2003238912, "type": "region", "version": 1 }, "end_va": 2004074495, "entry_point": 2003244683, "filename": "\\Windows\\SysWOW64\\msctf.dll", "id": "region_7176", "name": "msctf.dll", "norm_filename": "c:\\windows\\syswow64\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 2003238912, "timestamp": "00:01:37.137", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 786432, "start_va": 2686976, "type": "region", "version": 1 }, "end_va": 3473407, "entry_point": 0, "filename": null, "id": "region_7177", "name": "pagefile_0x0000000000290000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2686976, "timestamp": "00:01:37.140", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 3604480, "type": "region", "version": 1 }, "end_va": 3670015, "entry_point": 0, "filename": null, "id": "region_7178", "name": "private_0x0000000000370000", "norm_filename": null, "region_type": "private_memory", "start_va": 3604480, "timestamp": "00:01:37.140", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 7929856, "type": "region", "version": 1 }, "end_va": 9506815, "entry_point": 0, "filename": null, "id": "region_7179", "name": "pagefile_0x0000000000790000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 7929856, "timestamp": "00:01:37.140", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 28672, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 225279, "entry_point": 0, "filename": null, "id": "region_7181", "name": "pagefile_0x0000000000030000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 196608, "timestamp": "00:01:37.196", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 458752, "type": "region", "version": 1 }, "end_va": 466943, "entry_point": 0, "filename": null, "id": "region_7182", "name": "pagefile_0x0000000000070000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 458752, "timestamp": "00:01:37.196", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 524288, "type": "region", "version": 1 }, "end_va": 528383, "entry_point": 0, "filename": null, "id": "region_7183", "name": "private_0x0000000000080000", "norm_filename": null, "region_type": "private_memory", "start_va": 524288, "timestamp": "00:01:37.196", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 589824, "type": "region", "version": 1 }, "end_va": 593919, "entry_point": 0, "filename": null, "id": "region_7184", "name": "private_0x0000000000090000", "norm_filename": null, "region_type": "private_memory", "start_va": 589824, "timestamp": "00:01:37.196", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 3420160, "start_va": 9568256, "type": "region", "version": 1 }, "end_va": 12988415, "entry_point": 0, "filename": null, "id": "region_7185", "name": "pagefile_0x0000000000920000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 9568256, "timestamp": "00:01:37.196", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2945024, "start_va": 13041664, "type": "region", "version": 1 }, "end_va": 15986687, "entry_point": 13041664, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_7186", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 13041664, "timestamp": "00:01:37.868", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "/c schtasks /Create /SC ONCE /TN viserion_1 /RU SYSTEM /TR \"C:\\Windows\\system32\\shutdown.exe /r /t 0 /f\" /ST 02:20:00", "filename": "c:\\windows\\syswow64\\cmd.exe", "id": "proc_60", "image_name": "cmd.exe", "monitor_reason": "child_process", "monitored_id": 60, "origin_monitor_id": 54, "ref_parent_process": { "ref_id": "proc_54", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 131072, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_6681", "name": "private_0x0000000000010000", "norm_filename": null, "region_type": "private_memory", "start_va": 65536, "timestamp": "00:01:32.201", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 204799, "entry_point": 0, "filename": null, "id": "region_6682", "name": "private_0x0000000000030000", "norm_filename": null, "region_type": "private_memory", "start_va": 196608, "timestamp": "00:01:32.201", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 266239, "entry_point": 262144, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_6683", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 262144, "timestamp": "00:01:32.201", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 327680, "type": "region", "version": 1 }, "end_va": 344063, "entry_point": 0, "filename": null, "id": "region_6684", "name": "pagefile_0x0000000000050000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 327680, "timestamp": "00:01:32.204", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 1114112, "type": "region", "version": 1 }, "end_va": 1376255, "entry_point": 0, "filename": null, "id": "region_6685", "name": "private_0x0000000000110000", "norm_filename": null, "region_type": "private_memory", "start_va": 1114112, "timestamp": "00:01:32.204", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2293760, "type": "region", "version": 1 }, "end_va": 3342335, "entry_point": 0, "filename": null, "id": "region_6686", "name": "private_0x0000000000230000", "norm_filename": null, "region_type": "private_memory", "start_va": 2293760, "timestamp": "00:01:32.204", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 311296, "start_va": 1248067584, "type": "region", "version": 1 }, "end_va": 1248378879, "entry_point": 1248101018, "filename": "\\Windows\\SysWOW64\\cmd.exe", "id": "region_6687", "name": "cmd.exe", "norm_filename": "c:\\windows\\syswow64\\cmd.exe", "region_type": "memory_mapped_file", "start_va": 1248067584, "timestamp": "00:01:32.204", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 2007695360, "type": "region", "version": 1 }, "end_va": 2009436159, "entry_point": 2007695360, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_6688", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2007695360, "timestamp": "00:01:32.205", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1572864, "start_va": 2009661440, "type": "region", "version": 1 }, "end_va": 2011234303, "entry_point": 2009661440, "filename": "\\Windows\\SysWOW64\\ntdll.dll", "id": "region_6689", "name": "ntdll.dll", "norm_filename": "c:\\windows\\syswow64\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2009661440, "timestamp": "00:01:32.205", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 2130378752, "type": "region", "version": 1 }, "end_va": 2130522111, "entry_point": 0, "filename": null, "id": "region_6690", "name": "pagefile_0x000000007efb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130378752, "timestamp": "00:01:32.205", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130554880, "type": "region", "version": 1 }, "end_va": 2130567167, "entry_point": 0, "filename": null, "id": "region_6691", "name": "private_0x000000007efdb000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130554880, "timestamp": "00:01:32.205", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2130567168, "type": "region", "version": 1 }, "end_va": 2130571263, "entry_point": 0, "filename": null, "id": "region_6692", "name": "private_0x000000007efde000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130567168, "timestamp": "00:01:32.205", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2130571264, "type": "region", "version": 1 }, "end_va": 2130575359, "entry_point": 0, "filename": null, "id": "region_6693", "name": "private_0x000000007efdf000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130571264, "timestamp": "00:01:32.205", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16777216, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_6694", "name": "private_0x000000007efe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130575360, "timestamp": "00:01:32.206", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable" ], "ref_process_dump": null, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_6695", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:01:32.206", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "ignored_region" ], "info": "No dump was created because this is an ignored region", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8793945538560, "start_va": 2147418112, "type": "region", "version": 1 }, "end_va": 8796092956671, "entry_point": 0, "filename": null, "id": "region_6696", "name": "private_0x000000007fff0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147418112, "timestamp": "00:01:32.206", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 393216, "type": "region", "version": 1 }, "end_va": 397311, "entry_point": 0, "filename": null, "id": "region_6697", "name": "pagefile_0x0000000000060000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 393216, "timestamp": "00:01:32.207", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1703936, "start_va": 3342336, "type": "region", "version": 1 }, "end_va": 5046271, "entry_point": 0, "filename": null, "id": "region_6698", "name": "private_0x0000000000330000", "norm_filename": null, "region_type": "private_memory", "start_va": 3342336, "timestamp": "00:01:32.312", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 258048, "start_va": 1948712960, "type": "region", "version": 1 }, "end_va": 1948971007, "entry_point": 1948900984, "filename": "\\Windows\\System32\\wow64.dll", "id": "region_6699", "name": "wow64.dll", "norm_filename": "c:\\windows\\system32\\wow64.dll", "region_type": "memory_mapped_file", "start_va": 1948712960, "timestamp": "00:01:32.331", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 376832, "start_va": 1948319744, "type": "region", "version": 1 }, "end_va": 1948696575, "entry_point": 1948579736, "filename": "\\Windows\\System32\\wow64win.dll", "id": "region_6700", "name": "wow64win.dll", "norm_filename": "c:\\windows\\system32\\wow64win.dll", "region_type": "memory_mapped_file", "start_va": 1948319744, "timestamp": "00:01:32.333", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1948254208, "type": "region", "version": 1 }, "end_va": 1948286975, "entry_point": 1948262648, "filename": "\\Windows\\System32\\wow64cpu.dll", "id": "region_6701", "name": "wow64cpu.dll", "norm_filename": "c:\\windows\\system32\\wow64cpu.dll", "region_type": "memory_mapped_file", "start_va": 1948254208, "timestamp": "00:01:32.334", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1175552, "start_va": 2006515712, "type": "region", "version": 1 }, "end_va": 2007691263, "entry_point": 2006605472, "filename": "\\Windows\\System32\\kernel32.dll", "id": "region_6702", "name": "kernel32.dll", "norm_filename": "c:\\windows\\system32\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 2006515712, "timestamp": "00:01:32.379", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1114112, "start_va": 1977548800, "type": "region", "version": 1 }, "end_va": 1978662911, "entry_point": 1977627347, "filename": "\\Windows\\SysWOW64\\kernel32.dll", "id": "region_6703", "name": "kernel32.dll", "norm_filename": "c:\\windows\\syswow64\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1977548800, "timestamp": "00:01:32.403", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1175552, "start_va": 2006515712, "type": "region", "version": 1 }, "end_va": 2007691263, "entry_point": 0, "filename": null, "id": "region_6705", "name": "private_0x0000000077990000", "norm_filename": null, "region_type": "private_memory", "start_va": 2006515712, "timestamp": "00:01:32.407", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1024000, "start_va": 2005467136, "type": "region", "version": 1 }, "end_va": 2006491135, "entry_point": 2005574344, "filename": "\\Windows\\System32\\user32.dll", "id": "region_6706", "name": "user32.dll", "norm_filename": "c:\\windows\\system32\\user32.dll", "region_type": "memory_mapped_file", "start_va": 2005467136, "timestamp": "00:01:32.420", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1024000, "start_va": 2005467136, "type": "region", "version": 1 }, "end_va": 2006491135, "entry_point": 0, "filename": null, "id": "region_6707", "name": "private_0x0000000077890000", "norm_filename": null, "region_type": "private_memory", "start_va": 2005467136, "timestamp": "00:01:32.420", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 2228224, "start_va": 5046272, "type": "region", "version": 1 }, "end_va": 7274495, "entry_point": 0, "filename": null, "id": "region_6708", "name": "private_0x00000000004d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 5046272, "timestamp": "00:01:32.440", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 286720, "start_va": 1977221120, "type": "region", "version": 1 }, "end_va": 1977507839, "entry_point": 1977250936, "filename": "\\Windows\\SysWOW64\\KernelBase.dll", "id": "region_6710", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\syswow64\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 1977221120, "timestamp": "00:01:32.527", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_6711", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:01:32.618", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2131623935, "entry_point": 0, "filename": null, "id": "region_6712", "name": "pagefile_0x000000007efe0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130575360, "timestamp": "00:01:32.618", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 15728640, "start_va": 2131623936, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_6713", "name": "private_0x000000007f0e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2131623936, "timestamp": "00:01:32.619", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_6776", "name": "pagefile_0x0000000000020000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 131072, "timestamp": "00:01:32.787", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 458752, "type": "region", "version": 1 }, "end_va": 880639, "entry_point": 458752, "filename": "\\Windows\\System32\\locale.nls", "id": "region_6777", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 458752, "timestamp": "00:01:32.787", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 704512, "start_va": 1998585856, "type": "region", "version": 1 }, "end_va": 1999290367, "entry_point": 1998627954, "filename": "\\Windows\\SysWOW64\\msvcrt.dll", "id": "region_6778", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\syswow64\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 1998585856, "timestamp": "00:01:32.787", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 28672, "start_va": 1968898048, "type": "region", "version": 1 }, "end_va": 1968926719, "entry_point": 1968902704, "filename": "\\Windows\\SysWOW64\\winbrand.dll", "id": "region_7107", "name": "winbrand.dll", "norm_filename": "c:\\windows\\syswow64\\winbrand.dll", "region_type": "memory_mapped_file", "start_va": 1968898048, "timestamp": "00:01:35.692", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2004418560, "type": "region", "version": 1 }, "end_va": 2005467135, "entry_point": 2004530925, "filename": "\\Windows\\SysWOW64\\user32.dll", "id": "region_7108", "name": "user32.dll", "norm_filename": "c:\\windows\\syswow64\\user32.dll", "region_type": "memory_mapped_file", "start_va": 2004418560, "timestamp": "00:01:35.717", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 589824, "start_va": 1982464000, "type": "region", "version": 1 }, "end_va": 1983053823, "entry_point": 1982554947, "filename": "\\Windows\\SysWOW64\\gdi32.dll", "id": "region_7109", "name": "gdi32.dll", "norm_filename": "c:\\windows\\syswow64\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 1982464000, "timestamp": "00:01:35.719", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1999634432, "type": "region", "version": 1 }, "end_va": 1999675391, "entry_point": 1999648416, "filename": "\\Windows\\SysWOW64\\lpk.dll", "id": "region_7110", "name": "lpk.dll", "norm_filename": "c:\\windows\\syswow64\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 1999634432, "timestamp": "00:01:35.720", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 643072, "start_va": 1984430080, "type": "region", "version": 1 }, "end_va": 1985073151, "entry_point": 1984643031, "filename": "\\Windows\\SysWOW64\\usp10.dll", "id": "region_7111", "name": "usp10.dll", "norm_filename": "c:\\windows\\syswow64\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 1984430080, "timestamp": "00:01:35.721", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 655360, "start_va": 2001534976, "type": "region", "version": 1 }, "end_va": 2002190335, "entry_point": 2001619429, "filename": "\\Windows\\SysWOW64\\advapi32.dll", "id": "region_7112", "name": "advapi32.dll", "norm_filename": "c:\\windows\\syswow64\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 2001534976, "timestamp": "00:01:35.722", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 1999503360, "type": "region", "version": 1 }, "end_va": 1999605759, "entry_point": 1999522165, "filename": "\\Windows\\SysWOW64\\sechost.dll", "id": "region_7113", "name": "sechost.dll", "norm_filename": "c:\\windows\\syswow64\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 1999503360, "timestamp": "00:01:35.723", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 983040, "start_va": 1975844864, "type": "region", "version": 1 }, "end_va": 1976827903, "entry_point": 1975911785, "filename": "\\Windows\\SysWOW64\\rpcrt4.dll", "id": "region_7114", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\syswow64\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 1975844864, "timestamp": "00:01:35.723", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1971257344, "type": "region", "version": 1 }, "end_va": 1971650559, "entry_point": 1971364787, "filename": "\\Windows\\SysWOW64\\sspicli.dll", "id": "region_7115", "name": "sspicli.dll", "norm_filename": "c:\\windows\\syswow64\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 1971257344, "timestamp": "00:01:35.724", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1971191808, "type": "region", "version": 1 }, "end_va": 1971240959, "entry_point": 1971196129, "filename": "\\Windows\\SysWOW64\\cryptbase.dll", "id": "region_7116", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\syswow64\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 1971191808, "timestamp": "00:01:35.724", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 3342336, "type": "region", "version": 1 }, "end_va": 4390911, "entry_point": 0, "filename": null, "id": "region_7155", "name": "private_0x0000000000330000", "norm_filename": null, "region_type": "private_memory", "start_va": 3342336, "timestamp": "00:01:35.853", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 4521984, "type": "region", "version": 1 }, "end_va": 5046271, "entry_point": 0, "filename": null, "id": "region_7156", "name": "private_0x0000000000450000", "norm_filename": null, "region_type": "private_memory", "start_va": 4521984, "timestamp": "00:01:35.853", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 7274496, "type": "region", "version": 1 }, "end_va": 8880127, "entry_point": 0, "filename": null, "id": "region_7157", "name": "pagefile_0x00000000006f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 7274496, "timestamp": "00:01:36.012", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1980760064, "type": "region", "version": 1 }, "end_va": 1981153279, "entry_point": 1980831119, "filename": "\\Windows\\SysWOW64\\imm32.dll", "id": "region_7158", "name": "imm32.dll", "norm_filename": "c:\\windows\\syswow64\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 1980760064, "timestamp": "00:01:36.012", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 835584, "start_va": 2003238912, "type": "region", "version": 1 }, "end_va": 2004074495, "entry_point": 2003244683, "filename": "\\Windows\\SysWOW64\\msctf.dll", "id": "region_7159", "name": "msctf.dll", "norm_filename": "c:\\windows\\syswow64\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 2003238912, "timestamp": "00:01:36.012", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 786432, "start_va": 1376256, "type": "region", "version": 1 }, "end_va": 2162687, "entry_point": 0, "filename": null, "id": "region_7160", "name": "pagefile_0x0000000000150000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1376256, "timestamp": "00:01:36.015", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 8912896, "type": "region", "version": 1 }, "end_va": 10489855, "entry_point": 0, "filename": null, "id": "region_7161", "name": "pagefile_0x0000000000880000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 8912896, "timestamp": "00:01:36.015", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 28672, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 225279, "entry_point": 0, "filename": null, "id": "region_7162", "name": "pagefile_0x0000000000030000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 196608, "timestamp": "00:01:36.122", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 917504, "type": "region", "version": 1 }, "end_va": 925695, "entry_point": 0, "filename": null, "id": "region_7163", "name": "pagefile_0x00000000000e0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 917504, "timestamp": "00:01:36.123", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 983040, "type": "region", "version": 1 }, "end_va": 987135, "entry_point": 0, "filename": null, "id": "region_7164", "name": "private_0x00000000000f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 983040, "timestamp": "00:01:36.123", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 1048576, "type": "region", "version": 1 }, "end_va": 1052671, "entry_point": 0, "filename": null, "id": "region_7165", "name": "private_0x0000000000100000", "norm_filename": null, "region_type": "private_memory", "start_va": 1048576, "timestamp": "00:01:36.123", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 3420160, "start_va": 10551296, "type": "region", "version": 1 }, "end_va": 13971455, "entry_point": 0, "filename": null, "id": "region_7166", "name": "pagefile_0x0000000000a10000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 10551296, "timestamp": "00:01:36.123", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2945024, "start_va": 14024704, "type": "region", "version": 1 }, "end_va": 16969727, "entry_point": 14024704, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_7167", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 14024704, "timestamp": "00:01:36.939", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "/c schtasks /Delete /F /TN viserion_0", "filename": "c:\\windows\\syswow64\\cmd.exe", "id": "proc_62", "image_name": "cmd.exe", "monitor_reason": "child_process", "monitored_id": 62, "origin_monitor_id": 54, "ref_parent_process": { "ref_id": "proc_54", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 131072, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_6727", "name": "private_0x0000000000010000", "norm_filename": null, "region_type": "private_memory", "start_va": 65536, "timestamp": "00:01:32.712", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 204799, "entry_point": 0, "filename": null, "id": "region_6728", "name": "private_0x0000000000030000", "norm_filename": null, "region_type": "private_memory", "start_va": 196608, "timestamp": "00:01:32.712", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 266239, "entry_point": 262144, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_6729", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 262144, "timestamp": "00:01:32.712", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 327680, "type": "region", "version": 1 }, "end_va": 344063, "entry_point": 0, "filename": null, "id": "region_6730", "name": "pagefile_0x0000000000050000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 327680, "timestamp": "00:01:32.712", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 1900544, "type": "region", "version": 1 }, "end_va": 2162687, "entry_point": 0, "filename": null, "id": "region_6731", "name": "private_0x00000000001d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1900544, "timestamp": "00:01:32.712", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 3145728, "type": "region", "version": 1 }, "end_va": 4194303, "entry_point": 0, "filename": null, "id": "region_6732", "name": "private_0x0000000000300000", "norm_filename": null, "region_type": "private_memory", "start_va": 3145728, "timestamp": "00:01:32.712", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 311296, "start_va": 1248067584, "type": "region", "version": 1 }, "end_va": 1248378879, "entry_point": 1248101018, "filename": "\\Windows\\SysWOW64\\cmd.exe", "id": "region_6733", "name": "cmd.exe", "norm_filename": "c:\\windows\\syswow64\\cmd.exe", "region_type": "memory_mapped_file", "start_va": 1248067584, "timestamp": "00:01:32.712", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 2007695360, "type": "region", "version": 1 }, "end_va": 2009436159, "entry_point": 2007695360, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_6734", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2007695360, "timestamp": "00:01:32.712", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1572864, "start_va": 2009661440, "type": "region", "version": 1 }, "end_va": 2011234303, "entry_point": 2009661440, "filename": "\\Windows\\SysWOW64\\ntdll.dll", "id": "region_6735", "name": "ntdll.dll", "norm_filename": "c:\\windows\\syswow64\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2009661440, "timestamp": "00:01:32.713", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 2130378752, "type": "region", "version": 1 }, "end_va": 2130522111, "entry_point": 0, "filename": null, "id": "region_6736", "name": "pagefile_0x000000007efb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130378752, "timestamp": "00:01:32.713", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130554880, "type": "region", "version": 1 }, "end_va": 2130567167, "entry_point": 0, "filename": null, "id": "region_6737", "name": "private_0x000000007efdb000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130554880, "timestamp": "00:01:32.713", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2130567168, "type": "region", "version": 1 }, "end_va": 2130571263, "entry_point": 0, "filename": null, "id": "region_6738", "name": "private_0x000000007efde000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130567168, "timestamp": "00:01:32.713", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2130571264, "type": "region", "version": 1 }, "end_va": 2130575359, "entry_point": 0, "filename": null, "id": "region_6739", "name": "private_0x000000007efdf000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130571264, "timestamp": "00:01:32.713", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16777216, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_6740", "name": "private_0x000000007efe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130575360, "timestamp": "00:01:32.713", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable" ], "ref_process_dump": null, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_6741", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:01:32.713", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "ignored_region" ], "info": "No dump was created because this is an ignored region", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8793945538560, "start_va": 2147418112, "type": "region", "version": 1 }, "end_va": 8796092956671, "entry_point": 0, "filename": null, "id": "region_6742", "name": "private_0x000000007fff0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147418112, "timestamp": "00:01:32.713", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 393216, "type": "region", "version": 1 }, "end_va": 397311, "entry_point": 0, "filename": null, "id": "region_6743", "name": "pagefile_0x0000000000060000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 393216, "timestamp": "00:01:32.713", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 786432, "start_va": 458752, "type": "region", "version": 1 }, "end_va": 1245183, "entry_point": 0, "filename": null, "id": "region_6779", "name": "private_0x0000000000070000", "norm_filename": null, "region_type": "private_memory", "start_va": 458752, "timestamp": "00:01:32.887", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 258048, "start_va": 1948712960, "type": "region", "version": 1 }, "end_va": 1948971007, "entry_point": 1948900984, "filename": "\\Windows\\System32\\wow64.dll", "id": "region_6780", "name": "wow64.dll", "norm_filename": "c:\\windows\\system32\\wow64.dll", "region_type": "memory_mapped_file", "start_va": 1948712960, "timestamp": "00:01:32.926", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 376832, "start_va": 1948319744, "type": "region", "version": 1 }, "end_va": 1948696575, "entry_point": 1948579736, "filename": "\\Windows\\System32\\wow64win.dll", "id": "region_6781", "name": "wow64win.dll", "norm_filename": "c:\\windows\\system32\\wow64win.dll", "region_type": "memory_mapped_file", "start_va": 1948319744, "timestamp": "00:01:32.929", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1948254208, "type": "region", "version": 1 }, "end_va": 1948286975, "entry_point": 1948262648, "filename": "\\Windows\\System32\\wow64cpu.dll", "id": "region_6782", "name": "wow64cpu.dll", "norm_filename": "c:\\windows\\system32\\wow64cpu.dll", "region_type": "memory_mapped_file", "start_va": 1948254208, "timestamp": "00:01:33.008", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1175552, "start_va": 2006515712, "type": "region", "version": 1 }, "end_va": 2007691263, "entry_point": 2006605472, "filename": "\\Windows\\System32\\kernel32.dll", "id": "region_6783", "name": "kernel32.dll", "norm_filename": "c:\\windows\\system32\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 2006515712, "timestamp": "00:01:33.113", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1114112, "start_va": 1977548800, "type": "region", "version": 1 }, "end_va": 1978662911, "entry_point": 1977627347, "filename": "\\Windows\\SysWOW64\\kernel32.dll", "id": "region_6784", "name": "kernel32.dll", "norm_filename": "c:\\windows\\syswow64\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1977548800, "timestamp": "00:01:33.133", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1175552, "start_va": 2006515712, "type": "region", "version": 1 }, "end_va": 2007691263, "entry_point": 0, "filename": null, "id": "region_6786", "name": "private_0x0000000077990000", "norm_filename": null, "region_type": "private_memory", "start_va": 2006515712, "timestamp": "00:01:33.178", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1024000, "start_va": 2005467136, "type": "region", "version": 1 }, "end_va": 2006491135, "entry_point": 2005574344, "filename": "\\Windows\\System32\\user32.dll", "id": "region_6787", "name": "user32.dll", "norm_filename": "c:\\windows\\system32\\user32.dll", "region_type": "memory_mapped_file", "start_va": 2005467136, "timestamp": "00:01:33.191", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1024000, "start_va": 2005467136, "type": "region", "version": 1 }, "end_va": 2006491135, "entry_point": 0, "filename": null, "id": "region_6788", "name": "private_0x0000000077890000", "norm_filename": null, "region_type": "private_memory", "start_va": 2005467136, "timestamp": "00:01:33.214", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1310720, "start_va": 4194304, "type": "region", "version": 1 }, "end_va": 5505023, "entry_point": 0, "filename": null, "id": "region_6789", "name": "private_0x0000000000400000", "norm_filename": null, "region_type": "private_memory", "start_va": 4194304, "timestamp": "00:01:33.296", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 286720, "start_va": 1977221120, "type": "region", "version": 1 }, "end_va": 1977507839, "entry_point": 1977250936, "filename": "\\Windows\\SysWOW64\\KernelBase.dll", "id": "region_6791", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\syswow64\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 1977221120, "timestamp": "00:01:33.394", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_6792", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:01:33.458", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2131623935, "entry_point": 0, "filename": null, "id": "region_6793", "name": "pagefile_0x000000007efe0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130575360, "timestamp": "00:01:33.458", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 15728640, "start_va": 2131623936, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_6794", "name": "private_0x000000007f0e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2131623936, "timestamp": "00:01:33.458", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_6840", "name": "pagefile_0x0000000000020000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 131072, "timestamp": "00:01:33.522", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 1245184, "type": "region", "version": 1 }, "end_va": 1667071, "entry_point": 1245184, "filename": "\\Windows\\System32\\locale.nls", "id": "region_6841", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 1245184, "timestamp": "00:01:33.523", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 704512, "start_va": 1998585856, "type": "region", "version": 1 }, "end_va": 1999290367, "entry_point": 1998627954, "filename": "\\Windows\\SysWOW64\\msvcrt.dll", "id": "region_6842", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\syswow64\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 1998585856, "timestamp": "00:01:33.523", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 28672, "start_va": 1968898048, "type": "region", "version": 1 }, "end_va": 1968926719, "entry_point": 1968902704, "filename": "\\Windows\\SysWOW64\\winbrand.dll", "id": "region_7131", "name": "winbrand.dll", "norm_filename": "c:\\windows\\syswow64\\winbrand.dll", "region_type": "memory_mapped_file", "start_va": 1968898048, "timestamp": "00:01:35.782", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2004418560, "type": "region", "version": 1 }, "end_va": 2005467135, "entry_point": 2004530925, "filename": "\\Windows\\SysWOW64\\user32.dll", "id": "region_7132", "name": "user32.dll", "norm_filename": "c:\\windows\\syswow64\\user32.dll", "region_type": "memory_mapped_file", "start_va": 2004418560, "timestamp": "00:01:35.782", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 589824, "start_va": 1982464000, "type": "region", "version": 1 }, "end_va": 1983053823, "entry_point": 1982554947, "filename": "\\Windows\\SysWOW64\\gdi32.dll", "id": "region_7133", "name": "gdi32.dll", "norm_filename": "c:\\windows\\syswow64\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 1982464000, "timestamp": "00:01:35.783", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1999634432, "type": "region", "version": 1 }, "end_va": 1999675391, "entry_point": 1999648416, "filename": "\\Windows\\SysWOW64\\lpk.dll", "id": "region_7134", "name": "lpk.dll", "norm_filename": "c:\\windows\\syswow64\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 1999634432, "timestamp": "00:01:35.784", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 643072, "start_va": 1984430080, "type": "region", "version": 1 }, "end_va": 1985073151, "entry_point": 1984643031, "filename": "\\Windows\\SysWOW64\\usp10.dll", "id": "region_7135", "name": "usp10.dll", "norm_filename": "c:\\windows\\syswow64\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 1984430080, "timestamp": "00:01:35.785", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 655360, "start_va": 2001534976, "type": "region", "version": 1 }, "end_va": 2002190335, "entry_point": 2001619429, "filename": "\\Windows\\SysWOW64\\advapi32.dll", "id": "region_7136", "name": "advapi32.dll", "norm_filename": "c:\\windows\\syswow64\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 2001534976, "timestamp": "00:01:35.785", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 1999503360, "type": "region", "version": 1 }, "end_va": 1999605759, "entry_point": 1999522165, "filename": "\\Windows\\SysWOW64\\sechost.dll", "id": "region_7137", "name": "sechost.dll", "norm_filename": "c:\\windows\\syswow64\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 1999503360, "timestamp": "00:01:35.786", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 983040, "start_va": 1975844864, "type": "region", "version": 1 }, "end_va": 1976827903, "entry_point": 1975911785, "filename": "\\Windows\\SysWOW64\\rpcrt4.dll", "id": "region_7138", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\syswow64\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 1975844864, "timestamp": "00:01:35.787", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1971257344, "type": "region", "version": 1 }, "end_va": 1971650559, "entry_point": 1971364787, "filename": "\\Windows\\SysWOW64\\sspicli.dll", "id": "region_7139", "name": "sspicli.dll", "norm_filename": "c:\\windows\\syswow64\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 1971257344, "timestamp": "00:01:35.787", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1971191808, "type": "region", "version": 1 }, "end_va": 1971240959, "entry_point": 1971196129, "filename": "\\Windows\\SysWOW64\\cryptbase.dll", "id": "region_7140", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\syswow64\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 1971191808, "timestamp": "00:01:35.788", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 5505024, "type": "region", "version": 1 }, "end_va": 6553599, "entry_point": 0, "filename": null, "id": "region_7141", "name": "private_0x0000000000540000", "norm_filename": null, "region_type": "private_memory", "start_va": 5505024, "timestamp": "00:01:35.790", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 122880, "start_va": 458752, "type": "region", "version": 1 }, "end_va": 581631, "entry_point": 529807, "filename": "\\Windows\\SysWOW64\\imm32.dll", "id": "region_7142", "name": "imm32.dll", "norm_filename": "c:\\windows\\syswow64\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 458752, "timestamp": "00:01:35.794", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 720896, "type": "region", "version": 1 }, "end_va": 1245183, "entry_point": 0, "filename": null, "id": "region_7143", "name": "private_0x00000000000b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 720896, "timestamp": "00:01:35.794", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 6553600, "type": "region", "version": 1 }, "end_va": 8159231, "entry_point": 0, "filename": null, "id": "region_7144", "name": "pagefile_0x0000000000640000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 6553600, "timestamp": "00:01:35.794", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1980760064, "type": "region", "version": 1 }, "end_va": 1981153279, "entry_point": 1980831119, "filename": "\\Windows\\SysWOW64\\imm32.dll", "id": "region_7146", "name": "imm32.dll", "norm_filename": "c:\\windows\\syswow64\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 1980760064, "timestamp": "00:01:35.796", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 835584, "start_va": 2003238912, "type": "region", "version": 1 }, "end_va": 2004074495, "entry_point": 2003244683, "filename": "\\Windows\\SysWOW64\\msctf.dll", "id": "region_7147", "name": "msctf.dll", "norm_filename": "c:\\windows\\syswow64\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 2003238912, "timestamp": "00:01:35.796", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 786432, "start_va": 2162688, "type": "region", "version": 1 }, "end_va": 2949119, "entry_point": 0, "filename": null, "id": "region_7148", "name": "pagefile_0x0000000000210000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2162688, "timestamp": "00:01:35.798", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 8192000, "type": "region", "version": 1 }, "end_va": 9768959, "entry_point": 0, "filename": null, "id": "region_7149", "name": "pagefile_0x00000000007d0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 8192000, "timestamp": "00:01:35.798", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 28672, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 225279, "entry_point": 0, "filename": null, "id": "region_7150", "name": "pagefile_0x0000000000030000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 196608, "timestamp": "00:01:35.802", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 458752, "type": "region", "version": 1 }, "end_va": 466943, "entry_point": 0, "filename": null, "id": "region_7151", "name": "pagefile_0x0000000000070000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 458752, "timestamp": "00:01:35.802", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 524288, "type": "region", "version": 1 }, "end_va": 528383, "entry_point": 0, "filename": null, "id": "region_7152", "name": "private_0x0000000000080000", "norm_filename": null, "region_type": "private_memory", "start_va": 524288, "timestamp": "00:01:35.802", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 589824, "type": "region", "version": 1 }, "end_va": 593919, "entry_point": 0, "filename": null, "id": "region_7153", "name": "private_0x0000000000090000", "norm_filename": null, "region_type": "private_memory", "start_va": 589824, "timestamp": "00:01:35.802", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 3420160, "start_va": 9830400, "type": "region", "version": 1 }, "end_va": 13250559, "entry_point": 0, "filename": null, "id": "region_7154", "name": "pagefile_0x0000000000960000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 9830400, "timestamp": "00:01:35.802", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2945024, "start_va": 13303808, "type": "region", "version": 1 }, "end_va": 16248831, "entry_point": 13303808, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_7247", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 13303808, "timestamp": "00:01:38.232", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "C:\\Windows\\system32\\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}", "filename": "c:\\windows\\system32\\dllhost.exe", "id": "proc_64", "image_name": "dllhost.exe", "monitor_reason": "child_process", "monitored_id": 64, "origin_monitor_id": 29, "ref_parent_process": { "ref_id": "proc_29", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 131072, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_6915", "name": "private_0x0000000000010000", "norm_filename": null, "region_type": "private_memory", "start_va": 65536, "timestamp": "00:01:34.455", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 212991, "entry_point": 0, "filename": null, "id": "region_6916", "name": "pagefile_0x0000000000030000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 196608, "timestamp": "00:01:34.455", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2031616, "type": "region", "version": 1 }, "end_va": 3080191, "entry_point": 0, "filename": null, "id": "region_6917", "name": "private_0x00000000001f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2031616, "timestamp": "00:01:34.455", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 2007695360, "type": "region", "version": 1 }, "end_va": 2009436159, "entry_point": 2007695360, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_6918", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2007695360, "timestamp": "00:01:34.455", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16777216, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_6919", "name": "private_0x000000007efe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130575360, "timestamp": "00:01:34.456", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable" ], "ref_process_dump": null, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_6920", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:01:34.456", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 28672, "start_va": 4288872448, "type": "region", "version": 1 }, "end_va": 4288901119, "entry_point": 4288877132, "filename": "\\Windows\\System32\\dllhost.exe", "id": "region_6921", "name": "dllhost.exe", "norm_filename": "c:\\windows\\system32\\dllhost.exe", "region_type": "memory_mapped_file", "start_va": 4288872448, "timestamp": "00:01:34.456", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 8791795761152, "type": "region", "version": 1 }, "end_va": 8791795765247, "entry_point": 8791795761152, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_6922", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 8791795761152, "timestamp": "00:01:34.456", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 8796092694528, "type": "region", "version": 1 }, "end_va": 8796092837887, "entry_point": 0, "filename": null, "id": "region_6923", "name": "pagefile_0x000007fffffb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 8796092694528, "timestamp": "00:01:34.456", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 8796092866560, "type": "region", "version": 1 }, "end_va": 8796092870655, "entry_point": 0, "filename": null, "id": "region_6924", "name": "private_0x000007fffffda000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092866560, "timestamp": "00:01:34.456", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092882944, "type": "region", "version": 1 }, "end_va": 8796092891135, "entry_point": 0, "filename": null, "id": "region_6925", "name": "private_0x000007fffffde000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092882944, "timestamp": "00:01:34.456", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 4784128, "type": "region", "version": 1 }, "end_va": 5832703, "entry_point": 0, "filename": null, "id": "region_6932", "name": "private_0x0000000000490000", "norm_filename": null, "region_type": "private_memory", "start_va": 4784128, "timestamp": "00:01:34.512", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1175552, "start_va": 2006515712, "type": "region", "version": 1 }, "end_va": 2007691263, "entry_point": 2006605472, "filename": "\\Windows\\System32\\kernel32.dll", "id": "region_6933", "name": "kernel32.dll", "norm_filename": "c:\\windows\\system32\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 2006515712, "timestamp": "00:01:34.513", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 438272, "start_va": 8791759060992, "type": "region", "version": 1 }, "end_va": 8791759499263, "entry_point": 8791759073504, "filename": "\\Windows\\System32\\KernelBase.dll", "id": "region_6934", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\system32\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 8791759060992, "timestamp": "00:01:34.513", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_6935", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:01:34.514", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2131623935, "entry_point": 0, "filename": null, "id": "region_6936", "name": "pagefile_0x000000007efe0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130575360, "timestamp": "00:01:34.514", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 15728640, "start_va": 2131623936, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_6937", "name": "private_0x000000007f0e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2131623936, "timestamp": "00:01:34.514", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 684031, "entry_point": 262144, "filename": "\\Windows\\System32\\locale.nls", "id": "region_6938", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 262144, "timestamp": "00:01:34.516", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 651264, "start_va": 8791791435776, "type": "region", "version": 1 }, "end_va": 8791792087039, "entry_point": 8791791445408, "filename": "\\Windows\\System32\\msvcrt.dll", "id": "region_6939", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\system32\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 8791791435776, "timestamp": "00:01:34.516", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2109440, "start_va": 8791792091136, "type": "region", "version": 1 }, "end_va": 8791794200575, "entry_point": 8791792235312, "filename": "\\Windows\\System32\\ole32.dll", "id": "region_6940", "name": "ole32.dll", "norm_filename": "c:\\windows\\system32\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 8791792091136, "timestamp": "00:01:34.517", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 421888, "start_va": 8791794778112, "type": "region", "version": 1 }, "end_va": 8791795199999, "entry_point": 8791794823228, "filename": "\\Windows\\System32\\gdi32.dll", "id": "region_6941", "name": "gdi32.dll", "norm_filename": "c:\\windows\\system32\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 8791794778112, "timestamp": "00:01:34.518", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1024000, "start_va": 2005467136, "type": "region", "version": 1 }, "end_va": 2006491135, "entry_point": 2005574344, "filename": "\\Windows\\System32\\user32.dll", "id": "region_6942", "name": "user32.dll", "norm_filename": "c:\\windows\\system32\\user32.dll", "region_type": "memory_mapped_file", "start_va": 2005467136, "timestamp": "00:01:34.518", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 57344, "start_va": 8791764566016, "type": "region", "version": 1 }, "end_va": 8791764623359, "entry_point": 8791764570240, "filename": "\\Windows\\System32\\lpk.dll", "id": "region_6943", "name": "lpk.dll", "norm_filename": "c:\\windows\\system32\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 8791764566016, "timestamp": "00:01:34.519", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 823296, "start_va": 8791762206720, "type": "region", "version": 1 }, "end_va": 8791763030015, "entry_point": 8791762708596, "filename": "\\Windows\\System32\\usp10.dll", "id": "region_6944", "name": "usp10.dll", "norm_filename": "c:\\windows\\system32\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 8791762206720, "timestamp": "00:01:34.520", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1232896, "start_va": 8791786520576, "type": "region", "version": 1 }, "end_va": 8791787753471, "entry_point": 8791786843472, "filename": "\\Windows\\System32\\rpcrt4.dll", "id": "region_6945", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\system32\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 8791786520576, "timestamp": "00:01:34.520", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1441792, "start_va": 3080192, "type": "region", "version": 1 }, "end_va": 4521983, "entry_point": 0, "filename": null, "id": "region_6946", "name": "private_0x00000000002f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 3080192, "timestamp": "00:01:34.521", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 720896, "type": "region", "version": 1 }, "end_va": 1769471, "entry_point": 0, "filename": null, "id": "region_6947", "name": "private_0x00000000000b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 720896, "timestamp": "00:01:34.521", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 167936, "start_va": 1769472, "type": "region", "version": 1 }, "end_va": 1937407, "entry_point": 1773584, "filename": "\\Windows\\System32\\imm32.dll", "id": "region_6948", "name": "imm32.dll", "norm_filename": "c:\\windows\\system32\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 1769472, "timestamp": "00:01:34.523", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 5832704, "type": "region", "version": 1 }, "end_va": 7438335, "entry_point": 0, "filename": null, "id": "region_6949", "name": "pagefile_0x0000000000590000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 5832704, "timestamp": "00:01:34.523", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 188416, "start_va": 8791766007808, "type": "region", "version": 1 }, "end_va": 8791766196223, "entry_point": 8791766011920, "filename": "\\Windows\\System32\\imm32.dll", "id": "region_6951", "name": "imm32.dll", "norm_filename": "c:\\windows\\system32\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 8791766007808, "timestamp": "00:01:34.525", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1085440, "start_va": 8791763451904, "type": "region", "version": 1 }, "end_va": 8791764537343, "entry_point": 8791763456100, "filename": "\\Windows\\System32\\msctf.dll", "id": "region_6952", "name": "msctf.dll", "norm_filename": "c:\\windows\\system32\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 8791763451904, "timestamp": "00:01:34.525", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 7471104, "type": "region", "version": 1 }, "end_va": 9048063, "entry_point": 0, "filename": null, "id": "region_6953", "name": "pagefile_0x0000000000720000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 7471104, "timestamp": "00:01:34.527", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20971520, "start_va": 9109504, "type": "region", "version": 1 }, "end_va": 30081023, "entry_point": 0, "filename": null, "id": "region_6954", "name": "pagefile_0x00000000008b0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 9109504, "timestamp": "00:01:34.527", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 135167, "entry_point": 0, "filename": null, "id": "region_6976", "name": "private_0x0000000000020000", "norm_filename": null, "region_type": "private_memory", "start_va": 131072, "timestamp": "00:01:34.632", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 1769472, "type": "region", "version": 1 }, "end_va": 1773567, "entry_point": 0, "filename": null, "id": "region_6977", "name": "private_0x00000000001b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1769472, "timestamp": "00:01:34.632", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 512000, "start_va": 3080192, "type": "region", "version": 1 }, "end_va": 3592191, "entry_point": 3133128, "filename": "\\Windows\\System32\\rpcss.dll", "id": "region_6978", "name": "rpcss.dll", "norm_filename": "c:\\windows\\system32\\rpcss.dll", "region_type": "memory_mapped_file", "start_va": 3080192, "timestamp": "00:01:34.633", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 4456448, "type": "region", "version": 1 }, "end_va": 4521983, "entry_point": 0, "filename": null, "id": "region_6979", "name": "private_0x0000000000440000", "norm_filename": null, "region_type": "private_memory", "start_va": 4456448, "timestamp": "00:01:34.636", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 61440, "start_va": 8791757094912, "type": "region", "version": 1 }, "end_va": 8791757156351, "entry_point": 8791757099024, "filename": "\\Windows\\System32\\cryptbase.dll", "id": "region_6981", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\system32\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 8791757094912, "timestamp": "00:01:34.638", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 1835008, "type": "region", "version": 1 }, "end_va": 1839103, "entry_point": 0, "filename": null, "id": "region_6982", "name": "pagefile_0x00000000001c0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1835008, "timestamp": "00:01:34.639", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 626688, "start_va": 8791790256128, "type": "region", "version": 1 }, "end_va": 8791790882815, "entry_point": 8791790263312, "filename": "\\Windows\\System32\\clbcatq.dll", "id": "region_6983", "name": "clbcatq.dll", "norm_filename": "c:\\windows\\system32\\clbcatq.dll", "region_type": "memory_mapped_file", "start_va": 8791790256128, "timestamp": "00:01:34.639", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 897024, "start_va": 8791785603072, "type": "region", "version": 1 }, "end_va": 8791786500095, "entry_point": 8791785736032, "filename": "\\Windows\\System32\\advapi32.dll", "id": "region_6984", "name": "advapi32.dll", "norm_filename": "c:\\windows\\system32\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 8791785603072, "timestamp": "00:01:34.640", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 126976, "start_va": 8791765876736, "type": "region", "version": 1 }, "end_va": 8791766003711, "entry_point": 8791765901544, "filename": "\\Windows\\System32\\sechost.dll", "id": "region_6985", "name": "sechost.dll", "norm_filename": "c:\\windows\\system32\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 8791765876736, "timestamp": "00:01:34.640", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 880640, "start_va": 8791784685568, "type": "region", "version": 1 }, "end_va": 8791785566207, "entry_point": 8791784698484, "filename": "\\Windows\\System32\\oleaut32.dll", "id": "region_6986", "name": "oleaut32.dll", "norm_filename": "c:\\windows\\system32\\oleaut32.dll", "region_type": "memory_mapped_file", "start_va": 8791784685568, "timestamp": "00:01:34.641", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 1900544, "type": "region", "version": 1 }, "end_va": 1904639, "entry_point": 0, "filename": null, "id": "region_6987", "name": "pagefile_0x00000000001d0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1900544, "timestamp": "00:01:34.644", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 30867456, "type": "region", "version": 1 }, "end_va": 31916031, "entry_point": 0, "filename": null, "id": "region_7007", "name": "private_0x0000000001d70000", "norm_filename": null, "region_type": "private_memory", "start_va": 30867456, "timestamp": "00:01:34.706", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092874752, "type": "region", "version": 1 }, "end_va": 8796092882943, "entry_point": 0, "filename": null, "id": "region_7008", "name": "private_0x000007fffffdc000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092874752, "timestamp": "00:01:34.706", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 32178176, "type": "region", "version": 1 }, "end_va": 33226751, "entry_point": 0, "filename": null, "id": "region_7044", "name": "private_0x0000000001eb0000", "norm_filename": null, "region_type": "private_memory", "start_va": 32178176, "timestamp": "00:01:35.030", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 94208, "start_va": 8791750803456, "type": "region", "version": 1 }, "end_va": 8791750897663, "entry_point": 8791750816440, "filename": "\\Windows\\System32\\cryptsp.dll", "id": "region_7045", "name": "cryptsp.dll", "norm_filename": "c:\\windows\\system32\\cryptsp.dll", "region_type": "memory_mapped_file", "start_va": 8791750803456, "timestamp": "00:01:35.030", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092858368, "type": "region", "version": 1 }, "end_va": 8796092866559, "entry_point": 0, "filename": null, "id": "region_7046", "name": "private_0x000007fffffd8000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092858368, "timestamp": "00:01:35.030", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 282624, "start_va": 3080192, "type": "region", "version": 1 }, "end_va": 3362815, "entry_point": 3084388, "filename": "\\Windows\\System32\\rsaenh.dll", "id": "region_7047", "name": "rsaenh.dll", "norm_filename": "c:\\windows\\system32\\rsaenh.dll", "region_type": "memory_mapped_file", "start_va": 3080192, "timestamp": "00:01:35.031", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 290816, "start_va": 8791747657728, "type": "region", "version": 1 }, "end_va": 8791747948543, "entry_point": 8791747661924, "filename": "\\Windows\\System32\\rsaenh.dll", "id": "region_7052", "name": "rsaenh.dll", "norm_filename": "c:\\windows\\system32\\rsaenh.dll", "region_type": "memory_mapped_file", "start_va": 8791747657728, "timestamp": "00:01:35.047", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2945024, "start_va": 33226752, "type": "region", "version": 1 }, "end_va": 36171775, "entry_point": 33226752, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_7053", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 33226752, "timestamp": "00:01:35.048", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 81920, "start_va": 8791758077952, "type": "region", "version": 1 }, "end_va": 8791758159871, "entry_point": 8791758082272, "filename": "\\Windows\\System32\\RpcRtRemote.dll", "id": "region_7054", "name": "rpcrtremote.dll", "norm_filename": "c:\\windows\\system32\\rpcrtremote.dll", "region_type": "memory_mapped_file", "start_va": 8791758077952, "timestamp": "00:01:35.050", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 36175872, "type": "region", "version": 1 }, "end_va": 37224447, "entry_point": 0, "filename": null, "id": "region_7055", "name": "private_0x0000000002280000", "norm_filename": null, "region_type": "private_memory", "start_va": 36175872, "timestamp": "00:01:35.094", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 37748736, "type": "region", "version": 1 }, "end_va": 38797311, "entry_point": 0, "filename": null, "id": "region_7056", "name": "private_0x0000000002400000", "norm_filename": null, "region_type": "private_memory", "start_va": 37748736, "timestamp": "00:01:35.094", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 40108032, "type": "region", "version": 1 }, "end_va": 41156607, "entry_point": 0, "filename": null, "id": "region_7057", "name": "private_0x0000000002640000", "norm_filename": null, "region_type": "private_memory", "start_va": 40108032, "timestamp": "00:01:35.094", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092686336, "type": "region", "version": 1 }, "end_va": 8796092694527, "entry_point": 0, "filename": null, "id": "region_7058", "name": "private_0x000007fffffae000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092686336, "timestamp": "00:01:35.094", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092841984, "type": "region", "version": 1 }, "end_va": 8796092850175, "entry_point": 0, "filename": null, "id": "region_7059", "name": "private_0x000007fffffd4000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092841984, "timestamp": "00:01:35.094", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092850176, "type": "region", "version": 1 }, "end_va": 8796092858367, "entry_point": 0, "filename": null, "id": "region_7060", "name": "private_0x000007fffffd6000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092850176, "timestamp": "00:01:35.094", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 352256, "start_va": 8791734222848, "type": "region", "version": 1 }, "end_va": 8791734575103, "entry_point": 8791734270912, "filename": "\\Windows\\System32\\uxtheme.dll", "id": "region_7061", "name": "uxtheme.dll", "norm_filename": "c:\\windows\\system32\\uxtheme.dll", "region_type": "memory_mapped_file", "start_va": 8791734222848, "timestamp": "00:01:35.096", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 2293760, "start_va": 41156608, "type": "region", "version": 1 }, "end_va": 43450367, "entry_point": 0, "filename": null, "id": "region_7062", "name": "private_0x0000000002740000", "norm_filename": null, "region_type": "private_memory", "start_va": 41156608, "timestamp": "00:01:35.096", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 913408, "start_va": 3080192, "type": "region", "version": 1 }, "end_va": 3993599, "entry_point": 0, "filename": null, "id": "region_7063", "name": "pagefile_0x00000000002f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 3080192, "timestamp": "00:01:35.098", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 126976, "start_va": 8791713251328, "type": "region", "version": 1 }, "end_va": 8791713378303, "entry_point": 8791713273784, "filename": "\\Windows\\System32\\thumbcache.dll", "id": "region_7064", "name": "thumbcache.dll", "norm_filename": "c:\\windows\\system32\\thumbcache.dll", "region_type": "memory_mapped_file", "start_va": 8791713251328, "timestamp": "00:01:35.112", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 14188544, "start_va": 8791767777280, "type": "region", "version": 1 }, "end_va": 8791781965823, "entry_point": 8791768288956, "filename": "\\Windows\\System32\\shell32.dll", "id": "region_7065", "name": "shell32.dll", "norm_filename": "c:\\windows\\system32\\shell32.dll", "region_type": "memory_mapped_file", "start_va": 8791767777280, "timestamp": "00:01:35.113", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 462848, "start_va": 8791794253824, "type": "region", "version": 1 }, "end_va": 8791794716671, "entry_point": 8791794327072, "filename": "\\Windows\\System32\\shlwapi.dll", "id": "region_7066", "name": "shlwapi.dll", "norm_filename": "c:\\windows\\system32\\shlwapi.dll", "region_type": "memory_mapped_file", "start_va": 8791794253824, "timestamp": "00:01:35.113", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 655360, "start_va": 8791643127808, "type": "region", "version": 1 }, "end_va": 8791643783167, "entry_point": 8791643646752, "filename": "\\Windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_a4d6a923711520a9\\comctl32.dll", "id": "region_7067", "name": "comctl32.dll", "norm_filename": "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_a4d6a923711520a9\\comctl32.dll", "region_type": "memory_mapped_file", "start_va": 8791643127808, "timestamp": "00:01:35.114", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 28672, "start_va": 2009530368, "type": "region", "version": 1 }, "end_va": 2009559039, "entry_point": 2009534572, "filename": "\\Windows\\System32\\psapi.dll", "id": "region_7068", "name": "psapi.dll", "norm_filename": "c:\\windows\\system32\\psapi.dll", "region_type": "memory_mapped_file", "start_va": 2009530368, "timestamp": "00:01:35.115", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1228800, "start_va": 8791734616064, "type": "region", "version": 1 }, "end_va": 8791735844863, "entry_point": 8791734654140, "filename": "\\Windows\\System32\\propsys.dll", "id": "region_7069", "name": "propsys.dll", "norm_filename": "c:\\windows\\system32\\propsys.dll", "region_type": "memory_mapped_file", "start_va": 8791734616064, "timestamp": "00:01:35.115", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1703936, "start_va": 41156608, "type": "region", "version": 1 }, "end_va": 42860543, "entry_point": 0, "filename": null, "id": "region_7070", "name": "private_0x0000000002740000", "norm_filename": null, "region_type": "private_memory", "start_va": 41156608, "timestamp": "00:01:35.117", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 42926080, "type": "region", "version": 1 }, "end_va": 43450367, "entry_point": 0, "filename": null, "id": "region_7071", "name": "private_0x00000000028f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 42926080, "timestamp": "00:01:35.117", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 38797312, "type": "region", "version": 1 }, "end_va": 39845887, "entry_point": 0, "filename": null, "id": "region_7072", "name": "private_0x0000000002500000", "norm_filename": null, "region_type": "private_memory", "start_va": 38797312, "timestamp": "00:01:35.117", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 438272, "start_va": 8791645028352, "type": "region", "version": 1 }, "end_va": 8791645466623, "entry_point": 8791645032476, "filename": "\\Windows\\System32\\PhotoMetadataHandler.dll", "id": "region_7073", "name": "photometadatahandler.dll", "norm_filename": "c:\\windows\\system32\\photometadatahandler.dll", "region_type": "memory_mapped_file", "start_va": 8791645028352, "timestamp": "00:01:35.132", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1220608, "start_va": 8791728324608, "type": "region", "version": 1 }, "end_va": 8791729545215, "entry_point": 8791728338960, "filename": "\\Windows\\System32\\WindowsCodecs.dll", "id": "region_7074", "name": "windowscodecs.dll", "norm_filename": "c:\\windows\\system32\\windowscodecs.dll", "region_type": "memory_mapped_file", "start_va": 8791728324608, "timestamp": "00:01:35.133", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 974848, "start_va": 8791678648320, "type": "region", "version": 1 }, "end_va": 8791679623167, "entry_point": 8791678653088, "filename": "\\Windows\\System32\\actxprxy.dll", "id": "region_7075", "name": "actxprxy.dll", "norm_filename": "c:\\windows\\system32\\actxprxy.dll", "region_type": "memory_mapped_file", "start_va": 8791678648320, "timestamp": "00:01:35.140", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 1966080, "type": "region", "version": 1 }, "end_va": 1970175, "entry_point": 0, "filename": null, "id": "region_7076", "name": "private_0x00000000001e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1966080, "timestamp": "00:01:35.170", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 3997696, "type": "region", "version": 1 }, "end_va": 4001791, "entry_point": 0, "filename": null, "id": "region_7077", "name": "private_0x00000000003d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 3997696, "timestamp": "00:01:35.171", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 4063232, "type": "region", "version": 1 }, "end_va": 4067327, "entry_point": 0, "filename": null, "id": "region_7078", "name": "pagefile_0x00000000003e0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 4063232, "timestamp": "00:01:35.283", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 4128768, "type": "region", "version": 1 }, "end_va": 4136959, "entry_point": 0, "filename": null, "id": "region_7079", "name": "pagefile_0x00000000003f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 4128768, "timestamp": "00:01:35.285", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2048000, "start_va": 8791736188928, "type": "region", "version": 1 }, "end_va": 8791738236927, "entry_point": 8791737813284, "filename": "\\Windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\\comctl32.dll", "id": "region_7080", "name": "comctl32.dll", "norm_filename": "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\\comctl32.dll", "region_type": "memory_mapped_file", "start_va": 8791736188928, "timestamp": "00:01:35.286", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 4194304, "type": "region", "version": 1 }, "end_va": 4198399, "entry_point": 4194304, "filename": "\\Windows\\WindowsShell.Manifest", "id": "region_7081", "name": "windowsshell.manifest", "norm_filename": "c:\\windows\\windowsshell.manifest", "region_type": "memory_mapped_file", "start_va": 4194304, "timestamp": "00:01:35.289", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 4259840, "type": "region", "version": 1 }, "end_va": 4268031, "entry_point": 0, "filename": null, "id": "region_7082", "name": "pagefile_0x0000000000410000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 4259840, "timestamp": "00:01:35.290", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 356352, "start_va": 8791705649152, "type": "region", "version": 1 }, "end_va": 8791706005503, "entry_point": 8791705653528, "filename": "\\Windows\\System32\\apphelp.dll", "id": "region_7083", "name": "apphelp.dll", "norm_filename": "c:\\windows\\system32\\apphelp.dll", "region_type": "memory_mapped_file", "start_va": 8791705649152, "timestamp": "00:01:35.294", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4132864, "start_va": 8791600070656, "type": "region", "version": 1 }, "end_va": 8791604203519, "entry_point": 8791603587924, "filename": "\\Windows\\System32\\mf.dll", "id": "region_7084", "name": "mf.dll", "norm_filename": "c:\\windows\\system32\\mf.dll", "region_type": "memory_mapped_file", "start_va": 8791600070656, "timestamp": "00:01:35.299", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 8791719084032, "type": "region", "version": 1 }, "end_va": 8791719186431, "entry_point": 8791719088552, "filename": "\\Windows\\System32\\atl.dll", "id": "region_7085", "name": "atl.dll", "norm_filename": "c:\\windows\\system32\\atl.dll", "region_type": "memory_mapped_file", "start_va": 8791719084032, "timestamp": "00:01:35.300", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 442368, "start_va": 8791650140160, "type": "region", "version": 1 }, "end_va": 8791650582527, "entry_point": 8791650144272, "filename": "\\Windows\\System32\\mfplat.dll", "id": "region_7086", "name": "mfplat.dll", "norm_filename": "c:\\windows\\system32\\mfplat.dll", "region_type": "memory_mapped_file", "start_va": 8791650140160, "timestamp": "00:01:35.300", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 315392, "start_va": 8791795236864, "type": "region", "version": 1 }, "end_va": 8791795552255, "entry_point": 8791795241072, "filename": "\\Windows\\System32\\ws2_32.dll", "id": "region_7087", "name": "ws2_32.dll", "norm_filename": "c:\\windows\\system32\\ws2_32.dll", "region_type": "memory_mapped_file", "start_va": 8791795236864, "timestamp": "00:01:35.301", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 8791781998592, "type": "region", "version": 1 }, "end_va": 8791782031359, "entry_point": 8791782003972, "filename": "\\Windows\\System32\\nsi.dll", "id": "region_7088", "name": "nsi.dll", "norm_filename": "c:\\windows\\system32\\nsi.dll", "region_type": "memory_mapped_file", "start_va": 8791781998592, "timestamp": "00:01:35.301", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 36864, "start_va": 8791723016192, "type": "region", "version": 1 }, "end_va": 8791723053055, "entry_point": 8791723020304, "filename": "\\Windows\\System32\\avrt.dll", "id": "region_7089", "name": "avrt.dll", "norm_filename": "c:\\windows\\system32\\avrt.dll", "region_type": "memory_mapped_file", "start_va": 8791723016192, "timestamp": "00:01:35.302", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 8791743266816, "type": "region", "version": 1 }, "end_va": 8791743315967, "entry_point": 8791743271012, "filename": "\\Windows\\System32\\version.dll", "id": "region_7090", "name": "version.dll", "norm_filename": "c:\\windows\\system32\\version.dll", "region_type": "memory_mapped_file", "start_va": 8791743266816, "timestamp": "00:01:35.303", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 24576, "start_va": 1938554880, "type": "region", "version": 1 }, "end_va": 1938579455, "entry_point": 1938558992, "filename": "\\Windows\\System32\\ksuser.dll", "id": "region_7091", "name": "ksuser.dll", "norm_filename": "c:\\windows\\system32\\ksuser.dll", "region_type": "memory_mapped_file", "start_va": 1938554880, "timestamp": "00:01:35.303", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "schtasks /Delete /F /TN rhaegal", "filename": "c:\\windows\\syswow64\\schtasks.exe", "id": "proc_65", "image_name": "schtasks.exe", "monitor_reason": "child_process", "monitored_id": 65, "origin_monitor_id": 56, "ref_parent_process": { "ref_id": "proc_56", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 131072, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_7187", "name": "private_0x0000000000010000", "norm_filename": null, "region_type": "private_memory", "start_va": 65536, "timestamp": "00:01:37.976", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 204799, "entry_point": 0, "filename": null, "id": "region_7188", "name": "private_0x0000000000030000", "norm_filename": null, "region_type": "private_memory", "start_va": 196608, "timestamp": "00:01:37.976", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 266239, "entry_point": 262144, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_7189", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 262144, "timestamp": "00:01:37.976", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 327680, "type": "region", "version": 1 }, "end_va": 344063, "entry_point": 0, "filename": null, "id": "region_7190", "name": "pagefile_0x0000000000050000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 327680, "timestamp": "00:01:37.977", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 1507328, "type": "region", "version": 1 }, "end_va": 1769471, "entry_point": 0, "filename": null, "id": "region_7191", "name": "private_0x0000000000170000", "norm_filename": null, "region_type": "private_memory", "start_va": 1507328, "timestamp": "00:01:37.977", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 2293760, "type": "region", "version": 1 }, "end_va": 2555903, "entry_point": 0, "filename": null, "id": "region_7192", "name": "private_0x0000000000230000", "norm_filename": null, "region_type": "private_memory", "start_va": 2293760, "timestamp": "00:01:37.977", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 188416, "start_va": 7405568, "type": "region", "version": 1 }, "end_va": 7593983, "entry_point": 7405568, "filename": "\\Windows\\SysWOW64\\schtasks.exe", "id": "region_7193", "name": "schtasks.exe", "norm_filename": "c:\\windows\\syswow64\\schtasks.exe", "region_type": "memory_mapped_file", "start_va": 7405568, "timestamp": "00:01:37.977", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 2007695360, "type": "region", "version": 1 }, "end_va": 2009436159, "entry_point": 2007695360, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_7194", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2007695360, "timestamp": "00:01:37.977", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1572864, "start_va": 2009661440, "type": "region", "version": 1 }, "end_va": 2011234303, "entry_point": 2009661440, "filename": "\\Windows\\SysWOW64\\ntdll.dll", "id": "region_7195", "name": "ntdll.dll", "norm_filename": "c:\\windows\\syswow64\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2009661440, "timestamp": "00:01:37.977", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 2130378752, "type": "region", "version": 1 }, "end_va": 2130522111, "entry_point": 0, "filename": null, "id": "region_7196", "name": "pagefile_0x000000007efb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130378752, "timestamp": "00:01:37.977", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130554880, "type": "region", "version": 1 }, "end_va": 2130567167, "entry_point": 0, "filename": null, "id": "region_7197", "name": "private_0x000000007efdb000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130554880, "timestamp": "00:01:37.977", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2130567168, "type": "region", "version": 1 }, "end_va": 2130571263, "entry_point": 0, "filename": null, "id": "region_7198", "name": "private_0x000000007efde000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130567168, "timestamp": "00:01:37.977", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2130571264, "type": "region", "version": 1 }, "end_va": 2130575359, "entry_point": 0, "filename": null, "id": "region_7199", "name": "private_0x000000007efdf000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130571264, "timestamp": "00:01:37.977", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16777216, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_7200", "name": "private_0x000000007efe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130575360, "timestamp": "00:01:37.977", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable" ], "ref_process_dump": null, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_7201", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:01:37.977", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "ignored_region" ], "info": "No dump was created because this is an ignored region", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8793945538560, "start_va": 2147418112, "type": "region", "version": 1 }, "end_va": 8796092956671, "entry_point": 0, "filename": null, "id": "region_7202", "name": "private_0x000000007fff0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147418112, "timestamp": "00:01:37.977", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 393216, "type": "region", "version": 1 }, "end_va": 397311, "entry_point": 0, "filename": null, "id": "region_7212", "name": "pagefile_0x0000000000060000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 393216, "timestamp": "00:01:37.978", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 3342336, "type": "region", "version": 1 }, "end_va": 3866623, "entry_point": 0, "filename": null, "id": "region_7267", "name": "private_0x0000000000330000", "norm_filename": null, "region_type": "private_memory", "start_va": 3342336, "timestamp": "00:01:38.357", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 258048, "start_va": 1948712960, "type": "region", "version": 1 }, "end_va": 1948971007, "entry_point": 1948900984, "filename": "\\Windows\\System32\\wow64.dll", "id": "region_7268", "name": "wow64.dll", "norm_filename": "c:\\windows\\system32\\wow64.dll", "region_type": "memory_mapped_file", "start_va": 1948712960, "timestamp": "00:01:38.378", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 376832, "start_va": 1948319744, "type": "region", "version": 1 }, "end_va": 1948696575, "entry_point": 1948579736, "filename": "\\Windows\\System32\\wow64win.dll", "id": "region_7269", "name": "wow64win.dll", "norm_filename": "c:\\windows\\system32\\wow64win.dll", "region_type": "memory_mapped_file", "start_va": 1948319744, "timestamp": "00:01:38.379", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1948254208, "type": "region", "version": 1 }, "end_va": 1948286975, "entry_point": 1948262648, "filename": "\\Windows\\System32\\wow64cpu.dll", "id": "region_7270", "name": "wow64cpu.dll", "norm_filename": "c:\\windows\\system32\\wow64cpu.dll", "region_type": "memory_mapped_file", "start_va": 1948254208, "timestamp": "00:01:38.379", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1175552, "start_va": 2006515712, "type": "region", "version": 1 }, "end_va": 2007691263, "entry_point": 2006605472, "filename": "\\Windows\\System32\\kernel32.dll", "id": "region_7271", "name": "kernel32.dll", "norm_filename": "c:\\windows\\system32\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 2006515712, "timestamp": "00:01:38.381", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1114112, "start_va": 1977548800, "type": "region", "version": 1 }, "end_va": 1978662911, "entry_point": 1977627347, "filename": "\\Windows\\SysWOW64\\kernel32.dll", "id": "region_7272", "name": "kernel32.dll", "norm_filename": "c:\\windows\\syswow64\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1977548800, "timestamp": "00:01:38.381", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1175552, "start_va": 2006515712, "type": "region", "version": 1 }, "end_va": 2007691263, "entry_point": 0, "filename": null, "id": "region_7274", "name": "private_0x0000000077990000", "norm_filename": null, "region_type": "private_memory", "start_va": 2006515712, "timestamp": "00:01:38.384", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1024000, "start_va": 2005467136, "type": "region", "version": 1 }, "end_va": 2006491135, "entry_point": 2005574344, "filename": "\\Windows\\System32\\user32.dll", "id": "region_7275", "name": "user32.dll", "norm_filename": "c:\\windows\\system32\\user32.dll", "region_type": "memory_mapped_file", "start_va": 2005467136, "timestamp": "00:01:38.396", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1024000, "start_va": 2005467136, "type": "region", "version": 1 }, "end_va": 2006491135, "entry_point": 0, "filename": null, "id": "region_7276", "name": "private_0x0000000077890000", "norm_filename": null, "region_type": "private_memory", "start_va": 2005467136, "timestamp": "00:01:38.397", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1835008, "start_va": 3866624, "type": "region", "version": 1 }, "end_va": 5701631, "entry_point": 0, "filename": null, "id": "region_7277", "name": "private_0x00000000003b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 3866624, "timestamp": "00:01:38.407", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 286720, "start_va": 1977221120, "type": "region", "version": 1 }, "end_va": 1977507839, "entry_point": 1977250936, "filename": "\\Windows\\SysWOW64\\KernelBase.dll", "id": "region_7279", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\syswow64\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 1977221120, "timestamp": "00:01:38.424", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_7280", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:01:38.426", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2131623935, "entry_point": 0, "filename": null, "id": "region_7281", "name": "pagefile_0x000000007efe0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130575360, "timestamp": "00:01:38.426", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 15728640, "start_va": 2131623936, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_7282", "name": "private_0x000000007f0e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2131623936, "timestamp": "00:01:38.426", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_7288", "name": "pagefile_0x0000000000020000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 131072, "timestamp": "00:01:38.486", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 458752, "type": "region", "version": 1 }, "end_va": 880639, "entry_point": 458752, "filename": "\\Windows\\System32\\locale.nls", "id": "region_7289", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 458752, "timestamp": "00:01:38.486", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 704512, "start_va": 1998585856, "type": "region", "version": 1 }, "end_va": 1999290367, "entry_point": 1998627954, "filename": "\\Windows\\SysWOW64\\msvcrt.dll", "id": "region_7290", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\syswow64\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 1998585856, "timestamp": "00:01:38.486", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2004418560, "type": "region", "version": 1 }, "end_va": 2005467135, "entry_point": 2004530925, "filename": "\\Windows\\SysWOW64\\user32.dll", "id": "region_7291", "name": "user32.dll", "norm_filename": "c:\\windows\\syswow64\\user32.dll", "region_type": "memory_mapped_file", "start_va": 2004418560, "timestamp": "00:01:38.520", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 589824, "start_va": 1982464000, "type": "region", "version": 1 }, "end_va": 1983053823, "entry_point": 1982554947, "filename": "\\Windows\\SysWOW64\\gdi32.dll", "id": "region_7292", "name": "gdi32.dll", "norm_filename": "c:\\windows\\syswow64\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 1982464000, "timestamp": "00:01:38.546", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1999634432, "type": "region", "version": 1 }, "end_va": 1999675391, "entry_point": 1999648416, "filename": "\\Windows\\SysWOW64\\lpk.dll", "id": "region_7293", "name": "lpk.dll", "norm_filename": "c:\\windows\\syswow64\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 1999634432, "timestamp": "00:01:38.550", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 643072, "start_va": 1984430080, "type": "region", "version": 1 }, "end_va": 1985073151, "entry_point": 1984643031, "filename": "\\Windows\\SysWOW64\\usp10.dll", "id": "region_7294", "name": "usp10.dll", "norm_filename": "c:\\windows\\syswow64\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 1984430080, "timestamp": "00:01:38.552", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 655360, "start_va": 2001534976, "type": "region", "version": 1 }, "end_va": 2002190335, "entry_point": 2001619429, "filename": "\\Windows\\SysWOW64\\advapi32.dll", "id": "region_7295", "name": "advapi32.dll", "norm_filename": "c:\\windows\\syswow64\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 2001534976, "timestamp": "00:01:38.609", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 1999503360, "type": "region", "version": 1 }, "end_va": 1999605759, "entry_point": 1999522165, "filename": "\\Windows\\SysWOW64\\sechost.dll", "id": "region_7296", "name": "sechost.dll", "norm_filename": "c:\\windows\\syswow64\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 1999503360, "timestamp": "00:01:38.610", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 983040, "start_va": 1975844864, "type": "region", "version": 1 }, "end_va": 1976827903, "entry_point": 1975911785, "filename": "\\Windows\\SysWOW64\\rpcrt4.dll", "id": "region_7297", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\syswow64\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 1975844864, "timestamp": "00:01:38.646", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1971257344, "type": "region", "version": 1 }, "end_va": 1971650559, "entry_point": 1971364787, "filename": "\\Windows\\SysWOW64\\sspicli.dll", "id": "region_7298", "name": "sspicli.dll", "norm_filename": "c:\\windows\\syswow64\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 1971257344, "timestamp": "00:01:38.686", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1971191808, "type": "region", "version": 1 }, "end_va": 1971240959, "entry_point": 1971196129, "filename": "\\Windows\\SysWOW64\\cryptbase.dll", "id": "region_7299", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\syswow64\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 1971191808, "timestamp": "00:01:38.739", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1425408, "start_va": 2000093184, "type": "region", "version": 1 }, "end_va": 2001518591, "entry_point": 2000403005, "filename": "\\Windows\\SysWOW64\\ole32.dll", "id": "region_7300", "name": "ole32.dll", "norm_filename": "c:\\windows\\syswow64\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 2000093184, "timestamp": "00:01:38.742", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 585728, "start_va": 1985085440, "type": "region", "version": 1 }, "end_va": 1985671167, "entry_point": 1985101745, "filename": "\\Windows\\SysWOW64\\oleaut32.dll", "id": "region_7301", "name": "oleaut32.dll", "norm_filename": "c:\\windows\\syswow64\\oleaut32.dll", "region_type": "memory_mapped_file", "start_va": 1985085440, "timestamp": "00:01:38.743", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 356352, "start_va": 1976827904, "type": "region", "version": 1 }, "end_va": 1977184255, "entry_point": 1976933286, "filename": "\\Windows\\SysWOW64\\shlwapi.dll", "id": "region_7302", "name": "shlwapi.dll", "norm_filename": "c:\\windows\\syswow64\\shlwapi.dll", "region_type": "memory_mapped_file", "start_va": 1976827904, "timestamp": "00:01:38.777", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 36864, "start_va": 1968832512, "type": "region", "version": 1 }, "end_va": 1968869375, "entry_point": 1968832512, "filename": "\\Windows\\SysWOW64\\ktmw32.dll", "id": "region_7303", "name": "ktmw32.dll", "norm_filename": "c:\\windows\\syswow64\\ktmw32.dll", "region_type": "memory_mapped_file", "start_va": 1968832512, "timestamp": "00:01:38.842", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 262143, "entry_point": 0, "filename": null, "id": "region_7304", "name": "private_0x0000000000030000", "norm_filename": null, "region_type": "private_memory", "start_va": 196608, "timestamp": "00:01:38.948", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 122880, "start_va": 917504, "type": "region", "version": 1 }, "end_va": 1040383, "entry_point": 988559, "filename": "\\Windows\\SysWOW64\\imm32.dll", "id": "region_7305", "name": "imm32.dll", "norm_filename": "c:\\windows\\syswow64\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 917504, "timestamp": "00:01:39.092", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 5701632, "type": "region", "version": 1 }, "end_va": 7307263, "entry_point": 0, "filename": null, "id": "region_7306", "name": "pagefile_0x0000000000570000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 5701632, "timestamp": "00:01:39.092", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1980760064, "type": "region", "version": 1 }, "end_va": 1981153279, "entry_point": 1980831119, "filename": "\\Windows\\SysWOW64\\imm32.dll", "id": "region_7308", "name": "imm32.dll", "norm_filename": "c:\\windows\\syswow64\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 1980760064, "timestamp": "00:01:39.138", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 835584, "start_va": 2003238912, "type": "region", "version": 1 }, "end_va": 2004074495, "entry_point": 2003244683, "filename": "\\Windows\\SysWOW64\\msctf.dll", "id": "region_7309", "name": "msctf.dll", "norm_filename": "c:\\windows\\syswow64\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 2003238912, "timestamp": "00:01:39.154", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 786432, "start_va": 2555904, "type": "region", "version": 1 }, "end_va": 3342335, "entry_point": 0, "filename": null, "id": "region_7310", "name": "pagefile_0x0000000000270000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2555904, "timestamp": "00:01:39.218", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 7602176, "type": "region", "version": 1 }, "end_va": 9179135, "entry_point": 0, "filename": null, "id": "region_7311", "name": "pagefile_0x0000000000740000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 7602176, "timestamp": "00:01:39.218", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 28672, "start_va": 917504, "type": "region", "version": 1 }, "end_va": 946175, "entry_point": 0, "filename": null, "id": "region_7319", "name": "pagefile_0x00000000000e0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 917504, "timestamp": "00:01:39.365", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 983040, "type": "region", "version": 1 }, "end_va": 991231, "entry_point": 0, "filename": null, "id": "region_7320", "name": "pagefile_0x00000000000f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 983040, "timestamp": "00:01:39.365", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 73728, "start_va": 1048576, "type": "region", "version": 1 }, "end_va": 1122303, "entry_point": 1048576, "filename": "\\Windows\\SysWOW64\\en-US\\schtasks.exe.mui", "id": "region_7321", "name": "schtasks.exe.mui", "norm_filename": "c:\\windows\\syswow64\\en-us\\schtasks.exe.mui", "region_type": "memory_mapped_file", "start_va": 1048576, "timestamp": "00:01:39.365", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 1179648, "type": "region", "version": 1 }, "end_va": 1183743, "entry_point": 0, "filename": null, "id": "region_7330", "name": "private_0x0000000000120000", "norm_filename": null, "region_type": "private_memory", "start_va": 1179648, "timestamp": "00:01:39.577", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 1245184, "type": "region", "version": 1 }, "end_va": 1249279, "entry_point": 0, "filename": null, "id": "region_7331", "name": "private_0x0000000000130000", "norm_filename": null, "region_type": "private_memory", "start_va": 1245184, "timestamp": "00:01:39.577", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 36864, "start_va": 1968766976, "type": "region", "version": 1 }, "end_va": 1968803839, "entry_point": 1968771616, "filename": "\\Windows\\SysWOW64\\version.dll", "id": "region_7333", "name": "version.dll", "norm_filename": "c:\\windows\\syswow64\\version.dll", "region_type": "memory_mapped_file", "start_va": 1968766976, "timestamp": "00:01:39.624", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2945024, "start_va": 9240576, "type": "region", "version": 1 }, "end_va": 12185599, "entry_point": 9240576, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_7334", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 9240576, "timestamp": "00:01:39.642", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 12320768, "type": "region", "version": 1 }, "end_va": 12582911, "entry_point": 0, "filename": null, "id": "region_7469", "name": "private_0x0000000000bc0000", "norm_filename": null, "region_type": "private_memory", "start_va": 12320768, "timestamp": "00:01:42.220", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 12713984, "type": "region", "version": 1 }, "end_va": 12976127, "entry_point": 0, "filename": null, "id": "region_7470", "name": "private_0x0000000000c20000", "norm_filename": null, "region_type": "private_memory", "start_va": 12713984, "timestamp": "00:01:42.220", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130542592, "type": "region", "version": 1 }, "end_va": 2130554879, "entry_point": 0, "filename": null, "id": "region_7471", "name": "private_0x000000007efd8000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130542592, "timestamp": "00:01:42.220", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 1310720, "type": "region", "version": 1 }, "end_va": 1314815, "entry_point": 0, "filename": null, "id": "region_7472", "name": "pagefile_0x0000000000140000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1310720, "timestamp": "00:01:42.230", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 536576, "start_va": 1981677568, "type": "region", "version": 1 }, "end_va": 1982214143, "entry_point": 1981686738, "filename": "\\Windows\\SysWOW64\\clbcatq.dll", "id": "region_7473", "name": "clbcatq.dll", "norm_filename": "c:\\windows\\syswow64\\clbcatq.dll", "region_type": "memory_mapped_file", "start_va": 1981677568, "timestamp": "00:01:42.231", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 1376256, "type": "region", "version": 1 }, "end_va": 1380351, "entry_point": 0, "filename": null, "id": "region_7474", "name": "pagefile_0x0000000000150000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1376256, "timestamp": "00:01:42.235", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 512000, "start_va": 1968242688, "type": "region", "version": 1 }, "end_va": 1968754687, "entry_point": 1968248426, "filename": "\\Windows\\SysWOW64\\taskschd.dll", "id": "region_7482", "name": "taskschd.dll", "norm_filename": "c:\\windows\\syswow64\\taskschd.dll", "region_type": "memory_mapped_file", "start_va": 1968242688, "timestamp": "00:01:43.283", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "schtasks /Create /SC ONCE /TN viserion_1 /RU SYSTEM /TR \"C:\\Windows\\system32\\shutdown.exe /r /t 0 /f\" /ST 02:20:00", "filename": "c:\\windows\\syswow64\\schtasks.exe", "id": "proc_66", "image_name": "schtasks.exe", "monitor_reason": "child_process", "monitored_id": 66, "origin_monitor_id": 60, "ref_parent_process": { "ref_id": "proc_60", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 131072, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_7213", "name": "private_0x0000000000010000", "norm_filename": null, "region_type": "private_memory", "start_va": 65536, "timestamp": "00:01:38.036", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 204799, "entry_point": 0, "filename": null, "id": "region_7214", "name": "private_0x0000000000030000", "norm_filename": null, "region_type": "private_memory", "start_va": 196608, "timestamp": "00:01:38.036", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 266239, "entry_point": 262144, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_7215", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 262144, "timestamp": "00:01:38.036", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 327680, "type": "region", "version": 1 }, "end_va": 344063, "entry_point": 0, "filename": null, "id": "region_7216", "name": "pagefile_0x0000000000050000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 327680, "timestamp": "00:01:38.036", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 1114112, "type": "region", "version": 1 }, "end_va": 1376255, "entry_point": 0, "filename": null, "id": "region_7217", "name": "private_0x0000000000110000", "norm_filename": null, "region_type": "private_memory", "start_va": 1114112, "timestamp": "00:01:38.036", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 2293760, "type": "region", "version": 1 }, "end_va": 2555903, "entry_point": 0, "filename": null, "id": "region_7218", "name": "private_0x0000000000230000", "norm_filename": null, "region_type": "private_memory", "start_va": 2293760, "timestamp": "00:01:38.036", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 188416, "start_va": 7405568, "type": "region", "version": 1 }, "end_va": 7593983, "entry_point": 7501443, "filename": "\\Windows\\SysWOW64\\schtasks.exe", "id": "region_7219", "name": "schtasks.exe", "norm_filename": "c:\\windows\\syswow64\\schtasks.exe", "region_type": "memory_mapped_file", "start_va": 7405568, "timestamp": "00:01:38.036", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 2007695360, "type": "region", "version": 1 }, "end_va": 2009436159, "entry_point": 2007695360, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_7220", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2007695360, "timestamp": "00:01:38.036", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1572864, "start_va": 2009661440, "type": "region", "version": 1 }, "end_va": 2011234303, "entry_point": 2009661440, "filename": "\\Windows\\SysWOW64\\ntdll.dll", "id": "region_7221", "name": "ntdll.dll", "norm_filename": "c:\\windows\\syswow64\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2009661440, "timestamp": "00:01:38.036", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 2130378752, "type": "region", "version": 1 }, "end_va": 2130522111, "entry_point": 0, "filename": null, "id": "region_7222", "name": "pagefile_0x000000007efb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130378752, "timestamp": "00:01:38.037", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130554880, "type": "region", "version": 1 }, "end_va": 2130567167, "entry_point": 0, "filename": null, "id": "region_7223", "name": "private_0x000000007efdb000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130554880, "timestamp": "00:01:38.037", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2130567168, "type": "region", "version": 1 }, "end_va": 2130571263, "entry_point": 0, "filename": null, "id": "region_7224", "name": "private_0x000000007efde000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130567168, "timestamp": "00:01:38.037", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2130571264, "type": "region", "version": 1 }, "end_va": 2130575359, "entry_point": 0, "filename": null, "id": "region_7225", "name": "private_0x000000007efdf000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130571264, "timestamp": "00:01:38.037", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16777216, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_7226", "name": "private_0x000000007efe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130575360, "timestamp": "00:01:38.037", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable" ], "ref_process_dump": null, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_7227", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:01:38.037", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "ignored_region" ], "info": "No dump was created because this is an ignored region", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8793945538560, "start_va": 2147418112, "type": "region", "version": 1 }, "end_va": 8796092956671, "entry_point": 0, "filename": null, "id": "region_7228", "name": "private_0x000000007fff0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147418112, "timestamp": "00:01:38.037", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 393216, "type": "region", "version": 1 }, "end_va": 397311, "entry_point": 0, "filename": null, "id": "region_7229", "name": "pagefile_0x0000000000060000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 393216, "timestamp": "00:01:38.037", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 3801088, "type": "region", "version": 1 }, "end_va": 4325375, "entry_point": 0, "filename": null, "id": "region_7265", "name": "private_0x00000000003a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 3801088, "timestamp": "00:01:38.329", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 258048, "start_va": 1948712960, "type": "region", "version": 1 }, "end_va": 1948971007, "entry_point": 1948900984, "filename": "\\Windows\\System32\\wow64.dll", "id": "region_7381", "name": "wow64.dll", "norm_filename": "c:\\windows\\system32\\wow64.dll", "region_type": "memory_mapped_file", "start_va": 1948712960, "timestamp": "00:01:40.584", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 376832, "start_va": 1948319744, "type": "region", "version": 1 }, "end_va": 1948696575, "entry_point": 1948579736, "filename": "\\Windows\\System32\\wow64win.dll", "id": "region_7382", "name": "wow64win.dll", "norm_filename": "c:\\windows\\system32\\wow64win.dll", "region_type": "memory_mapped_file", "start_va": 1948319744, "timestamp": "00:01:40.587", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1948254208, "type": "region", "version": 1 }, "end_va": 1948286975, "entry_point": 1948262648, "filename": "\\Windows\\System32\\wow64cpu.dll", "id": "region_7383", "name": "wow64cpu.dll", "norm_filename": "c:\\windows\\system32\\wow64cpu.dll", "region_type": "memory_mapped_file", "start_va": 1948254208, "timestamp": "00:01:40.589", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 5570560, "type": "region", "version": 1 }, "end_va": 6619135, "entry_point": 0, "filename": null, "id": "region_7384", "name": "private_0x0000000000550000", "norm_filename": null, "region_type": "private_memory", "start_va": 5570560, "timestamp": "00:01:40.638", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 286720, "start_va": 1977221120, "type": "region", "version": 1 }, "end_va": 1977507839, "entry_point": 1977250936, "filename": "\\Windows\\SysWOW64\\KernelBase.dll", "id": "region_7385", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\syswow64\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 1977221120, "timestamp": "00:01:40.639", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1114112, "start_va": 1977548800, "type": "region", "version": 1 }, "end_va": 1978662911, "entry_point": 1977627347, "filename": "\\Windows\\SysWOW64\\kernel32.dll", "id": "region_7386", "name": "kernel32.dll", "norm_filename": "c:\\windows\\syswow64\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1977548800, "timestamp": "00:01:40.639", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1024000, "start_va": 2005467136, "type": "region", "version": 1 }, "end_va": 2006491135, "entry_point": 0, "filename": null, "id": "region_7387", "name": "private_0x0000000077890000", "norm_filename": null, "region_type": "private_memory", "start_va": 2005467136, "timestamp": "00:01:40.639", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1175552, "start_va": 2006515712, "type": "region", "version": 1 }, "end_va": 2007691263, "entry_point": 0, "filename": null, "id": "region_7388", "name": "private_0x0000000077990000", "norm_filename": null, "region_type": "private_memory", "start_va": 2006515712, "timestamp": "00:01:40.639", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_7389", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:01:40.640", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2131623935, "entry_point": 0, "filename": null, "id": "region_7390", "name": "pagefile_0x000000007efe0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130575360, "timestamp": "00:01:40.640", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 15728640, "start_va": 2131623936, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_7391", "name": "private_0x000000007f0e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2131623936, "timestamp": "00:01:40.640", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_7392", "name": "pagefile_0x0000000000020000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 131072, "timestamp": "00:01:40.645", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 458752, "type": "region", "version": 1 }, "end_va": 880639, "entry_point": 458752, "filename": "\\Windows\\System32\\locale.nls", "id": "region_7393", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 458752, "timestamp": "00:01:40.645", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 704512, "start_va": 1998585856, "type": "region", "version": 1 }, "end_va": 1999290367, "entry_point": 1998627954, "filename": "\\Windows\\SysWOW64\\msvcrt.dll", "id": "region_7394", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\syswow64\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 1998585856, "timestamp": "00:01:40.648", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2004418560, "type": "region", "version": 1 }, "end_va": 2005467135, "entry_point": 2004530925, "filename": "\\Windows\\SysWOW64\\user32.dll", "id": "region_7395", "name": "user32.dll", "norm_filename": "c:\\windows\\syswow64\\user32.dll", "region_type": "memory_mapped_file", "start_va": 2004418560, "timestamp": "00:01:40.649", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 589824, "start_va": 1982464000, "type": "region", "version": 1 }, "end_va": 1983053823, "entry_point": 1982554947, "filename": "\\Windows\\SysWOW64\\gdi32.dll", "id": "region_7396", "name": "gdi32.dll", "norm_filename": "c:\\windows\\syswow64\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 1982464000, "timestamp": "00:01:40.650", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1999634432, "type": "region", "version": 1 }, "end_va": 1999675391, "entry_point": 1999648416, "filename": "\\Windows\\SysWOW64\\lpk.dll", "id": "region_7397", "name": "lpk.dll", "norm_filename": "c:\\windows\\syswow64\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 1999634432, "timestamp": "00:01:40.683", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 643072, "start_va": 1984430080, "type": "region", "version": 1 }, "end_va": 1985073151, "entry_point": 1984643031, "filename": "\\Windows\\SysWOW64\\usp10.dll", "id": "region_7398", "name": "usp10.dll", "norm_filename": "c:\\windows\\syswow64\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 1984430080, "timestamp": "00:01:40.689", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 655360, "start_va": 2001534976, "type": "region", "version": 1 }, "end_va": 2002190335, "entry_point": 2001619429, "filename": "\\Windows\\SysWOW64\\advapi32.dll", "id": "region_7399", "name": "advapi32.dll", "norm_filename": "c:\\windows\\syswow64\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 2001534976, "timestamp": "00:01:40.702", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 1999503360, "type": "region", "version": 1 }, "end_va": 1999605759, "entry_point": 1999522165, "filename": "\\Windows\\SysWOW64\\sechost.dll", "id": "region_7400", "name": "sechost.dll", "norm_filename": "c:\\windows\\syswow64\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 1999503360, "timestamp": "00:01:40.708", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 983040, "start_va": 1975844864, "type": "region", "version": 1 }, "end_va": 1976827903, "entry_point": 1975911785, "filename": "\\Windows\\SysWOW64\\rpcrt4.dll", "id": "region_7401", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\syswow64\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 1975844864, "timestamp": "00:01:40.736", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1971257344, "type": "region", "version": 1 }, "end_va": 1971650559, "entry_point": 1971364787, "filename": "\\Windows\\SysWOW64\\sspicli.dll", "id": "region_7402", "name": "sspicli.dll", "norm_filename": "c:\\windows\\syswow64\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 1971257344, "timestamp": "00:01:40.750", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1971191808, "type": "region", "version": 1 }, "end_va": 1971240959, "entry_point": 1971196129, "filename": "\\Windows\\SysWOW64\\cryptbase.dll", "id": "region_7403", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\syswow64\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 1971191808, "timestamp": "00:01:40.752", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1425408, "start_va": 2000093184, "type": "region", "version": 1 }, "end_va": 2001518591, "entry_point": 2000403005, "filename": "\\Windows\\SysWOW64\\ole32.dll", "id": "region_7404", "name": "ole32.dll", "norm_filename": "c:\\windows\\syswow64\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 2000093184, "timestamp": "00:01:40.753", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 585728, "start_va": 1985085440, "type": "region", "version": 1 }, "end_va": 1985671167, "entry_point": 1985101745, "filename": "\\Windows\\SysWOW64\\oleaut32.dll", "id": "region_7405", "name": "oleaut32.dll", "norm_filename": "c:\\windows\\syswow64\\oleaut32.dll", "region_type": "memory_mapped_file", "start_va": 1985085440, "timestamp": "00:01:40.756", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 356352, "start_va": 1976827904, "type": "region", "version": 1 }, "end_va": 1977184255, "entry_point": 1976933286, "filename": "\\Windows\\SysWOW64\\shlwapi.dll", "id": "region_7406", "name": "shlwapi.dll", "norm_filename": "c:\\windows\\syswow64\\shlwapi.dll", "region_type": "memory_mapped_file", "start_va": 1976827904, "timestamp": "00:01:40.760", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 36864, "start_va": 1968832512, "type": "region", "version": 1 }, "end_va": 1968869375, "entry_point": 1968838704, "filename": "\\Windows\\SysWOW64\\ktmw32.dll", "id": "region_7407", "name": "ktmw32.dll", "norm_filename": "c:\\windows\\syswow64\\ktmw32.dll", "region_type": "memory_mapped_file", "start_va": 1968832512, "timestamp": "00:01:40.763", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 1376256, "type": "region", "version": 1 }, "end_va": 1900543, "entry_point": 0, "filename": null, "id": "region_7408", "name": "private_0x0000000000150000", "norm_filename": null, "region_type": "private_memory", "start_va": 1376256, "timestamp": "00:01:40.816", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 122880, "start_va": 917504, "type": "region", "version": 1 }, "end_va": 1040383, "entry_point": 988559, "filename": "\\Windows\\SysWOW64\\imm32.dll", "id": "region_7409", "name": "imm32.dll", "norm_filename": "c:\\windows\\syswow64\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 917504, "timestamp": "00:01:40.881", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 7602176, "type": "region", "version": 1 }, "end_va": 9207807, "entry_point": 0, "filename": null, "id": "region_7410", "name": "pagefile_0x0000000000740000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 7602176, "timestamp": "00:01:40.881", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1980760064, "type": "region", "version": 1 }, "end_va": 1981153279, "entry_point": 1980831119, "filename": "\\Windows\\SysWOW64\\imm32.dll", "id": "region_7412", "name": "imm32.dll", "norm_filename": "c:\\windows\\syswow64\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 1980760064, "timestamp": "00:01:40.914", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 835584, "start_va": 2003238912, "type": "region", "version": 1 }, "end_va": 2004074495, "entry_point": 2003244683, "filename": "\\Windows\\SysWOW64\\msctf.dll", "id": "region_7413", "name": "msctf.dll", "norm_filename": "c:\\windows\\syswow64\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 2003238912, "timestamp": "00:01:40.923", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 786432, "start_va": 2555904, "type": "region", "version": 1 }, "end_va": 3342335, "entry_point": 0, "filename": null, "id": "region_7414", "name": "pagefile_0x0000000000270000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2555904, "timestamp": "00:01:41.023", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 9240576, "type": "region", "version": 1 }, "end_va": 10817535, "entry_point": 0, "filename": null, "id": "region_7415", "name": "pagefile_0x00000000008d0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 9240576, "timestamp": "00:01:41.023", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 28672, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 225279, "entry_point": 0, "filename": null, "id": "region_7416", "name": "pagefile_0x0000000000030000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 196608, "timestamp": "00:01:41.053", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 917504, "type": "region", "version": 1 }, "end_va": 925695, "entry_point": 0, "filename": null, "id": "region_7417", "name": "pagefile_0x00000000000e0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 917504, "timestamp": "00:01:41.053", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 73728, "start_va": 983040, "type": "region", "version": 1 }, "end_va": 1056767, "entry_point": 983040, "filename": "\\Windows\\SysWOW64\\en-US\\schtasks.exe.mui", "id": "region_7418", "name": "schtasks.exe.mui", "norm_filename": "c:\\windows\\syswow64\\en-us\\schtasks.exe.mui", "region_type": "memory_mapped_file", "start_va": 983040, "timestamp": "00:01:41.053", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 1376256, "type": "region", "version": 1 }, "end_va": 1380351, "entry_point": 0, "filename": null, "id": "region_7419", "name": "private_0x0000000000150000", "norm_filename": null, "region_type": "private_memory", "start_va": 1376256, "timestamp": "00:01:41.154", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 1441792, "type": "region", "version": 1 }, "end_va": 1445887, "entry_point": 0, "filename": null, "id": "region_7420", "name": "private_0x0000000000160000", "norm_filename": null, "region_type": "private_memory", "start_va": 1441792, "timestamp": "00:01:41.154", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 1835008, "type": "region", "version": 1 }, "end_va": 1900543, "entry_point": 0, "filename": null, "id": "region_7421", "name": "private_0x00000000001c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1835008, "timestamp": "00:01:41.154", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 36864, "start_va": 1968766976, "type": "region", "version": 1 }, "end_va": 1968803839, "entry_point": 1968771616, "filename": "\\Windows\\SysWOW64\\version.dll", "id": "region_7422", "name": "version.dll", "norm_filename": "c:\\windows\\syswow64\\version.dll", "region_type": "memory_mapped_file", "start_va": 1968766976, "timestamp": "00:01:41.166", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2945024, "start_va": 10878976, "type": "region", "version": 1 }, "end_va": 13823999, "entry_point": 10878976, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_7423", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 10878976, "timestamp": "00:01:41.199", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 3407872, "type": "region", "version": 1 }, "end_va": 3670015, "entry_point": 0, "filename": null, "id": "region_7492", "name": "private_0x0000000000340000", "norm_filename": null, "region_type": "private_memory", "start_va": 3407872, "timestamp": "00:01:43.950", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 5177344, "type": "region", "version": 1 }, "end_va": 5439487, "entry_point": 0, "filename": null, "id": "region_7493", "name": "private_0x00000000004f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 5177344, "timestamp": "00:01:43.950", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130542592, "type": "region", "version": 1 }, "end_va": 2130554879, "entry_point": 0, "filename": null, "id": "region_7494", "name": "private_0x000000007efd8000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130542592, "timestamp": "00:01:43.950", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 1507328, "type": "region", "version": 1 }, "end_va": 1511423, "entry_point": 0, "filename": null, "id": "region_7495", "name": "pagefile_0x0000000000170000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1507328, "timestamp": "00:01:43.984", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 536576, "start_va": 1981677568, "type": "region", "version": 1 }, "end_va": 1982214143, "entry_point": 1981686738, "filename": "\\Windows\\SysWOW64\\clbcatq.dll", "id": "region_7496", "name": "clbcatq.dll", "norm_filename": "c:\\windows\\syswow64\\clbcatq.dll", "region_type": "memory_mapped_file", "start_va": 1981677568, "timestamp": "00:01:43.997", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 1572864, "type": "region", "version": 1 }, "end_va": 1576959, "entry_point": 0, "filename": null, "id": "region_7497", "name": "pagefile_0x0000000000180000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1572864, "timestamp": "00:01:44.026", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 512000, "start_va": 1968242688, "type": "region", "version": 1 }, "end_va": 1968754687, "entry_point": 1968248426, "filename": "\\Windows\\SysWOW64\\taskschd.dll", "id": "region_7498", "name": "taskschd.dll", "norm_filename": "c:\\windows\\syswow64\\taskschd.dll", "region_type": "memory_mapped_file", "start_va": 1968242688, "timestamp": "00:01:44.119", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 192512, "start_va": 1968046080, "type": "region", "version": 1 }, "end_va": 1968238591, "entry_point": 1968046080, "filename": "\\Windows\\SysWOW64\\xmllite.dll", "id": "region_7502", "name": "xmllite.dll", "norm_filename": "c:\\windows\\syswow64\\xmllite.dll", "region_type": "memory_mapped_file", "start_va": 1968046080, "timestamp": "00:01:44.853", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "schtasks /Delete /F /TN drogon", "filename": "c:\\windows\\syswow64\\schtasks.exe", "id": "proc_67", "image_name": "schtasks.exe", "monitor_reason": "child_process", "monitored_id": 67, "origin_monitor_id": 57, "ref_parent_process": { "ref_id": "proc_57", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 131072, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_7230", "name": "private_0x0000000000010000", "norm_filename": null, "region_type": "private_memory", "start_va": 65536, "timestamp": "00:01:38.054", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 204799, "entry_point": 0, "filename": null, "id": "region_7231", "name": "private_0x0000000000030000", "norm_filename": null, "region_type": "private_memory", "start_va": 196608, "timestamp": "00:01:38.054", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 266239, "entry_point": 262144, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_7232", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 262144, "timestamp": "00:01:38.054", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 327680, "type": "region", "version": 1 }, "end_va": 344063, "entry_point": 0, "filename": null, "id": "region_7233", "name": "pagefile_0x0000000000050000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 327680, "timestamp": "00:01:38.054", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 1638400, "type": "region", "version": 1 }, "end_va": 1900543, "entry_point": 0, "filename": null, "id": "region_7234", "name": "private_0x0000000000190000", "norm_filename": null, "region_type": "private_memory", "start_va": 1638400, "timestamp": "00:01:38.054", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 2752512, "type": "region", "version": 1 }, "end_va": 3014655, "entry_point": 0, "filename": null, "id": "region_7235", "name": "private_0x00000000002a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2752512, "timestamp": "00:01:38.054", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 188416, "start_va": 7405568, "type": "region", "version": 1 }, "end_va": 7593983, "entry_point": 7501443, "filename": "\\Windows\\SysWOW64\\schtasks.exe", "id": "region_7236", "name": "schtasks.exe", "norm_filename": "c:\\windows\\syswow64\\schtasks.exe", "region_type": "memory_mapped_file", "start_va": 7405568, "timestamp": "00:01:38.055", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 2007695360, "type": "region", "version": 1 }, "end_va": 2009436159, "entry_point": 2007695360, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_7237", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2007695360, "timestamp": "00:01:38.055", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1572864, "start_va": 2009661440, "type": "region", "version": 1 }, "end_va": 2011234303, "entry_point": 2009661440, "filename": "\\Windows\\SysWOW64\\ntdll.dll", "id": "region_7238", "name": "ntdll.dll", "norm_filename": "c:\\windows\\syswow64\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2009661440, "timestamp": "00:01:38.055", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 2130378752, "type": "region", "version": 1 }, "end_va": 2130522111, "entry_point": 0, "filename": null, "id": "region_7239", "name": "pagefile_0x000000007efb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130378752, "timestamp": "00:01:38.055", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130554880, "type": "region", "version": 1 }, "end_va": 2130567167, "entry_point": 0, "filename": null, "id": "region_7240", "name": "private_0x000000007efdb000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130554880, "timestamp": "00:01:38.055", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2130567168, "type": "region", "version": 1 }, "end_va": 2130571263, "entry_point": 0, "filename": null, "id": "region_7241", "name": "private_0x000000007efde000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130567168, "timestamp": "00:01:38.055", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2130571264, "type": "region", "version": 1 }, "end_va": 2130575359, "entry_point": 0, "filename": null, "id": "region_7242", "name": "private_0x000000007efdf000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130571264, "timestamp": "00:01:38.055", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16777216, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_7243", "name": "private_0x000000007efe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130575360, "timestamp": "00:01:38.055", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable" ], "ref_process_dump": null, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_7244", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:01:38.055", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "ignored_region" ], "info": "No dump was created because this is an ignored region", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8793945538560, "start_va": 2147418112, "type": "region", "version": 1 }, "end_va": 8796092956671, "entry_point": 0, "filename": null, "id": "region_7245", "name": "private_0x000000007fff0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147418112, "timestamp": "00:01:38.055", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 393216, "type": "region", "version": 1 }, "end_va": 397311, "entry_point": 0, "filename": null, "id": "region_7246", "name": "pagefile_0x0000000000060000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 393216, "timestamp": "00:01:38.056", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 786432, "type": "region", "version": 1 }, "end_va": 1310719, "entry_point": 0, "filename": null, "id": "region_7266", "name": "private_0x00000000000c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 786432, "timestamp": "00:01:38.333", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 258048, "start_va": 1948712960, "type": "region", "version": 1 }, "end_va": 1948971007, "entry_point": 1948900984, "filename": "\\Windows\\System32\\wow64.dll", "id": "region_7332", "name": "wow64.dll", "norm_filename": "c:\\windows\\system32\\wow64.dll", "region_type": "memory_mapped_file", "start_va": 1948712960, "timestamp": "00:01:39.587", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 376832, "start_va": 1948319744, "type": "region", "version": 1 }, "end_va": 1948696575, "entry_point": 1948579736, "filename": "\\Windows\\System32\\wow64win.dll", "id": "region_7335", "name": "wow64win.dll", "norm_filename": "c:\\windows\\system32\\wow64win.dll", "region_type": "memory_mapped_file", "start_va": 1948319744, "timestamp": "00:01:39.780", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1948254208, "type": "region", "version": 1 }, "end_va": 1948286975, "entry_point": 1948262648, "filename": "\\Windows\\System32\\wow64cpu.dll", "id": "region_7336", "name": "wow64cpu.dll", "norm_filename": "c:\\windows\\system32\\wow64cpu.dll", "region_type": "memory_mapped_file", "start_va": 1948254208, "timestamp": "00:01:39.781", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1175552, "start_va": 2006515712, "type": "region", "version": 1 }, "end_va": 2007691263, "entry_point": 2006605472, "filename": "\\Windows\\System32\\kernel32.dll", "id": "region_7337", "name": "kernel32.dll", "norm_filename": "c:\\windows\\system32\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 2006515712, "timestamp": "00:01:39.782", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1114112, "start_va": 1977548800, "type": "region", "version": 1 }, "end_va": 1978662911, "entry_point": 1977627347, "filename": "\\Windows\\SysWOW64\\kernel32.dll", "id": "region_7338", "name": "kernel32.dll", "norm_filename": "c:\\windows\\syswow64\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1977548800, "timestamp": "00:01:39.783", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1175552, "start_va": 2006515712, "type": "region", "version": 1 }, "end_va": 2007691263, "entry_point": 0, "filename": null, "id": "region_7340", "name": "private_0x0000000077990000", "norm_filename": null, "region_type": "private_memory", "start_va": 2006515712, "timestamp": "00:01:39.785", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1024000, "start_va": 2005467136, "type": "region", "version": 1 }, "end_va": 2006491135, "entry_point": 2005574344, "filename": "\\Windows\\System32\\user32.dll", "id": "region_7341", "name": "user32.dll", "norm_filename": "c:\\windows\\system32\\user32.dll", "region_type": "memory_mapped_file", "start_va": 2005467136, "timestamp": "00:01:39.801", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1024000, "start_va": 2005467136, "type": "region", "version": 1 }, "end_va": 2006491135, "entry_point": 0, "filename": null, "id": "region_7342", "name": "private_0x0000000077890000", "norm_filename": null, "region_type": "private_memory", "start_va": 2005467136, "timestamp": "00:01:39.803", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1376256, "start_va": 3014656, "type": "region", "version": 1 }, "end_va": 4390911, "entry_point": 0, "filename": null, "id": "region_7343", "name": "private_0x00000000002e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 3014656, "timestamp": "00:01:39.838", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 286720, "start_va": 1977221120, "type": "region", "version": 1 }, "end_va": 1977507839, "entry_point": 1977250936, "filename": "\\Windows\\SysWOW64\\KernelBase.dll", "id": "region_7345", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\syswow64\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 1977221120, "timestamp": "00:01:39.858", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_7346", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:01:39.903", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2131623935, "entry_point": 0, "filename": null, "id": "region_7347", "name": "pagefile_0x000000007efe0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130575360, "timestamp": "00:01:39.903", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 15728640, "start_va": 2131623936, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_7348", "name": "private_0x000000007f0e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2131623936, "timestamp": "00:01:39.903", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_7349", "name": "pagefile_0x0000000000020000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 131072, "timestamp": "00:01:39.920", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 1900544, "type": "region", "version": 1 }, "end_va": 2322431, "entry_point": 1900544, "filename": "\\Windows\\System32\\locale.nls", "id": "region_7350", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 1900544, "timestamp": "00:01:39.920", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 704512, "start_va": 1998585856, "type": "region", "version": 1 }, "end_va": 1999290367, "entry_point": 1998627954, "filename": "\\Windows\\SysWOW64\\msvcrt.dll", "id": "region_7351", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\syswow64\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 1998585856, "timestamp": "00:01:39.920", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2004418560, "type": "region", "version": 1 }, "end_va": 2005467135, "entry_point": 2004530925, "filename": "\\Windows\\SysWOW64\\user32.dll", "id": "region_7352", "name": "user32.dll", "norm_filename": "c:\\windows\\syswow64\\user32.dll", "region_type": "memory_mapped_file", "start_va": 2004418560, "timestamp": "00:01:39.941", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 589824, "start_va": 1982464000, "type": "region", "version": 1 }, "end_va": 1983053823, "entry_point": 1982554947, "filename": "\\Windows\\SysWOW64\\gdi32.dll", "id": "region_7353", "name": "gdi32.dll", "norm_filename": "c:\\windows\\syswow64\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 1982464000, "timestamp": "00:01:39.950", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1999634432, "type": "region", "version": 1 }, "end_va": 1999675391, "entry_point": 1999648416, "filename": "\\Windows\\SysWOW64\\lpk.dll", "id": "region_7354", "name": "lpk.dll", "norm_filename": "c:\\windows\\syswow64\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 1999634432, "timestamp": "00:01:39.959", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 643072, "start_va": 1984430080, "type": "region", "version": 1 }, "end_va": 1985073151, "entry_point": 1984643031, "filename": "\\Windows\\SysWOW64\\usp10.dll", "id": "region_7355", "name": "usp10.dll", "norm_filename": "c:\\windows\\syswow64\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 1984430080, "timestamp": "00:01:39.967", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 655360, "start_va": 2001534976, "type": "region", "version": 1 }, "end_va": 2002190335, "entry_point": 2001619429, "filename": "\\Windows\\SysWOW64\\advapi32.dll", "id": "region_7356", "name": "advapi32.dll", "norm_filename": "c:\\windows\\syswow64\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 2001534976, "timestamp": "00:01:39.968", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 1999503360, "type": "region", "version": 1 }, "end_va": 1999605759, "entry_point": 1999522165, "filename": "\\Windows\\SysWOW64\\sechost.dll", "id": "region_7357", "name": "sechost.dll", "norm_filename": "c:\\windows\\syswow64\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 1999503360, "timestamp": "00:01:39.981", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 983040, "start_va": 1975844864, "type": "region", "version": 1 }, "end_va": 1976827903, "entry_point": 1975911785, "filename": "\\Windows\\SysWOW64\\rpcrt4.dll", "id": "region_7358", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\syswow64\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 1975844864, "timestamp": "00:01:39.998", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1971257344, "type": "region", "version": 1 }, "end_va": 1971650559, "entry_point": 1971364787, "filename": "\\Windows\\SysWOW64\\sspicli.dll", "id": "region_7359", "name": "sspicli.dll", "norm_filename": "c:\\windows\\syswow64\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 1971257344, "timestamp": "00:01:40.000", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1971191808, "type": "region", "version": 1 }, "end_va": 1971240959, "entry_point": 1971196129, "filename": "\\Windows\\SysWOW64\\cryptbase.dll", "id": "region_7360", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\syswow64\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 1971191808, "timestamp": "00:01:40.018", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1425408, "start_va": 2000093184, "type": "region", "version": 1 }, "end_va": 2001518591, "entry_point": 2000403005, "filename": "\\Windows\\SysWOW64\\ole32.dll", "id": "region_7361", "name": "ole32.dll", "norm_filename": "c:\\windows\\syswow64\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 2000093184, "timestamp": "00:01:40.033", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 585728, "start_va": 1985085440, "type": "region", "version": 1 }, "end_va": 1985671167, "entry_point": 1985101745, "filename": "\\Windows\\SysWOW64\\oleaut32.dll", "id": "region_7362", "name": "oleaut32.dll", "norm_filename": "c:\\windows\\syswow64\\oleaut32.dll", "region_type": "memory_mapped_file", "start_va": 1985085440, "timestamp": "00:01:40.034", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 356352, "start_va": 1976827904, "type": "region", "version": 1 }, "end_va": 1977184255, "entry_point": 1976933286, "filename": "\\Windows\\SysWOW64\\shlwapi.dll", "id": "region_7363", "name": "shlwapi.dll", "norm_filename": "c:\\windows\\syswow64\\shlwapi.dll", "region_type": "memory_mapped_file", "start_va": 1976827904, "timestamp": "00:01:40.051", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 36864, "start_va": 1968832512, "type": "region", "version": 1 }, "end_va": 1968869375, "entry_point": 1968838704, "filename": "\\Windows\\SysWOW64\\ktmw32.dll", "id": "region_7364", "name": "ktmw32.dll", "norm_filename": "c:\\windows\\syswow64\\ktmw32.dll", "region_type": "memory_mapped_file", "start_va": 1968832512, "timestamp": "00:01:40.122", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1966080, "start_va": 4390912, "type": "region", "version": 1 }, "end_va": 6356991, "entry_point": 0, "filename": null, "id": "region_7365", "name": "private_0x0000000000430000", "norm_filename": null, "region_type": "private_memory", "start_va": 4390912, "timestamp": "00:01:40.176", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 122880, "start_va": 458752, "type": "region", "version": 1 }, "end_va": 581631, "entry_point": 529807, "filename": "\\Windows\\SysWOW64\\imm32.dll", "id": "region_7366", "name": "imm32.dll", "norm_filename": "c:\\windows\\syswow64\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 458752, "timestamp": "00:01:40.230", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 4390912, "type": "region", "version": 1 }, "end_va": 5996543, "entry_point": 0, "filename": null, "id": "region_7367", "name": "pagefile_0x0000000000430000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 4390912, "timestamp": "00:01:40.231", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 6291456, "type": "region", "version": 1 }, "end_va": 6356991, "entry_point": 0, "filename": null, "id": "region_7368", "name": "private_0x0000000000600000", "norm_filename": null, "region_type": "private_memory", "start_va": 6291456, "timestamp": "00:01:40.231", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1980760064, "type": "region", "version": 1 }, "end_va": 1981153279, "entry_point": 1980831119, "filename": "\\Windows\\SysWOW64\\imm32.dll", "id": "region_7370", "name": "imm32.dll", "norm_filename": "c:\\windows\\syswow64\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 1980760064, "timestamp": "00:01:40.325", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 835584, "start_va": 2003238912, "type": "region", "version": 1 }, "end_va": 2004074495, "entry_point": 2003244683, "filename": "\\Windows\\SysWOW64\\msctf.dll", "id": "region_7371", "name": "msctf.dll", "norm_filename": "c:\\windows\\syswow64\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 2003238912, "timestamp": "00:01:40.346", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 786432, "start_va": 6356992, "type": "region", "version": 1 }, "end_va": 7143423, "entry_point": 0, "filename": null, "id": "region_7372", "name": "pagefile_0x0000000000610000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 6356992, "timestamp": "00:01:40.425", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 7602176, "type": "region", "version": 1 }, "end_va": 9179135, "entry_point": 0, "filename": null, "id": "region_7373", "name": "pagefile_0x0000000000740000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 7602176, "timestamp": "00:01:40.425", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 28672, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 225279, "entry_point": 0, "filename": null, "id": "region_7374", "name": "pagefile_0x0000000000030000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 196608, "timestamp": "00:01:40.428", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 458752, "type": "region", "version": 1 }, "end_va": 466943, "entry_point": 0, "filename": null, "id": "region_7375", "name": "pagefile_0x0000000000070000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 458752, "timestamp": "00:01:40.428", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 73728, "start_va": 524288, "type": "region", "version": 1 }, "end_va": 598015, "entry_point": 524288, "filename": "\\Windows\\SysWOW64\\en-US\\schtasks.exe.mui", "id": "region_7376", "name": "schtasks.exe.mui", "norm_filename": "c:\\windows\\syswow64\\en-us\\schtasks.exe.mui", "region_type": "memory_mapped_file", "start_va": 524288, "timestamp": "00:01:40.428", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 655360, "type": "region", "version": 1 }, "end_va": 659455, "entry_point": 0, "filename": null, "id": "region_7377", "name": "private_0x00000000000a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 655360, "timestamp": "00:01:40.470", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 720896, "type": "region", "version": 1 }, "end_va": 724991, "entry_point": 0, "filename": null, "id": "region_7378", "name": "private_0x00000000000b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 720896, "timestamp": "00:01:40.470", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 36864, "start_va": 1968766976, "type": "region", "version": 1 }, "end_va": 1968803839, "entry_point": 1968771616, "filename": "\\Windows\\SysWOW64\\version.dll", "id": "region_7379", "name": "version.dll", "norm_filename": "c:\\windows\\syswow64\\version.dll", "region_type": "memory_mapped_file", "start_va": 1968766976, "timestamp": "00:01:40.478", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2945024, "start_va": 9240576, "type": "region", "version": 1 }, "end_va": 12185599, "entry_point": 9240576, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_7380", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 9240576, "timestamp": "00:01:40.504", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 12779520, "type": "region", "version": 1 }, "end_va": 13041663, "entry_point": 0, "filename": null, "id": "region_7475", "name": "private_0x0000000000c30000", "norm_filename": null, "region_type": "private_memory", "start_va": 12779520, "timestamp": "00:01:42.302", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 13172736, "type": "region", "version": 1 }, "end_va": 13434879, "entry_point": 0, "filename": null, "id": "region_7476", "name": "private_0x0000000000c90000", "norm_filename": null, "region_type": "private_memory", "start_va": 13172736, "timestamp": "00:01:42.302", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130542592, "type": "region", "version": 1 }, "end_va": 2130554879, "entry_point": 0, "filename": null, "id": "region_7477", "name": "private_0x000000007efd8000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130542592, "timestamp": "00:01:42.302", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 1310720, "type": "region", "version": 1 }, "end_va": 1314815, "entry_point": 0, "filename": null, "id": "region_7478", "name": "pagefile_0x0000000000140000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1310720, "timestamp": "00:01:42.427", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 536576, "start_va": 1981677568, "type": "region", "version": 1 }, "end_va": 1982214143, "entry_point": 1981686738, "filename": "\\Windows\\SysWOW64\\clbcatq.dll", "id": "region_7479", "name": "clbcatq.dll", "norm_filename": "c:\\windows\\syswow64\\clbcatq.dll", "region_type": "memory_mapped_file", "start_va": 1981677568, "timestamp": "00:01:42.428", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 1376256, "type": "region", "version": 1 }, "end_va": 1380351, "entry_point": 0, "filename": null, "id": "region_7480", "name": "pagefile_0x0000000000150000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1376256, "timestamp": "00:01:42.501", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 512000, "start_va": 1968242688, "type": "region", "version": 1 }, "end_va": 1968754687, "entry_point": 1968242688, "filename": "\\Windows\\SysWOW64\\taskschd.dll", "id": "region_7481", "name": "taskschd.dll", "norm_filename": "c:\\windows\\syswow64\\taskschd.dll", "region_type": "memory_mapped_file", "start_va": 1968242688, "timestamp": "00:01:43.262", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "schtasks /Delete /F /TN viserion_0", "filename": "c:\\windows\\syswow64\\schtasks.exe", "id": "proc_68", "image_name": "schtasks.exe", "monitor_reason": "child_process", "monitored_id": 68, "origin_monitor_id": 62, "ref_parent_process": { "ref_id": "proc_62", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 131072, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_7248", "name": "private_0x0000000000010000", "norm_filename": null, "region_type": "private_memory", "start_va": 65536, "timestamp": "00:01:38.271", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 204799, "entry_point": 0, "filename": null, "id": "region_7249", "name": "private_0x0000000000030000", "norm_filename": null, "region_type": "private_memory", "start_va": 196608, "timestamp": "00:01:38.271", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 266239, "entry_point": 262144, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_7250", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 262144, "timestamp": "00:01:38.272", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 327680, "type": "region", "version": 1 }, "end_va": 344063, "entry_point": 0, "filename": null, "id": "region_7251", "name": "pagefile_0x0000000000050000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 327680, "timestamp": "00:01:38.272", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 458752, "type": "region", "version": 1 }, "end_va": 720895, "entry_point": 0, "filename": null, "id": "region_7252", "name": "private_0x0000000000070000", "norm_filename": null, "region_type": "private_memory", "start_va": 458752, "timestamp": "00:01:38.272", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 2031616, "type": "region", "version": 1 }, "end_va": 2293759, "entry_point": 0, "filename": null, "id": "region_7253", "name": "private_0x00000000001f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2031616, "timestamp": "00:01:38.272", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 188416, "start_va": 7405568, "type": "region", "version": 1 }, "end_va": 7593983, "entry_point": 7501443, "filename": "\\Windows\\SysWOW64\\schtasks.exe", "id": "region_7254", "name": "schtasks.exe", "norm_filename": "c:\\windows\\syswow64\\schtasks.exe", "region_type": "memory_mapped_file", "start_va": 7405568, "timestamp": "00:01:38.272", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 2007695360, "type": "region", "version": 1 }, "end_va": 2009436159, "entry_point": 2007695360, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_7255", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2007695360, "timestamp": "00:01:38.272", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1572864, "start_va": 2009661440, "type": "region", "version": 1 }, "end_va": 2011234303, "entry_point": 2009661440, "filename": "\\Windows\\SysWOW64\\ntdll.dll", "id": "region_7256", "name": "ntdll.dll", "norm_filename": "c:\\windows\\syswow64\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2009661440, "timestamp": "00:01:38.272", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 2130378752, "type": "region", "version": 1 }, "end_va": 2130522111, "entry_point": 0, "filename": null, "id": "region_7257", "name": "pagefile_0x000000007efb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130378752, "timestamp": "00:01:38.272", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130554880, "type": "region", "version": 1 }, "end_va": 2130567167, "entry_point": 0, "filename": null, "id": "region_7258", "name": "private_0x000000007efdb000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130554880, "timestamp": "00:01:38.272", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2130567168, "type": "region", "version": 1 }, "end_va": 2130571263, "entry_point": 0, "filename": null, "id": "region_7259", "name": "private_0x000000007efde000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130567168, "timestamp": "00:01:38.272", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2130571264, "type": "region", "version": 1 }, "end_va": 2130575359, "entry_point": 0, "filename": null, "id": "region_7260", "name": "private_0x000000007efdf000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130571264, "timestamp": "00:01:38.272", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16777216, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_7261", "name": "private_0x000000007efe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130575360, "timestamp": "00:01:38.273", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable" ], "ref_process_dump": null, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_7262", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:01:38.273", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "ignored_region" ], "info": "No dump was created because this is an ignored region", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8793945538560, "start_va": 2147418112, "type": "region", "version": 1 }, "end_va": 8796092956671, "entry_point": 0, "filename": null, "id": "region_7263", "name": "private_0x000000007fff0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147418112, "timestamp": "00:01:38.273", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 393216, "type": "region", "version": 1 }, "end_va": 397311, "entry_point": 0, "filename": null, "id": "region_7264", "name": "pagefile_0x0000000000060000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 393216, "timestamp": "00:01:38.274", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 3211264, "type": "region", "version": 1 }, "end_va": 3735551, "entry_point": 0, "filename": null, "id": "region_7283", "name": "private_0x0000000000310000", "norm_filename": null, "region_type": "private_memory", "start_va": 3211264, "timestamp": "00:01:38.461", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 258048, "start_va": 1948712960, "type": "region", "version": 1 }, "end_va": 1948971007, "entry_point": 1948900984, "filename": "\\Windows\\System32\\wow64.dll", "id": "region_7284", "name": "wow64.dll", "norm_filename": "c:\\windows\\system32\\wow64.dll", "region_type": "memory_mapped_file", "start_va": 1948712960, "timestamp": "00:01:38.464", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 376832, "start_va": 1948319744, "type": "region", "version": 1 }, "end_va": 1948696575, "entry_point": 1948579736, "filename": "\\Windows\\System32\\wow64win.dll", "id": "region_7285", "name": "wow64win.dll", "norm_filename": "c:\\windows\\system32\\wow64win.dll", "region_type": "memory_mapped_file", "start_va": 1948319744, "timestamp": "00:01:38.465", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1948254208, "type": "region", "version": 1 }, "end_va": 1948286975, "entry_point": 1948262648, "filename": "\\Windows\\System32\\wow64cpu.dll", "id": "region_7286", "name": "wow64cpu.dll", "norm_filename": "c:\\windows\\system32\\wow64cpu.dll", "region_type": "memory_mapped_file", "start_va": 1948254208, "timestamp": "00:01:38.466", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1175552, "start_va": 2006515712, "type": "region", "version": 1 }, "end_va": 2007691263, "entry_point": 2006605472, "filename": "\\Windows\\System32\\kernel32.dll", "id": "region_7287", "name": "kernel32.dll", "norm_filename": "c:\\windows\\system32\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 2006515712, "timestamp": "00:01:38.469", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 4653056, "type": "region", "version": 1 }, "end_va": 5701631, "entry_point": 0, "filename": null, "id": "region_7312", "name": "private_0x0000000000470000", "norm_filename": null, "region_type": "private_memory", "start_va": 4653056, "timestamp": "00:01:39.331", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 286720, "start_va": 1977221120, "type": "region", "version": 1 }, "end_va": 1977507839, "entry_point": 1977250936, "filename": "\\Windows\\SysWOW64\\KernelBase.dll", "id": "region_7313", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\syswow64\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 1977221120, "timestamp": "00:01:39.331", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1114112, "start_va": 1977548800, "type": "region", "version": 1 }, "end_va": 1978662911, "entry_point": 1977627347, "filename": "\\Windows\\SysWOW64\\kernel32.dll", "id": "region_7314", "name": "kernel32.dll", "norm_filename": "c:\\windows\\syswow64\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1977548800, "timestamp": "00:01:39.331", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1024000, "start_va": 2005467136, "type": "region", "version": 1 }, "end_va": 2006491135, "entry_point": 0, "filename": null, "id": "region_7315", "name": "private_0x0000000077890000", "norm_filename": null, "region_type": "private_memory", "start_va": 2005467136, "timestamp": "00:01:39.331", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_7316", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:01:39.347", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2131623935, "entry_point": 0, "filename": null, "id": "region_7317", "name": "pagefile_0x000000007efe0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130575360, "timestamp": "00:01:39.347", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 15728640, "start_va": 2131623936, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_7318", "name": "private_0x000000007f0e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2131623936, "timestamp": "00:01:39.348", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_7322", "name": "pagefile_0x0000000000020000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 131072, "timestamp": "00:01:39.385", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 720896, "type": "region", "version": 1 }, "end_va": 1142783, "entry_point": 720896, "filename": "\\Windows\\System32\\locale.nls", "id": "region_7323", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 720896, "timestamp": "00:01:39.385", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 704512, "start_va": 1998585856, "type": "region", "version": 1 }, "end_va": 1999290367, "entry_point": 1998627954, "filename": "\\Windows\\SysWOW64\\msvcrt.dll", "id": "region_7324", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\syswow64\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 1998585856, "timestamp": "00:01:39.385", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2004418560, "type": "region", "version": 1 }, "end_va": 2005467135, "entry_point": 2004530925, "filename": "\\Windows\\SysWOW64\\user32.dll", "id": "region_7325", "name": "user32.dll", "norm_filename": "c:\\windows\\syswow64\\user32.dll", "region_type": "memory_mapped_file", "start_va": 2004418560, "timestamp": "00:01:39.410", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 589824, "start_va": 1982464000, "type": "region", "version": 1 }, "end_va": 1983053823, "entry_point": 1982554947, "filename": "\\Windows\\SysWOW64\\gdi32.dll", "id": "region_7326", "name": "gdi32.dll", "norm_filename": "c:\\windows\\syswow64\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 1982464000, "timestamp": "00:01:39.415", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1999634432, "type": "region", "version": 1 }, "end_va": 1999675391, "entry_point": 1999648416, "filename": "\\Windows\\SysWOW64\\lpk.dll", "id": "region_7327", "name": "lpk.dll", "norm_filename": "c:\\windows\\syswow64\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 1999634432, "timestamp": "00:01:39.433", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 643072, "start_va": 1984430080, "type": "region", "version": 1 }, "end_va": 1985073151, "entry_point": 1984643031, "filename": "\\Windows\\SysWOW64\\usp10.dll", "id": "region_7328", "name": "usp10.dll", "norm_filename": "c:\\windows\\syswow64\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 1984430080, "timestamp": "00:01:39.436", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 655360, "start_va": 2001534976, "type": "region", "version": 1 }, "end_va": 2002190335, "entry_point": 2001619429, "filename": "\\Windows\\SysWOW64\\advapi32.dll", "id": "region_7329", "name": "advapi32.dll", "norm_filename": "c:\\windows\\syswow64\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 2001534976, "timestamp": "00:01:39.441", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 1999503360, "type": "region", "version": 1 }, "end_va": 1999605759, "entry_point": 1999522165, "filename": "\\Windows\\SysWOW64\\sechost.dll", "id": "region_7424", "name": "sechost.dll", "norm_filename": "c:\\windows\\syswow64\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 1999503360, "timestamp": "00:01:41.679", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 983040, "start_va": 1975844864, "type": "region", "version": 1 }, "end_va": 1976827903, "entry_point": 1975911785, "filename": "\\Windows\\SysWOW64\\rpcrt4.dll", "id": "region_7425", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\syswow64\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 1975844864, "timestamp": "00:01:41.689", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1971257344, "type": "region", "version": 1 }, "end_va": 1971650559, "entry_point": 1971364787, "filename": "\\Windows\\SysWOW64\\sspicli.dll", "id": "region_7426", "name": "sspicli.dll", "norm_filename": "c:\\windows\\syswow64\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 1971257344, "timestamp": "00:01:41.697", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1971191808, "type": "region", "version": 1 }, "end_va": 1971240959, "entry_point": 1971196129, "filename": "\\Windows\\SysWOW64\\cryptbase.dll", "id": "region_7427", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\syswow64\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 1971191808, "timestamp": "00:01:41.718", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1425408, "start_va": 2000093184, "type": "region", "version": 1 }, "end_va": 2001518591, "entry_point": 2000403005, "filename": "\\Windows\\SysWOW64\\ole32.dll", "id": "region_7428", "name": "ole32.dll", "norm_filename": "c:\\windows\\syswow64\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 2000093184, "timestamp": "00:01:41.734", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 585728, "start_va": 1985085440, "type": "region", "version": 1 }, "end_va": 1985671167, "entry_point": 1985101745, "filename": "\\Windows\\SysWOW64\\oleaut32.dll", "id": "region_7429", "name": "oleaut32.dll", "norm_filename": "c:\\windows\\syswow64\\oleaut32.dll", "region_type": "memory_mapped_file", "start_va": 1985085440, "timestamp": "00:01:41.740", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 356352, "start_va": 1976827904, "type": "region", "version": 1 }, "end_va": 1977184255, "entry_point": 1976933286, "filename": "\\Windows\\SysWOW64\\shlwapi.dll", "id": "region_7430", "name": "shlwapi.dll", "norm_filename": "c:\\windows\\syswow64\\shlwapi.dll", "region_type": "memory_mapped_file", "start_va": 1976827904, "timestamp": "00:01:41.741", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 36864, "start_va": 1968832512, "type": "region", "version": 1 }, "end_va": 1968869375, "entry_point": 1968838704, "filename": "\\Windows\\SysWOW64\\ktmw32.dll", "id": "region_7431", "name": "ktmw32.dll", "norm_filename": "c:\\windows\\syswow64\\ktmw32.dll", "region_type": "memory_mapped_file", "start_va": 1968832512, "timestamp": "00:01:41.751", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1245184, "start_va": 5701632, "type": "region", "version": 1 }, "end_va": 6946815, "entry_point": 0, "filename": null, "id": "region_7432", "name": "private_0x0000000000570000", "norm_filename": null, "region_type": "private_memory", "start_va": 5701632, "timestamp": "00:01:41.772", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 122880, "start_va": 1179648, "type": "region", "version": 1 }, "end_va": 1302527, "entry_point": 1250703, "filename": "\\Windows\\SysWOW64\\imm32.dll", "id": "region_7433", "name": "imm32.dll", "norm_filename": "c:\\windows\\syswow64\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 1179648, "timestamp": "00:01:41.777", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 7602176, "type": "region", "version": 1 }, "end_va": 9207807, "entry_point": 0, "filename": null, "id": "region_7434", "name": "pagefile_0x0000000000740000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 7602176, "timestamp": "00:01:41.777", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1980760064, "type": "region", "version": 1 }, "end_va": 1981153279, "entry_point": 1980831119, "filename": "\\Windows\\SysWOW64\\imm32.dll", "id": "region_7436", "name": "imm32.dll", "norm_filename": "c:\\windows\\syswow64\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 1980760064, "timestamp": "00:01:41.833", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 835584, "start_va": 2003238912, "type": "region", "version": 1 }, "end_va": 2004074495, "entry_point": 2003244683, "filename": "\\Windows\\SysWOW64\\msctf.dll", "id": "region_7437", "name": "msctf.dll", "norm_filename": "c:\\windows\\syswow64\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 2003238912, "timestamp": "00:01:41.849", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 786432, "start_va": 1179648, "type": "region", "version": 1 }, "end_va": 1966079, "entry_point": 0, "filename": null, "id": "region_7438", "name": "pagefile_0x0000000000120000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1179648, "timestamp": "00:01:41.879", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 9240576, "type": "region", "version": 1 }, "end_va": 10817535, "entry_point": 0, "filename": null, "id": "region_7439", "name": "pagefile_0x00000000008d0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 9240576, "timestamp": "00:01:41.879", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 28672, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 225279, "entry_point": 0, "filename": null, "id": "region_7440", "name": "pagefile_0x0000000000030000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 196608, "timestamp": "00:01:41.975", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 1966080, "type": "region", "version": 1 }, "end_va": 1974271, "entry_point": 0, "filename": null, "id": "region_7441", "name": "pagefile_0x00000000001e0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1966080, "timestamp": "00:01:41.975", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 73728, "start_va": 2293760, "type": "region", "version": 1 }, "end_va": 2367487, "entry_point": 2293760, "filename": "\\Windows\\SysWOW64\\en-US\\schtasks.exe.mui", "id": "region_7442", "name": "schtasks.exe.mui", "norm_filename": "c:\\windows\\syswow64\\en-us\\schtasks.exe.mui", "region_type": "memory_mapped_file", "start_va": 2293760, "timestamp": "00:01:41.975", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2424832, "type": "region", "version": 1 }, "end_va": 2428927, "entry_point": 0, "filename": null, "id": "region_7443", "name": "private_0x0000000000250000", "norm_filename": null, "region_type": "private_memory", "start_va": 2424832, "timestamp": "00:01:42.098", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2490368, "type": "region", "version": 1 }, "end_va": 2494463, "entry_point": 0, "filename": null, "id": "region_7444", "name": "private_0x0000000000260000", "norm_filename": null, "region_type": "private_memory", "start_va": 2490368, "timestamp": "00:01:42.098", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 36864, "start_va": 1968766976, "type": "region", "version": 1 }, "end_va": 1968803839, "entry_point": 1968771616, "filename": "\\Windows\\SysWOW64\\version.dll", "id": "region_7467", "name": "version.dll", "norm_filename": "c:\\windows\\syswow64\\version.dll", "region_type": "memory_mapped_file", "start_va": 1968766976, "timestamp": "00:01:42.180", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2945024, "start_va": 10878976, "type": "region", "version": 1 }, "end_va": 13823999, "entry_point": 10878976, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_7468", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 10878976, "timestamp": "00:01:42.206", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 3801088, "type": "region", "version": 1 }, "end_va": 4063231, "entry_point": 0, "filename": null, "id": "region_7485", "name": "private_0x00000000003a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 3801088, "timestamp": "00:01:43.766", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 4390912, "type": "region", "version": 1 }, "end_va": 4653055, "entry_point": 0, "filename": null, "id": "region_7486", "name": "private_0x0000000000430000", "norm_filename": null, "region_type": "private_memory", "start_va": 4390912, "timestamp": "00:01:43.766", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130542592, "type": "region", "version": 1 }, "end_va": 2130554879, "entry_point": 0, "filename": null, "id": "region_7487", "name": "private_0x000000007efd8000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130542592, "timestamp": "00:01:43.766", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 2555904, "type": "region", "version": 1 }, "end_va": 2559999, "entry_point": 0, "filename": null, "id": "region_7488", "name": "pagefile_0x0000000000270000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2555904, "timestamp": "00:01:43.841", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 536576, "start_va": 1981677568, "type": "region", "version": 1 }, "end_va": 1982214143, "entry_point": 1981686738, "filename": "\\Windows\\SysWOW64\\clbcatq.dll", "id": "region_7489", "name": "clbcatq.dll", "norm_filename": "c:\\windows\\syswow64\\clbcatq.dll", "region_type": "memory_mapped_file", "start_va": 1981677568, "timestamp": "00:01:43.843", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 2621440, "type": "region", "version": 1 }, "end_va": 2625535, "entry_point": 0, "filename": null, "id": "region_7490", "name": "pagefile_0x0000000000280000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2621440, "timestamp": "00:01:43.887", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 512000, "start_va": 1968242688, "type": "region", "version": 1 }, "end_va": 1968754687, "entry_point": 1968248426, "filename": "\\Windows\\SysWOW64\\taskschd.dll", "id": "region_7491", "name": "taskschd.dll", "norm_filename": "c:\\windows\\syswow64\\taskschd.dll", "region_type": "memory_mapped_file", "start_va": 1968242688, "timestamp": "00:01:43.890", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 786432, "start_va": 5701632, "type": "region", "version": 1 }, "end_va": 6488063, "entry_point": 5701632, "filename": "\\Windows\\SysWOW64\\en-US\\KernelBase.dll.mui", "id": "region_7499", "name": "kernelbase.dll.mui", "norm_filename": "c:\\windows\\syswow64\\en-us\\kernelbase.dll.mui", "region_type": "memory_mapped_file", "start_va": 5701632, "timestamp": "00:01:44.292", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 6881280, "type": "region", "version": 1 }, "end_va": 6946815, "entry_point": 0, "filename": null, "id": "region_7500", "name": "private_0x0000000000690000", "norm_filename": null, "region_type": "private_memory", "start_va": 6881280, "timestamp": "00:01:44.292", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 } ], "remarks": { "critical": [ { "comment": "Privileged kernel code was executed during the analysis. Refer to the kernel analysis section on the left for further details.", "id": 2, "type": "remark", "version": 1 } ], "non_critical": [ { "comment": "The file extraction total size limit was reached during the analysis. Some files may be missing in the reports. You can increase the limit in the configuration.", "id": 256, "type": "remark", "version": 1 }, { "comment": "The dump total size limit was reached during the analysis. Some memory dump may be missing in the reports. You can increase the limit in the configuration.", "id": 512, "type": "remark", "version": 1 }, { "comment": "The operating system was rebooted during the analysis.", "id": 128, "type": "remark", "version": 1 }, { "comment": "The maximum number of dumps was reached during the analysis. Some memory dumps may be missing in the reports. You can increase the limit in the configuration.", "id": 2048, "type": "remark", "version": 1 }, { "comment": "The overall sleep time of all monitored processes was truncated from 23 minutes to 30 seconds to reveal dormant functionality.", "id": 262144, "type": "remark", "version": 1 } ], "type": "remarks", "version": 1 }, "sample_details": { "filename": "ifzkkpwij.exe", "id": 19992, "md5_hash": "fbbdc39af1139aebba4da004475e8839", "sample_type": "windows_exe_(x86-32)", "sha1_hash": "de5c8d858e6e41da715dca1c019df0bfb92d32c0", "sha256_hash": "630325cac09ac3fab908f903e3b00d0dadd5fdaa0875ed8496fcbb97a558d0da", "size": 441899, "type": "sample_details", "version": 1 }, "screenshots": [ { "screenshot_archive_path": "screenshots/screenshot_0.png", "size": 54922, "thumbnail_archive_path": "screenshots/thumbnail_0.png", "timestamp": "00:00:00.000", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_9994.png", "size": 68400, "thumbnail_archive_path": "screenshots/thumbnail_9994.png", "timestamp": "00:00:09.994", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_11019.png", "size": 50984, "thumbnail_archive_path": "screenshots/thumbnail_11019.png", "timestamp": "00:00:11.019", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_14371.png", "size": 57367, "thumbnail_archive_path": "screenshots/thumbnail_14371.png", "timestamp": "00:00:14.371", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_15386.png", "size": 50984, "thumbnail_archive_path": "screenshots/thumbnail_15386.png", "timestamp": "00:00:15.386", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_39666.png", "size": 4181, "thumbnail_archive_path": "screenshots/thumbnail_39666.png", "timestamp": "00:00:39.666", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_40676.png", "size": 488635, "thumbnail_archive_path": "screenshots/thumbnail_40676.png", "timestamp": "00:00:40.676", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_55809.png", "size": 3848, "thumbnail_archive_path": "screenshots/thumbnail_55809.png", "timestamp": "00:00:55.809", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_56857.png", "size": 488646, "thumbnail_archive_path": "screenshots/thumbnail_56857.png", "timestamp": "00:00:56.857", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_73438.png", "size": 488651, "thumbnail_archive_path": "screenshots/thumbnail_73438.png", "timestamp": "00:01:13.438", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_74467.png", "size": 103948, "thumbnail_archive_path": "screenshots/thumbnail_74467.png", "timestamp": "00:01:14.467", "type": "screenshot", "version": 1 } ], "type": "summary", "version": 1, "vm_and_analyzer_details": { "adobe_acrobat_reader_version": "not_installed", "analyzer_build_date": "2017-10-17 16:08", "analyzer_version": "2.2.0", "chrome_version": "58.0.3029.110", "firefox_version": "25.0", "flash_version": "10.3.183.75", "internet_explorer_version": "8.0.7601.17514", "java_version": "7.0.450", "microsoft_excel_version": "not_installed", "microsoft_office_version": "not_installed", "microsoft_power_point_version": "not_installed", "microsoft_project_version": "not_installed", "microsoft_publisher_version": "not_installed", "microsoft_visio_version": "not_installed", "microsoft_word_version": "not_installed", "silverlight_version": "not_installed", "type": "vm_and_analyzer_details", "version": 1, "vm_architecture": "x86_64-bit", "vm_kernel_version": "6.1.7601.17514_(3844dbb9-2017-4967-be7a-a4a2c20430fa)", "vm_name": null, "vm_os": "windows_7" }, "vti": { "type": "vti", "version": 1, "vti_built_in_rules_version": "2.6", "vti_rule_matches": [ { "artifacts": { "files": [ { "filename": "C:\\Windows\\infpub.dat", "hashes": [ { "md5_hash": "1d724f95c61f1055f0d02c2154bbccd3", "sha1_hash": "79116fe99f2b421c52ef64097f0f39b815b20907", "sha256_hash": "579fd8a0385482fb4c789561a30b09f25671e86422f40ef5cca2036b28f99648", "type": "file_hash", "version": 1 }, { "md5_hash": "c4f26ed277b51ef45fa180be597d96e8", "sha1_hash": "e9efc622924fb965d4a14bdb6223834d9a9007e7", "sha256_hash": "14d82a676b63ab046ae94fa5e41f9f69a65dc7946826cb3d74cea6c030c2f958", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\windows\\infpub.dat", "operations": [ "access" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_os_dir", "operation_desc": "Modify operating system directory", "ref_gfncalls": [ { "ref_id": "gfn_8", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_create_file_in_os_dir", "technique_desc": "Create file \"C:\\Windows\\infpub.dat\" in the OS directory.", "technique_path": "built_in._file_system._modify_os_dir.vmray_create_file_in_os_dir", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_process", "category_desc": "Process", "operation": "_create_process_with_hidden_window", "operation_desc": "Create process with hidden window", "ref_gfncalls": [ { "ref_id": "gfn_10", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_create_process_with_hidden_window", "technique_desc": "The process \"C:\\Windows\\system32\\rundll32.exe\" starts with hidden window.", "technique_path": "built_in._process._create_process_with_hidden_window.vmray_create_process_with_hidden_window", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_anti_analysis", "category_desc": "Anti Analysis", "operation": "_dynamic_api_usage", "operation_desc": "Dynamic API usage", "ref_gfncalls": [ { "ref_id": "gfn_90", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_dynamic_api_usage_by_api", "technique_desc": "Resolve above average number of APIs.", "technique_path": "built_in._anti_analysis._dynamic_api_usage.vmray_dynamic_api_usage_by_api", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [ { "mutex_name": "9A1966663AD6FDE5", "operations": [ "access" ], "type": "mutex_artifact", "version": 1 } ], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_process", "category_desc": "Process", "operation": "_install_ipc_endpoint", "operation_desc": "Create system object", "ref_gfncalls": [ { "ref_id": "gfn_254", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_install_ipc_endpoint", "technique_desc": "Create mutex with name \"9A1966663AD6FDE5\".", "technique_path": "built_in._process._install_ipc_endpoint.vmray_install_ipc_endpoint", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Windows\\cscc.dat", "hashes": [ { "md5_hash": "edb72f4a46c39452d1a5414f7d26454a", "sha1_hash": "08f94684e83a27f2414f439975b7f8a6d61fc056", "sha256_hash": "0b2f863f4119dc88a22cc97c0a136c88a0127cb026751303b045f7322a8972f6", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\windows\\cscc.dat", "operations": [ "access" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_os_dir", "operation_desc": "Modify operating system directory", "ref_gfncalls": [ { "ref_id": "gfn_257", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_create_file_in_os_dir", "technique_desc": "Create file \"C:\\Windows\\cscc.dat\" in the OS directory.", "technique_path": "built_in._file_system._modify_os_dir.vmray_create_file_in_os_dir", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Windows\\dispci.exe", "hashes": [ { "md5_hash": "b14d8faf7f0cbcfad051cefe5f39645f", "sha1_hash": "afeee8b4acff87bc469a6f0364a81ae5d60a2add", "sha256_hash": "8ebc97e05c8e1073bda2efb6f4d00ad7e789260afa2c276f0c72740b838a0a93", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\windows\\dispci.exe", "operations": [ "access" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_os_dir", "operation_desc": "Modify operating system directory", "ref_gfncalls": [ { "ref_id": "gfn_260", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_create_file_in_os_dir", "technique_desc": "Create file \"C:\\Windows\\dispci.exe\" in the OS directory.", "technique_path": "built_in._file_system._modify_os_dir.vmray_create_file_in_os_dir", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_process", "category_desc": "Process", "operation": "_create_process_with_hidden_window", "operation_desc": "Create process with hidden window", "ref_gfncalls": [ { "ref_id": "gfn_263", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_create_process_with_hidden_window", "technique_desc": "The process \"C:\\Windows\\system32\\cmd.exe\" starts with hidden window.", "technique_path": "built_in._process._create_process_with_hidden_window.vmray_create_process_with_hidden_window", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_persistence", "category_desc": "Persistence", "operation": "_install_kernel_driver", "operation_desc": "Install kernel driver", "ref_gfncalls": [ { "ref_id": "gfn_368", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_install_signed_kernel_driver", "technique_desc": "Install signed kernel driver with service name \"cscc\".", "technique_path": "built_in._persistence._install_kernel_driver.vmray_install_signed_kernel_driver", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Windows\\41D0.tmp", "hashes": [ { "md5_hash": "d41d8cd98f00b204e9800998ecf8427e", "sha1_hash": "da39a3ee5e6b4b0d3255bfef95601890afd80709", "sha256_hash": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", "type": "file_hash", "version": 1 }, { "md5_hash": "347ac3b6b791054de3e5720a7144a977", "sha1_hash": "413eba3973a15c1a6429d9f170f3e8287f98c21c", "sha256_hash": "301b905eb98d8d6bb559c04bbda26628a942b2c4107c07a02e8f753bdcfe347c", "type": "file_hash", "version": 1 }, { "md5_hash": "c7ca77d847f1802502ef3b9228d388e4", "sha1_hash": "80ab09116d877b924dfec5b6e8eb6d3dde35869e", "sha256_hash": "fdef2f6da8c5e8002fa5822e8e4fea278fba66c22df9e13b61c8a95c2f9d585f", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\windows\\41d0.tmp", "operations": [ "access" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_os_dir", "operation_desc": "Modify operating system directory", "ref_gfncalls": [ { "ref_id": "gfn_451", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_create_file_in_os_dir", "technique_desc": "Create file \"C:\\Windows\\41D0.tmp\" in the OS directory.", "technique_path": "built_in._file_system._modify_os_dir.vmray_create_file_in_os_dir", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_process", "category_desc": "Process", "operation": "_create_process_with_hidden_window", "operation_desc": "Create process with hidden window", "ref_gfncalls": [ { "ref_id": "gfn_454", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_create_process_with_hidden_window", "technique_desc": "The process \"C:\\Windows\\41D0.tmp\" starts with hidden window.", "technique_path": "built_in._process._create_process_with_hidden_window.vmray_create_process_with_hidden_window", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_process", "category_desc": "Process", "operation": "_read_from_remote_process", "operation_desc": "Read from memory of another process", "ref_gfncalls": [ { "ref_id": "gfn_593", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_read_from_remote_process", "technique_desc": "\"c:\\windows\\41d0.tmp\" reads from \"c:\\windows\\system32\\lsass.exe\".", "technique_path": "built_in._process._read_from_remote_process.vmray_read_from_remote_process", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_anti_analysis", "category_desc": "Anti Analysis", "operation": "_delay_execution", "operation_desc": "Delay execution", "ref_gfncalls": [ { "ref_id": "gfn_1512", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_delay_execution_by_sleep", "technique_desc": "One thread sleeps more than 5 minutes.", "technique_path": "built_in._anti_analysis._delay_execution.vmray_delay_execution_by_sleep", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_device", "category_desc": "Device", "operation": "_control_device", "operation_desc": "Control device", "ref_gfncalls": [ { "ref_id": "gfn_2663", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 2, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_control_device_by_device_io_control", "technique_desc": "Control device \"\\\\.\\dcrypt\" through API DeviceIOControl.", "technique_path": "built_in._device._control_device.vmray_control_device_by_device_io_control", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_device", "category_desc": "Device", "operation": "_control_device", "operation_desc": "Control device", "ref_gfncalls": [ { "ref_id": "gfn_2688", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 2, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_control_device_by_device_io_control", "technique_desc": "Control device \"\\\\.\\GLOBALROOT\\ArcName\\multi(0)disk(0)rdisk(0)partition(1)\" through API DeviceIOControl.", "technique_path": "built_in._device._control_device.vmray_control_device_by_device_io_control", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "\\\\.\\PhysicalDrive0", "hashes": [], "norm_filename": "\\device\\harddisk0\\dr0", "operations": [ "access" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_device", "category_desc": "Device", "operation": "_access_physical_drive", "operation_desc": "Access physical drive", "ref_gfncalls": [ { "ref_id": "gfn_2690", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 2, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_access_physical_drive", "technique_desc": "Access physical drive \"\\device\\harddisk0\\dr0\".", "technique_path": "built_in._device._access_physical_drive.vmray_access_physical_drive", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_device", "category_desc": "Device", "operation": "_control_device", "operation_desc": "Control device", "ref_gfncalls": [ { "ref_id": "gfn_2691", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 2, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_control_device_by_device_io_control", "technique_desc": "Control device \"\\\\.\\PhysicalDrive0\" through API DeviceIOControl.", "technique_path": "built_in._device._control_device.vmray_control_device_by_device_io_control", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_encrypt_user_files", "operation_desc": "Encrypt content of user files", "ref_gfncalls": [], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_encrypt_user_files", "technique_desc": "Encrypt the content of multiple user files. This is an indicator for ransomware.", "technique_path": "built_in._file_system._encrypt_user_files.vmray_encrypt_user_files", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_kernel", "category_desc": "Kernel", "operation": "_kernelcode_execution", "operation_desc": "Execute code with kernel privileges", "ref_gfncalls": [], "rule_score": 3, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_kernelcode_execution", "technique_desc": "Execute code with kernel privileges.", "technique_path": "built_in._kernel._kernelcode_execution.vmray_kernelcode_execution", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_pe", "category_desc": "PE", "operation": "_drop_pe_file", "operation_desc": "Drop PE file", "ref_gfncalls": [], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_drop_pe_file", "technique_desc": "Drop file \"c:\\windows\\infpub.dat\".", "technique_path": "built_in._pe._drop_pe_file.vmray_drop_pe_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_pe", "category_desc": "PE", "operation": "_drop_pe_file", "operation_desc": "Drop PE file", "ref_gfncalls": [], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_drop_pe_file", "technique_desc": "Drop file \"c:\\windows\\cscc.dat\".", "technique_path": "built_in._pe._drop_pe_file.vmray_drop_pe_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_pe", "category_desc": "PE", "operation": "_drop_pe_file", "operation_desc": "Drop PE file", "ref_gfncalls": [], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_drop_pe_file", "technique_desc": "Drop file \"c:\\windows\\dispci.exe\".", "technique_path": "built_in._pe._drop_pe_file.vmray_drop_pe_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_pe", "category_desc": "PE", "operation": "_drop_pe_file", "operation_desc": "Drop PE file", "ref_gfncalls": [], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_drop_pe_file", "technique_desc": "Drop file \"c:\\windows\\41d0.tmp\".", "technique_path": "built_in._pe._drop_pe_file.vmray_drop_pe_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_pe", "category_desc": "PE", "operation": "_execute_dropped_pe_file", "operation_desc": "Execute dropped PE file", "ref_gfncalls": [], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_execute_dropped_pe_file", "technique_desc": "Execute dropped file \"c:\\windows\\dispci.exe\".", "technique_path": "built_in._pe._execute_dropped_pe_file.vmray_execute_dropped_pe_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_pe", "category_desc": "PE", "operation": "_execute_dropped_pe_file", "operation_desc": "Execute dropped PE file", "ref_gfncalls": [], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_execute_dropped_pe_file", "technique_desc": "Execute dropped file \"c:\\windows\\41d0.tmp\".", "technique_path": "built_in._pe._execute_dropped_pe_file.vmray_execute_dropped_pe_file", "type": "vti_rule_match", "version": 1 } ], "vti_rule_type": "Default (PE, ...)", "vti_score": 100 }, "yara": { "apply_yara": true, "apply_yara_on_created_files": true, "apply_yara_on_modified_files": true, "apply_yara_on_pcap_file": true, "apply_yara_on_process_dumps": true, "apply_yara_on_sample_files": true, "match_count": 0, "matches": [], "ruleset_count": 7, "type": "yara", "version": 1 } }