{ "analysis_details": { "creation_time": "2017-08-08 17:01 (UTC+2)", "execution_successful": true, "number_of_processes": 79, "termination_reason": "timeout", "type": "analysis_details", "version": 1, "vm_analysis_duration_time": "00:05:19" }, "artifacts": { "files": [ { "filename": "STD_INPUT_HANDLE", "hashes": [], "norm_filename": "std_input_handle", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "STD_OUTPUT_HANDLE", "hashes": [], "norm_filename": "std_output_handle", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "STD_ERROR_HANDLE", "hashes": [], "norm_filename": "std_error_handle", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Desktop\\wanacry6.malware.exe", "hashes": [ { "md5_hash": "d78bfdd6242361aa09a0e730ae9dc49a", "sha1_hash": "5e301e5ee7ce8840bf9003df1f3d5cf3679f5753", "sha256_hash": "bc885443e29b027d5f307e2f3d36e70ba650d608604aeeea7e748c6dc948a8a6", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5jghkoaofdp\\desktop\\wanacry6.malware.exe", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Contacts\\lulcit amkdfe.contact", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\contacts\\lulcit amkdfe.contact", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Desktop\\-Kar\\g_Kf.mp3", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\desktop\\-kar\\g_kf.mp3", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Desktop\\-Kar\\g_Kf.encrypted.mp3", "hashes": [ { "md5_hash": "b79e63555e23b2edc0e00c32a4fa0884", "sha1_hash": "f95d612fba79eae8bfc1d1fdee957cd12534acee", "sha256_hash": "57d1b0bdf7f65da952686fdfa495272005fc07c3c1580ee2e6d2b90b640c0639", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5jghkoaofdp\\desktop\\-kar\\g_kf.encrypted.mp3", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\PROGRA~1\\COMMON~1\\log.txt", "hashes": [ { "md5_hash": "2605c07ccc62b24d2b318ca3a5718e24", "sha1_hash": "2125d239b98eb975eb7d8f7fe6684d7051b9d704", "sha256_hash": "23c0459b4ce51d5a150c875212bdbfbfcf7f77fb7aa8946272751b5450c1dbce", "type": "file_hash", "version": 1 }, { "md5_hash": "dcd8231c5708b77a71552516c086bacd", "sha1_hash": "050df9bde375c6bed2e22de6dd304d5734296028", "sha256_hash": "7d4fae95023e8ad8e5f6b1690d25e4505abda815c798f34bc0aae13f1b5b270b", "type": "file_hash", "version": 1 }, { "md5_hash": "3c69abc1c1d32b44f0a05e221065de32", "sha1_hash": "17224d3bd08f7c6162cab8b907c9cb090d164b23", "sha256_hash": "aa725385f407bf66734067e03fb3c4b62b6a6b9965db743ff3439627a4cb8596", "type": "file_hash", "version": 1 }, { "md5_hash": "ec9cdc85265a813d40091057a9e151ac", "sha1_hash": "60c88ed3cb18c4030987f3da11a65cf5c719b6b9", "sha256_hash": "0e5826ed57a3212d0532558facebf9274cc60ce3e775eda765cb3f3915454d09", "type": "file_hash", "version": 1 }, { "md5_hash": "9e88600f4909ba28158a9657d7c50fb3", "sha1_hash": "11433d1d80cd3e4ac30338327b2468ce439905cb", "sha256_hash": "25848ce0fab2d16de19d92908e826840abc100ae530261d6dec65f577aadc8ee", "type": "file_hash", "version": 1 }, { "md5_hash": "4e936c112af90042cc1ac64c462279f2", "sha1_hash": "b7467bd7ae3c4e32afc1a2e6323bddc3b12b5597", "sha256_hash": "b40887b6c1d0df7ed24f0a43f3cd6da49427e4ce22ba313c127015ccf661cc61", "type": "file_hash", "version": 1 }, { "md5_hash": "1dc9409637f3ad57590d6c2ee4b1e322", "sha1_hash": "29ebdd8403694f539a5d7f40994835bb8fa07ad0", "sha256_hash": "a28a4260cee9dd75c9402c4942ffe27f904464f7841520b2691ce638e612f7f6", "type": "file_hash", "version": 1 }, { "md5_hash": "31e807e0cfdd0c81addb0f7f604b828b", "sha1_hash": "cf6d6b32a78e0df14154cd7e0d1d8d30794f6701", "sha256_hash": "97a4ce59ad4b4f9d115c428cb723e897275a6b75a09b03e99c9c5a47ad47caa3", "type": "file_hash", "version": 1 }, { "md5_hash": "024c0ea4b1cbe06a4b652510ca8f4b7b", "sha1_hash": "d70029ff311627ac4f36e7685529cdc921cdde85", "sha256_hash": "d918748e6ad804260d549073b473e028d2a5a7dfe089ca305b5fb36f076bdf13", "type": "file_hash", "version": 1 }, { "md5_hash": "de4394c49070917a7e3cc501e6c79447", "sha1_hash": "6c99c2609bffafafc3d33b800d2fd834eab06f00", "sha256_hash": "5f13a0cf63e3c6a183748c4a23edaf50401680fa05c6ae36c2548df5c8f7de0f", "type": "file_hash", "version": 1 }, { "md5_hash": "5daefda60930406262eb476c99982732", "sha1_hash": "b76bcf7d18d7531188b219eb53a81b856c8db18b", "sha256_hash": "6be8fff890b4eabf022b54a3fe03879a77ad8476dd25e053edaf8d10b658f0be", "type": "file_hash", "version": 1 }, { "md5_hash": "f8b39ab63e6bfe8065811387fff8a7f7", "sha1_hash": "12b6a521e19da9f76ae4c4788484b53072774dea", "sha256_hash": "f4528a6f53ee4f7c58c7e5c19f307bcadc9b42f63eb5691196185bd8cdfd6cfb", "type": "file_hash", "version": 1 }, { "md5_hash": "2ae680597d6f96bf157ed16d90b65ceb", "sha1_hash": "a86be68244b2c83a4b196ec64456845a2c725779", "sha256_hash": "323dbcdb1c3ed2c1ed5a6a96117d76952168797f2559be85b0e54c6f4ea73e82", "type": "file_hash", "version": 1 }, { "md5_hash": "49cdcdfb60f2fb1320196a8427fd7e4d", "sha1_hash": "96843f05c89fb7d219d4fa872972586ff45e84db", "sha256_hash": "3d2326f54ee7f713944aeddeab6b2788c26d4123ba199ff158ead824d648a511", "type": "file_hash", "version": 1 }, { "md5_hash": "95f23e73ea3985bea024f3869ca28c1c", "sha1_hash": "97da0099f25b9e44ad99f79305cc82c14f59b3e1", "sha256_hash": "62e71b0a44ff501aa76d85fd748a037d4d34de7bfa4beff2371b85049d81d39f", "type": "file_hash", "version": 1 }, { "md5_hash": "bbc8f183ae7fa98185ad381b19133e5d", "sha1_hash": "022ba1ce640b49d658093ca25fd78ddf16a030f2", "sha256_hash": "cce9b9846a8709ac71cb2e9114a0b7c0b20e6c753b1c17b20b7bcc467cac2171", "type": "file_hash", "version": 1 }, { "md5_hash": "124953d40d7d62f76364083eb022f5b9", "sha1_hash": "4860cc10c69ba8e7c4e6414d12a019ca3e0bfa20", "sha256_hash": "fcce2b2208e0090fb7e511d8f9e83fbcc04eaa2c060c28b73939afd39ca8c986", "type": "file_hash", "version": 1 }, { "md5_hash": "17e0f915c2b53cac18d2271dd343f3fe", "sha1_hash": "fa5be909291b3eda76790991b1deaf082e898e25", "sha256_hash": "898fce9f2ff65e9fe488318655a8465cfb9937251d6ba56a6198a1a44ffe4d0b", "type": "file_hash", "version": 1 }, { "md5_hash": "e95aecd8700cf5c7685f7aa3ccdbc5c8", "sha1_hash": "4a9a7d8dafdd993924ecaf94e738efda75ddba68", "sha256_hash": "30d6623b6d05b8f30be75714d2ed3da0712eda178ed1f08e293046734c9a90f9", "type": "file_hash", "version": 1 }, { "md5_hash": "c5ee8a849041227305b2a531102e841d", "sha1_hash": "544d5b76afb6df0c5c0d49e4ba0e03446abca91a", "sha256_hash": "e77cf3f5658958bbcd6e6384888e9c26b2b1b2189bd9c8c12adc7792abe141e7", "type": "file_hash", "version": 1 }, { "md5_hash": "8d233bd45f5a2c67dc9e17ab1512ab43", "sha1_hash": "e13e688cd06c50c33f9f127789f0f441a6749b85", "sha256_hash": "47f82639110ff5c772ba4cf0ca0c9efcc0d442c6483fd83e985f7190bc271b04", "type": "file_hash", "version": 1 }, { "md5_hash": "23fc87dc2318158ec4f6252134214af1", "sha1_hash": "3ca3b63282cbaceb0177887856b64c3af5e7b28a", "sha256_hash": "341d76246e87b0a1a42090b195c331825a2c260827a15a8dc9434e4308152f0b", "type": "file_hash", "version": 1 }, { "md5_hash": "2c0954a9b82019640f94f0ccff4d8074", "sha1_hash": "6b6a225585fe305641723e210e382e3cad772c70", "sha256_hash": "0efa3e2b045d2028b0540203d9390a812d3566f3cb12589b7f15ced2ac2fdf61", "type": "file_hash", "version": 1 }, { "md5_hash": "ef6bf9d25aa4b9adbd5a8d5add95ba9e", "sha1_hash": "a4f5581cf4777a804d069bd2ef3de36313ee4393", "sha256_hash": "cab588d39661f49485401b77e9ab34331c792ff5c26ebda0d5a60dd859f6c9bc", "type": "file_hash", "version": 1 }, { "md5_hash": "77b73620de44959ffc6d55423e6250c8", "sha1_hash": "bb79b241fb4c922efdacea9bbdc1c4ffcd9ccbd9", "sha256_hash": "b3e957ef418b439a5a117a5c06901dee468a8d524ac9245e9804f240ceff032d", "type": "file_hash", "version": 1 }, { "md5_hash": "39689aefd0dfe98110c96897f96a392f", "sha1_hash": "6f633b23f5a7ee99c27e77282b442b917c75bffd", "sha256_hash": "07795dd2af69189b6b676f53ff851736888593c69d3259777c8000e777495c19", "type": "file_hash", "version": 1 }, { "md5_hash": "dc49d728db8314f85416e38ab819f6fc", "sha1_hash": "f4174b597f5465c38f1c6028eeb3512fb963badc", "sha256_hash": "aee03b48a4d0635374626a05ae2726624c391c2e7cd70c001d640b27d52d5f96", "type": "file_hash", "version": 1 }, { "md5_hash": "8c8060f05618889dd3e44c212bfe8dfc", "sha1_hash": "8854c4f20b0309f81f6350d9ff2ebfda24fb0f50", "sha256_hash": "29a669f9bd80531ec99005a65f48cd5bfd6157a7173156a217bd419564519e47", "type": "file_hash", "version": 1 }, { "md5_hash": "81018519266ab48dab0fb03762365e58", "sha1_hash": "2a6bae0cee5982a9561513a19efb55a30b478631", "sha256_hash": "739be898a888a3d1966cb6b55c45494da1c4d90445db375d752a3c69819aab5c", "type": "file_hash", "version": 1 }, { "md5_hash": "ede7e02b395d3962e1fd1f158ec9dee9", "sha1_hash": "7bed096bb9ecaab40dd060a52542b7a85e891207", "sha256_hash": "775627e4ad422cd447068b1d85bdacb2f12529649fd6300639fc8add726d503c", "type": "file_hash", "version": 1 }, { "md5_hash": "06ffea0cab3bdb2ce80e6bea74f3436f", "sha1_hash": "ffbe790b5e8aebc3e477ab85ebc37f66687bae75", "sha256_hash": "b57064c4c9835b199466e83d8123908a1df31302585b014ec07cf89354968633", "type": "file_hash", "version": 1 }, { "md5_hash": "ba392b3bb85e6b43c75dcdcb7b2457e2", "sha1_hash": "6655e9b49051d8fa3121300597e4ede3a738f1be", "sha256_hash": "223ab7ea0774185f0ee9028365bc2207677e63e216d27dfe328424b863ae5322", "type": "file_hash", "version": 1 }, { "md5_hash": "6990e676ae0eeb2a80061300a2f39dd4", "sha1_hash": "b494d6c28109b3fd08ef5a46f5bff36976833f52", "sha256_hash": "6f534913826f3d237a6c1620ff3cfa31a4c157cbd1ddfab5b7cb8852246f61a2", "type": "file_hash", "version": 1 }, { "md5_hash": "64cf708e30cea784a1c8999d45a9a2c0", "sha1_hash": "2b872906b91a204e858ac63bd760437050dd6dda", "sha256_hash": "588da65eece7c2795fa3c0aff62e9e5cf2f23c405d8bc13c4453d8732f4b1f94", "type": "file_hash", "version": 1 }, { "md5_hash": "052df55ccdeeb3e6232055d18085816d", "sha1_hash": "fbcb2c607cac6bd9e2b2883413e98883bb5c6998", "sha256_hash": "93121b9914f4d1cf78b2483dae3f5effabac78d8de18770a2d285f98128473b6", "type": "file_hash", "version": 1 }, { "md5_hash": "ac5778ab1c530df7a656a1fa1e1f43fb", "sha1_hash": "55aacf108f992aa9b6d41f789111e523e63ccf9e", "sha256_hash": "831b9cc04aa94eab46723a8508ddfd389d1cd7c01ddc06b55450021e8c09ff33", "type": "file_hash", "version": 1 }, { "md5_hash": "e7562dbe3a0a7164a94dadd090d5d7f0", "sha1_hash": "0cb4edda0487a85fa9325736bcd81d804cf12c39", "sha256_hash": "264fd78c07cef6a2840363c825e56ddf6ebc4a0801334076686dd6e09b1478c7", "type": "file_hash", "version": 1 }, { "md5_hash": "dda813ce3faa872347b1c3bda54c9e4b", "sha1_hash": "d667f3d11e17dbf752e48d46def0b153c99b4745", "sha256_hash": "ec8548ca43c34d48be3ab8b2e18efcc37d01411cda6fda678f33f26dbe38463a", "type": "file_hash", "version": 1 }, { "md5_hash": "d2d8da7608a20fe5b799e02967dfda38", "sha1_hash": "69154581c36bffeb31320e1f748ea0571aa882c5", "sha256_hash": "3438d0124d4b02671f591962b33f496004d708cd9071ad6a52c5ee4501e6587a", "type": "file_hash", "version": 1 }, { "md5_hash": "15e42808039cc39fe3f9516a66031f5b", "sha1_hash": "8d083844d2a7ea5c3a6ea7edb48d6f242ce1695e", "sha256_hash": "1de3256477e0950daeacd14bec8800dbbb65cb580b81de3887104d5ca6f0bcf2", "type": "file_hash", "version": 1 }, { "md5_hash": "95d4c0440af2c5ba6c69e5073bd1c06c", "sha1_hash": "8dcc4b991101ef4a83285af9077b8af04d4eca97", "sha256_hash": "37ce028ddb5b7e0f1af1126abb1917fe4b4099793ac79698f33b4c7e1453f23e", "type": "file_hash", "version": 1 }, { "md5_hash": "a14867b6386d4c5ace4d1d3612758aa2", "sha1_hash": "3a11db4873afdab5c1bf9c1d86260787012b4a15", "sha256_hash": "4c799c12466454a1e84eabb182146ad7348c7592bffe35b5144f921c5a2a9faa", "type": "file_hash", "version": 1 }, { "md5_hash": "0262f91220efdb1b4e5f42e8afc0b3fa", "sha1_hash": "8127a068ce78519d95eb20a790a849d2f7b457ea", "sha256_hash": "fa5f45e7a149d4b247950addb7213e343216ea880aa04e5c3a99e38607da542b", "type": "file_hash", "version": 1 }, { "md5_hash": "a61445a348b21ddc7929f9feb00f6ca4", "sha1_hash": "e060689e413c1db289f3794aaec9ea8cc8de3338", "sha256_hash": "a23d946bdbc25640129d0454391c54f268476b272e152480493d1decadfe330c", "type": "file_hash", "version": 1 }, { "md5_hash": "3483f91ec6733873056dc2bbaae2bdba", "sha1_hash": "7ec439b4bfb42107ecc282ad08c7a47f0f4c28a0", "sha256_hash": "702901313bc29d82fd1b03e6cfeb4efb58d41261633290bbbb4bd05a49c4b9d4", "type": "file_hash", "version": 1 }, { "md5_hash": "028475f04cb4b0015ed159c5a3c52344", "sha1_hash": "79e9c34300da936202274f039e8a89551bd439db", "sha256_hash": "d52f565d184c3e6b5f68496a46401d61d8e5a44168c1a34c6665fdbe4a6944ac", "type": "file_hash", "version": 1 }, { "md5_hash": "f04c979a6ca96f275c1983e189e49a71", "sha1_hash": "2fff3c5e3de45e1fa93f0b45d7d2c689e79afcdd", "sha256_hash": "3c7ed75d5fd52590a72d8b37772d8b38ed0f4e045efac4553243e788511897a5", "type": "file_hash", "version": 1 }, { "md5_hash": "c1deda669411954e7c0796cda7c44858", "sha1_hash": "e1480bc45f92d4f491c5e43905d728288d26b3a8", "sha256_hash": "43f0cbc263712e206094ef6a330c12a109096e5bff04e2541cd13966ad0acec3", "type": "file_hash", "version": 1 }, { "md5_hash": "bbb45300aad036b1c2e4b8f87bb1cf50", "sha1_hash": "4663146013d877beb2a1ef06323e6e08ebcfb3fc", "sha256_hash": "6f17e9a2e04801aea643cba69b335ba7fa25e5ba1d3d3f9afdfcf57515dd344f", "type": "file_hash", "version": 1 }, { "md5_hash": "812c642e17fe3dafda09bc3024e88e85", "sha1_hash": "5ec7d7a043009514c243339f0b812d54a75112f2", "sha256_hash": "097188412e2f545dbfaa42d9ae3a89ac8187959bb59fa70702994303216b7a7c", "type": "file_hash", "version": 1 }, { "md5_hash": "585e5a5cf38212222c56cb579b2c677f", "sha1_hash": "97f5c81c5a4300421ee85ae5fe7a43b9306f1e03", "sha256_hash": "b1bf8f93d22152954aaadcdb985db13661e3cc5e156e9929e2d22cd35f441083", "type": "file_hash", "version": 1 }, { "md5_hash": "cc518181b54ca9c4593c8af23b337110", "sha1_hash": "65fb9775a9c9c838031e3098b2a6b1fa7e229261", "sha256_hash": "ca26427b16d46fb8b3acaa7e35b77057d4f4935cfa7c62b7ac0b899c73daee11", "type": "file_hash", "version": 1 }, { "md5_hash": "b7e61e0ce67b2afbbad514aeeb2f16f5", "sha1_hash": "d8dc24a281b9892e8a266ed5d6836674bc7c8e7b", "sha256_hash": "e54d75426b10cd14d6ba4eb8b2dca6b63c3bb8b217a63a57de561de9485dcb00", "type": "file_hash", "version": 1 }, { "md5_hash": "c5505f146ae475fc8da0d80dc1979cc9", "sha1_hash": "e39d16553a0dc82da4c8b7bdcbf10714695beea7", "sha256_hash": "80ecb21d65879b0d5176ec3c856031954f24d74c32345f73a74d4438ca78cfac", "type": "file_hash", "version": 1 }, { "md5_hash": "04c652c8f73bd225b9a2f18c0053e496", "sha1_hash": "41f6f78c05f7536e6d3626b9a5cad60802128004", "sha256_hash": "0a81e80c28ed23d7dd99cfa514d91ad0549134c662577049c2c413adc6dc4b92", "type": "file_hash", "version": 1 }, { "md5_hash": "7d4c8e3c527ea8613ff16f8c80626e0c", "sha1_hash": "8d7d1d7171e13fb5d08baf6baf4f5b097f3e9fd8", "sha256_hash": "391c8e38e18d9de18dc5883326314ae33333db3659916d087e4606b04a254446", "type": "file_hash", "version": 1 }, { "md5_hash": "0e773de37700ef66797fe352cc0cb3c5", "sha1_hash": "a240abf258e7ef22fbdc0157974e93b1eb15d9ef", "sha256_hash": "3fbe9030a164bd070bb9f1a50a18d66ca8f39d147dae1b3a8a2ef6f6197a05b7", "type": "file_hash", "version": 1 }, { "md5_hash": "94fcb798c6a5c39d87e14944f04d80bd", "sha1_hash": "df1b5c7b996e4c50837d120c326d008adac1572e", "sha256_hash": "891ac0f45d77c76f7215e5ad11c6e65e1e89210e24c9b6b4c6f361e77c5fffb6", "type": "file_hash", "version": 1 }, { "md5_hash": "4f60ff316054779deae30d8632f9864c", "sha1_hash": "37c21bfecc4b9986c196d27975311172ec5d165b", "sha256_hash": "832db58bd37a301ee9fca3c7469cc8489e3726398b8c109f883b8f0dd813660c", "type": "file_hash", "version": 1 }, { "md5_hash": "9265fe43dbfbb104f310a12618573cab", "sha1_hash": "5c1a0918fa9ffce177896ada56a9c51551c794de", "sha256_hash": "e84d6dfaed2aaa3bd9c8520abc5ba9f72fe708caa3699094c6431cafb937ba0b", "type": "file_hash", "version": 1 }, { "md5_hash": "e94a0783b90f068ef239fd198eab3bf5", "sha1_hash": "be4e8fa60da8e3c6ac6005ec21af2a737b37909c", "sha256_hash": "6461bccde6ff08d84cf5038a03897c12c2c8deaa1872b642c29d9713182173fe", "type": "file_hash", "version": 1 }, { "md5_hash": "d263bb266796ca748022755394bfa214", "sha1_hash": "f156383d6296daf35d01a734db8f29f84a70d94b", "sha256_hash": "9f777850ba1457382d4da233443ffee7a30aaf4bd993837c715a383edf92c5e9", "type": "file_hash", "version": 1 }, { "md5_hash": "215f21c7c5acf9f76c985e86c0e7dcbc", "sha1_hash": "80a40f36952e35124dfa1d4508bc6ccb6f8bb8cb", "sha256_hash": "677c49fa7fbe267313d163c84c94dcc19a4a3d418762ed5434de4222dfc4422b", "type": "file_hash", "version": 1 }, { "md5_hash": "5c7257d85e76a786241ccaf4d6310638", "sha1_hash": "b5468be4d7286d297fdc85d511fc83aab1d704b3", "sha256_hash": "eea3eeb4250f20218704b73020ee16703e0718285e7b680da6aec24f011aac37", "type": "file_hash", "version": 1 }, { "md5_hash": "d9a672f6d8fe6553a256f5603bdd5bd1", "sha1_hash": "770754397c4ea146feec332286eac09a6fe4c9f0", "sha256_hash": "9046d45c51779957c70af827eca61a13f9b7414c62d22cac0dc79f92070e48cf", "type": "file_hash", "version": 1 }, { "md5_hash": "e93019f7be37412418d7e40fbfd308c7", "sha1_hash": "20d81f76ef640a55942de696583ebfbba49c5c31", "sha256_hash": "6f36808e492b059cf1f26786bd338d27911be2467c7852c10475d0c2ea94bc74", "type": "file_hash", "version": 1 }, { "md5_hash": "fc3fe5af8ac92ffe760fa33bffe9aae7", "sha1_hash": "1e91a00aba0debe60a8231738185dba6e573c578", "sha256_hash": "a408a884e036408b73528052e049ae08bc43f5bc907aadaa6910e9175e014df9", "type": "file_hash", "version": 1 }, { "md5_hash": "0f10ad8499833cfeacb11efcd21c98a3", "sha1_hash": "0b00cce55439f2c3ab70cb8aebd6ad6aa13adad0", "sha256_hash": "06d65e283e7e8572b50c21e05264e76dfb41a11c5f5ca97904aa5dc8d5cbbcd1", "type": "file_hash", "version": 1 }, { "md5_hash": "7c1eaea8a453bac459114155c7a5b8e4", "sha1_hash": "35f264e38a0e80de6c10e5741771e7eeb408389c", "sha256_hash": "98ca45db883db0745b111ae423ad2b9beedaf87341244308cb71775b17c0db78", "type": "file_hash", "version": 1 }, { "md5_hash": "dec70630f7a97fb171d6f42ddd6f247c", "sha1_hash": "8efde3d289d2100240b5424e2fc6ceb439af0f08", "sha256_hash": "3c20e61684cb287dd62de88694eecb0d5dd67c0bc9915643893adec507fb2e54", "type": "file_hash", "version": 1 }, { "md5_hash": "61eae17fc109442a1406448079bc049e", "sha1_hash": "a1351c4cc011331920307eac2f9c41147f87ce3d", "sha256_hash": "57d0b25351529d92b1ed7547c24fe7878809406475a9e38aee109a56501b48ab", "type": "file_hash", "version": 1 }, { "md5_hash": "c5a36b47b9081e94530285a1de8e6c1a", "sha1_hash": "553b1b6f1efcf0e5d5f21f98aa812d275ad59346", "sha256_hash": "021498e596de897546a3f287262eb15e2a9c77880fddbf4729f4f31ed85e11b0", "type": "file_hash", "version": 1 }, { "md5_hash": "accda2952af8bc8b3a8c5e89169107a8", "sha1_hash": "f4ec3fcf00df5854a68f891d6a49bd40ad1ab966", "sha256_hash": "585b346c2b84e1479764640cd68ef1827e7e11851682b21a48ce7f52dc5ed384", "type": "file_hash", "version": 1 }, { "md5_hash": "3dc4ac216ba25f02ceda1bc88ffda217", "sha1_hash": "c557735e0c8e1f684e57c7880b4f09942ce1d66d", "sha256_hash": "5f32fa5b04c3923ae261550e2c30da8b16db3e54104e48c11cb9013e48ac7b6a", "type": "file_hash", "version": 1 }, { "md5_hash": "c0bb5d61b9eec918801e422f8ffb8513", "sha1_hash": "14fed7dc68ddd6066a57473ab5511ca52d537bdc", "sha256_hash": "a03423ff05f929a761e09dcd31f59e948cdafa73cb89d24c28434c91ab16fd64", "type": "file_hash", "version": 1 }, { "md5_hash": "14d260a6115598e241faac81034e1087", "sha1_hash": "82cd81466fd4893066017663b57002e49909108e", "sha256_hash": "6b304f32947b230860ef5179a780945b6ccc4aac270dc4e72712a8c7908a047a", "type": "file_hash", "version": 1 }, { "md5_hash": "065f621f348133743ad1249d337c972b", "sha1_hash": "86e2d3df6d2c90cdda9e0998176ffeb0cf012615", "sha256_hash": "30a4cf6ca0c447f5740d4afe14a1c46003ced874d823675b5f1387a0db7650c7", "type": "file_hash", "version": 1 }, { "md5_hash": "04a685fedd3ac655480393cb505f324f", "sha1_hash": "7269f8b17ad4145196309456304e8b982b80cadb", "sha256_hash": "8d10a9450a68b45697ec1903b8d8758743e1cea75219cb67fa89adf22a0b511a", "type": "file_hash", "version": 1 }, { "md5_hash": "8124b358fb97558d912d56e3f781a3d5", "sha1_hash": "ed8564253b825e85240c4b163320960a4d089d0f", "sha256_hash": "710f8023176ba02e6cf50de936e1c8421df8389af85918f487145d2a6888bed7", "type": "file_hash", "version": 1 }, { "md5_hash": "0dde0bebbefba6f054ed2aaf86acd5da", "sha1_hash": "ff6e9226092a22f09d24639f943037c091af861a", "sha256_hash": "26b02649e4c83ebe74097cc5ebc536a891c0c4eab7ab47ecec8c730f74f156be", "type": "file_hash", "version": 1 }, { "md5_hash": "7c6f98304663c237935a6d8c918c6834", "sha1_hash": "e33ea4844b41eca9d91ca99f09c96da63169412d", "sha256_hash": "a1d8347c65f80208e6e33fc143ed68687e4e92de13e7e925597519dedb474bd9", "type": "file_hash", "version": 1 }, { "md5_hash": "bf6f677076f31be57c2bcbb25de51a4a", "sha1_hash": "48984ea3f30f4fefffff3a40336055d5b1675249", "sha256_hash": "690b5abc55f49e99dc479cce0489d79190ef5827ac912103a8d6d997dece1f44", "type": "file_hash", "version": 1 }, { "md5_hash": "0f116efaa3322016bc41a511202e6738", "sha1_hash": "f5f8591d7aedbbf9dd854f71db05e7aafd472537", "sha256_hash": "a3bea9b51d75c83d7cb8b08f065e267d2e36ef8fd139bf54cf541fb683c36275", "type": "file_hash", "version": 1 }, { "md5_hash": "69ab972dfa43be74c887a4d31ae42aa2", "sha1_hash": "4eb54aed3dcb5cc9fbe0347e5e086c02659b3702", "sha256_hash": "1deb08c806b9b46d8bb35c31455c3e83a2abcab30aede8ac039128de6b2a0676", "type": "file_hash", "version": 1 }, { "md5_hash": "00cf613cbc4cfa51070a3a07f3472c7f", "sha1_hash": "8b4993d3e518ca3d35a65cd18226320a10bfc1b4", "sha256_hash": "d43548d63fb98d2f961a48e484165e4ce5f5589e5fe7af30cb37c61841a83051", "type": "file_hash", "version": 1 }, { "md5_hash": "a765a9aad60f2e425b85797ec300bd0e", "sha1_hash": "9d9ced668736a9dd5433be40bdd2c32b1d49ddd8", "sha256_hash": "48e761919d6aadbb4f117ba3332b7d9d225f917d96b56e5da150b8abac89773f", "type": "file_hash", "version": 1 }, { "md5_hash": "aed6a6d2060741552f73b2a2c4a37c73", "sha1_hash": "13b1b0d2b1a092cf8bec3f9b697b696cbe00b1da", "sha256_hash": "70e8ff58284d32ca674ad31c9d0a30cafcb123751b134355ebbd9cb9bf243ad0", "type": "file_hash", "version": 1 }, { "md5_hash": "5babe46533fc7df489ed04ffb5e9b2e6", "sha1_hash": "be03a86db5dbb9902c2d2da5abc0c4b2e5724daf", "sha256_hash": "45dd1eed4a29a10fa020512a97b2ceb3f849e0294485f835b152ddb05dfa0f21", "type": "file_hash", "version": 1 }, { "md5_hash": "6aec49444211fc7ae8f72befd5ab6ff5", "sha1_hash": "395ec3dbb38c30ed22f05f6bfb80a3e1940d8b54", "sha256_hash": "48131131aec0cf51e3f457aa39432239c460f4159f150d209ce9995437ca472f", "type": "file_hash", "version": 1 }, { "md5_hash": "3d04b6b44539feb4e460d221a122fcc4", "sha1_hash": "febc01b0a6a9839136a189dd5c14c8f1624290cc", "sha256_hash": "caa1070e985eafb07053f9ad92eebc7c59cd95a86fb7c61204d1ca6db66ca600", "type": "file_hash", "version": 1 }, { "md5_hash": "e883732eececa6c9c29ac2de92e49d87", "sha1_hash": "3badb883af7c8ca8f4fc5734df5ee623f7f56817", "sha256_hash": "8fa612ce686862b73796e16609062d2ff4d923f056c02428126846ede98eee20", "type": "file_hash", "version": 1 }, { "md5_hash": "6e266192cf4572df669f2d82224c0226", "sha1_hash": "c4314ced5b4dab7ff7be892ae99b06fd676d484b", "sha256_hash": "0d5383b0d9c47113f366239d4c588ffa39f71efc7d1b74aecb99c25552366b93", "type": "file_hash", "version": 1 }, { "md5_hash": "e162c339ad1c7df6c47a05207b857310", "sha1_hash": "b556e7b8a52f070ad168b9dbe8ba164ee6c728b6", "sha256_hash": "38797c57543b4ede62c2280a2c7414b783c2fdb4d2449647a657b1aaa00f53aa", "type": "file_hash", "version": 1 }, { "md5_hash": "c32de3d6eb9c9c30bbbedd123727cf66", "sha1_hash": "e6b50f8d68f37871fa27b3f53b2dab2252a35c5c", "sha256_hash": "3f7b5fafc3753bcf4f95814c70a3a268b1e6db05696c53bc90e6f606b6a85597", "type": "file_hash", "version": 1 }, { "md5_hash": "2dff1676264576eaaec72f40b1a2bd8e", "sha1_hash": "e98af0158e1b286537a9e2a8aa3250c3fa43bfae", "sha256_hash": "7cb84bdd48ea594e31ce93c142ffc44b87be438ecbaf8e1d8a6ea3c74e81289e", "type": "file_hash", "version": 1 }, { "md5_hash": "e5499496950290732082924cc3e89e0b", "sha1_hash": "14d2668ba81eb02e649a44142dbb2e57d77e8049", "sha256_hash": "48157f9c3adf09ba84fe2d608ad7cf57f53d90e885d499c0db77ef0b5e27434e", "type": "file_hash", "version": 1 }, { "md5_hash": "b714bd5118f1657db2f5c5f746f9e94a", "sha1_hash": "2a7b4d02fc526752a084b7c59839661048c8d188", "sha256_hash": "97ba3238b20c310c32cff472ea174273a25cc69c0b8e79e52f678e09afc7ba8a", "type": "file_hash", "version": 1 }, { "md5_hash": "528d58e64f661cc7583f0ba76f139405", "sha1_hash": "6c9c3c2a896a55388f42b5dc8d169ae7c005cfca", "sha256_hash": "74ec6eefd60fee0b2769eda54735cdad265f45f29f110cb932363f02aaa53825", "type": "file_hash", "version": 1 }, { "md5_hash": "f439b21434f582414e2cb47e10a59bd0", "sha1_hash": "4594b95571c82e8bcbf9a59489041c30262cffb4", "sha256_hash": "b8c293be36a6cfe96e60b4f530a5f47a94639bba1f9667a1847abf02896a56e3", "type": "file_hash", "version": 1 }, { "md5_hash": "ac7ecacc3fd29525463dfc45f3591e48", "sha1_hash": "a37bd7e561d38695390af422adc77cb737a8f4c6", "sha256_hash": "778b1a52eeb517f43329e92b8cdd71f8aeccbad2a8afbf73d83ba3a3976a3615", "type": "file_hash", "version": 1 }, { "md5_hash": "ee65ad49aab0df6658d04f20dcdd6bbd", "sha1_hash": "350b8715f05d1f20ac90c8a6c24600e8248348fe", "sha256_hash": "02242c932ac0bf3b01afd14bd2c123141afe766a4225fda6be69e49c8737c027", "type": "file_hash", "version": 1 }, { "md5_hash": "821abe92ed994861173c7d68c20270cf", "sha1_hash": "93adea30d9c7d12adf5495a7484b6cbb07af9a22", "sha256_hash": "66b592120a010a711cbc0a5877d54118d276baab9a04d92b5d49e8ba2bd61384", "type": "file_hash", "version": 1 }, { "md5_hash": "529215af9722162ea5ce3973fe73d23d", "sha1_hash": "0369b110754089ffd03b05b16f55486197133492", "sha256_hash": "0d88137711f9fb9a7c0a8b21fc5c8eeeac49ff9ba2f48057aca928153ce70615", "type": "file_hash", "version": 1 }, { "md5_hash": "5b50ddf0f6523f46db23cc63de32dcec", "sha1_hash": "30dd40d6b0d5074e4d0accf9e7ea6546b3405246", "sha256_hash": "3d16b02869fbedbad98378b642f97a85f21f5d532e923af61c30cb2de478d324", "type": "file_hash", "version": 1 }, { "md5_hash": "17b4e87a704607f2d3764533b3972c02", "sha1_hash": "9dc9098e1f5cef88cab0f2e349bf3b575b9d546d", "sha256_hash": "fd354a89468a76659ba3ee06b6200af27adfaa5401f115fa3c427d97c74ab537", "type": "file_hash", "version": 1 }, { "md5_hash": "35085a450f532dfaeb3592eaffb6cda4", "sha1_hash": "6386a589de4dca0ab1d5f5e7dce1c6f4e8959beb", "sha256_hash": "f0c93e00cad050a0d6069c569234d40ff03ec36e06fdbd469e81f400049bf843", "type": "file_hash", "version": 1 }, { "md5_hash": "66c5449b52b544dca1a81456b5599a55", "sha1_hash": "372d4d1da857cce6d821904633227afae8f8c5e4", "sha256_hash": "3355ad8cc7da1435034397c27745197d9aebd15bbac266d577db6e1a75136b6a", "type": "file_hash", "version": 1 }, { "md5_hash": "b3e49183c20a7f007241d416b4370532", "sha1_hash": "f4fcebc77d43c34f3fc34878ed034242828c2cf3", "sha256_hash": "5e3959d976451a81f71411584f148a3b9715cb045e04f27a9d539bd15da5bf6d", "type": "file_hash", "version": 1 }, { "md5_hash": "05fb072022576bb2cf4b5d23c9c042a9", "sha1_hash": "97a4500d80657f0e8f3b18fe457f55d21ebb7bf0", "sha256_hash": "262e9a7cc9dd0a5f054551df21fa023ca6025fcd1aeae44b91acbe67611c3ba7", "type": "file_hash", "version": 1 }, { "md5_hash": "a1a6203f94a7d08f88ef4f9c64b64751", "sha1_hash": "fb5b03564b9b49750b5efd8f4bda8866cd23b4b9", "sha256_hash": "fa8b006d3a28e44052d60db1ed4b78a27b44205b2fe4e690bd50c75db6d79d28", "type": "file_hash", "version": 1 }, { "md5_hash": "23389d14ab710399982a7a816f5d7003", "sha1_hash": "8d017865ba586ea326c0d582123af51c9ef04fb9", "sha256_hash": "665e8cc70ac1cb5102e4cbfb0f6288b3fe803a9bef9261f41aa721b3e30e9c74", "type": "file_hash", "version": 1 }, { "md5_hash": "ae98c05b979dc0635700d8a5fd977572", "sha1_hash": "ebba90636f7aaab78c133d2af78530097e962ee3", "sha256_hash": "e0f1cbac9123edd167b675f14095dbae31761998721d78e1e467455c8db90562", "type": "file_hash", "version": 1 }, { "md5_hash": "0fab42a4069156e095d89868a12c69fe", "sha1_hash": "3fced465e2b1c1cad49cafe893d8b7c3233b5f53", "sha256_hash": "f1ab2a2b5a49c0597d8644a155344fae9c6a3b5a96220d3cfd0aa072b134c224", "type": "file_hash", "version": 1 }, { "md5_hash": "e036ca270459d7094798efd0c2e09f86", "sha1_hash": "c4600150007bedaf52f68681b86916e87d8ccdaf", "sha256_hash": "0accb682708c62d9b2f78d23a15b977856ff2422595684348cbedff41c80ac39", "type": "file_hash", "version": 1 }, { "md5_hash": "5ffd64e3c51bc8fa7978d04e98008963", "sha1_hash": "717abca3e6e0d81d65550f606311a89a3b22f338", "sha256_hash": "098053b24aa7f2bd2007632a689b1a63eacd3091733a829fa842be45d3c72a65", "type": "file_hash", "version": 1 }, { "md5_hash": "6e305b868b3f2ad3e592b225db55655e", "sha1_hash": "941dd518a563b00494ad8b7b0b7fa5839eb2f437", "sha256_hash": "b9d2903da59d11531831543f7f02bfa220e56a18736244a03602d37bd41195c0", "type": "file_hash", "version": 1 }, { "md5_hash": "fbabe33557484f00b6899782092a5337", "sha1_hash": "772ce3d83b8946c480d643ead1b857da52cfa14e", "sha256_hash": "39c98aefb97148ead47fdd2f275422b9db80efd0fedbad5ea8ae9e17dc52d6d9", "type": "file_hash", "version": 1 }, { "md5_hash": "1d0f4c3cf7b5596e854459cd58928142", "sha1_hash": "117e119e643af6b5f46b560f393b097b33c83779", "sha256_hash": "013ce062e5a77af00da5490669f424e7d5d6d64a0576f73e1379781a5417862a", "type": "file_hash", "version": 1 }, { "md5_hash": "2663518d1848a516cf6dcb97a66cd87d", "sha1_hash": "70a87311b97f5ab6fd3c6f2399044c0643377294", "sha256_hash": "594454295a639854fd096d203469dd03a51e7edad07ade8e772e3a93ebdd1c97", "type": "file_hash", "version": 1 }, { "md5_hash": "cd31ec0082f8091222ef2c030a1dd669", "sha1_hash": "05bf5c15f1ab075c0f80a489bbd3bb66f1016efe", "sha256_hash": "4568e21200c8049960de9d8037a882ab45fabd61881fc778fd82bd4b684b88f5", "type": "file_hash", "version": 1 }, { "md5_hash": "06972603e1aa72a1f67f38765134193c", "sha1_hash": "ae4a35610f1a018559138ed85f32acf647adc992", "sha256_hash": "14afaf4417f69786f3ba0a0b7435282880ef828d93123e8bef9fbb2fdd8b3e38", "type": "file_hash", "version": 1 }, { "md5_hash": "062db4741927111f06eb282e0594bee8", "sha1_hash": "f4606367d92afe73c00faee19aa6cd6db5e45634", "sha256_hash": "25e97d570f19f996bde584ff2240596e9c13f93b30fe96fb400d4e8692287e6d", "type": "file_hash", "version": 1 }, { "md5_hash": "313318bc7f428f5c50490d2718271b01", "sha1_hash": "abb5e4d47142a8413a5f597882d5ff288072f8ff", "sha256_hash": "f55af1f4c1ccda6c0a1172c82caa24083a5dc20fa928245e05435b292f9d811b", "type": "file_hash", "version": 1 }, { "md5_hash": "13db1f7ab084a1cbedeef20780e5eb26", "sha1_hash": "4252d4d682fc6f137b0728927ce2a43c9005e34d", "sha256_hash": "1c4516e1467f30557a892fd4e881787fc5e660ff37acbb6b59478527782295da", "type": "file_hash", "version": 1 }, { "md5_hash": "9a058089af8fbb955a16523f2c73b3a7", "sha1_hash": "c3b358d9c041e839a7cdfbeb0911a250d599550f", "sha256_hash": "8c2cdaa60e59ea68e3e9f3f8df61b540b0f3f46dc2d4756adc2e6fb0c80cea50", "type": "file_hash", "version": 1 }, { "md5_hash": "a85b2f6027ba2286ef20cfa5f18e5b3b", "sha1_hash": "bc307cdf7fb0d755332086ba8b2c28cf15d675ad", "sha256_hash": "a1ca68e8b77fa3e378309e50b7d0581fbe5f0a79fe8dae37a03ebdab75f21642", "type": "file_hash", "version": 1 }, { "md5_hash": "66e2fcd7ae20fd8170a02d2ea947759e", "sha1_hash": "c3828ae94e7c18dcbfbc7dbbf0aff7fac6005b70", "sha256_hash": "5931325c0b0055a441e8f19dc9f70ba562491eedfea7e01944ca9fc0d92e60fe", "type": "file_hash", "version": 1 }, { "md5_hash": "62f20d3a790f34ae967b4efc86da75b4", "sha1_hash": "b7b77fb68686b7ece7d6ebe548cbfd927f111871", "sha256_hash": "5a5d01bbaa6d5bc6bf11585832a33f033dc19010e2d2dd3978845d4d21287cbe", "type": "file_hash", "version": 1 }, { "md5_hash": "bbdb6bf5a04c6499133201eb51d01d15", "sha1_hash": "28eea8e94852397036f8feb02268bc1c5bf8313a", "sha256_hash": "77d86caaadf8e955810eb1c41de575e2cc854326a4ad2777caff3c720c31cb45", "type": "file_hash", "version": 1 }, { "md5_hash": "7bd8cbfecabe16f788351292a8b498d3", "sha1_hash": "9aa6c6ee11bbf77e858a6521e5d94c0c2105b4de", "sha256_hash": "51dc8ebff41e86ff82b8380a46e2615a64e7bd3e1f4b6593908c094cf80ac078", "type": "file_hash", "version": 1 }, { "md5_hash": "86561143d24c769f5da6bac487de96f5", "sha1_hash": "869cbd81a15a7718db63393fbc2ce7707752789a", "sha256_hash": "5b085773c45ecf0476a4e2ba346ae988f4bb9b0ac901887bf1f0a926c5b37500", "type": "file_hash", "version": 1 }, { "md5_hash": "125e7e370faea2d82256567d87ad83ca", "sha1_hash": "b2e8d54ba0ed9a229b07317def820a1fad102fbd", "sha256_hash": "160741fa3ba7fd47609d525f152d6e18e8822713b2d994ea7811e4201f8d32f5", "type": "file_hash", "version": 1 }, { "md5_hash": "d6376b849a5dd31402bc61da53ff70d4", "sha1_hash": "8e6db923aa75166f8bab98c8c4d0417ddb046d44", "sha256_hash": "ca24146bdc15868ac8c845d75ba74c8c39d2310f45f56ba249443c26ec375830", "type": "file_hash", "version": 1 }, { "md5_hash": "383abb78bcce7916d51ba5bc9746b635", "sha1_hash": "d990903793b76870fff1c5456a34b611c490643c", "sha256_hash": "c999c4564b9af73b4ca71f49b251e910d1e3a78faf265ac06ca670586dc0cd6e", "type": "file_hash", "version": 1 }, { "md5_hash": "605b83c7f9544dca8a16427f4d68a4f3", "sha1_hash": "f207d9d8ee21f4c17d4f65b012a3ecd5d2627a5d", "sha256_hash": "2c1eb6c74f8dcd2e8cdd117bd32906a1a0ddb6c8043dc70516ec44e1b33ce794", "type": "file_hash", "version": 1 }, { "md5_hash": "08fe23442e7b9dbddbd04d28a03ad514", "sha1_hash": "cc41053534d44c0824ea20cf98409b94af9d1c45", "sha256_hash": "8a56a3d04eb76ebaa8df213bed2038e658b43f99016c0f7cf71d8d2068e36393", "type": "file_hash", "version": 1 }, { "md5_hash": "247baaa79fd5a0e687bccecd197c5045", "sha1_hash": "2e6ade7efd7f39d8104a96d928f4cbcd7bf08439", "sha256_hash": "703a4a2ea26cb42fcf3a816838e6d94974de3ffd60ad5810e98542b8518d0b21", "type": "file_hash", "version": 1 }, { "md5_hash": "35cc2d53ec9d5ed8d5fab7c26d956a2a", "sha1_hash": "01b101ab4ec74c74d9d567837ad0d4ed77ef19d5", "sha256_hash": "1510c32944889fe7e049d9d3b9bc28d39e5ba5b26e67de67d67088e4ff6417d6", "type": "file_hash", "version": 1 }, { "md5_hash": "eef304cda1e97b7519e8013f41389e28", "sha1_hash": "2b31237696990a1ccd72865997616badadd0cf76", "sha256_hash": "e7d70e8746e80567900bce548f24364be6117e1101d33a069416e3624f0f4315", "type": "file_hash", "version": 1 }, { "md5_hash": "743ec6e8ca03e0f65fa6c9b36a2a3fa9", "sha1_hash": "1c8a9674e39e5218ea538d5f42d4f7b4f553f937", "sha256_hash": "ef0af7c4736a029cbe1b6413e5d813b4e8ea0bedc6141b7f4bdd08e37af3607b", "type": "file_hash", "version": 1 }, { "md5_hash": "4b99fab8428b8837effca97514e64fd5", "sha1_hash": "fcf4a931b1af4e25df1117bccc32e1043ca61729", "sha256_hash": "1530fa9ad498da053ccdfa86355d43dcbf6d0cb221d922215c8c7504baccaf35", "type": "file_hash", "version": 1 }, { "md5_hash": "3d98ad64cbe4da1444b459c4ec605cb7", "sha1_hash": "15f1210a505ac74f0eaa5a827c6708bb72d365f2", "sha256_hash": "06a33380dc9b7433b0cfb1492ab6c40cf3ef2759d09ec2ec84e46850add4b5c7", "type": "file_hash", "version": 1 }, { "md5_hash": "11149743e690c20d38515883a803b728", "sha1_hash": "5e46c3c40862cbbabdd935c4590a3f3a4b0ee0bf", "sha256_hash": "582ed28cb5e530572940a43f29940db8b98f35d3c5db9f932e757638ee9fe45a", "type": "file_hash", "version": 1 }, { "md5_hash": "e1af75e25dc5a0546b08272e826396c9", "sha1_hash": "63a02effd93a059ed740f72f7e917b38fc7d5f74", "sha256_hash": "550624776f27a6ad3e4f0126f12f8ff3b0072aa978349dd2a6b2db2015b3cf7c", "type": "file_hash", "version": 1 }, { "md5_hash": "0aba604b2c92a7a6e639cc36453f3bae", "sha1_hash": "09ba74f0646405ac29679e0bfb3dcf1089d3eeea", "sha256_hash": "eb25f636f7c32d17ce3945ec7bf79bb50b7ff71567a429bb05791fdca0674b59", "type": "file_hash", "version": 1 }, { "md5_hash": "355471f0b3d53b177c40c3c4dc043b97", "sha1_hash": "28c25132fa508e8073aa34f3638ff2d4c57b53c7", "sha256_hash": "a29cc1e547ccb87e7df6d55d8b4dc1804951766dedc9da617a661583c1b0c3ef", "type": "file_hash", "version": 1 }, { "md5_hash": "964a64698fb9058d4c4cc7e15bf4eebd", "sha1_hash": "35e70175ad3cc625df4b09d1bd1ebbbb8c9e43f3", "sha256_hash": "2c5a5de0543ce418e9261f8e1d40669bf9c711ec901973d91ad58a02199a600a", "type": "file_hash", "version": 1 }, { "md5_hash": "cb9f6ab7b30eaf63713b9f144fba5f92", "sha1_hash": "b9f6464b3261d41b8fad5a39f422899b7b5bc841", "sha256_hash": "42854f6d2f498057c5900d219a5c5747edf0480224f3e5d3253908abcce85872", "type": "file_hash", "version": 1 }, { "md5_hash": "1774ac1c3f40ff5b7c80df6acfc4dada", "sha1_hash": "3774e9e0eb5b659bd51813945c61d612d2d951c7", "sha256_hash": "4bc3c90794d551de434a5a9478837679b446a95caeecd133a47e42e2e9411f6e", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\progra~1\\common~1\\log.txt", "operations": [ "access", "write", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Desktop\\-Kar\\jbm6X5WVPb3d4o.m4a", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\desktop\\-kar\\jbm6x5wvpb3d4o.m4a", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Desktop\\-Kar\\jbm6X5WVPb3d4o.encrypted.m4a", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\desktop\\-kar\\jbm6x5wvpb3d4o.encrypted.m4a", "operations": [ "access", "write", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Desktop\\-Kar\\MBc0Rw8Uo_Of3f5.wav", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\desktop\\-kar\\mbc0rw8uo_of3f5.wav", "operations": [ "access", "write", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Desktop\\-Kar\\MBc0Rw8Uo_Of3f5.encrypted.wav", "hashes": [ { "md5_hash": "2e958962673a31fd916c7cca5ba74d68", "sha1_hash": "0c0cd7f94849a45609df2950f31065fbf73645fa", "sha256_hash": "709c7d125d92a8dcfcffb0def0aa88ba170418d6c00cce93575c7d388bbb4a46", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5jghkoaofdp\\desktop\\-kar\\mbc0rw8uo_of3f5.encrypted.wav", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Desktop\\-Kar\\oTNowkVPArPdClpl.flv", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\desktop\\-kar\\otnowkvparpdclpl.flv", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Desktop\\-Kar\\oTNowkVPArPdClpl.encrypted.flv", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\desktop\\-kar\\otnowkvparpdclpl.encrypted.flv", "operations": [ "access", "write", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Desktop\\-Kar\\P62rA6FYB gP.mp4", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\desktop\\-kar\\p62ra6fyb gp.mp4", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Desktop\\-Kar\\P62rA6FYB gP.encrypted.mp4", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\desktop\\-kar\\p62ra6fyb gp.encrypted.mp4", "operations": [ "access", "write", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Desktop\\0-0nSQtjx3OQOk.docx", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\desktop\\0-0nsqtjx3oqok.docx", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Desktop\\0-0nSQtjx3OQOk.encrypted.docx", "hashes": [ { "md5_hash": "c73c9e08a23aab918b0022c37f3bbd03", "sha1_hash": "d98475693e54efa2a80879e01c9f572495d0a2b8", "sha256_hash": "fca4a8eae9c17d525c6d3a006f7e1d332ad2975a307c5487b2d42b55a259eaef", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5jghkoaofdp\\desktop\\0-0nsqtjx3oqok.encrypted.docx", "operations": [ "access", "write", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Desktop\\2U 4q.mkv", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\desktop\\2u 4q.mkv", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Desktop\\2U 4q.encrypted.mkv", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\desktop\\2u 4q.encrypted.mkv", "operations": [ "access", "write", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Desktop\\4GhbRlq-JKTwUq.bmp", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\desktop\\4ghbrlq-jktwuq.bmp", "operations": [ "access", "write", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Desktop\\4GhbRlq-JKTwUq.encrypted.bmp", "hashes": [ { "md5_hash": "980fdc20d3574dcec166792ad5df9c37", "sha1_hash": "382f94c8be36973f1b3b1ea0fa6dd9afb52e4fc2", "sha256_hash": "e49c2af279005228f4e6296948c9f19b1cca25b0bc09f6807170c87663d8eb9d", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5jghkoaofdp\\desktop\\4ghbrlq-jktwuq.encrypted.bmp", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Desktop\\b1DrBF6BJiH2t5R.bmp", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\desktop\\b1drbf6bjih2t5r.bmp", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Desktop\\b1DrBF6BJiH2t5R.encrypted.bmp", "hashes": [ { "md5_hash": "83fb70c75a3824acc0433299350e560d", "sha1_hash": "355a97c3fdb3ea08794d93b0971f2cada20ec94c", "sha256_hash": "be1b6eb108483866a017b48a922e2e39cae4330d1ca002b2d188f466cb1f1508", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5jghkoaofdp\\desktop\\b1drbf6bjih2t5r.encrypted.bmp", "operations": [ "access", "write", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Desktop\\cChNLI nseUI.mp3", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\desktop\\cchnli nseui.mp3", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Desktop\\cChNLI nseUI.encrypted.mp3", "hashes": [ { "md5_hash": "640b1339f17aede2881af1ab059658d9", "sha1_hash": "2de17d959a3827be3338bebeb537e38ad7ebe028", "sha256_hash": "49ddba6f04e525494e892afae7beac4d467c046bd90b9214e1150234d00e1d9c", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5jghkoaofdp\\desktop\\cchnli nseui.encrypted.mp3", "operations": [ "access", "write", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Desktop\\desktop.ini", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\desktop\\desktop.ini", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Desktop\\DjG5LKzHA.bmp", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\desktop\\djg5lkzha.bmp", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Desktop\\DjG5LKzHA.encrypted.bmp", "hashes": [ { "md5_hash": "e6731e0cbaae9ee9555d8a0720bea8a8", "sha1_hash": "4cb7fea782fe5a1e90e10857cb4a6ea62d0c3c51", "sha256_hash": "2e71b395f3142cc8ac2277a8343b5103c00b2219eba017c147797353bf97b1c8", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5jghkoaofdp\\desktop\\djg5lkzha.encrypted.bmp", "operations": [ "access", "write", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Desktop\\fMgVztMzKdkWm\\2qHnNLlstx60xk.swf", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\desktop\\fmgvztmzkdkwm\\2qhnnllstx60xk.swf", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Desktop\\fMgVztMzKdkWm\\2qHnNLlstx60xk.encrypted.swf", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\desktop\\fmgvztmzkdkwm\\2qhnnllstx60xk.encrypted.swf", "operations": [ "access", "write", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Desktop\\fMgVztMzKdkWm\\a7BOT.m4a", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\desktop\\fmgvztmzkdkwm\\a7bot.m4a", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Desktop\\fMgVztMzKdkWm\\a7BOT.encrypted.m4a", "hashes": [ { "md5_hash": "2101bf89a5552dcb03eb124768d0e442", "sha1_hash": "7cd777faf79bcb117df6f22d7222f5d3e9865d65", "sha256_hash": "4c42cfd7677e7031389302fc0ea5de3eb28c35ec6fb056ede2a516200113f851", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5jghkoaofdp\\desktop\\fmgvztmzkdkwm\\a7bot.encrypted.m4a", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Desktop\\fMgVztMzKdkWm\\BxiNkfDKL7n6uh.encrypted.mkv", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\desktop\\fmgvztmzkdkwm\\bxinkfdkl7n6uh.encrypted.mkv", "operations": [ "access", "write", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Desktop\\fMgVztMzKdkWm\\Mkl8.flv", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\desktop\\fmgvztmzkdkwm\\mkl8.flv", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Desktop\\fMgVztMzKdkWm\\Mkl8.encrypted.flv", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\desktop\\fmgvztmzkdkwm\\mkl8.encrypted.flv", "operations": [ "access", "write", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Desktop\\fMgVztMzKdkWm\\O7 BldHX4t31hLq.wav", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\desktop\\fmgvztmzkdkwm\\o7 bldhx4t31hlq.wav", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Desktop\\fMgVztMzKdkWm\\O7 BldHX4t31hLq.encrypted.wav", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\desktop\\fmgvztmzkdkwm\\o7 bldhx4t31hlq.encrypted.wav", "operations": [ "access", "write", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Desktop\\fMgVztMzKdkWm\\uMOrr9mp.csv", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\desktop\\fmgvztmzkdkwm\\umorr9mp.csv", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Desktop\\fMgVztMzKdkWm\\uMOrr9mp.encrypted.csv", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\desktop\\fmgvztmzkdkwm\\umorr9mp.encrypted.csv", "operations": [ "access", "write", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Desktop\\fMgVztMzKdkWm\\X9pGuRd2LUFtykx.avi", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\desktop\\fmgvztmzkdkwm\\x9pgurd2luftykx.avi", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Desktop\\fMgVztMzKdkWm\\X9pGuRd2LUFtykx.encrypted.avi", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\desktop\\fmgvztmzkdkwm\\x9pgurd2luftykx.encrypted.avi", "operations": [ "access", "write", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Desktop\\fMgVztMzKdkWm\\xkRc6.gif", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\desktop\\fmgvztmzkdkwm\\xkrc6.gif", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Desktop\\fMgVztMzKdkWm\\xkRc6.encrypted.gif", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\desktop\\fmgvztmzkdkwm\\xkrc6.encrypted.gif", "operations": [ "access", "write", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Desktop\\FrZbOJgkVA5C6MyJ.mp4", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\desktop\\frzbojgkva5c6myj.mp4", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Desktop\\FrZbOJgkVA5C6MyJ.encrypted.mp4", "hashes": [ { "md5_hash": "10c1a84a32519315c52d7c62eb634392", "sha1_hash": "fd89dc77f465db303f24e0c6ebbcb51f9966be41", "sha256_hash": "d10a7d942c17af5f2d67abc15d0bdfbe74262dc63dd64a8939a03edbb827e9bf", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5jghkoaofdp\\desktop\\frzbojgkva5c6myj.encrypted.mp4", "operations": [ "access", "write", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Desktop\\I0uZHq1VO1kg.ods", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\desktop\\i0uzhq1vo1kg.ods", "operations": [ "access", "write", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Desktop\\I0uZHq1VO1kg.encrypted.ods", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\desktop\\i0uzhq1vo1kg.encrypted.ods", "operations": [ "access", "write", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Desktop\\JMyoN8-H.mp3", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\desktop\\jmyon8-h.mp3", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Desktop\\JYTH35yWOw4cDE5jD.odp", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\desktop\\jyth35ywow4cde5jd.odp", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Desktop\\K3EBs8.docx", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\desktop\\k3ebs8.docx", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Desktop\\K3EBs8.encrypted.docx", "hashes": [ { "md5_hash": "8646a831d8aa6b5cdb95285c310de920", "sha1_hash": "25f3599cd5f77eb5da49b54d910539b485441d75", "sha256_hash": "9b6abb86be95d8762d6459910e4d3e029008f71848102b0961f0d1993e410fb1", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5jghkoaofdp\\desktop\\k3ebs8.encrypted.docx", "operations": [ "access", "write", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Desktop\\k9uoo8fW7r.jpg", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\desktop\\k9uoo8fw7r.jpg", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Desktop\\k9uoo8fW7r.encrypted.jpg", "hashes": [ { "md5_hash": "a68bf9f8d438a33cbe510005f6e874dc", "sha1_hash": "a3c741303af0316b3571ba09551b156b195df33d", "sha256_hash": "61269a23824a019c70e6d2bc511b3ca58b1b19e0901d9877b3b5cc23842b71db", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5jghkoaofdp\\desktop\\k9uoo8fw7r.encrypted.jpg", "operations": [ "access", "write", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Desktop\\kQG5XtNI4DupERo o1m.jpg", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\desktop\\kqg5xtni4dupero o1m.jpg", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Desktop\\kQG5XtNI4DupERo o1m.encrypted.jpg", "hashes": [ { "md5_hash": "760f09c85f27d0bc3898cea6ec12bfb2", "sha1_hash": "c1ba11bb7749491ae94893ec62ae5b2f9845cbac", "sha256_hash": "fce006e9807cd3825630e132f3e5c14c578b026c5ac7f2d3f4cca58f38b793b2", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5jghkoaofdp\\desktop\\kqg5xtni4dupero o1m.encrypted.jpg", "operations": [ "access", "write", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Desktop\\lQcVzOBTHZds7XE9L.swf", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\desktop\\lqcvzobthzds7xe9l.swf", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Desktop\\lQcVzOBTHZds7XE9L.encrypted.swf", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\desktop\\lqcvzobthzds7xe9l.encrypted.swf", "operations": [ "access", "write", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Desktop\\M2GZLacPZQEjs2kMO8D.pps", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\desktop\\m2gzlacpzqejs2kmo8d.pps", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Desktop\\M2GZLacPZQEjs2kMO8D.encrypted.pps", "hashes": [ { "md5_hash": "ef0c63672acbc5cae3ffc517fef1c569", "sha1_hash": "c126369f546d50277d7435ffe7ac41597a62bcd7", "sha256_hash": "0928a4f497025c3cea9b653ef30b21c661e533b913a9d7601be8802733a632fb", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5jghkoaofdp\\desktop\\m2gzlacpzqejs2kmo8d.encrypted.pps", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Desktop\\n0ie6V_g.encrypted.avi", "hashes": [ { "md5_hash": "d54ab970520126076248ec39cae01a6c", "sha1_hash": "5fa715bc50a9c3b3ae121b47b007860592fe3ed9", "sha256_hash": "39c67a2966d099967c245ca997ba0ddd70ef68c0a7b397754822d61ca30e5859", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5jghkoaofdp\\desktop\\n0ie6v_g.encrypted.avi", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Desktop\\osTre2ekexRLOM6.encrypted.jpg", "hashes": [ { "md5_hash": "8712a2ba179c03a3d086989b13741f44", "sha1_hash": "d445747f84d42efd5b5e52a74bd8d64bfb4813f4", "sha256_hash": "ba434835eebcfdd209a6c28e47f29d11654df328d75fee34a5b8bb9a2e0dbfa5", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5jghkoaofdp\\desktop\\ostre2ekexrlom6.encrypted.jpg", "operations": [ "access", "write", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Desktop\\q768hX7.swf", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\desktop\\q768hx7.swf", "operations": [ "access", "write", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Desktop\\q768hX7.encrypted.swf", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\desktop\\q768hx7.encrypted.swf", "operations": [ "access", "write", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Desktop\\QmkNd.odp", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\desktop\\qmknd.odp", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Desktop\\rvzc3jMnZDyKRdzF.mkv", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\desktop\\rvzc3jmnzdykrdzf.mkv", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Desktop\\rvzc3jMnZDyKRdzF.encrypted.mkv", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\desktop\\rvzc3jmnzdykrdzf.encrypted.mkv", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Desktop\\uK 6Ek_gE.encrypted.png", "hashes": [ { "md5_hash": "39c24282dcc2cfdf1a16e0a9dcd353ed", "sha1_hash": "7740212a7a6d04981889c3eaf3ea9d033cb32024", "sha256_hash": "3793173ad68dd2c7672ddedefdd82972f8108f53696d3a9b72e57fbbcb04e6bb", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5jghkoaofdp\\desktop\\uk 6ek_ge.encrypted.png", "operations": [ "access", "write", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Desktop\\Ur9w.mp3", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\desktop\\ur9w.mp3", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Desktop\\Ur9w.encrypted.mp3", "hashes": [ { "md5_hash": "85059cccd2f0472cd50f45dfd1a7ea73", "sha1_hash": "1c4328fb34d4c3777daea38904d0185df3e2d60a", "sha256_hash": "48d2d6d30fa8534a5c172cd867fffb6646c1fa9731ab84cead010826ab1af132", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5jghkoaofdp\\desktop\\ur9w.encrypted.mp3", "operations": [ "access", "write", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Desktop\\xE_1J.avi", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\desktop\\xe_1j.avi", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Desktop\\xE_1J.encrypted.avi", "hashes": [ { "md5_hash": "0820b196964244383636e3e10ac13f73", "sha1_hash": "3de767680bc25c995536ab7e3f86e77f99172f1e", "sha256_hash": "eb90f565bb5a91eef0f0ae385e55504966c29b28f5e022365cf740d22057a2af", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5jghkoaofdp\\desktop\\xe_1j.encrypted.avi", "operations": [ "access", "write", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Desktop\\YPMyrW0Yu.mp3", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\desktop\\ypmyrw0yu.mp3", "operations": [ "access", "write", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Desktop\\YPMyrW0Yu.encrypted.mp3", "hashes": [ { "md5_hash": "40ae53155c9e7aa00db5d28fc6195ad3", "sha1_hash": "00709944738ba3518b1de353ed414cd2b5733c0d", "sha256_hash": "26fc40822c979da7e22395d77c5874944ffa64c62c5285b025971dc5bcd235c5", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5jghkoaofdp\\desktop\\ypmyrw0yu.encrypted.mp3", "operations": [ "access", "write", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Desktop\\Zpipq.avi", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\desktop\\zpipq.avi", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Documents\\-K2qi4D7O1hA.pptx", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\-k2qi4d7o1ha.pptx", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Documents\\-K2qi4D7O1hA.encrypted.pptx", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\-k2qi4d7o1ha.encrypted.pptx", "operations": [ "access", "write", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Documents\\13i0VlibnO4QxctB5.odp", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\13i0vlibno4qxctb5.odp", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Documents\\13i0VlibnO4QxctB5.encrypted.odp", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\13i0vlibno4qxctb5.encrypted.odp", "operations": [ "access", "write", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Documents\\2sfMU.docx", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\2sfmu.docx", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Documents\\2sfMU.encrypted.docx", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\2sfmu.encrypted.docx", "operations": [ "access", "write", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Documents\\6hmkgL288Io-nw73.docx", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\6hmkgl288io-nw73.docx", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Documents\\6hmkgL288Io-nw73.encrypted.docx", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\6hmkgl288io-nw73.encrypted.docx", "operations": [ "access", "write", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Documents\\6VP Y1.xlsx", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\6vp y1.xlsx", "operations": [ "access", "write", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Documents\\6VP Y1.encrypted.xlsx", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\6vp y1.encrypted.xlsx", "operations": [ "access", "write", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Documents\\aQjEhDUTmjiM4M.docx", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\aqjehdutmjim4m.docx", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Documents\\b9SUel0k8A.xls", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\b9suel0k8a.xls", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Documents\\b9SUel0k8A.encrypted.xls", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\b9suel0k8a.encrypted.xls", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Documents\\EcMUW.encrypted.docx", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\ecmuw.encrypted.docx", "operations": [ "access", "write", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Documents\\F0tlqD_PjItzmwvwmHNX.xlsx", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\f0tlqd_pjitzmwvwmhnx.xlsx", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Documents\\F0tlqD_PjItzmwvwmHNX.encrypted.xlsx", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\f0tlqd_pjitzmwvwmhnx.encrypted.xlsx", "operations": [ "access", "write", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Documents\\FW U\\6ESq8lZBvb5xjb1XLyrd.odt", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\fw u\\6esq8lzbvb5xjb1xlyrd.odt", "operations": [ "access", "write", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Documents\\FW U\\6ESq8lZBvb5xjb1XLyrd.encrypted.odt", "hashes": [ { "md5_hash": "d69ed40b6ef264201dd313d96d6951c1", "sha1_hash": "ee645d66a78ad34f30b9d90af86f50f213bcfa27", "sha256_hash": "446c89e1a7c24649e12ec32e2c3da633bb94342f2d1e751be378bc9435ea87b6", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\fw u\\6esq8lzbvb5xjb1xlyrd.encrypted.odt", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Documents\\FW U\\dQOHpG0Nf9r1mosxu\\-McD0G9w-y6.rtf", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\fw u\\dqohpg0nf9r1mosxu\\-mcd0g9w-y6.rtf", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Documents\\FW U\\dQOHpG0Nf9r1mosxu\\-McD0G9w-y6.encrypted.rtf", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\fw u\\dqohpg0nf9r1mosxu\\-mcd0g9w-y6.encrypted.rtf", "operations": [ "access", "write", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Documents\\FW U\\dQOHpG0Nf9r1mosxu\\3 LJxnIVpNPfOuwlcIh-.pptx", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\fw u\\dqohpg0nf9r1mosxu\\3 ljxnivpnpfouwlcih-.pptx", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Documents\\FW U\\dQOHpG0Nf9r1mosxu\\3 LJxnIVpNPfOuwlcIh-.encrypted.pptx", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\fw u\\dqohpg0nf9r1mosxu\\3 ljxnivpnpfouwlcih-.encrypted.pptx", "operations": [ "access", "write", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Documents\\FW U\\dQOHpG0Nf9r1mosxu\\U9OFxVyaM-sRGNq.doc", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\fw u\\dqohpg0nf9r1mosxu\\u9ofxvyam-srgnq.doc", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Documents\\FW U\\dQOHpG0Nf9r1mosxu\\U9OFxVyaM-sRGNq.encrypted.doc", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\fw u\\dqohpg0nf9r1mosxu\\u9ofxvyam-srgnq.encrypted.doc", "operations": [ "access", "write", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Documents\\FW U\\dQOHpG0Nf9r1mosxu\\wKBfM0BgIc5.pps", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\fw u\\dqohpg0nf9r1mosxu\\wkbfm0bgic5.pps", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Documents\\FW U\\dQOHpG0Nf9r1mosxu\\wKBfM0BgIc5.encrypted.pps", "hashes": [ { "md5_hash": "016becc51450c820dde6162f0ac08715", "sha1_hash": "3c89849ac87f40f76cac4658dadba6f778632906", "sha256_hash": "c9351874bc42f12d279b4559b9a3ae1c996c20baa21473a8714151a4c9ac6b89", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\fw u\\dqohpg0nf9r1mosxu\\wkbfm0bgic5.encrypted.pps", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Documents\\FW U\\gIFhUCqicYTOVJewuyW\\ACt2aRGtYlaHCFWx Ti2.encrypted.pps", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\fw u\\gifhucqicytovjewuyw\\act2argtylahcfwx ti2.encrypted.pps", "operations": [ "access", "write", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Documents\\FW U\\gIFhUCqicYTOVJewuyW\\DpJxT01PYg1DSU8dGdRx.pdf", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\fw u\\gifhucqicytovjewuyw\\dpjxt01pyg1dsu8dgdrx.pdf", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Documents\\FW U\\gIFhUCqicYTOVJewuyW\\DpJxT01PYg1DSU8dGdRx.encrypted.pdf", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\fw u\\gifhucqicytovjewuyw\\dpjxt01pyg1dsu8dgdrx.encrypted.pdf", "operations": [ "access", "write", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Documents\\FW U\\gIFhUCqicYTOVJewuyW\\h_iDTN9q4xoR8AS.ots", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\fw u\\gifhucqicytovjewuyw\\h_idtn9q4xor8as.ots", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Documents\\FW U\\gIFhUCqicYTOVJewuyW\\h_iDTN9q4xoR8AS.encrypted.ots", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\fw u\\gifhucqicytovjewuyw\\h_idtn9q4xor8as.encrypted.ots", "operations": [ "access", "write", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Documents\\FW U\\gIFhUCqicYTOVJewuyW\\Par3V.docx", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\fw u\\gifhucqicytovjewuyw\\par3v.docx", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Documents\\FW U\\gIFhUCqicYTOVJewuyW\\Par3V.encrypted.docx", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\fw u\\gifhucqicytovjewuyw\\par3v.encrypted.docx", "operations": [ "access", "write", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Documents\\FW U\\gMgUlv1jFWYOWc.pdf", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\fw u\\gmgulv1jfwyowc.pdf", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Documents\\FW U\\gMgUlv1jFWYOWc.encrypted.pdf", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\fw u\\gmgulv1jfwyowc.encrypted.pdf", "operations": [ "access", "write", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Documents\\FW U\\iXosKeRIaoImk.ods", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\fw u\\ixoskeriaoimk.ods", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Documents\\FW U\\iXosKeRIaoImk.encrypted.ods", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\fw u\\ixoskeriaoimk.encrypted.ods", "operations": [ "access", "write", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Documents\\FW U\\qhHaI\\2-L_bJ82.pps", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\fw u\\qhhai\\2-l_bj82.pps", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Documents\\FW U\\qhHaI\\2-L_bJ82.encrypted.pps", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\fw u\\qhhai\\2-l_bj82.encrypted.pps", "operations": [ "access", "write", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Documents\\FW U\\qhHaI\\BftNn-lFCQRK6y3V.ods", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\fw u\\qhhai\\bftnn-lfcqrk6y3v.ods", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Documents\\FW U\\qhHaI\\BftNn-lFCQRK6y3V.encrypted.ods", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\fw u\\qhhai\\bftnn-lfcqrk6y3v.encrypted.ods", "operations": [ "access", "write", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Documents\\FW U\\qhHaI\\fPffAVX.rtf", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\fw u\\qhhai\\fpffavx.rtf", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Documents\\FW U\\qhHaI\\fPffAVX.encrypted.rtf", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\fw u\\qhhai\\fpffavx.encrypted.rtf", "operations": [ "access", "write", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Documents\\FW U\\qhHaI\\GOZxV-S.xlsx", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\fw u\\qhhai\\gozxv-s.xlsx", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Documents\\FW U\\qhHaI\\GOZxV-S.encrypted.xlsx", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\fw u\\qhhai\\gozxv-s.encrypted.xlsx", "operations": [ "access", "write", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Documents\\FW U\\qhHaI\\LXe-5p6iU.encrypted.pdf", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\fw u\\qhhai\\lxe-5p6iu.encrypted.pdf", "operations": [ "access", "write", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Documents\\FW U\\qhHaI\\Mz7EF7dcig3 gnT3v.xls", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\fw u\\qhhai\\mz7ef7dcig3 gnt3v.xls", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Documents\\FW U\\qhHaI\\Mz7EF7dcig3 gnT3v.encrypted.xls", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\fw u\\qhhai\\mz7ef7dcig3 gnt3v.encrypted.xls", "operations": [ "access", "write", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Documents\\FW U\\qhHaI\\OhQsVpUB.encrypted.docx", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\fw u\\qhhai\\ohqsvpub.encrypted.docx", "operations": [ "access", "write", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Documents\\FW U\\qhHaI\\Z qH-1_5g2NYPxao.rtf", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\fw u\\qhhai\\z qh-1_5g2nypxao.rtf", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Documents\\FW U\\qhHaI\\Z qH-1_5g2NYPxao.encrypted.rtf", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\fw u\\qhhai\\z qh-1_5g2nypxao.encrypted.rtf", "operations": [ "access", "write", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Documents\\gxVaj.pptx", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\gxvaj.pptx", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Documents\\gxVaj.encrypted.pptx", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\gxvaj.encrypted.pptx", "operations": [ "access", "write", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Documents\\HynWIycZ.csv", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\hynwiycz.csv", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Documents\\HynWIycZ.encrypted.csv", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\hynwiycz.encrypted.csv", "operations": [ "access", "write", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Documents\\My New App.accdb", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\my new app.accdb", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Documents\\My New App.encrypted.accdb", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\my new app.encrypted.accdb", "operations": [ "access", "write", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Documents\\My Shapes\\desktop.ini", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\my shapes\\desktop.ini", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Documents\\My Shapes\\_private\\folder.ico", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\my shapes\\_private\\folder.ico", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Documents\\My Shapes\\_private\\folder.encrypted.ico", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\my shapes\\_private\\folder.encrypted.ico", "operations": [ "access", "write", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Documents\\NeaFrBuex2U7\\-nTERrDy.xlsx", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\neafrbuex2u7\\-nterrdy.xlsx", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Documents\\NeaFrBuex2U7\\-nTERrDy.encrypted.xlsx", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\neafrbuex2u7\\-nterrdy.encrypted.xlsx", "operations": [ "access", "write", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Documents\\NeaFrBuex2U7\\5Cq0nxpQprd.xls", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\neafrbuex2u7\\5cq0nxpqprd.xls", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Documents\\NeaFrBuex2U7\\5Cq0nxpQprd.encrypted.xls", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\neafrbuex2u7\\5cq0nxpqprd.encrypted.xls", "operations": [ "access", "write", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Documents\\NeaFrBuex2U7\\K27yuQYoGg7erx5RY.rtf", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\neafrbuex2u7\\k27yuqyogg7erx5ry.rtf", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Documents\\NeaFrBuex2U7\\K27yuQYoGg7erx5RY.encrypted.rtf", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\neafrbuex2u7\\k27yuqyogg7erx5ry.encrypted.rtf", "operations": [ "access", "write", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Documents\\NeaFrBuex2U7\\LIL6pH6Oee7iuTK.ods", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\neafrbuex2u7\\lil6ph6oee7iutk.ods", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Documents\\NeaFrBuex2U7\\LIL6pH6Oee7iuTK.encrypted.ods", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\neafrbuex2u7\\lil6ph6oee7iutk.encrypted.ods", "operations": [ "access", "write", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Documents\\NeaFrBuex2U7\\LJDVlgSO.pps", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\neafrbuex2u7\\ljdvlgso.pps", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Documents\\NeaFrBuex2U7\\LJDVlgSO.encrypted.pps", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\neafrbuex2u7\\ljdvlgso.encrypted.pps", "operations": [ "access", "write", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Documents\\NeaFrBuex2U7\\pvNdPv7CycNkjeBeIJOV.xlsx", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\neafrbuex2u7\\pvndpv7cycnkjebeijov.xlsx", "operations": [ "access", "write", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Documents\\NeaFrBuex2U7\\pvNdPv7CycNkjeBeIJOV.encrypted.xlsx", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\neafrbuex2u7\\pvndpv7cycnkjebeijov.encrypted.xlsx", "operations": [ "access", "write", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Documents\\NeaFrBuex2U7\\v2zRxHEjBQRq x60dFm7.odp", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\neafrbuex2u7\\v2zrxhejbqrq x60dfm7.odp", "operations": [ "access", "write", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Documents\\NeaFrBuex2U7\\VPX0Zm61g2E4gE.doc", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\neafrbuex2u7\\vpx0zm61g2e4ge.doc", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Documents\\NeaFrBuex2U7\\xuZ02tplUJG4DO_gI5gM.docx", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\neafrbuex2u7\\xuz02tplujg4do_gi5gm.docx", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Documents\\NeaFrBuex2U7\\xuZ02tplUJG4DO_gI5gM.encrypted.docx", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\neafrbuex2u7\\xuz02tplujg4do_gi5gm.encrypted.docx", "operations": [ "access", "write", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Documents\\NeaFrBuex2U7\\Zg4RGB0kXt-5dpkfB.ods", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\neafrbuex2u7\\zg4rgb0kxt-5dpkfb.ods", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Documents\\NeaFrBuex2U7\\Zg4RGB0kXt-5dpkfB.encrypted.ods", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\neafrbuex2u7\\zg4rgb0kxt-5dpkfb.encrypted.ods", "operations": [ "access", "write", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Documents\\OneNote Notebooks\\My Notebook\\Open Notebook.onetoc2", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\onenote notebooks\\my notebook\\open notebook.onetoc2", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Documents\\OneNote Notebooks\\My Notebook\\Open Notebook.encrypted.onetoc2", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\onenote notebooks\\my notebook\\open notebook.encrypted.onetoc2", "operations": [ "access", "write", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Documents\\OneNote Notebooks\\My Notebook\\Quick Notes.one", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\onenote notebooks\\my notebook\\quick notes.one", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Documents\\OneNote Notebooks\\My Notebook\\Quick Notes.encrypted.one", "hashes": [ { "md5_hash": "75c6ce6d9424b73aa80240b86b17a7cf", "sha1_hash": "93cd2fc955c0c334cbde020746710f3f56991f30", "sha256_hash": "85181b0f7419ffc6c68e72c1f4d045bd59373416ff48838a0ac19087abaa9c9c", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\onenote notebooks\\my notebook\\quick notes.encrypted.one", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Documents\\Outlook Files\\cjeijc.diuv@div.com.encrypted.pst", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\outlook files\\cjeijc.diuv@div.com.encrypted.pst", "operations": [ "access", "write", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Documents\\pldu.docx", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\pldu.docx", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Documents\\pldu.encrypted.docx", "hashes": [ { "md5_hash": "ccdd9bf84db49be6ddecf43581b52990", "sha1_hash": "7e49228b19486952f30c7e135d7464f05247f819", "sha256_hash": "0b43a83baa0bb26b8f60a8d73f1d067e377ef81a19cd46dbce54a1fce8cb9c4b", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\pldu.encrypted.docx", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Documents\\tex-fkU3aLzfvTfyy7.encrypted.pptx", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\tex-fku3alzfvtfyy7.encrypted.pptx", "operations": [ "access", "write", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Documents\\VLxre2epCIJ.xlsx", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\vlxre2epcij.xlsx", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Documents\\VLxre2epCIJ.encrypted.xlsx", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\vlxre2epcij.encrypted.xlsx", "operations": [ "access", "write", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Documents\\XfT-x_yFlDeI9HE.pptx", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\xft-x_yfldei9he.pptx", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Documents\\XfT-x_yFlDeI9HE.encrypted.pptx", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\xft-x_yfldei9he.encrypted.pptx", "operations": [ "access", "write", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Documents\\ybk9kM-2tDyzmN.xlsx", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\ybk9km-2tdyzmn.xlsx", "operations": [ "access", "write", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Documents\\ybk9kM-2tDyzmN.encrypted.xlsx", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\ybk9km-2tdyzmn.encrypted.xlsx", "operations": [ "access", "write", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Documents\\zBza.xlsx", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\zbza.xlsx", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Documents\\zD9_fkuLWLeWHM.xlsx", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\zd9_fkulwlewhm.xlsx", "operations": [ "access", "write", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Documents\\zD9_fkuLWLeWHM.encrypted.xlsx", "hashes": [ { "md5_hash": "5103ba382b3ff4928f0be25060ae01be", "sha1_hash": "c7f3d4c7670d35d579671ccfd78d4801fe5e0ae5", "sha256_hash": "7f3b86e47b1d930a6ce211d85cb1f99e1e74dd8591f273948de04be20209b791", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\zd9_fkulwlewhm.encrypted.xlsx", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Documents\\_Z34wuM36pNQy_aKa.pptx", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\_z34wum36pnqy_aka.pptx", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Documents\\_Z34wuM36pNQy_aKa.encrypted.pptx", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\_z34wum36pnqy_aka.encrypted.pptx", "operations": [ "access", "write", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Downloads\\ChromeSetup.exe", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\downloads\\chromesetup.exe", "operations": [ "access", "write", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Downloads\\ChromeSetup.encrypted.exe", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\downloads\\chromesetup.encrypted.exe", "operations": [ "access", "write", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Downloads\\desktop.ini", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\downloads\\desktop.ini", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Music\\-e7zHxg.wav", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\music\\-e7zhxg.wav", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Music\\1ahiRTuHYORQs.m4a", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\music\\1ahirtuhyorqs.m4a", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Music\\1ahiRTuHYORQs.encrypted.m4a", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\music\\1ahirtuhyorqs.encrypted.m4a", "operations": [ "access", "write", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Music\\1Q1eF6.wav", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\music\\1q1ef6.wav", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Music\\1Q1eF6.encrypted.wav", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\music\\1q1ef6.encrypted.wav", "operations": [ "access", "write", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Music\\5gT6Ul.mp3", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\music\\5gt6ul.mp3", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Music\\5gT6Ul.encrypted.mp3", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\music\\5gt6ul.encrypted.mp3", "operations": [ "access", "write", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Music\\7hpbkBpy8QXZhHut.mp3", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\music\\7hpbkbpy8qxzhhut.mp3", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Music\\7hpbkBpy8QXZhHut.encrypted.mp3", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\music\\7hpbkbpy8qxzhhut.encrypted.mp3", "operations": [ "access", "write", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Music\\desktop.ini", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\music\\desktop.ini", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Music\\ecV1iYlCSS.m4a", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\music\\ecv1iylcss.m4a", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Music\\ecV1iYlCSS.encrypted.m4a", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\music\\ecv1iylcss.encrypted.m4a", "operations": [ "access", "write", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Music\\hfCmWOsWhZ-hDT.m4a", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\music\\hfcmwoswhz-hdt.m4a", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Music\\hfCmWOsWhZ-hDT.encrypted.m4a", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\music\\hfcmwoswhz-hdt.encrypted.m4a", "operations": [ "access", "write", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Music\\nK2OfiH.m4a", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\music\\nk2ofih.m4a", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Music\\nK2OfiH.encrypted.m4a", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\music\\nk2ofih.encrypted.m4a", "operations": [ "access", "write", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Music\\ONVMABx84l5Xkpsb6eP.wav", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\music\\onvmabx84l5xkpsb6ep.wav", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Music\\ONVMABx84l5Xkpsb6eP.encrypted.wav", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\music\\onvmabx84l5xkpsb6ep.encrypted.wav", "operations": [ "access", "write", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Music\\Qz9eopB-.mp3", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\music\\qz9eopb-.mp3", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Music\\Qz9eopB-.encrypted.mp3", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\music\\qz9eopb-.encrypted.mp3", "operations": [ "access", "write", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Music\\Sy4u8T-k4V-TX.mp3", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\music\\sy4u8t-k4v-tx.mp3", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Music\\Sy4u8T-k4V-TX.encrypted.mp3", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\music\\sy4u8t-k4v-tx.encrypted.mp3", "operations": [ "access", "write", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Music\\YGQpK-yMJwgaKf7q\\0u --GozCqve1q5P.wav", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\music\\ygqpk-ymjwgakf7q\\0u --gozcqve1q5p.wav", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Music\\YGQpK-yMJwgaKf7q\\31AunBdCov.m4a", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\music\\ygqpk-ymjwgakf7q\\31aunbdcov.m4a", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Music\\YGQpK-yMJwgaKf7q\\31AunBdCov.encrypted.m4a", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\music\\ygqpk-ymjwgakf7q\\31aunbdcov.encrypted.m4a", "operations": [ "access", "write", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Music\\YGQpK-yMJwgaKf7q\\B3ITwwOcNy-dV_k.mp3", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\music\\ygqpk-ymjwgakf7q\\b3itwwocny-dv_k.mp3", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Music\\YGQpK-yMJwgaKf7q\\B3ITwwOcNy-dV_k.encrypted.mp3", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\music\\ygqpk-ymjwgakf7q\\b3itwwocny-dv_k.encrypted.mp3", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Music\\YGQpK-yMJwgaKf7q\\beIfi.encrypted.mp3", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\music\\ygqpk-ymjwgakf7q\\beifi.encrypted.mp3", "operations": [ "access", "write", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Music\\YGQpK-yMJwgaKf7q\\g1TP7xrmQuP7.mp3", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\music\\ygqpk-ymjwgakf7q\\g1tp7xrmqup7.mp3", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Music\\YGQpK-yMJwgaKf7q\\iqgBYd1lYt0eST.wav", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\music\\ygqpk-ymjwgakf7q\\iqgbyd1lyt0est.wav", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Music\\YGQpK-yMJwgaKf7q\\iqgBYd1lYt0eST.encrypted.wav", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\music\\ygqpk-ymjwgakf7q\\iqgbyd1lyt0est.encrypted.wav", "operations": [ "access", "write", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Music\\YGQpK-yMJwgaKf7q\\LaTASn2XD.m4a", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\music\\ygqpk-ymjwgakf7q\\latasn2xd.m4a", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Music\\YGQpK-yMJwgaKf7q\\LaTASn2XD.encrypted.m4a", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\music\\ygqpk-ymjwgakf7q\\latasn2xd.encrypted.m4a", "operations": [ "access", "write", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Music\\YGQpK-yMJwgaKf7q\\N4RwM_lBui1y47yE.wav", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\music\\ygqpk-ymjwgakf7q\\n4rwm_lbui1y47ye.wav", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Music\\YGQpK-yMJwgaKf7q\\N4RwM_lBui1y47yE.encrypted.wav", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\music\\ygqpk-ymjwgakf7q\\n4rwm_lbui1y47ye.encrypted.wav", "operations": [ "access", "write", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Music\\YGQpK-yMJwgaKf7q\\NIF5N.mp3", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\music\\ygqpk-ymjwgakf7q\\nif5n.mp3", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Music\\YGQpK-yMJwgaKf7q\\NIF5N.encrypted.mp3", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\music\\ygqpk-ymjwgakf7q\\nif5n.encrypted.mp3", "operations": [ "access", "write", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Music\\YGQpK-yMJwgaKf7q\\N_V7T6P3k51.mp3", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\music\\ygqpk-ymjwgakf7q\\n_v7t6p3k51.mp3", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Music\\YGQpK-yMJwgaKf7q\\N_V7T6P3k51.encrypted.mp3", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\music\\ygqpk-ymjwgakf7q\\n_v7t6p3k51.encrypted.mp3", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Music\\YGQpK-yMJwgaKf7q\\OKF4yowSz-ApDzSJ.wav", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\music\\ygqpk-ymjwgakf7q\\okf4yowsz-apdzsj.wav", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Music\\YGQpK-yMJwgaKf7q\\OKF4yowSz-ApDzSJ.encrypted.wav", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\music\\ygqpk-ymjwgakf7q\\okf4yowsz-apdzsj.encrypted.wav", "operations": [ "access", "write", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Music\\YGQpK-yMJwgaKf7q\\qKmEzET2RW9J4.wav", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\music\\ygqpk-ymjwgakf7q\\qkmezet2rw9j4.wav", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Music\\YGQpK-yMJwgaKf7q\\qKmEzET2RW9J4.encrypted.wav", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\music\\ygqpk-ymjwgakf7q\\qkmezet2rw9j4.encrypted.wav", "operations": [ "access", "write", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Music\\YGQpK-yMJwgaKf7q\\v5IkO1.mp3", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\music\\ygqpk-ymjwgakf7q\\v5iko1.mp3", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Music\\YGQpK-yMJwgaKf7q\\v5IkO1.encrypted.mp3", "hashes": [ { "md5_hash": "6b0977b640f54f2148b33ea9c686360e", "sha1_hash": "04a0d9eb686a127bf5b91c02b0ff84b9f76f2345", "sha256_hash": "1c361912ae72195495356177a335be9ac6cb93bd68206c05460a5d588f49c494", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5jghkoaofdp\\music\\ygqpk-ymjwgakf7q\\v5iko1.encrypted.mp3", "operations": [ "access", "write", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Music\\YGQpK-yMJwgaKf7q\\vg92TMA h58WcT.m4a", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\music\\ygqpk-ymjwgakf7q\\vg92tma h58wct.m4a", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Music\\YGQpK-yMJwgaKf7q\\vg92TMA h58WcT.encrypted.m4a", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\music\\ygqpk-ymjwgakf7q\\vg92tma h58wct.encrypted.m4a", "operations": [ "access", "write", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Music\\YGQpK-yMJwgaKf7q\\vuBvaJ.mp3", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\music\\ygqpk-ymjwgakf7q\\vubvaj.mp3", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Music\\YGQpK-yMJwgaKf7q\\vuBvaJ.encrypted.mp3", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\music\\ygqpk-ymjwgakf7q\\vubvaj.encrypted.mp3", "operations": [ "access", "write", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Music\\YGQpK-yMJwgaKf7q\\wN2d1y8y7F1tG2R.wav", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\music\\ygqpk-ymjwgakf7q\\wn2d1y8y7f1tg2r.wav", "operations": [ "access", "write", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Music\\YGQpK-yMJwgaKf7q\\wN2d1y8y7F1tG2R.encrypted.wav", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\music\\ygqpk-ymjwgakf7q\\wn2d1y8y7f1tg2r.encrypted.wav", "operations": [ "access", "write", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Music\\YGQpK-yMJwgaKf7q\\zcLJLew5Ko3qLSRl.m4a", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\music\\ygqpk-ymjwgakf7q\\zcljlew5ko3qlsrl.m4a", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Music\\Yo5YETXnV.m4a", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\music\\yo5yetxnv.m4a", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Music\\Yo5YETXnV.encrypted.m4a", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\music\\yo5yetxnv.encrypted.m4a", "operations": [ "access", "write", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\NTUSER.DAT", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\ntuser.dat", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Pictures\\1KmvsODIJKFCpkCm.bmp", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\pictures\\1kmvsodijkfcpkcm.bmp", "operations": [ "access", "write", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Pictures\\1KmvsODIJKFCpkCm.encrypted.bmp", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\pictures\\1kmvsodijkfcpkcm.encrypted.bmp", "operations": [ "access", "write", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Pictures\\desktop.ini", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\pictures\\desktop.ini", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Pictures\\hZ2W\\k_Yns1.jpg", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\pictures\\hz2w\\k_yns1.jpg", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Pictures\\hZ2W\\k_Yns1.encrypted.jpg", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\pictures\\hz2w\\k_yns1.encrypted.jpg", "operations": [ "access", "write", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Pictures\\hZ2W\\laAxEFBmzBFaQO.bmp", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\pictures\\hz2w\\laaxefbmzbfaqo.bmp", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Pictures\\hZ2W\\laAxEFBmzBFaQO.encrypted.bmp", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\pictures\\hz2w\\laaxefbmzbfaqo.encrypted.bmp", "operations": [ "access", "write", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Pictures\\hZ2W\\NQGbwm2X9UGI8JmJW700\\1NOjs0ZZ_yk9Vps.jpg", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\pictures\\hz2w\\nqgbwm2x9ugi8jmjw700\\1nojs0zz_yk9vps.jpg", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Pictures\\hZ2W\\NQGbwm2X9UGI8JmJW700\\1NOjs0ZZ_yk9Vps.encrypted.jpg", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\pictures\\hz2w\\nqgbwm2x9ugi8jmjw700\\1nojs0zz_yk9vps.encrypted.jpg", "operations": [ "access", "write", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Pictures\\hZ2W\\NQGbwm2X9UGI8JmJW700\\a3R9P4wd Zju.bmp", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\pictures\\hz2w\\nqgbwm2x9ugi8jmjw700\\a3r9p4wd zju.bmp", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Pictures\\hZ2W\\NQGbwm2X9UGI8JmJW700\\a3R9P4wd Zju.encrypted.bmp", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\pictures\\hz2w\\nqgbwm2x9ugi8jmjw700\\a3r9p4wd zju.encrypted.bmp", "operations": [ "access", "write", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Pictures\\hZ2W\\NQGbwm2X9UGI8JmJW700\\LIvZ.png", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\pictures\\hz2w\\nqgbwm2x9ugi8jmjw700\\livz.png", "operations": [ "access", "write", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Pictures\\hZ2W\\NQGbwm2X9UGI8JmJW700\\LIvZ.encrypted.png", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\pictures\\hz2w\\nqgbwm2x9ugi8jmjw700\\livz.encrypted.png", "operations": [ "access", "write", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Pictures\\hZ2W\\NQGbwm2X9UGI8JmJW700\\Lm78sADYfv9pBzFMCulK.jpg", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\pictures\\hz2w\\nqgbwm2x9ugi8jmjw700\\lm78sadyfv9pbzfmculk.jpg", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Pictures\\hZ2W\\r69N iygd.png", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\pictures\\hz2w\\r69n iygd.png", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Pictures\\hZ2W\\r69N iygd.encrypted.png", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\pictures\\hz2w\\r69n iygd.encrypted.png", "operations": [ "access", "write", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Pictures\\hZ2W\\RA1RifPB2\\6T JEVKXg-.png", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\pictures\\hz2w\\ra1rifpb2\\6t jevkxg-.png", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Pictures\\hZ2W\\RA1RifPB2\\6T JEVKXg-.encrypted.png", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\pictures\\hz2w\\ra1rifpb2\\6t jevkxg-.encrypted.png", "operations": [ "access", "write", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Pictures\\hZ2W\\RA1RifPB2\\Ds65N6Miylf7v.bmp", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\pictures\\hz2w\\ra1rifpb2\\ds65n6miylf7v.bmp", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Pictures\\hZ2W\\RA1RifPB2\\Ds65N6Miylf7v.encrypted.bmp", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\pictures\\hz2w\\ra1rifpb2\\ds65n6miylf7v.encrypted.bmp", "operations": [ "access", "write", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Pictures\\hZ2W\\RA1RifPB2\\fYbDf-gD6aNdufc.jpg", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\pictures\\hz2w\\ra1rifpb2\\fybdf-gd6andufc.jpg", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Pictures\\hZ2W\\RA1RifPB2\\fYbDf-gD6aNdufc.encrypted.jpg", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\pictures\\hz2w\\ra1rifpb2\\fybdf-gd6andufc.encrypted.jpg", "operations": [ "access", "write", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Pictures\\hZ2W\\RA1RifPB2\\L6Fx8siCimWQ0qgOMDX1.png", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\pictures\\hz2w\\ra1rifpb2\\l6fx8sicimwq0qgomdx1.png", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Pictures\\hZ2W\\RA1RifPB2\\L6Fx8siCimWQ0qgOMDX1.encrypted.png", "hashes": [ { "md5_hash": "e851eb21c3987b1f349ddb9b857815d3", "sha1_hash": "0183755599ab86295e6b2467968acc087fe25cb0", "sha256_hash": "7915469719d6373559f2f7efe127f46950ccac1147ab91f2cd6711ed2fed14d0", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5jghkoaofdp\\pictures\\hz2w\\ra1rifpb2\\l6fx8sicimwq0qgomdx1.encrypted.png", "operations": [ "access", "write", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Pictures\\hZ2W\\RA1RifPB2\\NtFBb.jpg", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\pictures\\hz2w\\ra1rifpb2\\ntfbb.jpg", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Pictures\\hZ2W\\RA1RifPB2\\NtFBb.encrypted.jpg", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\pictures\\hz2w\\ra1rifpb2\\ntfbb.encrypted.jpg", "operations": [ "access", "write", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Pictures\\hZ2W\\RA1RifPB2\\VeXyoj31q5uYZq\\4cYf0DEU1Rr.png", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\pictures\\hz2w\\ra1rifpb2\\vexyoj31q5uyzq\\4cyf0deu1rr.png", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Pictures\\hZ2W\\RA1RifPB2\\VeXyoj31q5uYZq\\4cYf0DEU1Rr.encrypted.png", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\pictures\\hz2w\\ra1rifpb2\\vexyoj31q5uyzq\\4cyf0deu1rr.encrypted.png", "operations": [ "access", "write", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Pictures\\hZ2W\\RA1RifPB2\\VeXyoj31q5uYZq\\5wDE.png", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\pictures\\hz2w\\ra1rifpb2\\vexyoj31q5uyzq\\5wde.png", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Pictures\\hZ2W\\RA1RifPB2\\VeXyoj31q5uYZq\\5wDE.encrypted.png", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\pictures\\hz2w\\ra1rifpb2\\vexyoj31q5uyzq\\5wde.encrypted.png", "operations": [ "access", "write", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Pictures\\hZ2W\\RA1RifPB2\\VeXyoj31q5uYZq\\pHQA.gif", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\pictures\\hz2w\\ra1rifpb2\\vexyoj31q5uyzq\\phqa.gif", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Pictures\\hZ2W\\RA1RifPB2\\VeXyoj31q5uYZq\\pHQA.encrypted.gif", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\pictures\\hz2w\\ra1rifpb2\\vexyoj31q5uyzq\\phqa.encrypted.gif", "operations": [ "access", "write", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Pictures\\hZ2W\\RA1RifPB2\\VeXyoj31q5uYZq\\RjsoLWMv.jpg", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\pictures\\hz2w\\ra1rifpb2\\vexyoj31q5uyzq\\rjsolwmv.jpg", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Pictures\\hZ2W\\RA1RifPB2\\VeXyoj31q5uYZq\\RjsoLWMv.encrypted.jpg", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\pictures\\hz2w\\ra1rifpb2\\vexyoj31q5uyzq\\rjsolwmv.encrypted.jpg", "operations": [ "access", "write", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Pictures\\hZ2W\\RA1RifPB2\\VeXyoj31q5uYZq\\RZEzoNWn812VN.png", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\pictures\\hz2w\\ra1rifpb2\\vexyoj31q5uyzq\\rzezonwn812vn.png", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Pictures\\hZ2W\\RA1RifPB2\\VeXyoj31q5uYZq\\RZEzoNWn812VN.encrypted.png", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\pictures\\hz2w\\ra1rifpb2\\vexyoj31q5uyzq\\rzezonwn812vn.encrypted.png", "operations": [ "access", "write", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Pictures\\hZ2W\\RA1RifPB2\\VeXyoj31q5uYZq\\WTPvK7Ks\\9XwefqXl.gif", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\pictures\\hz2w\\ra1rifpb2\\vexyoj31q5uyzq\\wtpvk7ks\\9xwefqxl.gif", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Pictures\\hZ2W\\RA1RifPB2\\VeXyoj31q5uYZq\\WTPvK7Ks\\9XwefqXl.encrypted.gif", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\pictures\\hz2w\\ra1rifpb2\\vexyoj31q5uyzq\\wtpvk7ks\\9xwefqxl.encrypted.gif", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Pictures\\hZ2W\\RA1RifPB2\\VeXyoj31q5uYZq\\WTPvK7Ks\\pyzHBeLCbwH1K.encrypted.gif", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\pictures\\hz2w\\ra1rifpb2\\vexyoj31q5uyzq\\wtpvk7ks\\pyzhbelcbwh1k.encrypted.gif", "operations": [ "access", "write", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Pictures\\hZ2W\\RA1RifPB2\\VeXyoj31q5uYZq\\z8A-0V.jpg", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\pictures\\hz2w\\ra1rifpb2\\vexyoj31q5uyzq\\z8a-0v.jpg", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Pictures\\hZ2W\\RA1RifPB2\\VeXyoj31q5uYZq\\z8A-0V.encrypted.jpg", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\pictures\\hz2w\\ra1rifpb2\\vexyoj31q5uyzq\\z8a-0v.encrypted.jpg", "operations": [ "access", "write", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Pictures\\hZ2W\\RA1RifPB2\\VeXyoj31q5uYZq\\ZhbqZgbSVVeENsq.encrypted.jpg", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\pictures\\hz2w\\ra1rifpb2\\vexyoj31q5uyzq\\zhbqzgbsvveensq.encrypted.jpg", "operations": [ "access", "write", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Pictures\\hZ2W\\Tg7ZWTiiMx.jpg", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\pictures\\hz2w\\tg7zwtiimx.jpg", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Pictures\\hZ2W\\U1Bz6duC.png", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\pictures\\hz2w\\u1bz6duc.png", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Pictures\\hZ2W\\U1Bz6duC.encrypted.png", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\pictures\\hz2w\\u1bz6duc.encrypted.png", "operations": [ "access", "write", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Pictures\\hZ2W\\uVzP9c0xe2uNMUaJ6.gif", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\pictures\\hz2w\\uvzp9c0xe2unmuaj6.gif", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Pictures\\hZ2W\\uVzP9c0xe2uNMUaJ6.encrypted.gif", "hashes": [ { "md5_hash": "50ecceade9fad61b570f2b31410cad9f", "sha1_hash": "f73a2f7fd2befe16461d400ae1f9cfeeb40d1ab9", "sha256_hash": "04a4b6fb5a0a3be5267c923254c16e87c6342c0e4ae7cae92ff983f19cb29ccf", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5jghkoaofdp\\pictures\\hz2w\\uvzp9c0xe2unmuaj6.encrypted.gif", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Pictures\\hZ2W\\XUN2brrF9I3oYGd0.encrypted.png", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\pictures\\hz2w\\xun2brrf9i3oygd0.encrypted.png", "operations": [ "access", "write", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Pictures\\PwETTxmSaCc5.gif", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\pictures\\pwettxmsacc5.gif", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Pictures\\PwETTxmSaCc5.encrypted.gif", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\pictures\\pwettxmsacc5.encrypted.gif", "operations": [ "access", "write", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Pictures\\Te2roUvKBps_RBXzkVE.jpg", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\pictures\\te2rouvkbps_rbxzkve.jpg", "operations": [ "access", "write", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Pictures\\Te2roUvKBps_RBXzkVE.encrypted.jpg", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\pictures\\te2rouvkbps_rbxzkve.encrypted.jpg", "operations": [ "access", "write", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Saved Games\\desktop.ini", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\saved games\\desktop.ini", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Videos\\aOaM uZXXriFkMMJoHX.mkv", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\videos\\aoam uzxxrifkmmjohx.mkv", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Videos\\bDzhQHicch.swf", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\videos\\bdzhqhicch.swf", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Videos\\bDzhQHicch.encrypted.swf", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\videos\\bdzhqhicch.encrypted.swf", "operations": [ "access", "write", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Videos\\desktop.ini", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\videos\\desktop.ini", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Videos\\mMZl\\agMab4-chBFVJU6A.swf", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\videos\\mmzl\\agmab4-chbfvju6a.swf", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Videos\\mMZl\\agMab4-chBFVJU6A.encrypted.swf", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\videos\\mmzl\\agmab4-chbfvju6a.encrypted.swf", "operations": [ "access", "write", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Videos\\mMZl\\jVh1kA9-oJEcvL8zuFH.mkv", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\videos\\mmzl\\jvh1ka9-ojecvl8zufh.mkv", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Videos\\mMZl\\jVh1kA9-oJEcvL8zuFH.encrypted.mkv", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\videos\\mmzl\\jvh1ka9-ojecvl8zufh.encrypted.mkv", "operations": [ "access", "write", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Videos\\mMZl\\lRhx1S.swf", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\videos\\mmzl\\lrhx1s.swf", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Videos\\mMZl\\lRhx1S.encrypted.swf", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\videos\\mmzl\\lrhx1s.encrypted.swf", "operations": [ "access", "write", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Videos\\mMZl\\m9Y1DiBTGN1A.flv", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\videos\\mmzl\\m9y1dibtgn1a.flv", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Videos\\mMZl\\m9Y1DiBTGN1A.encrypted.flv", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\videos\\mmzl\\m9y1dibtgn1a.encrypted.flv", "operations": [ "access", "write", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Videos\\mMZl\\PeGWEGAzBvwtu3N0gZ1z\\4_FIU1Ihmr5KIfySz.mkv", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\videos\\mmzl\\pegwegazbvwtu3n0gz1z\\4_fiu1ihmr5kifysz.mkv", "operations": [ "access", "write", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Videos\\mMZl\\PeGWEGAzBvwtu3N0gZ1z\\4_FIU1Ihmr5KIfySz.encrypted.mkv", "hashes": [ { "md5_hash": "3b64c710563c0112cea1fc58433aed8c", "sha1_hash": "28d90fbbbf35ba141352091a9eb4e3a1e7931980", "sha256_hash": "f82ab9e17352b9118db0aa37ee63c3e46f8ff28d08bbafa51b96121f882877b2", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5jghkoaofdp\\videos\\mmzl\\pegwegazbvwtu3n0gz1z\\4_fiu1ihmr5kifysz.encrypted.mkv", "operations": [ "access", "write", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Videos\\mMZl\\PeGWEGAzBvwtu3N0gZ1z\\DLzP3CWLeCCW90SX\\e86sW yJgRMAaWNvzF.avi", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\videos\\mmzl\\pegwegazbvwtu3n0gz1z\\dlzp3cwleccw90sx\\e86sw yjgrmaawnvzf.avi", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Videos\\mMZl\\PeGWEGAzBvwtu3N0gZ1z\\DLzP3CWLeCCW90SX\\J7ZCuukKlDqSUjIv8.mkv", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\videos\\mmzl\\pegwegazbvwtu3n0gz1z\\dlzp3cwleccw90sx\\j7zcuukkldqsujiv8.mkv", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Videos\\mMZl\\PeGWEGAzBvwtu3N0gZ1z\\DLzP3CWLeCCW90SX\\J7ZCuukKlDqSUjIv8.encrypted.mkv", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\videos\\mmzl\\pegwegazbvwtu3n0gz1z\\dlzp3cwleccw90sx\\j7zcuukkldqsujiv8.encrypted.mkv", "operations": [ "access", "write", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Videos\\mMZl\\PeGWEGAzBvwtu3N0gZ1z\\DLzP3CWLeCCW90SX\\wujnmkpd-vv.swf", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\videos\\mmzl\\pegwegazbvwtu3n0gz1z\\dlzp3cwleccw90sx\\wujnmkpd-vv.swf", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Videos\\mMZl\\PeGWEGAzBvwtu3N0gZ1z\\DLzP3CWLeCCW90SX\\wujnmkpd-vv.encrypted.swf", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\videos\\mmzl\\pegwegazbvwtu3n0gz1z\\dlzp3cwleccw90sx\\wujnmkpd-vv.encrypted.swf", "operations": [ "access", "write", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Videos\\mMZl\\PeGWEGAzBvwtu3N0gZ1z\\DLzP3CWLeCCW90SX\\Yrtyc.flv", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\videos\\mmzl\\pegwegazbvwtu3n0gz1z\\dlzp3cwleccw90sx\\yrtyc.flv", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Videos\\mMZl\\PeGWEGAzBvwtu3N0gZ1z\\DLzP3CWLeCCW90SX\\Yrtyc.encrypted.flv", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\videos\\mmzl\\pegwegazbvwtu3n0gz1z\\dlzp3cwleccw90sx\\yrtyc.encrypted.flv", "operations": [ "access", "write", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Videos\\mMZl\\PeGWEGAzBvwtu3N0gZ1z\\Y8VnMyJ1SxKqVr5jsJVF\\LeqeD7m6.flv", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\videos\\mmzl\\pegwegazbvwtu3n0gz1z\\y8vnmyj1sxkqvr5jsjvf\\leqed7m6.flv", "operations": [ "access", "write", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Videos\\mMZl\\PeGWEGAzBvwtu3N0gZ1z\\Y8VnMyJ1SxKqVr5jsJVF\\LeqeD7m6.encrypted.flv", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\videos\\mmzl\\pegwegazbvwtu3n0gz1z\\y8vnmyj1sxkqvr5jsjvf\\leqed7m6.encrypted.flv", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Videos\\mMZl\\PeGWEGAzBvwtu3N0gZ1z\\Y8VnMyJ1SxKqVr5jsJVF\\ptB8lEiYBAeDvwD-EiI\\4Hsq9w1vnQo8EX.swf", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\videos\\mmzl\\pegwegazbvwtu3n0gz1z\\y8vnmyj1sxkqvr5jsjvf\\ptb8leiybaedvwd-eii\\4hsq9w1vnqo8ex.swf", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Videos\\mMZl\\PeGWEGAzBvwtu3N0gZ1z\\Y8VnMyJ1SxKqVr5jsJVF\\ptB8lEiYBAeDvwD-EiI\\4Hsq9w1vnQo8EX.encrypted.swf", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\videos\\mmzl\\pegwegazbvwtu3n0gz1z\\y8vnmyj1sxkqvr5jsjvf\\ptb8leiybaedvwd-eii\\4hsq9w1vnqo8ex.encrypted.swf", "operations": [ "access", "write", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Videos\\mMZl\\PeGWEGAzBvwtu3N0gZ1z\\Y8VnMyJ1SxKqVr5jsJVF\\ptB8lEiYBAeDvwD-EiI\\EyITN_I6uxHP.mp4", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\videos\\mmzl\\pegwegazbvwtu3n0gz1z\\y8vnmyj1sxkqvr5jsjvf\\ptb8leiybaedvwd-eii\\eyitn_i6uxhp.mp4", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Videos\\mMZl\\PeGWEGAzBvwtu3N0gZ1z\\Y8VnMyJ1SxKqVr5jsJVF\\ptB8lEiYBAeDvwD-EiI\\EyITN_I6uxHP.encrypted.mp4", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\videos\\mmzl\\pegwegazbvwtu3n0gz1z\\y8vnmyj1sxkqvr5jsjvf\\ptb8leiybaedvwd-eii\\eyitn_i6uxhp.encrypted.mp4", "operations": [ "access", "write", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Videos\\mMZl\\PeGWEGAzBvwtu3N0gZ1z\\Y8VnMyJ1SxKqVr5jsJVF\\ptB8lEiYBAeDvwD-EiI\\hvHTrrP5NjJNr.mkv", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\videos\\mmzl\\pegwegazbvwtu3n0gz1z\\y8vnmyj1sxkqvr5jsjvf\\ptb8leiybaedvwd-eii\\hvhtrrp5njjnr.mkv", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Videos\\mMZl\\PeGWEGAzBvwtu3N0gZ1z\\Y8VnMyJ1SxKqVr5jsJVF\\ptB8lEiYBAeDvwD-EiI\\hvHTrrP5NjJNr.encrypted.mkv", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\videos\\mmzl\\pegwegazbvwtu3n0gz1z\\y8vnmyj1sxkqvr5jsjvf\\ptb8leiybaedvwd-eii\\hvhtrrp5njjnr.encrypted.mkv", "operations": [ "access", "write", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Videos\\mMZl\\PeGWEGAzBvwtu3N0gZ1z\\Y8VnMyJ1SxKqVr5jsJVF\\ptB8lEiYBAeDvwD-EiI\\Q4Ys4dcnc7H4G.mp4", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\videos\\mmzl\\pegwegazbvwtu3n0gz1z\\y8vnmyj1sxkqvr5jsjvf\\ptb8leiybaedvwd-eii\\q4ys4dcnc7h4g.mp4", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Videos\\mMZl\\PeGWEGAzBvwtu3N0gZ1z\\Y8VnMyJ1SxKqVr5jsJVF\\ptB8lEiYBAeDvwD-EiI\\Q4Ys4dcnc7H4G.encrypted.mp4", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\videos\\mmzl\\pegwegazbvwtu3n0gz1z\\y8vnmyj1sxkqvr5jsjvf\\ptb8leiybaedvwd-eii\\q4ys4dcnc7h4g.encrypted.mp4", "operations": [ "access", "write", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Videos\\mMZl\\PeGWEGAzBvwtu3N0gZ1z\\Y8VnMyJ1SxKqVr5jsJVF\\pu_on 1.swf", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\videos\\mmzl\\pegwegazbvwtu3n0gz1z\\y8vnmyj1sxkqvr5jsjvf\\pu_on 1.swf", "operations": [ "access", "write", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\PROGRA~1\\COMMON~1\\1365363213", "hashes": [ { "md5_hash": "ed31cbe057cdf23178c1f2ba56935bb2", "sha1_hash": "d59dafa8efb71f884ba2d45e81b578840146ddca", "sha256_hash": "ca7c6bc32e528080123c9f9b5f789ea602e26191d9665e8c671498cc18e902dd", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\progra~1\\common~1\\1365363213", "operations": [ "access", "write", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\", "hashes": [], "norm_filename": "c:", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Desktop\\-Kar\\", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\desktop\\-kar", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Desktop\\", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\desktop", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Desktop\\fMgVztMzKdkWm\\", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\desktop\\fmgvztmzkdkwm", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Desktop\\n0ie6V_g.avi", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\desktop\\n0ie6v_g.avi", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Documents\\", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\documents", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Documents\\FW U\\", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\fw u", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Documents\\FW U\\dQOHpG0Nf9r1mosxu\\", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\fw u\\dqohpg0nf9r1mosxu", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Documents\\FW U\\gIFhUCqicYTOVJewuyW\\", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\fw u\\gifhucqicytovjewuyw", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Documents\\FW U\\qhHaI\\", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\fw u\\qhhai", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Documents\\My Shapes\\_private\\", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\my shapes\\_private", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Documents\\NeaFrBuex2U7\\", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\neafrbuex2u7", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Documents\\OneNote Notebooks\\My Notebook\\", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\onenote notebooks\\my notebook", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Documents\\Outlook Files\\", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\outlook files", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Downloads\\", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\downloads", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Music\\", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\music", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Music\\YGQpK-yMJwgaKf7q\\", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\music\\ygqpk-ymjwgakf7q", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Pictures\\", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\pictures", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Pictures\\hZ2W\\", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\pictures\\hz2w", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Pictures\\hZ2W\\NQGbwm2X9UGI8JmJW700\\", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\pictures\\hz2w\\nqgbwm2x9ugi8jmjw700", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Pictures\\hZ2W\\RA1RifPB2\\", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\pictures\\hz2w\\ra1rifpb2", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Pictures\\hZ2W\\RA1RifPB2\\VeXyoj31q5uYZq\\", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\pictures\\hz2w\\ra1rifpb2\\vexyoj31q5uyzq", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Pictures\\hZ2W\\RA1RifPB2\\VeXyoj31q5uYZq\\WTPvK7Ks\\", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\pictures\\hz2w\\ra1rifpb2\\vexyoj31q5uyzq\\wtpvk7ks", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Videos\\", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\videos", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Videos\\mMZl\\", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\videos\\mmzl", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Videos\\mMZl\\PeGWEGAzBvwtu3N0gZ1z\\", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\videos\\mmzl\\pegwegazbvwtu3n0gz1z", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Videos\\mMZl\\PeGWEGAzBvwtu3N0gZ1z\\DLzP3CWLeCCW90SX\\", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\videos\\mmzl\\pegwegazbvwtu3n0gz1z\\dlzp3cwleccw90sx", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Videos\\mMZl\\PeGWEGAzBvwtu3N0gZ1z\\Y8VnMyJ1SxKqVr5jsJVF\\", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\videos\\mmzl\\pegwegazbvwtu3n0gz1z\\y8vnmyj1sxkqvr5jsjvf", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Videos\\mMZl\\PeGWEGAzBvwtu3N0gZ1z\\Y8VnMyJ1SxKqVr5jsJVF\\ptB8lEiYBAeDvwD-EiI\\", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\videos\\mmzl\\pegwegazbvwtu3n0gz1z\\y8vnmyj1sxkqvr5jsjvf\\ptb8leiybaedvwd-eii", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Videos\\mMZl\\tvwJu6.mp4", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\videos\\mmzl\\tvwju6.mp4", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Videos\\mMZl\\ZZ1u79Slm S\\57pmn0L60_.mp4", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\videos\\mmzl\\zz1u79slm s\\57pmn0l60_.mp4", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Videos\\mMZl\\ZZ1u79Slm S\\9CI1 NkcJkj.swf", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\videos\\mmzl\\zz1u79slm s\\9ci1 nkcjkj.swf", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Videos\\mMZl\\ZZ1u79Slm S\\kas6yPPAu5q.mp4", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\videos\\mmzl\\zz1u79slm s\\kas6yppau5q.mp4", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Videos\\oY5JzvOHdERZ\\3GkGzbMLh1qrwjzKQdNY.avi", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\videos\\oy5jzvohderz\\3gkgzbmlh1qrwjzkqdny.avi", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Videos\\oY5JzvOHdERZ\\8T9iD8FQoDuMaX.mp4", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\videos\\oy5jzvohderz\\8t9id8fqodumax.mp4", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Videos\\oY5JzvOHdERZ\\kh2aQZThobwhV03zp.flv", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\videos\\oy5jzvohderz\\kh2aqzthobwhv03zp.flv", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Videos\\oY5JzvOHdERZ\\WbfUt1_7AGGQ_cJpAawe\\hMjb.avi", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\videos\\oy5jzvohderz\\wbfut1_7aggq_cjpaawe\\hmjb.avi", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Videos\\oY5JzvOHdERZ\\WbfUt1_7AGGQ_cJpAawe\\LDPLZamP.mp4", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\videos\\oy5jzvohderz\\wbfut1_7aggq_cjpaawe\\ldplzamp.mp4", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Videos\\oY5JzvOHdERZ\\WbfUt1_7AGGQ_cJpAawe\\X9xIG0j.flv", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\videos\\oy5jzvohderz\\wbfut1_7aggq_cjpaawe\\x9xig0j.flv", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Videos\\_7 Dc65ftevOO.mp4", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\videos\\_7 dc65ftevoo.mp4", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\PROGRA~1\\COMMON~1\\3123635631", "hashes": [ { "md5_hash": "a54f0041a9e15b050f25c463f1db7449", "sha1_hash": "d9be6524a5f5047db5866813acf3277892a7a30a", "sha256_hash": "ad95131bc0b799c0b1af477fb14fcf26a6a9f76079e48bf090acb7e8367bfd0e", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\progra~1\\common~1\\3123635631", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\PROGRA~1\\COMMON~1\\wanacry6.malware.exe", "hashes": [ { "md5_hash": "d41d8cd98f00b204e9800998ecf8427e", "sha1_hash": "da39a3ee5e6b4b0d3255bfef95601890afd80709", "sha256_hash": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", "type": "file_hash", "version": 1 }, { "md5_hash": "d78bfdd6242361aa09a0e730ae9dc49a", "sha1_hash": "5e301e5ee7ce8840bf9003df1f3d5cf3679f5753", "sha256_hash": "bc885443e29b027d5f307e2f3d36e70ba650d608604aeeea7e748c6dc948a8a6", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\progra~1\\common~1\\wanacry6.malware.exe", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JGHKO~1\\Desktop\\wanacry6.malware.exe", "hashes": [], "norm_filename": "c:\\users\\5jghko~1\\desktop\\wanacry6.malware.exe", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "vssadmin.exe", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\desktop\\vssadmin.exe", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JGHKO~1\\Desktop\\WANACR~1.EXE", "hashes": [], "norm_filename": "c:\\users\\5jghko~1\\desktop\\wanacr~1.exe", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\PROGRA~1\\COMMON~1\\", "hashes": [], "norm_filename": "c:\\progra~1\\common~1", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Windows\\System32\\spp\\store\\2.0\\data.dat", "hashes": [ { "md5_hash": "ec1abca3d8d1cf4cb5fe6cff5b19930c", "sha1_hash": "88ae788f97ffe0a67b4665d931a459491a875297", "sha256_hash": "047b76c8fc87787b5328077ccf0c68c3682be1d481376b46af55d7790c61c8cf", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\windows\\system32\\spp\\store\\2.0\\data.dat", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Windows\\System32\\spp\\store\\2.0\\data.dat.bak", "hashes": [ { "md5_hash": "ec1abca3d8d1cf4cb5fe6cff5b19930c", "sha1_hash": "88ae788f97ffe0a67b4665d931a459491a875297", "sha256_hash": "047b76c8fc87787b5328077ccf0c68c3682be1d481376b46af55d7790c61c8cf", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\windows\\system32\\spp\\store\\2.0\\data.dat.bak", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Windows\\System32\\spp\\store\\2.0\\data.dat.tmp", "hashes": [ { "md5_hash": "ec1abca3d8d1cf4cb5fe6cff5b19930c", "sha1_hash": "88ae788f97ffe0a67b4665d931a459491a875297", "sha256_hash": "047b76c8fc87787b5328077ccf0c68c3682be1d481376b46af55d7790c61c8cf", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\windows\\system32\\spp\\store\\2.0\\data.dat.tmp", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [ { "operations": [ "access", "read" ], "reg_key_name": "HKEY_CURRENT_USER\\Control Panel\\Mouse", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\AutoIt v3\\AutoIt", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\PublishingWizard\\AddNetworkPlace\\AddNetPlace\\LocationMRU", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_USERS", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\System", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Command Processor", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Command Processor", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "8DEC0AF1-0341-4b93-85CD-72606C2DF94C-7P-1", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "8DEC0AF1-0341-4b93-85CD-72606C2DF94C-7P-10", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "8DEC0AF1-0341-4b93-85CD-72606C2DF94C-7P-11", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "8DEC0AF1-0341-4b93-85CD-72606C2DF94C-7P-12", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "8DEC0AF1-0341-4b93-85CD-72606C2DF94C-7P-13", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "8DEC0AF1-0341-4b93-85CD-72606C2DF94C-7P-14", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "8DEC0AF1-0341-4b93-85CD-72606C2DF94C-7P-15", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "8DEC0AF1-0341-4b93-85CD-72606C2DF94C-7P-16", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "8DEC0AF1-0341-4b93-85CD-72606C2DF94C-7P-17", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "8DEC0AF1-0341-4b93-85CD-72606C2DF94C-7P-18", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "8DEC0AF1-0341-4b93-85CD-72606C2DF94C-7P-19", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "8DEC0AF1-0341-4b93-85CD-72606C2DF94C-7P-2", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "8DEC0AF1-0341-4b93-85CD-72606C2DF94C-7P-20", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "8DEC0AF1-0341-4b93-85CD-72606C2DF94C-7P-21", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "8DEC0AF1-0341-4b93-85CD-72606C2DF94C-7P-22", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "8DEC0AF1-0341-4b93-85CD-72606C2DF94C-7P-23", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "8DEC0AF1-0341-4b93-85CD-72606C2DF94C-7P-24", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "8DEC0AF1-0341-4b93-85CD-72606C2DF94C-7P-25", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "8DEC0AF1-0341-4b93-85CD-72606C2DF94C-7P-26", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "8DEC0AF1-0341-4b93-85CD-72606C2DF94C-7P-27", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "8DEC0AF1-0341-4b93-85CD-72606C2DF94C-7P-28", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "8DEC0AF1-0341-4b93-85CD-72606C2DF94C-7P-29", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "8DEC0AF1-0341-4b93-85CD-72606C2DF94C-7P-3", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "8DEC0AF1-0341-4b93-85CD-72606C2DF94C-7P-30", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "8DEC0AF1-0341-4b93-85CD-72606C2DF94C-7P-31", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "8DEC0AF1-0341-4b93-85CD-72606C2DF94C-7P-32", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "8DEC0AF1-0341-4b93-85CD-72606C2DF94C-7P-33", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "8DEC0AF1-0341-4b93-85CD-72606C2DF94C-7P-34", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "8DEC0AF1-0341-4b93-85CD-72606C2DF94C-7P-35", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "8DEC0AF1-0341-4b93-85CD-72606C2DF94C-7P-36", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "8DEC0AF1-0341-4b93-85CD-72606C2DF94C-7P-37", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "8DEC0AF1-0341-4b93-85CD-72606C2DF94C-7P-38", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "8DEC0AF1-0341-4b93-85CD-72606C2DF94C-7P-39", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "8DEC0AF1-0341-4b93-85CD-72606C2DF94C-7P-4", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "8DEC0AF1-0341-4b93-85CD-72606C2DF94C-7P-40", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "8DEC0AF1-0341-4b93-85CD-72606C2DF94C-7P-41", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "8DEC0AF1-0341-4b93-85CD-72606C2DF94C-7P-42", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "8DEC0AF1-0341-4b93-85CD-72606C2DF94C-7P-43", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "8DEC0AF1-0341-4b93-85CD-72606C2DF94C-7P-44", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "8DEC0AF1-0341-4b93-85CD-72606C2DF94C-7P-45", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "8DEC0AF1-0341-4b93-85CD-72606C2DF94C-7P-46", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "8DEC0AF1-0341-4b93-85CD-72606C2DF94C-7P-47", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "8DEC0AF1-0341-4b93-85CD-72606C2DF94C-7P-48", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "8DEC0AF1-0341-4b93-85CD-72606C2DF94C-7P-49", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "8DEC0AF1-0341-4b93-85CD-72606C2DF94C-7P-5", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "8DEC0AF1-0341-4b93-85CD-72606C2DF94C-7P-50", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "8DEC0AF1-0341-4b93-85CD-72606C2DF94C-7P-51", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "8DEC0AF1-0341-4b93-85CD-72606C2DF94C-7P-6", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "8DEC0AF1-0341-4b93-85CD-72606C2DF94C-7P-7", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "8DEC0AF1-0341-4b93-85CD-72606C2DF94C-7P-8", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "8DEC0AF1-0341-4b93-85CD-72606C2DF94C-7P-9", "type": "registry_artifact", "version": 1 } ], "type": "artifacts", "urls": [ { "operations": [], "type": "url_artifact", "url": "blockchain.info/tobtc?currency=USD&value=1500", "version": 1 } ], "version": 1 }, "extracted_files": [ { "archive_path": "extracted_files/da39a3ee5e6b4b0d3255bfef95601890afd80709", "file_type": "created_file", "id": "file_2", "md5_hash": "d41d8cd98f00b204e9800998ecf8427e", "norm_filename": "c:\\progra~1\\common~1\\wanacry6.malware.exe", "sha1_hash": "da39a3ee5e6b4b0d3255bfef95601890afd80709", "sha256_hash": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", "size": 0, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/da39a3ee5e6b4b0d3255bfef95601890afd80709", "file_type": "created_file", "id": "file_169", "md5_hash": "d41d8cd98f00b204e9800998ecf8427e", "norm_filename": "c:\\users\\5jghkoaofdp\\appdata\\local\\microsoft\\windows\\inetcookies\\mq6x6yzs.txt", "sha1_hash": "da39a3ee5e6b4b0d3255bfef95601890afd80709", "sha256_hash": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", "size": 0, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/da39a3ee5e6b4b0d3255bfef95601890afd80709", "file_type": "created_file", "id": "file_238", "md5_hash": "d41d8cd98f00b204e9800998ecf8427e", "norm_filename": "c:\\windows\\system32\\wbem\\repository\\writable.tst", "sha1_hash": "da39a3ee5e6b4b0d3255bfef95601890afd80709", "sha256_hash": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", "size": 0, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/da39a3ee5e6b4b0d3255bfef95601890afd80709", "file_type": "created_file", "id": "file_239", "md5_hash": "d41d8cd98f00b204e9800998ecf8427e", "norm_filename": "c:\\users\\5jghkoaofdp\\appdata\\local\\microsoft\\windows\\notifications\\3ef54ae93acb11e78251b4475e61765c\\aaph4da[2].jpg", "sha1_hash": "da39a3ee5e6b4b0d3255bfef95601890afd80709", "sha256_hash": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", "size": 0, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/da39a3ee5e6b4b0d3255bfef95601890afd80709", "file_type": "created_file", "id": "file_240", "md5_hash": "d41d8cd98f00b204e9800998ecf8427e", "norm_filename": "c:\\users\\5jghkoaofdp\\appdata\\local\\microsoft\\windows\\notifications\\3ef54ae93acb11e78251b4475e61765c\\aaph4da[3].jpg", "sha1_hash": "da39a3ee5e6b4b0d3255bfef95601890afd80709", "sha256_hash": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", "size": 0, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/da39a3ee5e6b4b0d3255bfef95601890afd80709", "file_type": "created_file", "id": "file_241", "md5_hash": "d41d8cd98f00b204e9800998ecf8427e", "norm_filename": "c:\\users\\5jghkoaofdp\\appdata\\local\\microsoft\\windows\\notifications\\3ef54ae93acb11e78251b4475e61765c\\aaphss5[1].jpg", "sha1_hash": "da39a3ee5e6b4b0d3255bfef95601890afd80709", "sha256_hash": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", "size": 0, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/da39a3ee5e6b4b0d3255bfef95601890afd80709", "file_type": "created_file", "id": "file_283", "md5_hash": "d41d8cd98f00b204e9800998ecf8427e", "norm_filename": "c:\\windows\\system32\\wdi\\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\\{cb4dd493-4d29-43d0-9097-3e1fdad4e75f}\\snapshot.etl", "sha1_hash": "da39a3ee5e6b4b0d3255bfef95601890afd80709", "sha256_hash": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", "size": 0, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/da39a3ee5e6b4b0d3255bfef95601890afd80709", "file_type": "created_file", "id": "file_287", "md5_hash": "d41d8cd98f00b204e9800998ecf8427e", "norm_filename": "c:\\windows\\system32\\wdi\\logfiles\\startupinfo\\s-1-5-21-3643094112-4209292109-138530109-1001_startupinfo1.xml", "sha1_hash": "da39a3ee5e6b4b0d3255bfef95601890afd80709", "sha256_hash": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", "size": 0, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/5e301e5ee7ce8840bf9003df1f3d5cf3679f5753", "file_type": "created_file", "id": "file_3", "md5_hash": "d78bfdd6242361aa09a0e730ae9dc49a", "norm_filename": "c:\\progra~1\\common~1\\wanacry6.malware.exe", "sha1_hash": "5e301e5ee7ce8840bf9003df1f3d5cf3679f5753", "sha256_hash": "bc885443e29b027d5f307e2f3d36e70ba650d608604aeeea7e748c6dc948a8a6", "size": 1050112, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/f95d612fba79eae8bfc1d1fdee957cd12534acee", "file_type": "created_file", "id": "file_4", "md5_hash": "b79e63555e23b2edc0e00c32a4fa0884", "norm_filename": "c:\\users\\5jghkoaofdp\\desktop\\-kar\\g_kf.encrypted.mp3", "sha1_hash": "f95d612fba79eae8bfc1d1fdee957cd12534acee", "sha256_hash": "57d1b0bdf7f65da952686fdfa495272005fc07c3c1580ee2e6d2b90b640c0639", "size": 66576, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/2125d239b98eb975eb7d8f7fe6684d7051b9d704", "file_type": "created_file", "id": "file_5", "md5_hash": "2605c07ccc62b24d2b318ca3a5718e24", "norm_filename": "c:\\progra~1\\common~1\\log.txt", "sha1_hash": "2125d239b98eb975eb7d8f7fe6684d7051b9d704", "sha256_hash": "23c0459b4ce51d5a150c875212bdbfbfcf7f77fb7aa8946272751b5450c1dbce", "size": 54, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/050df9bde375c6bed2e22de6dd304d5734296028", "file_type": "created_file", "id": "file_6", "md5_hash": "dcd8231c5708b77a71552516c086bacd", "norm_filename": "c:\\progra~1\\common~1\\log.txt", "sha1_hash": "050df9bde375c6bed2e22de6dd304d5734296028", "sha256_hash": "7d4fae95023e8ad8e5f6b1690d25e4505abda815c798f34bc0aae13f1b5b270b", "size": 118, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/0c0cd7f94849a45609df2950f31065fbf73645fa", "file_type": "created_file", "id": "file_7", "md5_hash": "2e958962673a31fd916c7cca5ba74d68", "norm_filename": "c:\\users\\5jghkoaofdp\\desktop\\-kar\\mbc0rw8uo_of3f5.encrypted.wav", "sha1_hash": "0c0cd7f94849a45609df2950f31065fbf73645fa", "sha256_hash": "709c7d125d92a8dcfcffb0def0aa88ba170418d6c00cce93575c7d388bbb4a46", "size": 80208, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/17224d3bd08f7c6162cab8b907c9cb090d164b23", "file_type": "created_file", "id": "file_8", "md5_hash": "3c69abc1c1d32b44f0a05e221065de32", "norm_filename": "c:\\progra~1\\common~1\\log.txt", "sha1_hash": "17224d3bd08f7c6162cab8b907c9cb090d164b23", "sha256_hash": "aa725385f407bf66734067e03fb3c4b62b6a6b9965db743ff3439627a4cb8596", "size": 238, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/60c88ed3cb18c4030987f3da11a65cf5c719b6b9", "file_type": "created_file", "id": "file_9", "md5_hash": "ec9cdc85265a813d40091057a9e151ac", "norm_filename": "c:\\progra~1\\common~1\\log.txt", "sha1_hash": "60c88ed3cb18c4030987f3da11a65cf5c719b6b9", "sha256_hash": "0e5826ed57a3212d0532558facebf9274cc60ce3e775eda765cb3f3915454d09", "size": 304, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/11433d1d80cd3e4ac30338327b2468ce439905cb", "file_type": "created_file", "id": "file_10", "md5_hash": "9e88600f4909ba28158a9657d7c50fb3", "norm_filename": "c:\\progra~1\\common~1\\log.txt", "sha1_hash": "11433d1d80cd3e4ac30338327b2468ce439905cb", "sha256_hash": "25848ce0fab2d16de19d92908e826840abc100ae530261d6dec65f577aadc8ee", "size": 366, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/b7467bd7ae3c4e32afc1a2e6323bddc3b12b5597", "file_type": "created_file", "id": "file_11", "md5_hash": "4e936c112af90042cc1ac64c462279f2", "norm_filename": "c:\\progra~1\\common~1\\log.txt", "sha1_hash": "b7467bd7ae3c4e32afc1a2e6323bddc3b12b5597", "sha256_hash": "b40887b6c1d0df7ed24f0a43f3cd6da49427e4ce22ba313c127015ccf661cc61", "size": 426, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/29ebdd8403694f539a5d7f40994835bb8fa07ad0", "file_type": "created_file", "id": "file_12", "md5_hash": "1dc9409637f3ad57590d6c2ee4b1e322", "norm_filename": "c:\\progra~1\\common~1\\log.txt", "sha1_hash": "29ebdd8403694f539a5d7f40994835bb8fa07ad0", "sha256_hash": "a28a4260cee9dd75c9402c4942ffe27f904464f7841520b2691ce638e612f7f6", "size": 476, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/cf6d6b32a78e0df14154cd7e0d1d8d30794f6701", "file_type": "created_file", "id": "file_13", "md5_hash": "31e807e0cfdd0c81addb0f7f604b828b", "norm_filename": "c:\\progra~1\\common~1\\log.txt", "sha1_hash": "cf6d6b32a78e0df14154cd7e0d1d8d30794f6701", "sha256_hash": "97a4ce59ad4b4f9d115c428cb723e897275a6b75a09b03e99c9c5a47ad47caa3", "size": 584, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/d70029ff311627ac4f36e7685529cdc921cdde85", "file_type": "created_file", "id": "file_14", "md5_hash": "024c0ea4b1cbe06a4b652510ca8f4b7b", "norm_filename": "c:\\progra~1\\common~1\\log.txt", "sha1_hash": "d70029ff311627ac4f36e7685529cdc921cdde85", "sha256_hash": "d918748e6ad804260d549073b473e028d2a5a7dfe089ca305b5fb36f076bdf13", "size": 644, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/6c99c2609bffafafc3d33b800d2fd834eab06f00", "file_type": "created_file", "id": "file_15", "md5_hash": "de4394c49070917a7e3cc501e6c79447", "norm_filename": "c:\\progra~1\\common~1\\log.txt", "sha1_hash": "6c99c2609bffafafc3d33b800d2fd834eab06f00", "sha256_hash": "5f13a0cf63e3c6a183748c4a23edaf50401680fa05c6ae36c2548df5c8f7de0f", "size": 701, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/b76bcf7d18d7531188b219eb53a81b856c8db18b", "file_type": "created_file", "id": "file_16", "md5_hash": "5daefda60930406262eb476c99982732", "norm_filename": "c:\\progra~1\\common~1\\log.txt", "sha1_hash": "b76bcf7d18d7531188b219eb53a81b856c8db18b", "sha256_hash": "6be8fff890b4eabf022b54a3fe03879a77ad8476dd25e053edaf8d10b658f0be", "size": 755, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/12b6a521e19da9f76ae4c4788484b53072774dea", "file_type": "created_file", "id": "file_17", "md5_hash": "f8b39ab63e6bfe8065811387fff8a7f7", "norm_filename": "c:\\progra~1\\common~1\\log.txt", "sha1_hash": "12b6a521e19da9f76ae4c4788484b53072774dea", "sha256_hash": "f4528a6f53ee4f7c58c7e5c19f307bcadc9b42f63eb5691196185bd8cdfd6cfb", "size": 828, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/7cd777faf79bcb117df6f22d7222f5d3e9865d65", "file_type": "created_file", "id": "file_18", "md5_hash": "2101bf89a5552dcb03eb124768d0e442", "norm_filename": "c:\\users\\5jghkoaofdp\\desktop\\fmgvztmzkdkwm\\a7bot.encrypted.m4a", "sha1_hash": "7cd777faf79bcb117df6f22d7222f5d3e9865d65", "sha256_hash": "4c42cfd7677e7031389302fc0ea5de3eb28c35ec6fb056ede2a516200113f851", "size": 24496, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/a86be68244b2c83a4b196ec64456845a2c725779", "file_type": "created_file", "id": "file_19", "md5_hash": "2ae680597d6f96bf157ed16d90b65ceb", "norm_filename": "c:\\progra~1\\common~1\\log.txt", "sha1_hash": "a86be68244b2c83a4b196ec64456845a2c725779", "sha256_hash": "323dbcdb1c3ed2c1ed5a6a96117d76952168797f2559be85b0e54c6f4ea73e82", "size": 965, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/96843f05c89fb7d219d4fa872972586ff45e84db", "file_type": "created_file", "id": "file_20", "md5_hash": "49cdcdfb60f2fb1320196a8427fd7e4d", "norm_filename": "c:\\progra~1\\common~1\\log.txt", "sha1_hash": "96843f05c89fb7d219d4fa872972586ff45e84db", "sha256_hash": "3d2326f54ee7f713944aeddeab6b2788c26d4123ba199ff158ead824d648a511", "size": 1028, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/97da0099f25b9e44ad99f79305cc82c14f59b3e1", "file_type": "created_file", "id": "file_21", "md5_hash": "95f23e73ea3985bea024f3869ca28c1c", "norm_filename": "c:\\progra~1\\common~1\\log.txt", "sha1_hash": "97da0099f25b9e44ad99f79305cc82c14f59b3e1", "sha256_hash": "62e71b0a44ff501aa76d85fd748a037d4d34de7bfa4beff2371b85049d81d39f", "size": 1102, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/022ba1ce640b49d658093ca25fd78ddf16a030f2", "file_type": "created_file", "id": "file_22", "md5_hash": "bbc8f183ae7fa98185ad381b19133e5d", "norm_filename": "c:\\progra~1\\common~1\\log.txt", "sha1_hash": "022ba1ce640b49d658093ca25fd78ddf16a030f2", "sha256_hash": "cce9b9846a8709ac71cb2e9114a0b7c0b20e6c753b1c17b20b7bcc467cac2171", "size": 1169, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/4860cc10c69ba8e7c4e6414d12a019ca3e0bfa20", "file_type": "created_file", "id": "file_23", "md5_hash": "124953d40d7d62f76364083eb022f5b9", "norm_filename": "c:\\progra~1\\common~1\\log.txt", "sha1_hash": "4860cc10c69ba8e7c4e6414d12a019ca3e0bfa20", "sha256_hash": "fcce2b2208e0090fb7e511d8f9e83fbcc04eaa2c060c28b73939afd39ca8c986", "size": 1243, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fa5be909291b3eda76790991b1deaf082e898e25", "file_type": "created_file", "id": "file_24", "md5_hash": "17e0f915c2b53cac18d2271dd343f3fe", "norm_filename": "c:\\progra~1\\common~1\\log.txt", "sha1_hash": "fa5be909291b3eda76790991b1deaf082e898e25", "sha256_hash": "898fce9f2ff65e9fe488318655a8465cfb9937251d6ba56a6198a1a44ffe4d0b", "size": 1307, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/4a9a7d8dafdd993924ecaf94e738efda75ddba68", "file_type": "created_file", "id": "file_25", "md5_hash": "e95aecd8700cf5c7685f7aa3ccdbc5c8", "norm_filename": "c:\\progra~1\\common~1\\log.txt", "sha1_hash": "4a9a7d8dafdd993924ecaf94e738efda75ddba68", "sha256_hash": "30d6623b6d05b8f30be75714d2ed3da0712eda178ed1f08e293046734c9a90f9", "size": 1368, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/544d5b76afb6df0c5c0d49e4ba0e03446abca91a", "file_type": "created_file", "id": "file_26", "md5_hash": "c5ee8a849041227305b2a531102e841d", "norm_filename": "c:\\progra~1\\common~1\\log.txt", "sha1_hash": "544d5b76afb6df0c5c0d49e4ba0e03446abca91a", "sha256_hash": "e77cf3f5658958bbcd6e6384888e9c26b2b1b2189bd9c8c12adc7792abe141e7", "size": 1425, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/e13e688cd06c50c33f9f127789f0f441a6749b85", "file_type": "created_file", "id": "file_27", "md5_hash": "8d233bd45f5a2c67dc9e17ab1512ab43", "norm_filename": "c:\\progra~1\\common~1\\log.txt", "sha1_hash": "e13e688cd06c50c33f9f127789f0f441a6749b85", "sha256_hash": "47f82639110ff5c772ba4cf0ca0c9efcc0d442c6483fd83e985f7190bc271b04", "size": 1487, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/3ca3b63282cbaceb0177887856b64c3af5e7b28a", "file_type": "created_file", "id": "file_28", "md5_hash": "23fc87dc2318158ec4f6252134214af1", "norm_filename": "c:\\progra~1\\common~1\\log.txt", "sha1_hash": "3ca3b63282cbaceb0177887856b64c3af5e7b28a", "sha256_hash": "341d76246e87b0a1a42090b195c331825a2c260827a15a8dc9434e4308152f0b", "size": 1539, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/6b6a225585fe305641723e210e382e3cad772c70", "file_type": "created_file", "id": "file_29", "md5_hash": "2c0954a9b82019640f94f0ccff4d8074", "norm_filename": "c:\\progra~1\\common~1\\log.txt", "sha1_hash": "6b6a225585fe305641723e210e382e3cad772c70", "sha256_hash": "0efa3e2b045d2028b0540203d9390a812d3566f3cb12589b7f15ced2ac2fdf61", "size": 1594, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/a4f5581cf4777a804d069bd2ef3de36313ee4393", "file_type": "created_file", "id": "file_30", "md5_hash": "ef6bf9d25aa4b9adbd5a8d5add95ba9e", "norm_filename": "c:\\progra~1\\common~1\\log.txt", "sha1_hash": "a4f5581cf4777a804d069bd2ef3de36313ee4393", "sha256_hash": "cab588d39661f49485401b77e9ab34331c792ff5c26ebda0d5a60dd859f6c9bc", "size": 1658, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/bb79b241fb4c922efdacea9bbdc1c4ffcd9ccbd9", "file_type": "created_file", "id": "file_31", "md5_hash": "77b73620de44959ffc6d55423e6250c8", "norm_filename": "c:\\progra~1\\common~1\\log.txt", "sha1_hash": "bb79b241fb4c922efdacea9bbdc1c4ffcd9ccbd9", "sha256_hash": "b3e957ef418b439a5a117a5c06901dee468a8d524ac9245e9804f240ceff032d", "size": 1720, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/c126369f546d50277d7435ffe7ac41597a62bcd7", "file_type": "created_file", "id": "file_32", "md5_hash": "ef0c63672acbc5cae3ffc517fef1c569", "norm_filename": "c:\\users\\5jghkoaofdp\\desktop\\m2gzlacpzqejs2kmo8d.encrypted.pps", "sha1_hash": "c126369f546d50277d7435ffe7ac41597a62bcd7", "sha256_hash": "0928a4f497025c3cea9b653ef30b21c661e533b913a9d7601be8802733a632fb", "size": 73712, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/5fa715bc50a9c3b3ae121b47b007860592fe3ed9", "file_type": "created_file", "id": "file_33", "md5_hash": "d54ab970520126076248ec39cae01a6c", "norm_filename": "c:\\users\\5jghkoaofdp\\desktop\\n0ie6v_g.encrypted.avi", "sha1_hash": "5fa715bc50a9c3b3ae121b47b007860592fe3ed9", "sha256_hash": "39c67a2966d099967c245ca997ba0ddd70ef68c0a7b397754822d61ca30e5859", "size": 12672, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/6f633b23f5a7ee99c27e77282b442b917c75bffd", "file_type": "created_file", "id": "file_34", "md5_hash": "39689aefd0dfe98110c96897f96a392f", "norm_filename": "c:\\progra~1\\common~1\\log.txt", "sha1_hash": "6f633b23f5a7ee99c27e77282b442b917c75bffd", "sha256_hash": "07795dd2af69189b6b676f53ff851736888593c69d3259777c8000e777495c19", "size": 1897, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/f4174b597f5465c38f1c6028eeb3512fb963badc", "file_type": "created_file", "id": "file_35", "md5_hash": "dc49d728db8314f85416e38ab819f6fc", "norm_filename": "c:\\progra~1\\common~1\\log.txt", "sha1_hash": "f4174b597f5465c38f1c6028eeb3512fb963badc", "sha256_hash": "aee03b48a4d0635374626a05ae2726624c391c2e7cd70c001d640b27d52d5f96", "size": 1949, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/8854c4f20b0309f81f6350d9ff2ebfda24fb0f50", "file_type": "created_file", "id": "file_36", "md5_hash": "8c8060f05618889dd3e44c212bfe8dfc", "norm_filename": "c:\\progra~1\\common~1\\log.txt", "sha1_hash": "8854c4f20b0309f81f6350d9ff2ebfda24fb0f50", "sha256_hash": "29a669f9bd80531ec99005a65f48cd5bfd6157a7173156a217bd419564519e47", "size": 1999, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/2a6bae0cee5982a9561513a19efb55a30b478631", "file_type": "created_file", "id": "file_37", "md5_hash": "81018519266ab48dab0fb03762365e58", "norm_filename": "c:\\progra~1\\common~1\\log.txt", "sha1_hash": "2a6bae0cee5982a9561513a19efb55a30b478631", "sha256_hash": "739be898a888a3d1966cb6b55c45494da1c4d90445db375d752a3c69819aab5c", "size": 2114, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/7bed096bb9ecaab40dd060a52542b7a85e891207", "file_type": "created_file", "id": "file_38", "md5_hash": "ede7e02b395d3962e1fd1f158ec9dee9", "norm_filename": "c:\\progra~1\\common~1\\log.txt", "sha1_hash": "7bed096bb9ecaab40dd060a52542b7a85e891207", "sha256_hash": "775627e4ad422cd447068b1d85bdacb2f12529649fd6300639fc8add726d503c", "size": 2163, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/ffbe790b5e8aebc3e477ab85ebc37f66687bae75", "file_type": "created_file", "id": "file_39", "md5_hash": "06ffea0cab3bdb2ce80e6bea74f3436f", "norm_filename": "c:\\progra~1\\common~1\\log.txt", "sha1_hash": "ffbe790b5e8aebc3e477ab85ebc37f66687bae75", "sha256_hash": "b57064c4c9835b199466e83d8123908a1df31302585b014ec07cf89354968633", "size": 2213, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/6655e9b49051d8fa3121300597e4ede3a738f1be", "file_type": "created_file", "id": "file_40", "md5_hash": "ba392b3bb85e6b43c75dcdcb7b2457e2", "norm_filename": "c:\\progra~1\\common~1\\log.txt", "sha1_hash": "6655e9b49051d8fa3121300597e4ede3a738f1be", "sha256_hash": "223ab7ea0774185f0ee9028365bc2207677e63e216d27dfe328424b863ae5322", "size": 2267, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/b494d6c28109b3fd08ef5a46f5bff36976833f52", "file_type": "created_file", "id": "file_41", "md5_hash": "6990e676ae0eeb2a80061300a2f39dd4", "norm_filename": "c:\\progra~1\\common~1\\log.txt", "sha1_hash": "b494d6c28109b3fd08ef5a46f5bff36976833f52", "sha256_hash": "6f534913826f3d237a6c1620ff3cfa31a4c157cbd1ddfab5b7cb8852246f61a2", "size": 2317, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/2b872906b91a204e858ac63bd760437050dd6dda", "file_type": "created_file", "id": "file_42", "md5_hash": "64cf708e30cea784a1c8999d45a9a2c0", "norm_filename": "c:\\progra~1\\common~1\\log.txt", "sha1_hash": "2b872906b91a204e858ac63bd760437050dd6dda", "sha256_hash": "588da65eece7c2795fa3c0aff62e9e5cf2f23c405d8bc13c4453d8732f4b1f94", "size": 2377, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbcb2c607cac6bd9e2b2883413e98883bb5c6998", "file_type": "created_file", "id": "file_43", "md5_hash": "052df55ccdeeb3e6232055d18085816d", "norm_filename": "c:\\progra~1\\common~1\\log.txt", "sha1_hash": "fbcb2c607cac6bd9e2b2883413e98883bb5c6998", "sha256_hash": "93121b9914f4d1cf78b2483dae3f5effabac78d8de18770a2d285f98128473b6", "size": 2441, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/55aacf108f992aa9b6d41f789111e523e63ccf9e", "file_type": "created_file", "id": "file_44", "md5_hash": "ac5778ab1c530df7a656a1fa1e1f43fb", "norm_filename": "c:\\progra~1\\common~1\\log.txt", "sha1_hash": "55aacf108f992aa9b6d41f789111e523e63ccf9e", "sha256_hash": "831b9cc04aa94eab46723a8508ddfd389d1cd7c01ddc06b55450021e8c09ff33", "size": 2494, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/0cb4edda0487a85fa9325736bcd81d804cf12c39", "file_type": "created_file", "id": "file_45", "md5_hash": "e7562dbe3a0a7164a94dadd090d5d7f0", "norm_filename": "c:\\progra~1\\common~1\\log.txt", "sha1_hash": "0cb4edda0487a85fa9325736bcd81d804cf12c39", "sha256_hash": "264fd78c07cef6a2840363c825e56ddf6ebc4a0801334076686dd6e09b1478c7", "size": 2558, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/d667f3d11e17dbf752e48d46def0b153c99b4745", "file_type": "created_file", "id": "file_46", "md5_hash": "dda813ce3faa872347b1c3bda54c9e4b", "norm_filename": "c:\\progra~1\\common~1\\log.txt", "sha1_hash": "d667f3d11e17dbf752e48d46def0b153c99b4745", "sha256_hash": "ec8548ca43c34d48be3ab8b2e18efcc37d01411cda6fda678f33f26dbe38463a", "size": 2612, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/69154581c36bffeb31320e1f748ea0571aa882c5", "file_type": "created_file", "id": "file_47", "md5_hash": "d2d8da7608a20fe5b799e02967dfda38", "norm_filename": "c:\\progra~1\\common~1\\log.txt", "sha1_hash": "69154581c36bffeb31320e1f748ea0571aa882c5", "sha256_hash": "3438d0124d4b02671f591962b33f496004d708cd9071ad6a52c5ee4501e6587a", "size": 2674, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/8d083844d2a7ea5c3a6ea7edb48d6f242ce1695e", "file_type": "created_file", "id": "file_48", "md5_hash": "15e42808039cc39fe3f9516a66031f5b", "norm_filename": "c:\\progra~1\\common~1\\log.txt", "sha1_hash": "8d083844d2a7ea5c3a6ea7edb48d6f242ce1695e", "sha256_hash": "1de3256477e0950daeacd14bec8800dbbb65cb580b81de3887104d5ca6f0bcf2", "size": 2784, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/8dcc4b991101ef4a83285af9077b8af04d4eca97", "file_type": "created_file", "id": "file_49", "md5_hash": "95d4c0440af2c5ba6c69e5073bd1c06c", "norm_filename": "c:\\progra~1\\common~1\\log.txt", "sha1_hash": "8dcc4b991101ef4a83285af9077b8af04d4eca97", "sha256_hash": "37ce028ddb5b7e0f1af1126abb1917fe4b4099793ac79698f33b4c7e1453f23e", "size": 2852, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/ee645d66a78ad34f30b9d90af86f50f213bcfa27", "file_type": "created_file", "id": "file_50", "md5_hash": "d69ed40b6ef264201dd313d96d6951c1", "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\fw u\\6esq8lzbvb5xjb1xlyrd.encrypted.odt", "sha1_hash": "ee645d66a78ad34f30b9d90af86f50f213bcfa27", "sha256_hash": "446c89e1a7c24649e12ec32e2c3da633bb94342f2d1e751be378bc9435ea87b6", "size": 102224, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/3a11db4873afdab5c1bf9c1d86260787012b4a15", "file_type": "created_file", "id": "file_51", "md5_hash": "a14867b6386d4c5ace4d1d3612758aa2", "norm_filename": "c:\\progra~1\\common~1\\log.txt", "sha1_hash": "3a11db4873afdab5c1bf9c1d86260787012b4a15", "sha256_hash": "4c799c12466454a1e84eabb182146ad7348c7592bffe35b5144f921c5a2a9faa", "size": 2984, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/8127a068ce78519d95eb20a790a849d2f7b457ea", "file_type": "created_file", "id": "file_52", "md5_hash": "0262f91220efdb1b4e5f42e8afc0b3fa", "norm_filename": "c:\\progra~1\\common~1\\log.txt", "sha1_hash": "8127a068ce78519d95eb20a790a849d2f7b457ea", "sha256_hash": "fa5f45e7a149d4b247950addb7213e343216ea880aa04e5c3a99e38607da542b", "size": 3065, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/e060689e413c1db289f3794aaec9ea8cc8de3338", "file_type": "created_file", "id": "file_53", "md5_hash": "a61445a348b21ddc7929f9feb00f6ca4", "norm_filename": "c:\\progra~1\\common~1\\log.txt", "sha1_hash": "e060689e413c1db289f3794aaec9ea8cc8de3338", "sha256_hash": "a23d946bdbc25640129d0454391c54f268476b272e152480493d1decadfe330c", "size": 3156, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/7ec439b4bfb42107ecc282ad08c7a47f0f4c28a0", "file_type": "created_file", "id": "file_54", "md5_hash": "3483f91ec6733873056dc2bbaae2bdba", "norm_filename": "c:\\progra~1\\common~1\\log.txt", "sha1_hash": "7ec439b4bfb42107ecc282ad08c7a47f0f4c28a0", "sha256_hash": "702901313bc29d82fd1b03e6cfeb4efb58d41261633290bbbb4bd05a49c4b9d4", "size": 3241, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/3c89849ac87f40f76cac4658dadba6f778632906", "file_type": "created_file", "id": "file_55", "md5_hash": "016becc51450c820dde6162f0ac08715", "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\fw u\\dqohpg0nf9r1mosxu\\wkbfm0bgic5.encrypted.pps", "sha1_hash": "3c89849ac87f40f76cac4658dadba6f778632906", "sha256_hash": "c9351874bc42f12d279b4559b9a3ae1c996c20baa21473a8714151a4c9ac6b89", "size": 46896, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/79e9c34300da936202274f039e8a89551bd439db", "file_type": "created_file", "id": "file_56", "md5_hash": "028475f04cb4b0015ed159c5a3c52344", "norm_filename": "c:\\progra~1\\common~1\\log.txt", "sha1_hash": "79e9c34300da936202274f039e8a89551bd439db", "sha256_hash": "d52f565d184c3e6b5f68496a46401d61d8e5a44168c1a34c6665fdbe4a6944ac", "size": 3414, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/2fff3c5e3de45e1fa93f0b45d7d2c689e79afcdd", "file_type": "created_file", "id": "file_57", "md5_hash": "f04c979a6ca96f275c1983e189e49a71", "norm_filename": "c:\\progra~1\\common~1\\log.txt", "sha1_hash": "2fff3c5e3de45e1fa93f0b45d7d2c689e79afcdd", "sha256_hash": "3c7ed75d5fd52590a72d8b37772d8b38ed0f4e045efac4553243e788511897a5", "size": 3506, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/e1480bc45f92d4f491c5e43905d728288d26b3a8", "file_type": "created_file", "id": "file_58", "md5_hash": "c1deda669411954e7c0796cda7c44858", "norm_filename": "c:\\progra~1\\common~1\\log.txt", "sha1_hash": "e1480bc45f92d4f491c5e43905d728288d26b3a8", "sha256_hash": "43f0cbc263712e206094ef6a330c12a109096e5bff04e2541cd13966ad0acec3", "size": 3593, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/4663146013d877beb2a1ef06323e6e08ebcfb3fc", "file_type": "created_file", "id": "file_59", "md5_hash": "bbb45300aad036b1c2e4b8f87bb1cf50", "norm_filename": "c:\\progra~1\\common~1\\log.txt", "sha1_hash": "4663146013d877beb2a1ef06323e6e08ebcfb3fc", "sha256_hash": "6f17e9a2e04801aea643cba69b335ba7fa25e5ba1d3d3f9afdfcf57515dd344f", "size": 3671, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/5ec7d7a043009514c243339f0b812d54a75112f2", "file_type": "created_file", "id": "file_60", "md5_hash": "812c642e17fe3dafda09bc3024e88e85", "norm_filename": "c:\\progra~1\\common~1\\log.txt", "sha1_hash": "5ec7d7a043009514c243339f0b812d54a75112f2", "sha256_hash": "097188412e2f545dbfaa42d9ae3a89ac8187959bb59fa70702994303216b7a7c", "size": 3737, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/97f5c81c5a4300421ee85ae5fe7a43b9306f1e03", "file_type": "created_file", "id": "file_61", "md5_hash": "585e5a5cf38212222c56cb579b2c677f", "norm_filename": "c:\\progra~1\\common~1\\log.txt", "sha1_hash": "97f5c81c5a4300421ee85ae5fe7a43b9306f1e03", "sha256_hash": "b1bf8f93d22152954aaadcdb985db13661e3cc5e156e9929e2d22cd35f441083", "size": 3802, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/65fb9775a9c9c838031e3098b2a6b1fa7e229261", "file_type": "created_file", "id": "file_62", "md5_hash": "cc518181b54ca9c4593c8af23b337110", "norm_filename": "c:\\progra~1\\common~1\\log.txt", "sha1_hash": "65fb9775a9c9c838031e3098b2a6b1fa7e229261", "sha256_hash": "ca26427b16d46fb8b3acaa7e35b77057d4f4935cfa7c62b7ac0b899c73daee11", "size": 3868, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/d8dc24a281b9892e8a266ed5d6836674bc7c8e7b", "file_type": "created_file", "id": "file_63", "md5_hash": "b7e61e0ce67b2afbbad514aeeb2f16f5", "norm_filename": "c:\\progra~1\\common~1\\log.txt", "sha1_hash": "d8dc24a281b9892e8a266ed5d6836674bc7c8e7b", "sha256_hash": "e54d75426b10cd14d6ba4eb8b2dca6b63c3bb8b217a63a57de561de9485dcb00", "size": 3942, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/e39d16553a0dc82da4c8b7bdcbf10714695beea7", "file_type": "created_file", "id": "file_64", "md5_hash": "c5505f146ae475fc8da0d80dc1979cc9", "norm_filename": "c:\\progra~1\\common~1\\log.txt", "sha1_hash": "e39d16553a0dc82da4c8b7bdcbf10714695beea7", "sha256_hash": "80ecb21d65879b0d5176ec3c856031954f24d74c32345f73a74d4438ca78cfac", "size": 4007, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/41f6f78c05f7536e6d3626b9a5cad60802128004", "file_type": "created_file", "id": "file_65", "md5_hash": "04c652c8f73bd225b9a2f18c0053e496", "norm_filename": "c:\\progra~1\\common~1\\log.txt", "sha1_hash": "41f6f78c05f7536e6d3626b9a5cad60802128004", "sha256_hash": "0a81e80c28ed23d7dd99cfa514d91ad0549134c662577049c2c413adc6dc4b92", "size": 4140, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/8d7d1d7171e13fb5d08baf6baf4f5b097f3e9fd8", "file_type": "created_file", "id": "file_66", "md5_hash": "7d4c8e3c527ea8613ff16f8c80626e0c", "norm_filename": "c:\\progra~1\\common~1\\log.txt", "sha1_hash": "8d7d1d7171e13fb5d08baf6baf4f5b097f3e9fd8", "sha256_hash": "391c8e38e18d9de18dc5883326314ae33333db3659916d087e4606b04a254446", "size": 4282, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/a240abf258e7ef22fbdc0157974e93b1eb15d9ef", "file_type": "created_file", "id": "file_67", "md5_hash": "0e773de37700ef66797fe352cc0cb3c5", "norm_filename": "c:\\progra~1\\common~1\\log.txt", "sha1_hash": "a240abf258e7ef22fbdc0157974e93b1eb15d9ef", "sha256_hash": "3fbe9030a164bd070bb9f1a50a18d66ca8f39d147dae1b3a8a2ef6f6197a05b7", "size": 4356, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/df1b5c7b996e4c50837d120c326d008adac1572e", "file_type": "created_file", "id": "file_68", "md5_hash": "94fcb798c6a5c39d87e14944f04d80bd", "norm_filename": "c:\\progra~1\\common~1\\log.txt", "sha1_hash": "df1b5c7b996e4c50837d120c326d008adac1572e", "sha256_hash": "891ac0f45d77c76f7215e5ad11c6e65e1e89210e24c9b6b4c6f361e77c5fffb6", "size": 4409, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/37c21bfecc4b9986c196d27975311172ec5d165b", "file_type": "created_file", "id": "file_69", "md5_hash": "4f60ff316054779deae30d8632f9864c", "norm_filename": "c:\\progra~1\\common~1\\log.txt", "sha1_hash": "37c21bfecc4b9986c196d27975311172ec5d165b", "sha256_hash": "832db58bd37a301ee9fca3c7469cc8489e3726398b8c109f883b8f0dd813660c", "size": 4464, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/5c1a0918fa9ffce177896ada56a9c51551c794de", "file_type": "created_file", "id": "file_70", "md5_hash": "9265fe43dbfbb104f310a12618573cab", "norm_filename": "c:\\progra~1\\common~1\\log.txt", "sha1_hash": "5c1a0918fa9ffce177896ada56a9c51551c794de", "sha256_hash": "e84d6dfaed2aaa3bd9c8520abc5ba9f72fe708caa3699094c6431cafb937ba0b", "size": 4523, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/be4e8fa60da8e3c6ac6005ec21af2a737b37909c", "file_type": "created_file", "id": "file_71", "md5_hash": "e94a0783b90f068ef239fd198eab3bf5", "norm_filename": "c:\\progra~1\\common~1\\log.txt", "sha1_hash": "be4e8fa60da8e3c6ac6005ec21af2a737b37909c", "sha256_hash": "6461bccde6ff08d84cf5038a03897c12c2c8deaa1872b642c29d9713182173fe", "size": 4595, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/f156383d6296daf35d01a734db8f29f84a70d94b", "file_type": "created_file", "id": "file_72", "md5_hash": "d263bb266796ca748022755394bfa214", "norm_filename": "c:\\progra~1\\common~1\\log.txt", "sha1_hash": "f156383d6296daf35d01a734db8f29f84a70d94b", "sha256_hash": "9f777850ba1457382d4da233443ffee7a30aaf4bd993837c715a383edf92c5e9", "size": 4664, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/80a40f36952e35124dfa1d4508bc6ccb6f8bb8cb", "file_type": "created_file", "id": "file_73", "md5_hash": "215f21c7c5acf9f76c985e86c0e7dcbc", "norm_filename": "c:\\progra~1\\common~1\\log.txt", "sha1_hash": "80a40f36952e35124dfa1d4508bc6ccb6f8bb8cb", "sha256_hash": "677c49fa7fbe267313d163c84c94dcc19a4a3d418762ed5434de4222dfc4422b", "size": 4735, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/b5468be4d7286d297fdc85d511fc83aab1d704b3", "file_type": "created_file", "id": "file_74", "md5_hash": "5c7257d85e76a786241ccaf4d6310638", "norm_filename": "c:\\progra~1\\common~1\\log.txt", "sha1_hash": "b5468be4d7286d297fdc85d511fc83aab1d704b3", "sha256_hash": "eea3eeb4250f20218704b73020ee16703e0718285e7b680da6aec24f011aac37", "size": 4812, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/770754397c4ea146feec332286eac09a6fe4c9f0", "file_type": "created_file", "id": "file_75", "md5_hash": "d9a672f6d8fe6553a256f5603bdd5bd1", "norm_filename": "c:\\progra~1\\common~1\\log.txt", "sha1_hash": "770754397c4ea146feec332286eac09a6fe4c9f0", "sha256_hash": "9046d45c51779957c70af827eca61a13f9b7414c62d22cac0dc79f92070e48cf", "size": 4887, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/20d81f76ef640a55942de696583ebfbba49c5c31", "file_type": "created_file", "id": "file_76", "md5_hash": "e93019f7be37412418d7e40fbfd308c7", "norm_filename": "c:\\progra~1\\common~1\\log.txt", "sha1_hash": "20d81f76ef640a55942de696583ebfbba49c5c31", "sha256_hash": "6f36808e492b059cf1f26786bd338d27911be2467c7852c10475d0c2ea94bc74", "size": 4955, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/1e91a00aba0debe60a8231738185dba6e573c578", "file_type": "created_file", "id": "file_77", "md5_hash": "fc3fe5af8ac92ffe760fa33bffe9aae7", "norm_filename": "c:\\progra~1\\common~1\\log.txt", "sha1_hash": "1e91a00aba0debe60a8231738185dba6e573c578", "sha256_hash": "a408a884e036408b73528052e049ae08bc43f5bc907aadaa6910e9175e014df9", "size": 5036, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/0b00cce55439f2c3ab70cb8aebd6ad6aa13adad0", "file_type": "created_file", "id": "file_78", "md5_hash": "0f10ad8499833cfeacb11efcd21c98a3", "norm_filename": "c:\\progra~1\\common~1\\log.txt", "sha1_hash": "0b00cce55439f2c3ab70cb8aebd6ad6aa13adad0", "sha256_hash": "06d65e283e7e8572b50c21e05264e76dfb41a11c5f5ca97904aa5dc8d5cbbcd1", "size": 5116, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/35f264e38a0e80de6c10e5741771e7eeb408389c", "file_type": "created_file", "id": "file_79", "md5_hash": "7c1eaea8a453bac459114155c7a5b8e4", "norm_filename": "c:\\progra~1\\common~1\\log.txt", "sha1_hash": "35f264e38a0e80de6c10e5741771e7eeb408389c", "sha256_hash": "98ca45db883db0745b111ae423ad2b9beedaf87341244308cb71775b17c0db78", "size": 5190, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/8efde3d289d2100240b5424e2fc6ceb439af0f08", "file_type": "created_file", "id": "file_80", "md5_hash": "dec70630f7a97fb171d6f42ddd6f247c", "norm_filename": "c:\\progra~1\\common~1\\log.txt", "sha1_hash": "8efde3d289d2100240b5424e2fc6ceb439af0f08", "sha256_hash": "3c20e61684cb287dd62de88694eecb0d5dd67c0bc9915643893adec507fb2e54", "size": 5271, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/a1351c4cc011331920307eac2f9c41147f87ce3d", "file_type": "created_file", "id": "file_81", "md5_hash": "61eae17fc109442a1406448079bc049e", "norm_filename": "c:\\progra~1\\common~1\\log.txt", "sha1_hash": "a1351c4cc011331920307eac2f9c41147f87ce3d", "sha256_hash": "57d0b25351529d92b1ed7547c24fe7878809406475a9e38aee109a56501b48ab", "size": 5348, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/553b1b6f1efcf0e5d5f21f98aa812d275ad59346", "file_type": "created_file", "id": "file_82", "md5_hash": "c5a36b47b9081e94530285a1de8e6c1a", "norm_filename": "c:\\progra~1\\common~1\\log.txt", "sha1_hash": "553b1b6f1efcf0e5d5f21f98aa812d275ad59346", "sha256_hash": "021498e596de897546a3f287262eb15e2a9c77880fddbf4729f4f31ed85e11b0", "size": 5442, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/93cd2fc955c0c334cbde020746710f3f56991f30", "file_type": "created_file", "id": "file_83", "md5_hash": "75c6ce6d9424b73aa80240b86b17a7cf", "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\onenote notebooks\\my notebook\\quick notes.encrypted.one", "sha1_hash": "93cd2fc955c0c334cbde020746710f3f56991f30", "sha256_hash": "85181b0f7419ffc6c68e72c1f4d045bd59373416ff48838a0ac19087abaa9c9c", "size": 362032, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/f4ec3fcf00df5854a68f891d6a49bd40ad1ab966", "file_type": "created_file", "id": "file_84", "md5_hash": "accda2952af8bc8b3a8c5e89169107a8", "norm_filename": "c:\\progra~1\\common~1\\log.txt", "sha1_hash": "f4ec3fcf00df5854a68f891d6a49bd40ad1ab966", "sha256_hash": "585b346c2b84e1479764640cd68ef1827e7e11851682b21a48ce7f52dc5ed384", "size": 5610, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/7e49228b19486952f30c7e135d7464f05247f819", "file_type": "created_file", "id": "file_85", "md5_hash": "ccdd9bf84db49be6ddecf43581b52990", "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\pldu.encrypted.docx", "sha1_hash": "7e49228b19486952f30c7e135d7464f05247f819", "sha256_hash": "0b43a83baa0bb26b8f60a8d73f1d067e377ef81a19cd46dbce54a1fce8cb9c4b", "size": 19728, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/c557735e0c8e1f684e57c7880b4f09942ce1d66d", "file_type": "created_file", "id": "file_86", "md5_hash": "3dc4ac216ba25f02ceda1bc88ffda217", "norm_filename": "c:\\progra~1\\common~1\\log.txt", "sha1_hash": "c557735e0c8e1f684e57c7880b4f09942ce1d66d", "sha256_hash": "5f32fa5b04c3923ae261550e2c30da8b16db3e54104e48c11cb9013e48ac7b6a", "size": 5728, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/14fed7dc68ddd6066a57473ab5511ca52d537bdc", "file_type": "created_file", "id": "file_87", "md5_hash": "c0bb5d61b9eec918801e422f8ffb8513", "norm_filename": "c:\\progra~1\\common~1\\log.txt", "sha1_hash": "14fed7dc68ddd6066a57473ab5511ca52d537bdc", "sha256_hash": "a03423ff05f929a761e09dcd31f59e948cdafa73cb89d24c28434c91ab16fd64", "size": 5787, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/82cd81466fd4893066017663b57002e49909108e", "file_type": "created_file", "id": "file_88", "md5_hash": "14d260a6115598e241faac81034e1087", "norm_filename": "c:\\progra~1\\common~1\\log.txt", "sha1_hash": "82cd81466fd4893066017663b57002e49909108e", "sha256_hash": "6b304f32947b230860ef5179a780945b6ccc4aac270dc4e72712a8c7908a047a", "size": 5850, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/86e2d3df6d2c90cdda9e0998176ffeb0cf012615", "file_type": "created_file", "id": "file_89", "md5_hash": "065f621f348133743ad1249d337c972b", "norm_filename": "c:\\progra~1\\common~1\\log.txt", "sha1_hash": "86e2d3df6d2c90cdda9e0998176ffeb0cf012615", "sha256_hash": "30a4cf6ca0c447f5740d4afe14a1c46003ced874d823675b5f1387a0db7650c7", "size": 5912, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/7269f8b17ad4145196309456304e8b982b80cadb", "file_type": "created_file", "id": "file_90", "md5_hash": "04a685fedd3ac655480393cb505f324f", "norm_filename": "c:\\progra~1\\common~1\\log.txt", "sha1_hash": "7269f8b17ad4145196309456304e8b982b80cadb", "sha256_hash": "8d10a9450a68b45697ec1903b8d8758743e1cea75219cb67fa89adf22a0b511a", "size": 5964, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/c7f3d4c7670d35d579671ccfd78d4801fe5e0ae5", "file_type": "created_file", "id": "file_91", "md5_hash": "5103ba382b3ff4928f0be25060ae01be", "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\zd9_fkulwlewhm.encrypted.xlsx", "sha1_hash": "c7f3d4c7670d35d579671ccfd78d4801fe5e0ae5", "sha256_hash": "7f3b86e47b1d930a6ce211d85cb1f99e1e74dd8591f273948de04be20209b791", "size": 88512, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/ed8564253b825e85240c4b163320960a4d089d0f", "file_type": "created_file", "id": "file_92", "md5_hash": "8124b358fb97558d912d56e3f781a3d5", "norm_filename": "c:\\progra~1\\common~1\\log.txt", "sha1_hash": "ed8564253b825e85240c4b163320960a4d089d0f", "sha256_hash": "710f8023176ba02e6cf50de936e1c8421df8389af85918f487145d2a6888bed7", "size": 6093, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/ff6e9226092a22f09d24639f943037c091af861a", "file_type": "created_file", "id": "file_93", "md5_hash": "0dde0bebbefba6f054ed2aaf86acd5da", "norm_filename": "c:\\progra~1\\common~1\\log.txt", "sha1_hash": "ff6e9226092a22f09d24639f943037c091af861a", "sha256_hash": "26b02649e4c83ebe74097cc5ebc536a891c0c4eab7ab47ecec8c730f74f156be", "size": 6158, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/e33ea4844b41eca9d91ca99f09c96da63169412d", "file_type": "created_file", "id": "file_94", "md5_hash": "7c6f98304663c237935a6d8c918c6834", "norm_filename": "c:\\progra~1\\common~1\\log.txt", "sha1_hash": "e33ea4844b41eca9d91ca99f09c96da63169412d", "sha256_hash": "a1d8347c65f80208e6e33fc143ed68687e4e92de13e7e925597519dedb474bd9", "size": 6216, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/48984ea3f30f4fefffff3a40336055d5b1675249", "file_type": "created_file", "id": "file_95", "md5_hash": "bf6f677076f31be57c2bcbb25de51a4a", "norm_filename": "c:\\progra~1\\common~1\\log.txt", "sha1_hash": "48984ea3f30f4fefffff3a40336055d5b1675249", "sha256_hash": "690b5abc55f49e99dc479cce0489d79190ef5827ac912103a8d6d997dece1f44", "size": 6266, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/f5f8591d7aedbbf9dd854f71db05e7aafd472537", "file_type": "created_file", "id": "file_96", "md5_hash": "0f116efaa3322016bc41a511202e6738", "norm_filename": "c:\\progra~1\\common~1\\log.txt", "sha1_hash": "f5f8591d7aedbbf9dd854f71db05e7aafd472537", "sha256_hash": "a3bea9b51d75c83d7cb8b08f065e267d2e36ef8fd139bf54cf541fb683c36275", "size": 6322, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/4eb54aed3dcb5cc9fbe0347e5e086c02659b3702", "file_type": "created_file", "id": "file_97", "md5_hash": "69ab972dfa43be74c887a4d31ae42aa2", "norm_filename": "c:\\progra~1\\common~1\\log.txt", "sha1_hash": "4eb54aed3dcb5cc9fbe0347e5e086c02659b3702", "sha256_hash": "1deb08c806b9b46d8bb35c31455c3e83a2abcab30aede8ac039128de6b2a0676", "size": 6371, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/8b4993d3e518ca3d35a65cd18226320a10bfc1b4", "file_type": "created_file", "id": "file_98", "md5_hash": "00cf613cbc4cfa51070a3a07f3472c7f", "norm_filename": "c:\\progra~1\\common~1\\log.txt", "sha1_hash": "8b4993d3e518ca3d35a65cd18226320a10bfc1b4", "sha256_hash": "d43548d63fb98d2f961a48e484165e4ce5f5589e5fe7af30cb37c61841a83051", "size": 6420, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/9d9ced668736a9dd5433be40bdd2c32b1d49ddd8", "file_type": "created_file", "id": "file_99", "md5_hash": "a765a9aad60f2e425b85797ec300bd0e", "norm_filename": "c:\\progra~1\\common~1\\log.txt", "sha1_hash": "9d9ced668736a9dd5433be40bdd2c32b1d49ddd8", "sha256_hash": "48e761919d6aadbb4f117ba3332b7d9d225f917d96b56e5da150b8abac89773f", "size": 6479, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/13b1b0d2b1a092cf8bec3f9b697b696cbe00b1da", "file_type": "created_file", "id": "file_100", "md5_hash": "aed6a6d2060741552f73b2a2c4a37c73", "norm_filename": "c:\\progra~1\\common~1\\log.txt", "sha1_hash": "13b1b0d2b1a092cf8bec3f9b697b696cbe00b1da", "sha256_hash": "70e8ff58284d32ca674ad31c9d0a30cafcb123751b134355ebbd9cb9bf243ad0", "size": 6532, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/be03a86db5dbb9902c2d2da5abc0c4b2e5724daf", "file_type": "created_file", "id": "file_101", "md5_hash": "5babe46533fc7df489ed04ffb5e9b2e6", "norm_filename": "c:\\progra~1\\common~1\\log.txt", "sha1_hash": "be03a86db5dbb9902c2d2da5abc0c4b2e5724daf", "sha256_hash": "45dd1eed4a29a10fa020512a97b2ceb3f849e0294485f835b152ddb05dfa0f21", "size": 6589, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/395ec3dbb38c30ed22f05f6bfb80a3e1940d8b54", "file_type": "created_file", "id": "file_102", "md5_hash": "6aec49444211fc7ae8f72befd5ab6ff5", "norm_filename": "c:\\progra~1\\common~1\\log.txt", "sha1_hash": "395ec3dbb38c30ed22f05f6bfb80a3e1940d8b54", "sha256_hash": "48131131aec0cf51e3f457aa39432239c460f4159f150d209ce9995437ca472f", "size": 6639, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/febc01b0a6a9839136a189dd5c14c8f1624290cc", "file_type": "created_file", "id": "file_103", "md5_hash": "3d04b6b44539feb4e460d221a122fcc4", "norm_filename": "c:\\progra~1\\common~1\\log.txt", "sha1_hash": "febc01b0a6a9839136a189dd5c14c8f1624290cc", "sha256_hash": "caa1070e985eafb07053f9ad92eebc7c59cd95a86fb7c61204d1ca6db66ca600", "size": 6701, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/3badb883af7c8ca8f4fc5734df5ee623f7f56817", "file_type": "created_file", "id": "file_104", "md5_hash": "e883732eececa6c9c29ac2de92e49d87", "norm_filename": "c:\\progra~1\\common~1\\log.txt", "sha1_hash": "3badb883af7c8ca8f4fc5734df5ee623f7f56817", "sha256_hash": "8fa612ce686862b73796e16609062d2ff4d923f056c02428126846ede98eee20", "size": 6752, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/c4314ced5b4dab7ff7be892ae99b06fd676d484b", "file_type": "created_file", "id": "file_105", "md5_hash": "6e266192cf4572df669f2d82224c0226", "norm_filename": "c:\\progra~1\\common~1\\log.txt", "sha1_hash": "c4314ced5b4dab7ff7be892ae99b06fd676d484b", "sha256_hash": "0d5383b0d9c47113f366239d4c588ffa39f71efc7d1b74aecb99c25552366b93", "size": 6808, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/b556e7b8a52f070ad168b9dbe8ba164ee6c728b6", "file_type": "created_file", "id": "file_106", "md5_hash": "e162c339ad1c7df6c47a05207b857310", "norm_filename": "c:\\progra~1\\common~1\\log.txt", "sha1_hash": "b556e7b8a52f070ad168b9dbe8ba164ee6c728b6", "sha256_hash": "38797c57543b4ede62c2280a2c7414b783c2fdb4d2449647a657b1aaa00f53aa", "size": 6878, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/e6b50f8d68f37871fa27b3f53b2dab2252a35c5c", "file_type": "created_file", "id": "file_107", "md5_hash": "c32de3d6eb9c9c30bbbedd123727cf66", "norm_filename": "c:\\progra~1\\common~1\\log.txt", "sha1_hash": "e6b50f8d68f37871fa27b3f53b2dab2252a35c5c", "sha256_hash": "3f7b5fafc3753bcf4f95814c70a3a268b1e6db05696c53bc90e6f606b6a85597", "size": 7018, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/e98af0158e1b286537a9e2a8aa3250c3fa43bfae", "file_type": "created_file", "id": "file_108", "md5_hash": "2dff1676264576eaaec72f40b1a2bd8e", "norm_filename": "c:\\progra~1\\common~1\\log.txt", "sha1_hash": "e98af0158e1b286537a9e2a8aa3250c3fa43bfae", "sha256_hash": "7cb84bdd48ea594e31ce93c142ffc44b87be438ecbaf8e1d8a6ea3c74e81289e", "size": 7092, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/14d2668ba81eb02e649a44142dbb2e57d77e8049", "file_type": "created_file", "id": "file_109", "md5_hash": "e5499496950290732082924cc3e89e0b", "norm_filename": "c:\\progra~1\\common~1\\log.txt", "sha1_hash": "14d2668ba81eb02e649a44142dbb2e57d77e8049", "sha256_hash": "48157f9c3adf09ba84fe2d608ad7cf57f53d90e885d499c0db77ef0b5e27434e", "size": 7161, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/2a7b4d02fc526752a084b7c59839661048c8d188", "file_type": "created_file", "id": "file_110", "md5_hash": "b714bd5118f1657db2f5c5f746f9e94a", "norm_filename": "c:\\progra~1\\common~1\\log.txt", "sha1_hash": "2a7b4d02fc526752a084b7c59839661048c8d188", "sha256_hash": "97ba3238b20c310c32cff472ea174273a25cc69c0b8e79e52f678e09afc7ba8a", "size": 7237, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/6c9c3c2a896a55388f42b5dc8d169ae7c005cfca", "file_type": "created_file", "id": "file_111", "md5_hash": "528d58e64f661cc7583f0ba76f139405", "norm_filename": "c:\\progra~1\\common~1\\log.txt", "sha1_hash": "6c9c3c2a896a55388f42b5dc8d169ae7c005cfca", "sha256_hash": "74ec6eefd60fee0b2769eda54735cdad265f45f29f110cb932363f02aaa53825", "size": 7302, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/4594b95571c82e8bcbf9a59489041c30262cffb4", "file_type": "created_file", "id": "file_112", "md5_hash": "f439b21434f582414e2cb47e10a59bd0", "norm_filename": "c:\\progra~1\\common~1\\log.txt", "sha1_hash": "4594b95571c82e8bcbf9a59489041c30262cffb4", "sha256_hash": "b8c293be36a6cfe96e60b4f530a5f47a94639bba1f9667a1847abf02896a56e3", "size": 7373, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/a37bd7e561d38695390af422adc77cb737a8f4c6", "file_type": "created_file", "id": "file_113", "md5_hash": "ac7ecacc3fd29525463dfc45f3591e48", "norm_filename": "c:\\progra~1\\common~1\\log.txt", "sha1_hash": "a37bd7e561d38695390af422adc77cb737a8f4c6", "sha256_hash": "778b1a52eeb517f43329e92b8cdd71f8aeccbad2a8afbf73d83ba3a3976a3615", "size": 7449, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/350b8715f05d1f20ac90c8a6c24600e8248348fe", "file_type": "created_file", "id": "file_114", "md5_hash": "ee65ad49aab0df6658d04f20dcdd6bbd", "norm_filename": "c:\\progra~1\\common~1\\log.txt", "sha1_hash": "350b8715f05d1f20ac90c8a6c24600e8248348fe", "sha256_hash": "02242c932ac0bf3b01afd14bd2c123141afe766a4225fda6be69e49c8737c027", "size": 7522, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/04a0d9eb686a127bf5b91c02b0ff84b9f76f2345", "file_type": "created_file", "id": "file_115", "md5_hash": "6b0977b640f54f2148b33ea9c686360e", "norm_filename": "c:\\users\\5jghkoaofdp\\music\\ygqpk-ymjwgakf7q\\v5iko1.encrypted.mp3", "sha1_hash": "04a0d9eb686a127bf5b91c02b0ff84b9f76f2345", "sha256_hash": "1c361912ae72195495356177a335be9ac6cb93bd68206c05460a5d588f49c494", "size": 42960, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/93adea30d9c7d12adf5495a7484b6cbb07af9a22", "file_type": "created_file", "id": "file_116", "md5_hash": "821abe92ed994861173c7d68c20270cf", "norm_filename": "c:\\progra~1\\common~1\\log.txt", "sha1_hash": "93adea30d9c7d12adf5495a7484b6cbb07af9a22", "sha256_hash": "66b592120a010a711cbc0a5877d54118d276baab9a04d92b5d49e8ba2bd61384", "size": 7588, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/0369b110754089ffd03b05b16f55486197133492", "file_type": "created_file", "id": "file_117", "md5_hash": "529215af9722162ea5ce3973fe73d23d", "norm_filename": "c:\\progra~1\\common~1\\log.txt", "sha1_hash": "0369b110754089ffd03b05b16f55486197133492", "sha256_hash": "0d88137711f9fb9a7c0a8b21fc5c8eeeac49ff9ba2f48057aca928153ce70615", "size": 7662, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/30dd40d6b0d5074e4d0accf9e7ea6546b3405246", "file_type": "created_file", "id": "file_118", "md5_hash": "5b50ddf0f6523f46db23cc63de32dcec", "norm_filename": "c:\\progra~1\\common~1\\log.txt", "sha1_hash": "30dd40d6b0d5074e4d0accf9e7ea6546b3405246", "sha256_hash": "3d16b02869fbedbad98378b642f97a85f21f5d532e923af61c30cb2de478d324", "size": 7728, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/9dc9098e1f5cef88cab0f2e349bf3b575b9d546d", "file_type": "created_file", "id": "file_119", "md5_hash": "17b4e87a704607f2d3764533b3972c02", "norm_filename": "c:\\progra~1\\common~1\\log.txt", "sha1_hash": "9dc9098e1f5cef88cab0f2e349bf3b575b9d546d", "sha256_hash": "fd354a89468a76659ba3ee06b6200af27adfaa5401f115fa3c427d97c74ab537", "size": 7803, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/6386a589de4dca0ab1d5f5e7dce1c6f4e8959beb", "file_type": "created_file", "id": "file_120", "md5_hash": "35085a450f532dfaeb3592eaffb6cda4", "norm_filename": "c:\\progra~1\\common~1\\log.txt", "sha1_hash": "6386a589de4dca0ab1d5f5e7dce1c6f4e8959beb", "sha256_hash": "f0c93e00cad050a0d6069c569234d40ff03ec36e06fdbd469e81f400049bf843", "size": 7879, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/372d4d1da857cce6d821904633227afae8f8c5e4", "file_type": "created_file", "id": "file_121", "md5_hash": "66c5449b52b544dca1a81456b5599a55", "norm_filename": "c:\\progra~1\\common~1\\log.txt", "sha1_hash": "372d4d1da857cce6d821904633227afae8f8c5e4", "sha256_hash": "3355ad8cc7da1435034397c27745197d9aebd15bbac266d577db6e1a75136b6a", "size": 7931, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/f4fcebc77d43c34f3fc34878ed034242828c2cf3", "file_type": "created_file", "id": "file_122", "md5_hash": "b3e49183c20a7f007241d416b4370532", "norm_filename": "c:\\progra~1\\common~1\\log.txt", "sha1_hash": "f4fcebc77d43c34f3fc34878ed034242828c2cf3", "sha256_hash": "5e3959d976451a81f71411584f148a3b9715cb045e04f27a9d539bd15da5bf6d", "size": 7993, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/97a4500d80657f0e8f3b18fe457f55d21ebb7bf0", "file_type": "created_file", "id": "file_123", "md5_hash": "05fb072022576bb2cf4b5d23c9c042a9", "norm_filename": "c:\\progra~1\\common~1\\log.txt", "sha1_hash": "97a4500d80657f0e8f3b18fe457f55d21ebb7bf0", "sha256_hash": "262e9a7cc9dd0a5f054551df21fa023ca6025fcd1aeae44b91acbe67611c3ba7", "size": 8064, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fb5b03564b9b49750b5efd8f4bda8866cd23b4b9", "file_type": "created_file", "id": "file_124", "md5_hash": "a1a6203f94a7d08f88ef4f9c64b64751", "norm_filename": "c:\\progra~1\\common~1\\log.txt", "sha1_hash": "fb5b03564b9b49750b5efd8f4bda8866cd23b4b9", "sha256_hash": "fa8b006d3a28e44052d60db1ed4b78a27b44205b2fe4e690bd50c75db6d79d28", "size": 8121, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/8d017865ba586ea326c0d582123af51c9ef04fb9", "file_type": "created_file", "id": "file_125", "md5_hash": "23389d14ab710399982a7a816f5d7003", "norm_filename": "c:\\progra~1\\common~1\\log.txt", "sha1_hash": "8d017865ba586ea326c0d582123af51c9ef04fb9", "sha256_hash": "665e8cc70ac1cb5102e4cbfb0f6288b3fe803a9bef9261f41aa721b3e30e9c74", "size": 8186, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/ebba90636f7aaab78c133d2af78530097e962ee3", "file_type": "created_file", "id": "file_126", "md5_hash": "ae98c05b979dc0635700d8a5fd977572", "norm_filename": "c:\\progra~1\\common~1\\log.txt", "sha1_hash": "ebba90636f7aaab78c133d2af78530097e962ee3", "sha256_hash": "e0f1cbac9123edd167b675f14095dbae31761998721d78e1e467455c8db90562", "size": 8273, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/3fced465e2b1c1cad49cafe893d8b7c3233b5f53", "file_type": "created_file", "id": "file_127", "md5_hash": "0fab42a4069156e095d89868a12c69fe", "norm_filename": "c:\\progra~1\\common~1\\log.txt", "sha1_hash": "3fced465e2b1c1cad49cafe893d8b7c3233b5f53", "sha256_hash": "f1ab2a2b5a49c0597d8644a155344fae9c6a3b5a96220d3cfd0aa072b134c224", "size": 8357, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/c4600150007bedaf52f68681b86916e87d8ccdaf", "file_type": "created_file", "id": "file_128", "md5_hash": "e036ca270459d7094798efd0c2e09f86", "norm_filename": "c:\\progra~1\\common~1\\log.txt", "sha1_hash": "c4600150007bedaf52f68681b86916e87d8ccdaf", "sha256_hash": "0accb682708c62d9b2f78d23a15b977856ff2422595684348cbedff41c80ac39", "size": 8433, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/717abca3e6e0d81d65550f606311a89a3b22f338", "file_type": "created_file", "id": "file_129", "md5_hash": "5ffd64e3c51bc8fa7978d04e98008963", "norm_filename": "c:\\progra~1\\common~1\\log.txt", "sha1_hash": "717abca3e6e0d81d65550f606311a89a3b22f338", "sha256_hash": "098053b24aa7f2bd2007632a689b1a63eacd3091733a829fa842be45d3c72a65", "size": 8525, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/941dd518a563b00494ad8b7b0b7fa5839eb2f437", "file_type": "created_file", "id": "file_130", "md5_hash": "6e305b868b3f2ad3e592b225db55655e", "norm_filename": "c:\\progra~1\\common~1\\log.txt", "sha1_hash": "941dd518a563b00494ad8b7b0b7fa5839eb2f437", "sha256_hash": "b9d2903da59d11531831543f7f02bfa220e56a18736244a03602d37bd41195c0", "size": 8585, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/772ce3d83b8946c480d643ead1b857da52cfa14e", "file_type": "created_file", "id": "file_131", "md5_hash": "fbabe33557484f00b6899782092a5337", "norm_filename": "c:\\progra~1\\common~1\\log.txt", "sha1_hash": "772ce3d83b8946c480d643ead1b857da52cfa14e", "sha256_hash": "39c98aefb97148ead47fdd2f275422b9db80efd0fedbad5ea8ae9e17dc52d6d9", "size": 8656, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/117e119e643af6b5f46b560f393b097b33c83779", "file_type": "created_file", "id": "file_132", "md5_hash": "1d0f4c3cf7b5596e854459cd58928142", "norm_filename": "c:\\progra~1\\common~1\\log.txt", "sha1_hash": "117e119e643af6b5f46b560f393b097b33c83779", "sha256_hash": "013ce062e5a77af00da5490669f424e7d5d6d64a0576f73e1379781a5417862a", "size": 8730, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/70a87311b97f5ab6fd3c6f2399044c0643377294", "file_type": "created_file", "id": "file_133", "md5_hash": "2663518d1848a516cf6dcb97a66cd87d", "norm_filename": "c:\\progra~1\\common~1\\log.txt", "sha1_hash": "70a87311b97f5ab6fd3c6f2399044c0643377294", "sha256_hash": "594454295a639854fd096d203469dd03a51e7edad07ade8e772e3a93ebdd1c97", "size": 8806, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/0183755599ab86295e6b2467968acc087fe25cb0", "file_type": "created_file", "id": "file_134", "md5_hash": "e851eb21c3987b1f349ddb9b857815d3", "norm_filename": "c:\\users\\5jghkoaofdp\\pictures\\hz2w\\ra1rifpb2\\l6fx8sicimwq0qgomdx1.encrypted.png", "sha1_hash": "0183755599ab86295e6b2467968acc087fe25cb0", "sha256_hash": "7915469719d6373559f2f7efe127f46950ccac1147ab91f2cd6711ed2fed14d0", "size": 30576, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/05bf5c15f1ab075c0f80a489bbd3bb66f1016efe", "file_type": "created_file", "id": "file_135", "md5_hash": "cd31ec0082f8091222ef2c030a1dd669", "norm_filename": "c:\\progra~1\\common~1\\log.txt", "sha1_hash": "05bf5c15f1ab075c0f80a489bbd3bb66f1016efe", "sha256_hash": "4568e21200c8049960de9d8037a882ab45fabd61881fc778fd82bd4b684b88f5", "size": 8887, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/ae4a35610f1a018559138ed85f32acf647adc992", "file_type": "created_file", "id": "file_136", "md5_hash": "06972603e1aa72a1f67f38765134193c", "norm_filename": "c:\\progra~1\\common~1\\log.txt", "sha1_hash": "ae4a35610f1a018559138ed85f32acf647adc992", "sha256_hash": "14afaf4417f69786f3ba0a0b7435282880ef828d93123e8bef9fbb2fdd8b3e38", "size": 8953, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/f4606367d92afe73c00faee19aa6cd6db5e45634", "file_type": "created_file", "id": "file_137", "md5_hash": "062db4741927111f06eb282e0594bee8", "norm_filename": "c:\\progra~1\\common~1\\log.txt", "sha1_hash": "f4606367d92afe73c00faee19aa6cd6db5e45634", "sha256_hash": "25e97d570f19f996bde584ff2240596e9c13f93b30fe96fb400d4e8692287e6d", "size": 9040, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/abb5e4d47142a8413a5f597882d5ff288072f8ff", "file_type": "created_file", "id": "file_138", "md5_hash": "313318bc7f428f5c50490d2718271b01", "norm_filename": "c:\\progra~1\\common~1\\log.txt", "sha1_hash": "abb5e4d47142a8413a5f597882d5ff288072f8ff", "sha256_hash": "f55af1f4c1ccda6c0a1172c82caa24083a5dc20fa928245e05435b292f9d811b", "size": 9120, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/4252d4d682fc6f137b0728927ce2a43c9005e34d", "file_type": "created_file", "id": "file_139", "md5_hash": "13db1f7ab084a1cbedeef20780e5eb26", "norm_filename": "c:\\progra~1\\common~1\\log.txt", "sha1_hash": "4252d4d682fc6f137b0728927ce2a43c9005e34d", "sha256_hash": "1c4516e1467f30557a892fd4e881787fc5e660ff37acbb6b59478527782295da", "size": 9200, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/c3b358d9c041e839a7cdfbeb0911a250d599550f", "file_type": "created_file", "id": "file_140", "md5_hash": "9a058089af8fbb955a16523f2c73b3a7", "norm_filename": "c:\\progra~1\\common~1\\log.txt", "sha1_hash": "c3b358d9c041e839a7cdfbeb0911a250d599550f", "sha256_hash": "8c2cdaa60e59ea68e3e9f3f8df61b540b0f3f46dc2d4756adc2e6fb0c80cea50", "size": 9284, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/bc307cdf7fb0d755332086ba8b2c28cf15d675ad", "file_type": "created_file", "id": "file_141", "md5_hash": "a85b2f6027ba2286ef20cfa5f18e5b3b", "norm_filename": "c:\\progra~1\\common~1\\log.txt", "sha1_hash": "bc307cdf7fb0d755332086ba8b2c28cf15d675ad", "sha256_hash": "a1ca68e8b77fa3e378309e50b7d0581fbe5f0a79fe8dae37a03ebdab75f21642", "size": 9373, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/c3828ae94e7c18dcbfbc7dbbf0aff7fac6005b70", "file_type": "created_file", "id": "file_142", "md5_hash": "66e2fcd7ae20fd8170a02d2ea947759e", "norm_filename": "c:\\progra~1\\common~1\\log.txt", "sha1_hash": "c3828ae94e7c18dcbfbc7dbbf0aff7fac6005b70", "sha256_hash": "5931325c0b0055a441e8f19dc9f70ba562491eedfea7e01944ca9fc0d92e60fe", "size": 9564, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/b7b77fb68686b7ece7d6ebe548cbfd927f111871", "file_type": "created_file", "id": "file_143", "md5_hash": "62f20d3a790f34ae967b4efc86da75b4", "norm_filename": "c:\\progra~1\\common~1\\log.txt", "sha1_hash": "b7b77fb68686b7ece7d6ebe548cbfd927f111871", "sha256_hash": "5a5d01bbaa6d5bc6bf11585832a33f033dc19010e2d2dd3978845d4d21287cbe", "size": 9737, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/28eea8e94852397036f8feb02268bc1c5bf8313a", "file_type": "created_file", "id": "file_144", "md5_hash": "bbdb6bf5a04c6499133201eb51d01d15", "norm_filename": "c:\\progra~1\\common~1\\log.txt", "sha1_hash": "28eea8e94852397036f8feb02268bc1c5bf8313a", "sha256_hash": "77d86caaadf8e955810eb1c41de575e2cc854326a4ad2777caff3c720c31cb45", "size": 9798, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/9aa6c6ee11bbf77e858a6521e5d94c0c2105b4de", "file_type": "created_file", "id": "file_145", "md5_hash": "7bd8cbfecabe16f788351292a8b498d3", "norm_filename": "c:\\progra~1\\common~1\\log.txt", "sha1_hash": "9aa6c6ee11bbf77e858a6521e5d94c0c2105b4de", "sha256_hash": "51dc8ebff41e86ff82b8380a46e2615a64e7bd3e1f4b6593908c094cf80ac078", "size": 9857, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/f73a2f7fd2befe16461d400ae1f9cfeeb40d1ab9", "file_type": "created_file", "id": "file_146", "md5_hash": "50ecceade9fad61b570f2b31410cad9f", "norm_filename": "c:\\users\\5jghkoaofdp\\pictures\\hz2w\\uvzp9c0xe2unmuaj6.encrypted.gif", "sha1_hash": "f73a2f7fd2befe16461d400ae1f9cfeeb40d1ab9", "sha256_hash": "04a4b6fb5a0a3be5267c923254c16e87c6342c0e4ae7cae92ff983f19cb29ccf", "size": 64272, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/869cbd81a15a7718db63393fbc2ce7707752789a", "file_type": "created_file", "id": "file_147", "md5_hash": "86561143d24c769f5da6bac487de96f5", "norm_filename": "c:\\progra~1\\common~1\\log.txt", "sha1_hash": "869cbd81a15a7718db63393fbc2ce7707752789a", "sha256_hash": "5b085773c45ecf0476a4e2ba346ae988f4bb9b0ac901887bf1f0a926c5b37500", "size": 9992, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/b2e8d54ba0ed9a229b07317def820a1fad102fbd", "file_type": "created_file", "id": "file_148", "md5_hash": "125e7e370faea2d82256567d87ad83ca", "norm_filename": "c:\\progra~1\\common~1\\log.txt", "sha1_hash": "b2e8d54ba0ed9a229b07317def820a1fad102fbd", "sha256_hash": "160741fa3ba7fd47609d525f152d6e18e8822713b2d994ea7811e4201f8d32f5", "size": 10050, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/8e6db923aa75166f8bab98c8c4d0417ddb046d44", "file_type": "created_file", "id": "file_149", "md5_hash": "d6376b849a5dd31402bc61da53ff70d4", "norm_filename": "c:\\progra~1\\common~1\\log.txt", "sha1_hash": "8e6db923aa75166f8bab98c8c4d0417ddb046d44", "sha256_hash": "ca24146bdc15868ac8c845d75ba74c8c39d2310f45f56ba249443c26ec375830", "size": 10115, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/d990903793b76870fff1c5456a34b611c490643c", "file_type": "created_file", "id": "file_150", "md5_hash": "383abb78bcce7916d51ba5bc9746b635", "norm_filename": "c:\\progra~1\\common~1\\log.txt", "sha1_hash": "d990903793b76870fff1c5456a34b611c490643c", "sha256_hash": "c999c4564b9af73b4ca71f49b251e910d1e3a78faf265ac06ca670586dc0cd6e", "size": 10178, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/f207d9d8ee21f4c17d4f65b012a3ecd5d2627a5d", "file_type": "created_file", "id": "file_151", "md5_hash": "605b83c7f9544dca8a16427f4d68a4f3", "norm_filename": "c:\\progra~1\\common~1\\log.txt", "sha1_hash": "f207d9d8ee21f4c17d4f65b012a3ecd5d2627a5d", "sha256_hash": "2c1eb6c74f8dcd2e8cdd117bd32906a1a0ddb6c8043dc70516ec44e1b33ce794", "size": 10232, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/cc41053534d44c0824ea20cf98409b94af9d1c45", "file_type": "created_file", "id": "file_152", "md5_hash": "08fe23442e7b9dbddbd04d28a03ad514", "norm_filename": "c:\\progra~1\\common~1\\log.txt", "sha1_hash": "cc41053534d44c0824ea20cf98409b94af9d1c45", "sha256_hash": "8a56a3d04eb76ebaa8df213bed2038e658b43f99016c0f7cf71d8d2068e36393", "size": 10297, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/2e6ade7efd7f39d8104a96d928f4cbcd7bf08439", "file_type": "created_file", "id": "file_153", "md5_hash": "247baaa79fd5a0e687bccecd197c5045", "norm_filename": "c:\\progra~1\\common~1\\log.txt", "sha1_hash": "2e6ade7efd7f39d8104a96d928f4cbcd7bf08439", "sha256_hash": "703a4a2ea26cb42fcf3a816838e6d94974de3ffd60ad5810e98542b8518d0b21", "size": 10365, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/01b101ab4ec74c74d9d567837ad0d4ed77ef19d5", "file_type": "created_file", "id": "file_154", "md5_hash": "35cc2d53ec9d5ed8d5fab7c26d956a2a", "norm_filename": "c:\\progra~1\\common~1\\log.txt", "sha1_hash": "01b101ab4ec74c74d9d567837ad0d4ed77ef19d5", "sha256_hash": "1510c32944889fe7e049d9d3b9bc28d39e5ba5b26e67de67d67088e4ff6417d6", "size": 10420, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/2b31237696990a1ccd72865997616badadd0cf76", "file_type": "created_file", "id": "file_155", "md5_hash": "eef304cda1e97b7519e8013f41389e28", "norm_filename": "c:\\progra~1\\common~1\\log.txt", "sha1_hash": "2b31237696990a1ccd72865997616badadd0cf76", "sha256_hash": "e7d70e8746e80567900bce548f24364be6117e1101d33a069416e3624f0f4315", "size": 10481, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/28d90fbbbf35ba141352091a9eb4e3a1e7931980", "file_type": "created_file", "id": "file_156", "md5_hash": "3b64c710563c0112cea1fc58433aed8c", "norm_filename": "c:\\users\\5jghkoaofdp\\videos\\mmzl\\pegwegazbvwtu3n0gz1z\\4_fiu1ihmr5kifysz.encrypted.mkv", "sha1_hash": "28d90fbbbf35ba141352091a9eb4e3a1e7931980", "sha256_hash": "f82ab9e17352b9118db0aa37ee63c3e46f8ff28d08bbafa51b96121f882877b2", "size": 14032, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/1c8a9674e39e5218ea538d5f42d4f7b4f553f937", "file_type": "created_file", "id": "file_157", "md5_hash": "743ec6e8ca03e0f65fa6c9b36a2a3fa9", "norm_filename": "c:\\progra~1\\common~1\\log.txt", "sha1_hash": "1c8a9674e39e5218ea538d5f42d4f7b4f553f937", "sha256_hash": "ef0af7c4736a029cbe1b6413e5d813b4e8ea0bedc6141b7f4bdd08e37af3607b", "size": 10670, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fcf4a931b1af4e25df1117bccc32e1043ca61729", "file_type": "created_file", "id": "file_158", "md5_hash": "4b99fab8428b8837effca97514e64fd5", "norm_filename": "c:\\progra~1\\common~1\\log.txt", "sha1_hash": "fcf4a931b1af4e25df1117bccc32e1043ca61729", "sha256_hash": "1530fa9ad498da053ccdfa86355d43dcbf6d0cb221d922215c8c7504baccaf35", "size": 10775, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/15f1210a505ac74f0eaa5a827c6708bb72d365f2", "file_type": "created_file", "id": "file_159", "md5_hash": "3d98ad64cbe4da1444b459c4ec605cb7", "norm_filename": "c:\\progra~1\\common~1\\log.txt", "sha1_hash": "15f1210a505ac74f0eaa5a827c6708bb72d365f2", "sha256_hash": "06a33380dc9b7433b0cfb1492ab6c40cf3ef2759d09ec2ec84e46850add4b5c7", "size": 10879, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/5e46c3c40862cbbabdd935c4590a3f3a4b0ee0bf", "file_type": "created_file", "id": "file_160", "md5_hash": "11149743e690c20d38515883a803b728", "norm_filename": "c:\\progra~1\\common~1\\log.txt", "sha1_hash": "5e46c3c40862cbbabdd935c4590a3f3a4b0ee0bf", "sha256_hash": "582ed28cb5e530572940a43f29940db8b98f35d3c5db9f932e757638ee9fe45a", "size": 10977, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/63a02effd93a059ed740f72f7e917b38fc7d5f74", "file_type": "created_file", "id": "file_161", "md5_hash": "e1af75e25dc5a0546b08272e826396c9", "norm_filename": "c:\\progra~1\\common~1\\log.txt", "sha1_hash": "63a02effd93a059ed740f72f7e917b38fc7d5f74", "sha256_hash": "550624776f27a6ad3e4f0126f12f8ff3b0072aa978349dd2a6b2db2015b3cf7c", "size": 11069, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/09ba74f0646405ac29679e0bfb3dcf1089d3eeea", "file_type": "created_file", "id": "file_162", "md5_hash": "0aba604b2c92a7a6e639cc36453f3bae", "norm_filename": "c:\\progra~1\\common~1\\log.txt", "sha1_hash": "09ba74f0646405ac29679e0bfb3dcf1089d3eeea", "sha256_hash": "eb25f636f7c32d17ce3945ec7bf79bb50b7ff71567a429bb05791fdca0674b59", "size": 11266, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/28c25132fa508e8073aa34f3638ff2d4c57b53c7", "file_type": "created_file", "id": "file_163", "md5_hash": "355471f0b3d53b177c40c3c4dc043b97", "norm_filename": "c:\\progra~1\\common~1\\log.txt", "sha1_hash": "28c25132fa508e8073aa34f3638ff2d4c57b53c7", "sha256_hash": "a29cc1e547ccb87e7df6d55d8b4dc1804951766dedc9da617a661583c1b0c3ef", "size": 11391, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/35e70175ad3cc625df4b09d1bd1ebbbb8c9e43f3", "file_type": "created_file", "id": "file_164", "md5_hash": "964a64698fb9058d4c4cc7e15bf4eebd", "norm_filename": "c:\\progra~1\\common~1\\log.txt", "sha1_hash": "35e70175ad3cc625df4b09d1bd1ebbbb8c9e43f3", "sha256_hash": "2c5a5de0543ce418e9261f8e1d40669bf9c711ec901973d91ad58a02199a600a", "size": 11514, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/b9f6464b3261d41b8fad5a39f422899b7b5bc841", "file_type": "created_file", "id": "file_165", "md5_hash": "cb9f6ab7b30eaf63713b9f144fba5f92", "norm_filename": "c:\\progra~1\\common~1\\log.txt", "sha1_hash": "b9f6464b3261d41b8fad5a39f422899b7b5bc841", "sha256_hash": "42854f6d2f498057c5900d219a5c5747edf0480224f3e5d3253908abcce85872", "size": 11638, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/3774e9e0eb5b659bd51813945c61d612d2d951c7", "file_type": "created_file", "id": "file_166", "md5_hash": "1774ac1c3f40ff5b7c80df6acfc4dada", "norm_filename": "c:\\progra~1\\common~1\\log.txt", "sha1_hash": "3774e9e0eb5b659bd51813945c61d612d2d951c7", "sha256_hash": "4bc3c90794d551de434a5a9478837679b446a95caeecd133a47e42e2e9411f6e", "size": 11762, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/743c7ad130780de78ccbf75aa6f84298720ad3fa", "file_type": "created_file", "id": "file_167", "md5_hash": "ad0b0b4416f06af436328a3c12dc491b", "norm_filename": "c:\\$recycle.bin\\s-1-5-21-3643094112-4209292109-138530109-1001\\desktop.ini", "sha1_hash": "743c7ad130780de78ccbf75aa6f84298720ad3fa", "sha256_hash": "23521de51ca1db2bc7b18e41de7693542235284667bf85f6c31902547a947416", "size": 65, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/2df502a944ff721241be20a9e449d2acd07e0312", "file_type": "created_file", "id": "file_168", "md5_hash": "a526b9e7c716b3489d8cc062fbce4005", "norm_filename": "c:\\$recycle.bin\\s-1-5-21-3643094112-4209292109-138530109-1001\\desktop.ini", "sha1_hash": "2df502a944ff721241be20a9e449d2acd07e0312", "sha256_hash": "e1b9ce9b57957b1a0607a72a057d6b7a9b34ea60f3f8aa8f38a3af979bd23066", "size": 129, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/4b44ad08470119cf62889821b9e95c612fe68aa2", "file_type": "created_file", "id": "file_170", "md5_hash": "b66f6b08de0f150cb8941aeb2b84f9d9", "norm_filename": "c:\\users\\5jghkoaofdp\\appdata\\local\\microsoft\\windows\\inetcookies\\mq6x6yzs.txt", "sha1_hash": "4b44ad08470119cf62889821b9e95c612fe68aa2", "sha256_hash": "07d71e09bbe4073839f882848e76ac431df4741ad318ef5c71846ee985bea63b", "size": 117, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/36c2f577a120f1785fd74ef556c4851b029c63a7", "file_type": "created_file", "id": "file_171", "md5_hash": "e407af805476c1cc12fcbcb42a217a5f", "norm_filename": "c:\\users\\5jghkoaofdp\\appdata\\local\\microsoft\\windows\\inetcache\\ie\\cay9e00x\\tobtc[1].txt", "sha1_hash": "36c2f577a120f1785fd74ef556c4851b029c63a7", "sha256_hash": "f959f76db4de29b9eb002f367e97a576481e1bc77274564bee0ce198849f73f3", "size": 10, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/d59dafa8efb71f884ba2d45e81b578840146ddca", "file_type": "created_file", "id": "file_172", "md5_hash": "ed31cbe057cdf23178c1f2ba56935bb2", "norm_filename": "c:\\progra~1\\common~1\\1365363213", "sha1_hash": "d59dafa8efb71f884ba2d45e81b578840146ddca", "sha256_hash": "ca7c6bc32e528080123c9f9b5f789ea602e26191d9665e8c671498cc18e902dd", "size": 27, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/85099b82839588ff6a90f5c855e5b283fba9ccb5", "file_type": "created_file", "id": "file_174", "md5_hash": "e852394bf8e2b2b108a04ae0241333a3", "norm_filename": "c:\\windows\\serviceprofiles\\localservice\\appdata\\local\\lastalive0.dat", "sha1_hash": "85099b82839588ff6a90f5c855e5b283fba9ccb5", "sha256_hash": "2e920a9d192ae4cbbe06d18399ec21c35622cdd03299b2bf846980887a294294", "size": 2048, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/98700bb958c1c5d23bf1447befca073c8fa091c3", "file_type": "created_file", "id": "file_175", "md5_hash": "f4dc61e6413f82a64ef546863d643946", "norm_filename": "c:\\windows\\serviceprofiles\\localservice\\appdata\\local\\lastalive1.dat", "sha1_hash": "98700bb958c1c5d23bf1447befca073c8fa091c3", "sha256_hash": "a23f90323730ff71623b6e6d64edd1c7a922829cdabc1d5e89392b28fd1d5b85", "size": 2048, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/a3c741303af0316b3571ba09551b156b195df33d", "file_type": "created_file", "id": "file_210", "md5_hash": "a68bf9f8d438a33cbe510005f6e874dc", "norm_filename": "c:\\users\\5jghkoaofdp\\desktop\\k9uoo8fw7r.encrypted.jpg", "sha1_hash": "a3c741303af0316b3571ba09551b156b195df33d", "sha256_hash": "61269a23824a019c70e6d2bc511b3ca58b1b19e0901d9877b3b5cc23842b71db", "size": 94096, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/c1ba11bb7749491ae94893ec62ae5b2f9845cbac", "file_type": "created_file", "id": "file_211", "md5_hash": "760f09c85f27d0bc3898cea6ec12bfb2", "norm_filename": "c:\\users\\5jghkoaofdp\\desktop\\kqg5xtni4dupero o1m.encrypted.jpg", "sha1_hash": "c1ba11bb7749491ae94893ec62ae5b2f9845cbac", "sha256_hash": "fce006e9807cd3825630e132f3e5c14c578b026c5ac7f2d3f4cca58f38b793b2", "size": 87216, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/d445747f84d42efd5b5e52a74bd8d64bfb4813f4", "file_type": "created_file", "id": "file_212", "md5_hash": "8712a2ba179c03a3d086989b13741f44", "norm_filename": "c:\\users\\5jghkoaofdp\\desktop\\ostre2ekexrlom6.encrypted.jpg", "sha1_hash": "d445747f84d42efd5b5e52a74bd8d64bfb4813f4", "sha256_hash": "ba434835eebcfdd209a6c28e47f29d11654df328d75fee34a5b8bb9a2e0dbfa5", "size": 12736, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/4ae48fa0713dd79ec3e8243426b0693a6d3ec112", "file_type": "created_file", "id": "file_217", "md5_hash": "ce6768e1270d3db4917683b342f2b5c4", "norm_filename": "c:\\users\\5jghkoaofdp\\appdata\\local\\microsoft\\windows\\caches\\{3da71d5a-20cc-432f-a115-dfe92379e91f}.1.ver0x0000000000000030.db", "sha1_hash": "4ae48fa0713dd79ec3e8243426b0693a6d3ec112", "sha256_hash": "685478655604a329b90bf405f175b4eab8aca82670274b0187c80be41a5c427d", "size": 133152, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/382f94c8be36973f1b3b1ea0fa6dd9afb52e4fc2", "file_type": "created_file", "id": "file_218", "md5_hash": "980fdc20d3574dcec166792ad5df9c37", "norm_filename": "c:\\users\\5jghkoaofdp\\desktop\\4ghbrlq-jktwuq.encrypted.bmp", "sha1_hash": "382f94c8be36973f1b3b1ea0fa6dd9afb52e4fc2", "sha256_hash": "e49c2af279005228f4e6296948c9f19b1cca25b0bc09f6807170c87663d8eb9d", "size": 54672, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/355a97c3fdb3ea08794d93b0971f2cada20ec94c", "file_type": "created_file", "id": "file_221", "md5_hash": "83fb70c75a3824acc0433299350e560d", "norm_filename": "c:\\users\\5jghkoaofdp\\desktop\\b1drbf6bjih2t5r.encrypted.bmp", "sha1_hash": "355a97c3fdb3ea08794d93b0971f2cada20ec94c", "sha256_hash": "be1b6eb108483866a017b48a922e2e39cae4330d1ca002b2d188f466cb1f1508", "size": 37760, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/4cb7fea782fe5a1e90e10857cb4a6ea62d0c3c51", "file_type": "created_file", "id": "file_222", "md5_hash": "e6731e0cbaae9ee9555d8a0720bea8a8", "norm_filename": "c:\\users\\5jghkoaofdp\\desktop\\djg5lkzha.encrypted.bmp", "sha1_hash": "4cb7fea782fe5a1e90e10857cb4a6ea62d0c3c51", "sha256_hash": "2e71b395f3142cc8ac2277a8343b5103c00b2219eba017c147797353bf97b1c8", "size": 96800, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fd89dc77f465db303f24e0c6ebbcb51f9966be41", "file_type": "created_file", "id": "file_223", "md5_hash": "10c1a84a32519315c52d7c62eb634392", "norm_filename": "c:\\users\\5jghkoaofdp\\desktop\\frzbojgkva5c6myj.encrypted.mp4", "sha1_hash": "fd89dc77f465db303f24e0c6ebbcb51f9966be41", "sha256_hash": "d10a7d942c17af5f2d67abc15d0bdfbe74262dc63dd64a8939a03edbb827e9bf", "size": 92464, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/7740212a7a6d04981889c3eaf3ea9d033cb32024", "file_type": "created_file", "id": "file_224", "md5_hash": "39c24282dcc2cfdf1a16e0a9dcd353ed", "norm_filename": "c:\\users\\5jghkoaofdp\\desktop\\uk 6ek_ge.encrypted.png", "sha1_hash": "7740212a7a6d04981889c3eaf3ea9d033cb32024", "sha256_hash": "3793173ad68dd2c7672ddedefdd82972f8108f53696d3a9b72e57fbbcb04e6bb", "size": 25840, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/1c4328fb34d4c3777daea38904d0185df3e2d60a", "file_type": "created_file", "id": "file_225", "md5_hash": "85059cccd2f0472cd50f45dfd1a7ea73", "norm_filename": "c:\\users\\5jghkoaofdp\\desktop\\ur9w.encrypted.mp3", "sha1_hash": "1c4328fb34d4c3777daea38904d0185df3e2d60a", "sha256_hash": "48d2d6d30fa8534a5c172cd867fffb6646c1fa9731ab84cead010826ab1af132", "size": 61760, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/3de767680bc25c995536ab7e3f86e77f99172f1e", "file_type": "created_file", "id": "file_226", "md5_hash": "0820b196964244383636e3e10ac13f73", "norm_filename": "c:\\users\\5jghkoaofdp\\desktop\\xe_1j.encrypted.avi", "sha1_hash": "3de767680bc25c995536ab7e3f86e77f99172f1e", "sha256_hash": "eb90f565bb5a91eef0f0ae385e55504966c29b28f5e022365cf740d22057a2af", "size": 31136, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/00709944738ba3518b1de353ed414cd2b5733c0d", "file_type": "created_file", "id": "file_227", "md5_hash": "40ae53155c9e7aa00db5d28fc6195ad3", "norm_filename": "c:\\users\\5jghkoaofdp\\desktop\\ypmyrw0yu.encrypted.mp3", "sha1_hash": "00709944738ba3518b1de353ed414cd2b5733c0d", "sha256_hash": "26fc40822c979da7e22395d77c5874944ffa64c62c5285b025971dc5bcd235c5", "size": 81664, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/d98475693e54efa2a80879e01c9f572495d0a2b8", "file_type": "created_file", "id": "file_251", "md5_hash": "c73c9e08a23aab918b0022c37f3bbd03", "norm_filename": "c:\\users\\5jghkoaofdp\\desktop\\0-0nsqtjx3oqok.encrypted.docx", "sha1_hash": "d98475693e54efa2a80879e01c9f572495d0a2b8", "sha256_hash": "fca4a8eae9c17d525c6d3a006f7e1d332ad2975a307c5487b2d42b55a259eaef", "size": 69536, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/2de17d959a3827be3338bebeb537e38ad7ebe028", "file_type": "created_file", "id": "file_253", "md5_hash": "640b1339f17aede2881af1ab059658d9", "norm_filename": "c:\\users\\5jghkoaofdp\\desktop\\cchnli nseui.encrypted.mp3", "sha1_hash": "2de17d959a3827be3338bebeb537e38ad7ebe028", "sha256_hash": "49ddba6f04e525494e892afae7beac4d467c046bd90b9214e1150234d00e1d9c", "size": 5968, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/25f3599cd5f77eb5da49b54d910539b485441d75", "file_type": "created_file", "id": "file_254", "md5_hash": "8646a831d8aa6b5cdb95285c310de920", "norm_filename": "c:\\users\\5jghkoaofdp\\desktop\\k3ebs8.encrypted.docx", "sha1_hash": "25f3599cd5f77eb5da49b54d910539b485441d75", "sha256_hash": "9b6abb86be95d8762d6459910e4d3e029008f71848102b0961f0d1993e410fb1", "size": 20224, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/d9be6524a5f5047db5866813acf3277892a7a30a", "file_type": "created_file", "id": "file_256", "md5_hash": "a54f0041a9e15b050f25c463f1db7449", "norm_filename": "c:\\progra~1\\common~1\\3123635631", "sha1_hash": "d9be6524a5f5047db5866813acf3277892a7a30a", "sha256_hash": "ad95131bc0b799c0b1af477fb14fcf26a6a9f76079e48bf090acb7e8367bfd0e", "size": 4, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/0910f4778a1170098a4898f965f7d9407482c395", "file_type": "created_file", "id": "file_263", "md5_hash": "2efe4509bfa413143a3ea9d92b3f814d", "norm_filename": "c:\\users\\5jghkoaofdp\\appdata\\local\\microsoft\\windows\\notifications\\3ef54ae93acb11e78251b4475e61765c\\aaph4da[3].jpg", "sha1_hash": "0910f4778a1170098a4898f965f7d9407482c395", "sha256_hash": "7b92ee513ca6154bfbda5c7ab445197c21dab6e7f12e04649bb009e7803b1165", "size": 57767, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/84ab095f362939907deb2a955b29b77f6d8b1cb4", "file_type": "created_file", "id": "file_271", "md5_hash": "7d44e6f65c3e2e657697136b8009c80e", "norm_filename": "c:\\users\\5jghkoaofdp\\appdata\\local\\microsoft\\windows\\notifications\\3ef54ae93acb11e78251b4475e61765c\\aaphss5[1].jpg", "sha1_hash": "84ab095f362939907deb2a955b29b77f6d8b1cb4", "sha256_hash": "dc310b4c8a65b1777aee8be67ef3cde8b984bf7d080b4516889a92d434f3258a", "size": 6817, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/f2d1bb972e21ae6341e1f0a8b03cc24965ce5609", "file_type": "created_file", "id": "file_284", "md5_hash": "fe543691f58c12331d822133069d8b5e", "norm_filename": "c:\\windows\\system32\\wdi\\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\\{cb4dd493-4d29-43d0-9097-3e1fdad4e75f}\\snapshot.etl", "sha1_hash": "f2d1bb972e21ae6341e1f0a8b03cc24965ce5609", "sha256_hash": "f88ede51a418e2e47264d6508453cb1993ebd117997494192fa74581c2d957e6", "size": 163840, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/12a505709171b0d96100a68d4175f143476bb857", "file_type": "created_file", "id": "file_288", "md5_hash": "dc52c77ba46b44655f97ba4ccf518971", "norm_filename": "c:\\windows\\system32\\wdi\\logfiles\\startupinfo\\s-1-5-21-3643094112-4209292109-138530109-1001_startupinfo1.xml", "sha1_hash": "12a505709171b0d96100a68d4175f143476bb857", "sha256_hash": "838c76c30914d58626125ddd5d55d5daee8074abf3db3de2edd0f6f69dda659c", "size": 474, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/88ae788f97ffe0a67b4665d931a459491a875297", "file_type": "created_file", "id": "file_291", "md5_hash": "ec1abca3d8d1cf4cb5fe6cff5b19930c", "norm_filename": "c:\\windows\\system32\\spp\\store\\2.0\\data.dat.tmp", "sha1_hash": "88ae788f97ffe0a67b4665d931a459491a875297", "sha256_hash": "047b76c8fc87787b5328077ccf0c68c3682be1d481376b46af55d7790c61c8cf", "size": 37520, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/88ae788f97ffe0a67b4665d931a459491a875297", "file_type": "created_file", "id": "file_292", "md5_hash": "ec1abca3d8d1cf4cb5fe6cff5b19930c", "norm_filename": "c:\\windows\\system32\\spp\\store\\2.0\\data.dat.bak", "sha1_hash": "88ae788f97ffe0a67b4665d931a459491a875297", "sha256_hash": "047b76c8fc87787b5328077ccf0c68c3682be1d481376b46af55d7790c61c8cf", "size": 37520, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/88ae788f97ffe0a67b4665d931a459491a875297", "file_type": "created_file", "id": "file_293", "md5_hash": "ec1abca3d8d1cf4cb5fe6cff5b19930c", "norm_filename": "c:\\windows\\system32\\spp\\store\\2.0\\data.dat", "sha1_hash": "88ae788f97ffe0a67b4665d931a459491a875297", "sha256_hash": "047b76c8fc87787b5328077ccf0c68c3682be1d481376b46af55d7790c61c8cf", "size": 37520, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/eb782f7b3f987ac960519aec8e61f1aff7e463aa", "file_type": "modified_file", "id": "file_173", "md5_hash": "b8959e29064273570bb69efde038cf10", "norm_filename": "c:\\windows\\bootstat.dat", "sha1_hash": "eb782f7b3f987ac960519aec8e61f1aff7e463aa", "sha256_hash": "f245f44f692fdf45a438e8f3469750d9c8616eaa3edda057eab11b7a3c077901", "size": 67584, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/c99a1eb2d8974a667d2e0bc2dc1efcbe0ef23387", "file_type": "modified_file", "id": "file_176", "md5_hash": "f1a6cd5adaab953a6764ea364e17bfb8", "norm_filename": "c:\\windows\\tasks\\sa.dat", "sha1_hash": "c99a1eb2d8974a667d2e0bc2dc1efcbe0ef23387", "sha256_hash": "12dc5ccd7fecafe070976a1916e9672e3d53085633c86957aee305ccc584184c", "size": 6, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/36e561596e58b08fb562c42c1cb4db81c845f98e", "file_type": "modified_file", "id": "file_178", "md5_hash": "5e4734c0c9960c28ae1242de2c0a7fc3", "norm_filename": "c:\\windows\\system32\\logfiles\\scm\\c4ae3c3e-c327-4689-b6fd-c11fb31ae88b", "sha1_hash": "36e561596e58b08fb562c42c1cb4db81c845f98e", "sha256_hash": "d5c96f544c2c23b048ad236a5f1051d736d4ac0c296344e195da07f6214be760", "size": 28, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/19467f02f1a08b42b37252de33a97d2a4fab14bc", "file_type": "modified_file", "id": "file_179", "md5_hash": "f71bbb3536837574097b93e69749ef24", "norm_filename": "c:\\windows\\system32\\logfiles\\scm\\1effb9c8-b178-41d3-906d-d567219d1b46", "sha1_hash": "19467f02f1a08b42b37252de33a97d2a4fab14bc", "sha256_hash": "70e2079bce3541b77dce69bb84a6245ec8ef1e88f180ec6d803591eac93832a6", "size": 28, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/c204d94c8fe611a1b52b28d96744ab319afccf45", "file_type": "modified_file", "id": "file_180", "md5_hash": "64aef66c21fd5aaa6810f2930e19c439", "norm_filename": "c:\\windows\\system32\\logfiles\\scm\\cf26df67-c0c5-41d9-961f-2d6fa0abd4f4", "sha1_hash": "c204d94c8fe611a1b52b28d96744ab319afccf45", "sha256_hash": "2422f6245b9ae60faaf64fc77b9b2246a887481d25922fc4cd55f9d61f37587e", "size": 28, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/e7de0c6fcebc7f86283e6b16080da41299b4d963", "file_type": "modified_file", "id": "file_181", "md5_hash": "ca6ae34b2cbe7c975ab7d43f53740b7e", "norm_filename": "c:\\windows\\system32\\logfiles\\scm\\d00e7cb4-f82a-4a72-ab0f-7bb86dca6f2f", "sha1_hash": "e7de0c6fcebc7f86283e6b16080da41299b4d963", "sha256_hash": "9d8777ea26006ce7018bcadd8598d8b33f4e173d01fdb0fc28f66f65d7fc3117", "size": 28, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/f81bb6a5c24494e0473f43af8ea321d4c5adf6c3", "file_type": "modified_file", "id": "file_182", "md5_hash": "ffc7ea22fe349acd66716f906c0e612f", "norm_filename": "c:\\windows\\system32\\logfiles\\scm\\e367590c-10f8-4401-b924-5839261dc94e", "sha1_hash": "f81bb6a5c24494e0473f43af8ea321d4c5adf6c3", "sha256_hash": "cc379af534b336ae26ad1cde9484dd9bb5f58c22122919af2b0a227658f392c6", "size": 28, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/f1ab8d5aecb6c7f7c790514a44a1bdf98167656d", "file_type": "modified_file", "id": "file_183", "md5_hash": "52bf4afa450ae3590dbedfc198970387", "norm_filename": "c:\\windows\\system32\\logfiles\\scm\\6d60faa7-fe9e-4e2e-bdcd-a98bfb435a6c", "sha1_hash": "f1ab8d5aecb6c7f7c790514a44a1bdf98167656d", "sha256_hash": "9630d522c9c24fd18b87c5296de87d335096d9bffc06520b72a651a313251c7d", "size": 28, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/3b7a7cee2884cc3a78b6f968573b4eabfc418b39", "file_type": "modified_file", "id": "file_184", "md5_hash": "cf8490c2e0ad87163ebfe652e577c452", "norm_filename": "c:\\windows\\system32\\logfiles\\scm\\e68ae95e-036a-421e-8d50-853a8b2bd168", "sha1_hash": "3b7a7cee2884cc3a78b6f968573b4eabfc418b39", "sha256_hash": "29866a26460fd6fd901131afab18a1d1be87e6b5377bfe063f7cd48af4f9f83b", "size": 28, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/2becd5cd5ae0ed9df2623bbc5c53a8399955a5c5", "file_type": "modified_file", "id": "file_185", "md5_hash": "f7c03fa50366a3b619235e6dcfe3b893", "norm_filename": "c:\\windows\\system32\\logfiles\\scm\\e8cc75dc-a5f5-4267-bd93-8a3479d0a822", "sha1_hash": "2becd5cd5ae0ed9df2623bbc5c53a8399955a5c5", "sha256_hash": "28d1331a4d95ad914a331ee53679dd92aa853a6bca544e9a1d50891d7aad0620", "size": 28, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/ada50ab9228b43f5a55d461af32cdf827798adb4", "file_type": "modified_file", "id": "file_186", "md5_hash": "9af947b1e8bed99c7810f7af04de9e98", "norm_filename": "c:\\windows\\system32\\logfiles\\scm\\57e1ab59-8b1f-47d2-ad45-7f2a4f5cdf39", "sha1_hash": "ada50ab9228b43f5a55d461af32cdf827798adb4", "sha256_hash": "bf1a5c3f46be8656099fc96b4826e330bf7b6434b2d595eb87e0989293348e5c", "size": 28, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/e49b2411cf70fdd302386408c01388fa2b4a7776", "file_type": "modified_file", "id": "file_187", "md5_hash": "b56494b65ff74403c70b0232209a339a", "norm_filename": "c:\\windows\\serviceprofiles\\networkservice\\debug\\netsetup.log", "sha1_hash": "e49b2411cf70fdd302386408c01388fa2b4a7776", "sha256_hash": "dd887387e4f1d338c77d470a7298e25a50cf61b7bfaa568ff127177fa7d2bd48", "size": 6679, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/b4fe1874e25e65d2b8d2215dd914b6aaa91be8bd", "file_type": "modified_file", "id": "file_188", "md5_hash": "c0a329af1d60bbca9c6ffb8f9988b69d", "norm_filename": "c:\\users\\5jghkoaofdp\\appdata\\local\\microsoft\\windows\\webcache\\v01.chk", "sha1_hash": "b4fe1874e25e65d2b8d2215dd914b6aaa91be8bd", "sha256_hash": "f0e6252a5236af00a7582b5d493b4cd4f66a5a958272c102153c96cf3d63b88f", "size": 8192, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/79edf5448a26c0d9b9d76c023b7148b8d9e0c78f", "file_type": "modified_file", "id": "file_190", "md5_hash": "d2049c3b7537a50715fa7e75405d1bfa", "norm_filename": "c:\\users\\5jghkoaofdp\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat", "sha1_hash": "79edf5448a26c0d9b9d76c023b7148b8d9e0c78f", "sha256_hash": "541cd61bb0b01fd9433d50a118dd599f51bef6f97560a91d10783354bbdb444d", "size": 10485760, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/f709d16279dda27c52342d3f21cfe55cd099db2a", "file_type": "modified_file", "id": "file_191", "md5_hash": "1709294fe850f9afc93b7b6c53c7b816", "norm_filename": "c:\\users\\5jghkoaofdp\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat", "sha1_hash": "f709d16279dda27c52342d3f21cfe55cd099db2a", "sha256_hash": "8b65dd0ea29f9f5b676cc1181345a77748ea8fb00dd5e266fbae289db77d087d", "size": 10485760, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/97df05fef3e4c1a42a25080cadc620b87787b4be", "file_type": "modified_file", "id": "file_192", "md5_hash": "a63b85fd24057ff78815e55e07e6b698", "norm_filename": "c:\\users\\5jghkoaofdp\\appdata\\local\\microsoft\\windows\\webcache\\v01.chk", "sha1_hash": "97df05fef3e4c1a42a25080cadc620b87787b4be", "sha256_hash": "ef5bbf814a6a488af7ba09635cf2bbe2928708d919fc0a23868f18f1e6f79ae3", "size": 8192, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/aa400712f1c4e8d0b9238470280d0b9a9b78bf3b", "file_type": "modified_file", "id": "file_193", "md5_hash": "7ec4d37de71cb33f097a1c7c2e233e2a", "norm_filename": "c:\\users\\5jghkoaofdp\\appdata\\local\\microsoft\\windows\\webcache\\v01.log", "sha1_hash": "aa400712f1c4e8d0b9238470280d0b9a9b78bf3b", "sha256_hash": "c41908de43677c9fbde7a28d0b5c77ef3312be5d377839057f556fa1b8f2d0b1", "size": 524288, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/011d7e469695f05d5dcdd05fac0dcfb0b7be4782", "file_type": "modified_file", "id": "file_194", "md5_hash": "c9d0d91d9e1a787076767a807593c791", "norm_filename": "c:\\users\\5jghkoaofdp\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat", "sha1_hash": "011d7e469695f05d5dcdd05fac0dcfb0b7be4782", "sha256_hash": "edc39e96383825894017c77ee1f635dccd949739da9c161f8fdb8c6dc0ed2ec5", "size": 10485760, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/8f9b2e2eaf99fb65feb908054787014b350d840f", "file_type": "modified_file", "id": "file_195", "md5_hash": "54d79fffc6b3a9509aa5024f2ffbf77f", "norm_filename": "c:\\users\\5jghkoaofdp\\appdata\\local\\microsoft\\windows\\explorer\\iconcache_idx.db", "sha1_hash": "8f9b2e2eaf99fb65feb908054787014b350d840f", "sha256_hash": "994f3b877c5151e1a013f616350f2335c6b8fb6f2f9d4c7407753bfb7cb43349", "size": 103544, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/d0ccf0338523c6a4b095f7f8b4bbb044b34b9e3f", "file_type": "modified_file", "id": "file_196", "md5_hash": "3d81cf78b2a26c893e013f3417b5ebeb", "norm_filename": "c:\\users\\5jghkoaofdp\\appdata\\local\\microsoft\\windows\\explorer\\iconcache_48.db", "sha1_hash": "d0ccf0338523c6a4b095f7f8b4bbb044b34b9e3f", "sha256_hash": "44e71a6e699d76d5c844736e82f6ef94933167e257532a69cdd83aa559da552f", "size": 2097152, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/0af8ebed5ff2484ec27390677176da47b92d6e04", "file_type": "modified_file", "id": "file_203", "md5_hash": "c0358051c5933b652d33576af828060c", "norm_filename": "c:\\windows\\system32\\logfiles\\scm\\e64595d9-e1af-4e09-8d36-1721fc82aee3", "sha1_hash": "0af8ebed5ff2484ec27390677176da47b92d6e04", "sha256_hash": "42a902e6ec7233fabc5632ff7d41be34e6283ee34150dfa8e51e80b9031c0e3e", "size": 28, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/f322a120d4a843a85a3f874bbb95dc4f77b0c8a3", "file_type": "modified_file", "id": "file_208", "md5_hash": "45a156cdff525ee025a1f7c5d52e37f2", "norm_filename": "c:\\users\\5jghkoaofdp\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_idx.db", "sha1_hash": "f322a120d4a843a85a3f874bbb95dc4f77b0c8a3", "sha256_hash": "e90690e694e9c84cf67570b9da5c8f064c87937b0a7c1a6950da314ddf700899", "size": 13048, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/d4541d5eeac27f618e26ed3c4918b07ae54c53df", "file_type": "modified_file", "id": "file_209", "md5_hash": "9cc553aef7714001c85bfe76b481048b", "norm_filename": "c:\\users\\5jghkoaofdp\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_48.db", "sha1_hash": "d4541d5eeac27f618e26ed3c4918b07ae54c53df", "sha256_hash": "a092422e84aff032e86379ddf67706199069ecbfc12e836d0820495341ce0770", "size": 1048576, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/246fbc5482780f94e0bed0e97beb7d33fcaa0652", "file_type": "modified_file", "id": "file_228", "md5_hash": "e02b40d4bd8e3c633a252441a18b2e7e", "norm_filename": "c:\\users\\5jghkoaofdp\\appdata\\local\\microsoft\\windows\\webcache\\v01.chk", "sha1_hash": "246fbc5482780f94e0bed0e97beb7d33fcaa0652", "sha256_hash": "f4069b141e8ca6330b9d5aabf5343dbc439daa72de942bcf09efe8d4c4908cfd", "size": 8192, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/e196ea94b697b57a4fa2adcd4a2f84dc2a734941", "file_type": "modified_file", "id": "file_229", "md5_hash": "c8ee59a8ee59dc0c3d31da2f99f60583", "norm_filename": "c:\\users\\5jghkoaofdp\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_idx.db", "sha1_hash": "e196ea94b697b57a4fa2adcd4a2f84dc2a734941", "sha256_hash": "64d1e5aa8ea78771f3fa1068daad15908e42f5b3f1fa5e20c4e63530e5b70912", "size": 13048, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/0184ec3f2e7138cfc357f6d679fac92593bf1625", "file_type": "modified_file", "id": "file_231", "md5_hash": "8f1e6ad6d0a94df3d72bb909ce62549b", "norm_filename": "c:\\windows\\system32\\logfiles\\scm\\d00e7cb4-f82a-4a72-ab0f-7bb86dca6f2f", "sha1_hash": "0184ec3f2e7138cfc357f6d679fac92593bf1625", "sha256_hash": "181dd19806e5066a683aae3ba8c4bdb5635fa808061c3cf04028fa9e00c6e95b", "size": 28, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/851548d2135cdf13f45d70866ffea47938f146ad", "file_type": "modified_file", "id": "file_232", "md5_hash": "94a2a919380a8c77e922342d3a67fe3e", "norm_filename": "c:\\windows\\system32\\logfiles\\scm\\05293577-d647-4185-b859-c94839a0b2e3", "sha1_hash": "851548d2135cdf13f45d70866ffea47938f146ad", "sha256_hash": "3d1e5923e6b0ca73d0b19f21410fa69e07f8f28443364261bb267abeaa7ee29c", "size": 28, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/33345fdff0c903ed85410a1f3ab390a3670c951a", "file_type": "modified_file", "id": "file_233", "md5_hash": "1458b179cf4dd998f5a4da726a7a7d37", "norm_filename": "c:\\windows\\system32\\logfiles\\scm\\05293577-d647-4185-b859-c94839a0b2e3", "sha1_hash": "33345fdff0c903ed85410a1f3ab390a3670c951a", "sha256_hash": "8aba2b1d68ec14f61f8353bebae4422df521330b43bfd94e80c053f3e82f3dd3", "size": 28, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/caaf3d2a972d66509dc2e0fc42602ba2bdafe14b", "file_type": "modified_file", "id": "file_234", "md5_hash": "1d528ee9fdf7535ee0dbb74f12f4d0a2", "norm_filename": "c:\\windows\\system32\\logfiles\\scm\\05293577-d647-4185-b859-c94839a0b2e3", "sha1_hash": "caaf3d2a972d66509dc2e0fc42602ba2bdafe14b", "sha256_hash": "5445028623f9ee8952fec0c033ab175710f3e381d3b23134b339e1784d7283cf", "size": 28, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/55ec04e852d72929427c0657b7abe43f0decddf5", "file_type": "modified_file", "id": "file_235", "md5_hash": "ce7682704c05f4fcbc4a43eb44d2cc09", "norm_filename": "c:\\windows\\system32\\logfiles\\scm\\05293577-d647-4185-b859-c94839a0b2e3", "sha1_hash": "55ec04e852d72929427c0657b7abe43f0decddf5", "sha256_hash": "73790bba0fe9e629765ebc7b8e805941470e65c136fcebe7c6d4ea8110f793b9", "size": 28, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/52384c3d2be69cb41eb3935e5d66d09d695d52d3", "file_type": "modified_file", "id": "file_236", "md5_hash": "fc608f5bd33ad025a2cb9133ba7980a5", "norm_filename": "c:\\windows\\system32\\logfiles\\scm\\05293577-d647-4185-b859-c94839a0b2e3", "sha1_hash": "52384c3d2be69cb41eb3935e5d66d09d695d52d3", "sha256_hash": "770f0e81e0c0180ba303a37ad8aa3535ca2369e0fbd662dc29f8e23fb7670ba6", "size": 28, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/11d95a6eb4c26d5ffd9ca95a7e8c2c4c20c69988", "file_type": "modified_file", "id": "file_237", "md5_hash": "b972932791098649eb4427f1b4e4237f", "norm_filename": "c:\\users\\5jghkoaofdp\\appdata\\local\\microsoft\\windows\\explorer\\iconcache_32.db", "sha1_hash": "11d95a6eb4c26d5ffd9ca95a7e8c2c4c20c69988", "sha256_hash": "871ddb4035d0faf0dcecc02787a66373db10a728247f25bccbe165d1699a4afd", "size": 2097152, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/c713a2f13d258d35598c1edf62c960dc1e61502d", "file_type": "modified_file", "id": "file_242", "md5_hash": "215fa39705ac907c9f4088f48ebc16b9", "norm_filename": "c:\\windows\\system32\\logfiles\\scm\\c4ae3c3e-c327-4689-b6fd-c11fb31ae88b", "sha1_hash": "c713a2f13d258d35598c1edf62c960dc1e61502d", "sha256_hash": "6462eadff61a9c6474f6cd2e93725fa6e0ffaba0cc3a65d2c2f28daf43889480", "size": 28, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/f218d2e30764b0018b2fa8ead20f4aab132dda95", "file_type": "modified_file", "id": "file_243", "md5_hash": "9e95391b51861a6ce889952fd4dc8012", "norm_filename": "c:\\windows\\system32\\logfiles\\scm\\6d60faa7-fe9e-4e2e-bdcd-a98bfb435a6c", "sha1_hash": "f218d2e30764b0018b2fa8ead20f4aab132dda95", "sha256_hash": "561de5faa42303a081c7405d3618173c7f9707f66ffa21b27521f594a4b24f42", "size": 28, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/7c6497978bd53c2f6cdedd22b091c426bcea450b", "file_type": "modified_file", "id": "file_244", "md5_hash": "68fc9d959c856d3c3a05db0b1b64519f", "norm_filename": "c:\\windows\\system32\\logfiles\\scm\\57e1ab59-8b1f-47d2-ad45-7f2a4f5cdf39", "sha1_hash": "7c6497978bd53c2f6cdedd22b091c426bcea450b", "sha256_hash": "5a9cf2cba8570ea4bb519463e77c2e1463e16631e1f29a28efc32a1243ec37e1", "size": 28, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/2117a217ec4320e1d5ff42f17d8c564f45d5d6b7", "file_type": "modified_file", "id": "file_247", "md5_hash": "351ae137b43526340747bd188e7a5441", "norm_filename": "c:\\users\\5jghkoaofdp\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_idx.db", "sha1_hash": "2117a217ec4320e1d5ff42f17d8c564f45d5d6b7", "sha256_hash": "a358ba63923f77b862710cfdfba5516517be582209e946f1bd9abe8297a6b2ac", "size": 13048, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/9c74ca6eab9ed7c3a5d65fe846638bb6d42e9220", "file_type": "modified_file", "id": "file_249", "md5_hash": "5d674eca10e83c08b1ec52c3ddc4b0aa", "norm_filename": "c:\\users\\5jghkoaofdp\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_256.db", "sha1_hash": "9c74ca6eab9ed7c3a5d65fe846638bb6d42e9220", "sha256_hash": "5b4fb9353a82a5627fe66db1483d3656acf85f52bb3b1863413d79ec89232485", "size": 1048576, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/efad873653b9ef23dda6ada58c5e845c43023dd9", "file_type": "modified_file", "id": "file_250", "md5_hash": "f5c03b9e9744b10ebc66c808c7f25be0", "norm_filename": "c:\\users\\5jghkoaofdp\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_256.db", "sha1_hash": "efad873653b9ef23dda6ada58c5e845c43023dd9", "sha256_hash": "ec7b36f3621bf8035d5e5333faaa293b21cc6438e0646813fe46202f9abf4a14", "size": 1048576, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/d16abf42d18524082cb44958754d828f7c77203c", "file_type": "modified_file", "id": "file_252", "md5_hash": "2b47d9507d24a0917aac281eabfc53a1", "norm_filename": "c:\\users\\5jghkoaofdp\\appdata\\local\\microsoft\\windows\\explorer\\iconcache_32.db", "sha1_hash": "d16abf42d18524082cb44958754d828f7c77203c", "sha256_hash": "8fc2f37c92322317eabc6303c24ae9241594d73420c5df4c237338adb3e650d2", "size": 2097152, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/0db37a7b1d0b3804ee7c22831127a292873f12d8", "file_type": "modified_file", "id": "file_255", "md5_hash": "0aa88ca5fd61b38499d62ea24c1b5979", "norm_filename": "c:\\windows\\system32\\logfiles\\scm\\e64595d9-e1af-4e09-8d36-1721fc82aee3", "sha1_hash": "0db37a7b1d0b3804ee7c22831127a292873f12d8", "sha256_hash": "9f9554cae1295c7d4a30932c953f73bb92fb9a3e43ccd935fc22be3f3a67c461", "size": 28, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/dd300ee487b8c12d4f4d14089932189da8f067d7", "file_type": "modified_file", "id": "file_257", "md5_hash": "93b5caeb2789daf0744e959277b3dc8a", "norm_filename": "c:\\windows\\system32\\logfiles\\scm\\e68ae95e-036a-421e-8d50-853a8b2bd168", "sha1_hash": "dd300ee487b8c12d4f4d14089932189da8f067d7", "sha256_hash": "3a7e92d202f57deb08162ebd813f754f3a584d5ebbbbc801d7f3521e7cad2f20", "size": 28, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/853ff150acd5d43464926252a202e3d80c80c982", "file_type": "modified_file", "id": "file_259", "md5_hash": "923e57e26f18c8029600d434236873b0", "norm_filename": "c:\\users\\5jghkoaofdp\\appdata\\local\\microsoft\\windows\\explorer\\iconcache_32.db", "sha1_hash": "853ff150acd5d43464926252a202e3d80c80c982", "sha256_hash": "269d94c9b3e7f18c144ef9a64362a45fdf26cbb9f3396318b5f2bef98573a7a6", "size": 2097152, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/c2ada64c247d8527ef84e1fa4353d207d3b3960b", "file_type": "modified_file", "id": "file_265", "md5_hash": "d90316213a64a3da50bf111b361f9fb0", "norm_filename": "c:\\windows\\prefetch\\dllhost.exe-74cfcb84.pf", "sha1_hash": "c2ada64c247d8527ef84e1fa4353d207d3b3960b", "sha256_hash": "c2362d72a655835233a463e2965f0c65bae695d0999cda281b7999a850ca768b", "size": 55614, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/a98e3d5ad48c459ac0e03ff165319f712f61439b", "file_type": "modified_file", "id": "file_266", "md5_hash": "ea67fb16c9b4544fd1daad988d6c2694", "norm_filename": "c:\\windows\\prefetch\\armsvc.exe-28c8c2ba.pf", "sha1_hash": "a98e3d5ad48c459ac0e03ff165319f712f61439b", "sha256_hash": "104dd3c5f47e3477f8fbe0651cbe06b19f07c2f0599e623232815950f71f7905", "size": 16340, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/a1a6ba10da0980207d7eb2fc027aa24c04176a23", "file_type": "modified_file", "id": "file_267", "md5_hash": "abab1244f0938fe2208d1007b1c909e0", "norm_filename": "c:\\windows\\prefetch\\taskhost.exe-9d9f554c.pf", "sha1_hash": "a1a6ba10da0980207d7eb2fc027aa24c04176a23", "sha256_hash": "0d123d7dcbdc15146f4ad902b709a53f5a2542cbc28a16dc019dafd754b04f7e", "size": 55662, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/929975884a2469e566303e6ed51cd0c42341078c", "file_type": "modified_file", "id": "file_268", "md5_hash": "874d3440ab0f60c4f7015f15424a753c", "norm_filename": "c:\\windows\\prefetch\\svchost.exe-135a30d8.pf", "sha1_hash": "929975884a2469e566303e6ed51cd0c42341078c", "sha256_hash": "17dc862c8bbc69e5e1a7fd0a6b1201cdeeb854cefa952563eb406d47a5e67d39", "size": 18258, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/18d88e87a453f36e1b7333900e4ce64fc0d8e10e", "file_type": "modified_file", "id": "file_269", "md5_hash": "83a1b0045608c2fa712882b60659d0a6", "norm_filename": "c:\\windows\\prefetch\\mobsync.exe-d8bc6ed2.pf", "sha1_hash": "18d88e87a453f36e1b7333900e4ce64fc0d8e10e", "sha256_hash": "08d167753f96f6aff9e0d9412229fc5945f46a0af4674b66320431665e69f819", "size": 27896, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/4ba36856a84009095ccc546ef34c31e21f56bc5c", "file_type": "modified_file", "id": "file_270", "md5_hash": "82a5eb68412fd70c96c8666fd4443af0", "norm_filename": "c:\\windows\\prefetch\\audiodg.exe-d0d776ac.pf", "sha1_hash": "4ba36856a84009095ccc546ef34c31e21f56bc5c", "sha256_hash": "0a563ed339d911b2454c1b4912e0210f750935c2641e7de21a06361b09ae9e4f", "size": 23766, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/d4277a6697a86009c05cf7b6301346029a40e2d6", "file_type": "modified_file", "id": "file_274", "md5_hash": "00c23bca01024283dcbc755037a6403c", "norm_filename": "c:\\windows\\prefetch\\thumbnailextractionhost.exe-64f19b6a.pf", "sha1_hash": "d4277a6697a86009c05cf7b6301346029a40e2d6", "sha256_hash": "8f1519391909568589313b38c64011166b22060529d1c9bae314dc3090b0e5ba", "size": 15536, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/9d424210c9e2edd89b37a76335e30c1cdea6ed49", "file_type": "modified_file", "id": "file_279", "md5_hash": "9a490f77a6e3187645f2cc5e7b384cc3", "norm_filename": "c:\\users\\5jghkoaofdp\\appdata\\local\\microsoft\\windows\\explorer\\iconcache_48.db", "sha1_hash": "9d424210c9e2edd89b37a76335e30c1cdea6ed49", "sha256_hash": "41116ac92b85fd3600548520121e0ffac7dffddd12adc9a193d6dd3b675d1ca2", "size": 2097152, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/ebf69264f49ae84edc546969a4768a853aed7efd", "file_type": "modified_file", "id": "file_281", "md5_hash": "d59f39f484420cbc27a8bc3aa6bd6471", "norm_filename": "c:\\windows\\system32\\catroot2\\{127d0a1d-4ef2-11d1-8608-00c04fc295ee}\\catdb", "sha1_hash": "ebf69264f49ae84edc546969a4768a853aed7efd", "sha256_hash": "2771585a4c94725ee59e233dcb7246c5368e2e811c8456349a2963b4300e86c7", "size": 1056768, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/2415cc2bf98ea08f3b6a293cb256f25d6d17e572", "file_type": "modified_file", "id": "file_282", "md5_hash": "d0051cc0ae6cf2e2cb9793228bb99106", "norm_filename": "c:\\windows\\system32\\catroot2\\{f750e6c3-38ee-11d1-85e5-00c04fc295ee}\\catdb", "sha1_hash": "2415cc2bf98ea08f3b6a293cb256f25d6d17e572", "sha256_hash": "82ac24ac82e7e2d73fe0a137091e3d8f63af88633b2e06311243ff72528dfa35", "size": 10485760, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/5258dd739f93491a17cb71c03b14c9fd3904732b", "file_type": "modified_file", "id": "file_285", "md5_hash": "bf075a961d070dddae149b8a63b56ad0", "norm_filename": "c:\\windows\\system32\\wdi\\shutdownperformancediagnostics_systemdata.bin", "sha1_hash": "5258dd739f93491a17cb71c03b14c9fd3904732b", "sha256_hash": "fce829cf38484f8ce20db60f9ebbd4428ad6004442bae02a2aa7a09b9a83821b", "size": 7092, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/bd0894bef3cfc9bb8d22aede6e7e23bc840456cb", "file_type": "modified_file", "id": "file_286", "md5_hash": "7ee625a706a233e3965c408efbe73be9", "norm_filename": "c:\\windows\\system32\\wdi\\bootperformancediagnostics_systemdata.bin", "sha1_hash": "bd0894bef3cfc9bb8d22aede6e7e23bc840456cb", "sha256_hash": "0db0a17192c8d72b51eb57400dda067c615511bb3708c1bbb060106459c69cab", "size": 24518, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/aec5bafa6214371e770d8b6f0674309bb9dba426", "file_type": "modified_file", "id": "file_289", "md5_hash": "b99c38d695ad8ccc814a15950562b498", "norm_filename": "c:\\windows\\system32\\wdi\\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\\s-1-5-21-3643094112-4209292109-138530109-1001_userdata.bin", "sha1_hash": "aec5bafa6214371e770d8b6f0674309bb9dba426", "sha256_hash": "92ebadfcd5f83fa16909986ed6e31348d7c3be0d05aa4c3d0570c8b7aa064119", "size": 2696, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/084e1f428df69d957963a63ed6df7d7970941d76", "file_type": "modified_file", "id": "file_290", "md5_hash": "7decec08da5969ceed3bbe8b7ffe30cf", "norm_filename": "c:\\windows\\bootstat.dat", "sha1_hash": "084e1f428df69d957963a63ed6df7d7970941d76", "sha256_hash": "c2503e26e6f2a4a195c61634e71c8c90a37a7fd55a12a72263e647e96724097d", "size": 67584, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/ebce2cfdb9579ccc0c4b1a91c46525820c6e61c6", "file_type": "modified_file", "id": "file_294", "md5_hash": "2210eeab12728dec91b8c04384f08e3b", "norm_filename": "c:\\windows\\prefetch\\sppsvc.exe-cbe91656.pf", "sha1_hash": "ebce2cfdb9579ccc0c4b1a91c46525820c6e61c6", "sha256_hash": "26bfda619988489f36efb65f07583b2d80ee5e3d19b8733c045498fe8fb395e8", "size": 87586, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/5534e21e767988e75ab4ff7f6431682f53560253", "file_type": "modified_file", "id": "file_295", "md5_hash": "f815f92ee7ab01bd044b9fedb76da871", "norm_filename": "c:\\windows\\system32\\tasks\\microsoft\\windows\\softwareprotectionplatform\\svcrestarttask", "sha1_hash": "5534e21e767988e75ab4ff7f6431682f53560253", "sha256_hash": "7175f4a8ee223c9a92e155a5856ffedbfc3e8fa9b6901d242c566d660161fd2a", "size": 4680, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/b35a21d9340e1ea9f82815253f79ee8f0352e2da", "file_type": "modified_file", "id": "file_296", "md5_hash": "0916790b7daa7c8607c2f69cdf9b4d3d", "norm_filename": "c:\\windows\\system32\\spp\\store\\2.0\\cache\\cache.dat", "sha1_hash": "b35a21d9340e1ea9f82815253f79ee8f0352e2da", "sha256_hash": "3d7adb9d7884010b48ad04b51e31902faf5b5602b7216186031369b918fcd192", "size": 819120, "type": "extracted_file", "version": 1 } ], "process_dumps": [ { "archive_path": "process_dumps/process_00000001-region_00000001-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "filename": "process_00000001-region_00000001-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "id": "proc_dump_297", "md5_hash": "b2a6b84cfb7bb2622dc6725846d7224d", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "fce91cb8602ad42ecaec94d49b49deeb53fca6bb", "sha256_hash": "efe60565c40e50f07c00102584144fb82063ba00acddc01b0de17a7edf460a70", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000002-addr_0x000000e8f39f0000-size_0x0000000000020000-perm_rw.bin", "filename": "process_00000001-region_00000002-addr_0x000000e8f39f0000-size_0x0000000000020000-perm_rw.bin", "id": "proc_dump_298", "md5_hash": "09d9bed12a7941d95451058f4a46745b", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "264f36dd96a32c50392e79567d85c86a3855ab5f", "sha256_hash": "a33be0f7b220a81a0d4a8ff960e9bee495a473e2c51a75467f16b817161eee25", "size": 131072, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000004-addr_0x000000e8f3a20000-size_0x0000000000400000-perm_rw.bin", "filename": "process_00000001-region_00000004-addr_0x000000e8f3a20000-size_0x0000000000400000-perm_rw.bin", "id": "proc_dump_299", "md5_hash": "20d55e5e2b6bf54b53f38f540c20f0f9", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "ce65dd2eb902d3f7f277919e6368738cd9912ec0", "sha256_hash": "f92b0d6272f959b8ffdde35eb5430e0e84e906731a0a44a5968111789e4f4508", "size": 4194304, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000007-addr_0x000000e8f3e40000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000001-region_00000007-addr_0x000000e8f3e40000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_300", "md5_hash": "eade8e8fe1cfcf4e2cd35c12f14b23ab", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "2e915f7011cf67e4ca99ef592dc2b7bae90c743d", "sha256_hash": "42a446b6aa165ab77fab3201a5d0441277846eec2b489e2753be92cfebbb9111", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000009-addr_0x00007ff7562c4000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000001-region_00000009-addr_0x00007ff7562c4000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_301", "md5_hash": "08f2adc2b2ce8657468ede8a05f6ba0b", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "15f539c2ec8ec943f1044bb9e9828af408e1cd42", "sha256_hash": "9727f566b00033ee47c728197ac8628469fb68c2fb90aa3e14dd1e59ad3d3f8d", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000010-addr_0x00007ff7562ce000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000001-region_00000010-addr_0x00007ff7562ce000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_302", "md5_hash": "1adc86fdd18285150b9d2e95ef89bbb1", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "51869e3805ac8a614d0368dae03b370d663a145b", "sha256_hash": "610c2fdd3a722ccd0a91a1be765158af00f1d8edcb8bc39035361d4cb67140a9", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000011-addr_0x00007ff756b50000-size_0x0000000000109000-perm_rwx.bin", "filename": "process_00000001-region_00000011-addr_0x00007ff756b50000-size_0x0000000000109000-perm_rwx.bin", "id": "proc_dump_303", "md5_hash": "ca57330f69270ee9fdb25a47a14cd245", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "ea6e11520cd65f5b8f257b364ba14f66abbb812e", "sha256_hash": "358d896b7f187310d0d02cab6b3108a815379bbde20f8dd718367bf50b83ce12", "size": 1050112, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000148-addr_0x000000e8f4010000-size_0x0000000000400000-perm_rw.bin", "filename": "process_00000001-region_00000148-addr_0x000000e8f4010000-size_0x0000000000400000-perm_rw.bin", "id": "proc_dump_304", "md5_hash": "d5dadf0881cdd8ac7e5bcf75235ae09b", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "163ea2987cc3ea06407e36a805f118330719b6ff", "sha256_hash": "5d4cc1e6321eccb907c52e05a783cbdaaaca3d514a4192377168ff8155572400", "size": 4194304, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000152-addr_0x000000e8f3a00000-size_0x0000000000007000-perm_rw.bin", "filename": "process_00000001-region_00000152-addr_0x000000e8f3a00000-size_0x0000000000007000-perm_rw.bin", "id": "proc_dump_305", "md5_hash": "2371d18c4ff370d8ed3b43748deb5f17", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "729e2837cf42d4b157e6e43e7ca1f7e894b73976", "sha256_hash": "7902d80658143b6259177dd79ce046627e8664a45cff8c9d381b6c9a3da4836e", "size": 28672, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000186-addr_0x000000e8f3ed0000-size_0x0000000000007000-perm_rw.bin", "filename": "process_00000001-region_00000186-addr_0x000000e8f3ed0000-size_0x0000000000007000-perm_rw.bin", "id": "proc_dump_306", "md5_hash": "40186bc95b0ce9e1a0d77452be3a0032", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "cab038cec483216b77a317757b7bc0d9a548e853", "sha256_hash": "9ef08f2f15911d9aedb90c98d938c9dccba499bd44fe6273c99ea0f110a480ca", "size": 28672, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000187-addr_0x000000e8f3f20000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000001-region_00000187-addr_0x000000e8f3f20000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_307", "md5_hash": "dbfaa04def7cccffe66b1622d9118650", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "4eede96c996d80a208a9e2b2e588f5b2bd6f3ee9", "sha256_hash": "5367b358a617c796d83d00da977b91ba48488870b28cf14240e3e44a313e6fe1", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000191-addr_0x000000e8f3ee0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000001-region_00000191-addr_0x000000e8f3ee0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_308", "md5_hash": "ad4bbbeaf60ffa70110ab83e7502d1f0", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "c077485facb2b01e6e79fb052f9a76cc1e4b7c4e", "sha256_hash": "4a96ed48d0a272725de60fdc92a533a657920929440c960e1fc9f917a902cbac", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000192-addr_0x000000e8f3ef0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000001-region_00000192-addr_0x000000e8f3ef0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_309", "md5_hash": "baa095d0f424ded37169dccfabe2a48b", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "13de5554742b8bdbbac3f1dd140af759f9f055a4", "sha256_hash": "556d13cdbbe748d7480e2434b1f1d58ff20c3c4211c0491da0abbd118c4e58cc", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000194-addr_0x000000e8f3f80000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000001-region_00000194-addr_0x000000e8f3f80000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_310", "md5_hash": "3104d75a78d9c1466add1ba9e8b97536", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "9d82f6d9d76a0ed65cff931180f7c55315a418c5", "sha256_hash": "cc5f32b629c5ef516d5446c46ed5793e89b326f14f6eaccf0e88a4e315dd24ac", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000204-addr_0x000000e8f3f30000-size_0x0000000000007000-perm_rw.bin", "filename": "process_00000001-region_00000204-addr_0x000000e8f3f30000-size_0x0000000000007000-perm_rw.bin", "id": "proc_dump_311", "md5_hash": "801b228014d1c9a2cad6291ab784bb7d", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "b4a38105ed3291ba60b9e3cfc7a8064e0dbfe64b", "sha256_hash": "08a2ea6ceab0822b73d9abd195a92ef1b659a04c26a8b2db2b368ae0a281da40", "size": 28672, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000205-addr_0x000000e8f5c20000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000001-region_00000205-addr_0x000000e8f5c20000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_312", "md5_hash": "d7b50a1629c0870e404fb0d22a236595", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "e02be532242409ffa8d80b6a87af3b3b20fc2282", "sha256_hash": "288f17cbb8c172763dc2dab761fbaddef83534d1f83e6d7e6b7c1d5a1d69d5c2", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000206-addr_0x000000e8f3f40000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000001-region_00000206-addr_0x000000e8f3f40000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_313", "md5_hash": "0033b6a89c8eb49f66eb1553914783b5", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "12588e2ef9b5e0a4e7df328702fc56065bc090e4", "sha256_hash": "c9f25cf3878420598007ab307afba1aecaa68eaa2e7536bba5bf74e46286cc0f", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000887-addr_0x000000e8f6000000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000001-region_00000887-addr_0x000000e8f6000000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_354", "md5_hash": "4acd3c7fa2178acc5f1355f6b5318783", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "813578b6506ffa68b9eb7035df1a76f5115d4291", "sha256_hash": "271e83882fecf4e80f021ccf44f91a902b47d3695d7f67f5921140428d0793cb", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000888-addr_0x000000e8f6100000-size_0x0000000000107000-perm_rw.bin", "filename": "process_00000001-region_00000888-addr_0x000000e8f6100000-size_0x0000000000107000-perm_rw.bin", "id": "proc_dump_355", "md5_hash": "def3ff00f44ceb798cc94c4b4a210f58", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "65cc083895e0843298d45bcfde075a9221cb931c", "sha256_hash": "dfce3761cec29a2d14cf338cc6dbf66093a7460daa8d8a91b9bc64d01db290c0", "size": 1077248, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000889-addr_0x000000e8f6210000-size_0x0000000000103000-perm_rw.bin", "filename": "process_00000001-region_00000889-addr_0x000000e8f6210000-size_0x0000000000103000-perm_rw.bin", "id": "proc_dump_356", "md5_hash": "319fc9a71c5182d3147b817704496184", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "95099ddc2db91faaf78d2cffb04ba9f99a7fb20f", "sha256_hash": "9059961bb1052039509d48a8c7bda05bc4cdc05bfe5d7403f56be364e9daab51", "size": 1060864, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000890-addr_0x000000e8f6320000-size_0x0000000000109000-perm_rw.bin", "filename": "process_00000001-region_00000890-addr_0x000000e8f6320000-size_0x0000000000109000-perm_rw.bin", "id": "proc_dump_357", "md5_hash": "5401509d378ebe13f54a41cd71914f30", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "c300dc8030cc5b8fd7de82007392cdd7ce3d436f", "sha256_hash": "651a4a31f3c020696ea7098a0388d5b12dba9008abd48c51cae9a81f1b0c0b6d", "size": 1085440, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000891-addr_0x000000e8f6430000-size_0x000000000010b000-perm_rw.bin", "filename": "process_00000001-region_00000891-addr_0x000000e8f6430000-size_0x000000000010b000-perm_rw.bin", "id": "proc_dump_358", "md5_hash": "58fdfb95fd0b66a68fdaf8ba20569474", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "9daea47dacbb481ecb5680cf4befbddaa62f9804", "sha256_hash": "6a8f4e8316708ce75a3d069ba70b5eb8b8fc1a4ae9166691f41b3e50bfef2539", "size": 1093632, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000895-addr_0x000000e8f6100000-size_0x0000000000400000-perm_rw.bin", "filename": "process_00000001-region_00000895-addr_0x000000e8f6100000-size_0x0000000000400000-perm_rw.bin", "id": "proc_dump_359", "md5_hash": "08ef021c6e3af130cba10efa0558791b", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "2ed4759c9cd6a5b05c77e23d89e1dd6ae18fc6b0", "sha256_hash": "079ccd1f0543159e7eeedce9179c38c4e2b0bf2464619934ffe17e088a4e535f", "size": 4194304, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000896-addr_0x00007ff7562cc000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000001-region_00000896-addr_0x00007ff7562cc000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_360", "md5_hash": "eba69ab895047a234156a8b68cf7967e", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "83cf3ae9e2138ad81cf9486610380ac8d76d9ef8", "sha256_hash": "206bf9e6db7a85a21752a10c1132bf38f3868384c84b9e2881e47783f922c1af", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000901-addr_0x000000e8f6900000-size_0x0000000000400000-perm_rw.bin", "filename": "process_00000001-region_00000901-addr_0x000000e8f6900000-size_0x0000000000400000-perm_rw.bin", "id": "proc_dump_361", "md5_hash": "a5170d6d7b995d109307c1a2860b4c8a", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "3ae6fa2b3762cbb2c23e873cddb78848d338e250", "sha256_hash": "0605fab54efbf1c0e4dfdd9ecfc62c49eab0400457f21845910c69bbe1b46f0f", "size": 4194304, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000902-addr_0x00007ff7562ca000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000001-region_00000902-addr_0x00007ff7562ca000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_362", "md5_hash": "5ccfac96ea8e74e3e6e7183834544f2c", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "e9980549da65009a16e3b1725fd132b5fc7f781f", "sha256_hash": "b159094673f8201908f29345866a92788844ff9f8e49cac3c48a971361c263cc", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000907-addr_0x000000e8f6d00000-size_0x0000000000101000-perm_rw.bin", "filename": "process_00000001-region_00000907-addr_0x000000e8f6d00000-size_0x0000000000101000-perm_rw.bin", "id": "proc_dump_363", "md5_hash": "f2c675eaa7ac397244f7b8fef8a3b2fe", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "88bc69964f86770f6fd2536065b41ce26a5ecd7d", "sha256_hash": "45fa67547a874834f4b00376bbe95f2eac00bc6f1e4c07b00466a45b5f16879b", "size": 1052672, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00001062-addr_0x000000e8f3fe0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000001-region_00001062-addr_0x000000e8f3fe0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_419", "md5_hash": "0fe05ecf093f86afc9bcce802bdf4982", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "b26cdacd4ecb0196f404fc357821bc47cb9749de", "sha256_hash": "a897e86cca59ed341d8be8438849a3ceaa359f20b3c7798a2ba716aab568b2a7", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00001065-addr_0x000000e8f6d00000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000001-region_00001065-addr_0x000000e8f6d00000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_420", "md5_hash": "76d12af6fa00499e103667b7369dbed3", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "5b96f3c2a10001b05dffbb2dfed8be40486d265e", "sha256_hash": "a630190274312df23ffe48ab1e082e07f1ff2bce161867bf2fec4391a75220e4", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00001068-addr_0x000000e8f6e00000-size_0x0000000000400000-perm_rw.bin", "filename": "process_00000001-region_00001068-addr_0x000000e8f6e00000-size_0x0000000000400000-perm_rw.bin", "id": "proc_dump_421", "md5_hash": "69a85ceecfc7752e227a6f5f4598d499", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "e3a376f8e0f1f21e976626fa1e4acae451d8a250", "sha256_hash": "7c6b9cc37dc26cb013ae9c5fc0a93c0f39fc35c53992cdd55312badc466fabf6", "size": 4194304, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00001069-addr_0x00007ff7562c8000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000001-region_00001069-addr_0x00007ff7562c8000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_422", "md5_hash": "075c2c397bc743fbef4e749bd63655bf", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "f3dc391edcfb70c707b4e76abe61382b553bb855", "sha256_hash": "bab6253da2cd692be6c119234929aa2de6f284f67ad6e16b52a88d8eacb34b60", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00001237-addr_0x000000e8f7200000-size_0x0000000000400000-perm_rw.bin", "filename": "process_00000001-region_00001237-addr_0x000000e8f7200000-size_0x0000000000400000-perm_rw.bin", "id": "proc_dump_429", "md5_hash": "53f5e005bc68b9c41f26c47e7075c965", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "217b2a8a907d3667bffc0b7484e9124c09e81fb0", "sha256_hash": "efe46a87026a82176cd23327186740fa78785f78fac6acb00650149f83b04c8d", "size": 4194304, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00001238-addr_0x000000e8f7600000-size_0x0000000000400000-perm_rw.bin", "filename": "process_00000001-region_00001238-addr_0x000000e8f7600000-size_0x0000000000400000-perm_rw.bin", "id": "proc_dump_430", "md5_hash": "8deb0c09c9f89872b7e6618049c21012", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "353aa35e35931af25bf2f2100a5e61dc29083199", "sha256_hash": "c11ac2cc009707d4f2c419a4f0f44b1330e68f939cd574d473fb4fc3da2d595d", "size": 4194304, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00001239-addr_0x000000e8f7a00000-size_0x0000000000400000-perm_rw.bin", "filename": "process_00000001-region_00001239-addr_0x000000e8f7a00000-size_0x0000000000400000-perm_rw.bin", "id": "proc_dump_431", "md5_hash": "82da82ca9113f024c273f0489f53f26e", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "4f1fd7284d3568be6a46fcee3b90f8c997afd937", "sha256_hash": "22d479ed0b0a1e56de7e9c80a45e1b7bd3c1437b9f671cee2366cee8a470eed4", "size": 4194304, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00001240-addr_0x00007ff75619c000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000001-region_00001240-addr_0x00007ff75619c000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_432", "md5_hash": "fe672b54de00eb6f26c7ca316de0c2c4", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "d5ac09a0fc97c6432d74ef9e5ac244dd85be66f8", "sha256_hash": "a2630a9c20cff950856baacdc888e04d916e03a203e8a0c50ada6836c3da154a", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00001241-addr_0x00007ff75619e000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000001-region_00001241-addr_0x00007ff75619e000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_433", "md5_hash": "628f57b2e34973e8bd5fe96726a480c6", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "1f58de55c67d7b0b4fd0a46f9e904819453c2e1c", "sha256_hash": "ef7f5461ced73dc7a55e503ec6fa1b6c6365cfe14c02bdba0f9442ff0f674384", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00001242-addr_0x00007ff7562c6000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000001-region_00001242-addr_0x00007ff7562c6000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_434", "md5_hash": "b34dd58c1b5eca559186177eadc95b57", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "d72315b143a3f274085a382fcd2325f6544423ba", "sha256_hash": "8049450a55824888bdb8e0a80b96552ce58b3b6c36b637dc5bd4122f7603ab29", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00001396-addr_0x000000e8f7e10000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000001-region_00001396-addr_0x000000e8f7e10000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_489", "md5_hash": "b245b06eafe80107269281792189c015", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "e6c7ebd41110d3f9309d11a293bcdd825a8d2b9a", "sha256_hash": "5b77e15ff93a8b2aab8c62199d8a4cd455639ff6866515b916eb3ed261c020e0", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00001397-addr_0x000000e8f7e20000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000001-region_00001397-addr_0x000000e8f7e20000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_490", "md5_hash": "0033b6a89c8eb49f66eb1553914783b5", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "12588e2ef9b5e0a4e7df328702fc56065bc090e4", "sha256_hash": "c9f25cf3878420598007ab307afba1aecaa68eaa2e7536bba5bf74e46286cc0f", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000211-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "filename": "process_00000002-region_00000211-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "id": "proc_dump_314", "md5_hash": "fc75ac0f7bd7ce60bbf9c4f02d1d1a15", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "9ca4cbfa1c1d4b1691e8ac33fb8e907e03cb7bc7", "sha256_hash": "bf0b2a71e7348e4001e717fd60714a36a158e0dabfb76428ddefaa348480c9b1", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000212-addr_0x000000c2ce910000-size_0x0000000000020000-perm_rw.bin", "filename": "process_00000002-region_00000212-addr_0x000000c2ce910000-size_0x0000000000020000-perm_rw.bin", "id": "proc_dump_315", "md5_hash": "09d9bed12a7941d95451058f4a46745b", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "264f36dd96a32c50392e79567d85c86a3855ab5f", "sha256_hash": "a33be0f7b220a81a0d4a8ff960e9bee495a473e2c51a75467f16b817161eee25", "size": 131072, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000214-addr_0x000000c2ce940000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000002-region_00000214-addr_0x000000c2ce940000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_316", "md5_hash": "65a8c621d2010466d0753b0337ef1a9f", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "a32ef78a5c0150238bf95ff0f9d4f5c9de5503d7", "sha256_hash": "8b159c3a9767ef2b37785336e37a7cbf8f7515cb82f38beb45094b2316b08be1", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000217-addr_0x000000c2cea60000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000002-region_00000217-addr_0x000000c2cea60000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_317", "md5_hash": "97e94d8e03248862572e059420c79c21", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "aeb7ebda98a1c341d8ec0dbd3376aad5bdb0ca25", "sha256_hash": "178840366dd40aa6c5e7a41937d5655a7c0a9ab5952f70f73b7031b8b35e570d", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000219-addr_0x00007ff62286d000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000002-region_00000219-addr_0x00007ff62286d000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_318", "md5_hash": "75adaea6e0fc42f96ace26de2c318116", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "74c59dbcdcf4a783537636a02bea56a1c1c53ed5", "sha256_hash": "6474427411e533d9b6452582052c6b6e7eae81e5827a71dcc932305b969bac4a", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000220-addr_0x00007ff62286e000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000002-region_00000220-addr_0x00007ff62286e000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_319", "md5_hash": "a9b7c82500b1f807fc46ff5e2533fb64", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "95695e6da69593fd3fe97e2eb623123811e49466", "sha256_hash": "b63b2f0d36376ac13e1879e261e0782a416478ba9a7592f0bc89b446d7fd24b2", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000227-addr_0x000000c2ceb60000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000002-region_00000227-addr_0x000000c2ceb60000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_320", "md5_hash": "f8ae54e30b0bfcf50ea7dcf0683a2e1d", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "8949a10c468b784381c3e28a756fc7854d645cb5", "sha256_hash": "ead3b54f3f2d373aa4b5569d7cb650374270bc9a5d2a8c2ae15ed8db0fb6af4b", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000290-addr_0x000000c2ce920000-size_0x0000000000007000-perm_rw.bin", "filename": "process_00000002-region_00000290-addr_0x000000c2ce920000-size_0x0000000000007000-perm_rw.bin", "id": "proc_dump_337", "md5_hash": "21b9328831313f4400b9d966cf3a8e65", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "af8bb532a5e2fd7453f8866f9319753a76edb103", "sha256_hash": "44347457d5a0208b419aafec16136da47d412dc03acf1f645685cfbbd3d7ec16", "size": 28672, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000292-addr_0x000000c2ced00000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000002-region_00000292-addr_0x000000c2ced00000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_338", "md5_hash": "0c464586800f99a35fc60645bce34259", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "6576e5e69345bf7c4998a52d594f83ae15bbd21c", "sha256_hash": "e90d40b6ffe27bad9fcc09cc989701d05e8d91cfa6b5544244294be3a5bff694", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000295-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "filename": "process_00000004-region_00000295-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "id": "proc_dump_339", "md5_hash": "aae6172d6aed75406d8da91910214676", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "614e8cd6b11fb44eae0f385c0dd3b44ec2f1e178", "sha256_hash": "5f01c55b6d0ad5ea5b95716a368648102b54bbaa6865f19243ca3ccf24fd7a1e", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000296-addr_0x00000056c4060000-size_0x0000000000020000-perm_rw.bin", "filename": "process_00000004-region_00000296-addr_0x00000056c4060000-size_0x0000000000020000-perm_rw.bin", "id": "proc_dump_340", "md5_hash": "09d9bed12a7941d95451058f4a46745b", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "264f36dd96a32c50392e79567d85c86a3855ab5f", "sha256_hash": "a33be0f7b220a81a0d4a8ff960e9bee495a473e2c51a75467f16b817161eee25", "size": 131072, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000298-addr_0x00000056c4090000-size_0x0000000000080000-perm_rw.bin", "filename": "process_00000004-region_00000298-addr_0x00000056c4090000-size_0x0000000000080000-perm_rw.bin", "id": "proc_dump_341", "md5_hash": "51b00d9574338daa4d0631b3210f8ff0", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "73ff4d2560df9216a2d7bf41302f0f23ac5fe8e8", "sha256_hash": "bb2b117b8531c397c542e77de300f3407ad673031d3496b253c1e2e7dcbdf82e", "size": 524288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000301-addr_0x00000056c4130000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000004-region_00000301-addr_0x00000056c4130000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_342", "md5_hash": "30d4f6f16999b135140678aa518731d6", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "45e205b18fea8e8d6d0f027117d9019abe8c3b39", "sha256_hash": "f6d3f5e4285eb52ee360235f149b41307cd87aeb428eb5cda60247c2fe816e96", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000303-addr_0x00007ff66898d000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000004-region_00000303-addr_0x00007ff66898d000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_343", "md5_hash": "06cabeeccadb7810cfadf7c276d2b310", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "8f1bbef6d1cb2a40f27e9f0510b60a06ae7777f2", "sha256_hash": "8c2731558c559a4746accd322888b6b4060576ad056204dee5b1f6174d25d978", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000304-addr_0x00007ff66898f000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000004-region_00000304-addr_0x00007ff66898f000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_344", "md5_hash": "0bdda881f98bf35934cf52f14d875c7e", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "75204f49e4a7be1a17e3028d14a58be82c56c834", "sha256_hash": "3414963f0256713849cd4f56f838c63e0c9ee0055d1448bf53a9ae6c7e696320", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000307-addr_0x00000056c4230000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000004-region_00000307-addr_0x00000056c4230000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_345", "md5_hash": "468d924fc33185e969198a8d579ecb89", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "df091d88c73e9711127096562d50a6a745e72daa", "sha256_hash": "45154362eac058b2b9be01e3c5d7c9a14bef8642a98b98470e9aefd7424482ed", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000311-addr_0x00000056c4070000-size_0x0000000000007000-perm_rw.bin", "filename": "process_00000004-region_00000311-addr_0x00000056c4070000-size_0x0000000000007000-perm_rw.bin", "id": "proc_dump_346", "md5_hash": "85f3a7ad587fef614482364bcb3f2960", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "aa21fe63aff5dbde9064fe4af44451ba99dc98c3", "sha256_hash": "29072448c42ef3fda989b62f6f09a596ff6d6fc76dec37fe17ae90e936a3c9ed", "size": 28672, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000313-addr_0x00000056c41c0000-size_0x0000000000007000-perm_rw.bin", "filename": "process_00000004-region_00000313-addr_0x00000056c41c0000-size_0x0000000000007000-perm_rw.bin", "id": "proc_dump_347", "md5_hash": "eadaf60bccfa92d5bd91252bd330df48", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "a0799bd462587597c3290cefe7510130baa2e898", "sha256_hash": "90603e65243cf3d1aaba9fdcef3fa38d44832aa27d30679ac86524173437543f", "size": 28672, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000316-addr_0x00000056c41f0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000004-region_00000316-addr_0x00000056c41f0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_348", "md5_hash": "41559f86d0acc06c22cb886109341be9", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "2836dc7e4fa5660c9057c6a3981a1a4ac50e56e1", "sha256_hash": "132fd48d033db218adcb62299d2b0f50ea4c3b45b1a185271a9f95ea0cac5a28", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000317-addr_0x00000056c4200000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000004-region_00000317-addr_0x00000056c4200000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_349", "md5_hash": "baa095d0f424ded37169dccfabe2a48b", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "13de5554742b8bdbbac3f1dd140af759f9f055a4", "sha256_hash": "556d13cdbbe748d7480e2434b1f1d58ff20c3c4211c0491da0abbd118c4e58cc", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000318-addr_0x00000056c4460000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000004-region_00000318-addr_0x00000056c4460000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_350", "md5_hash": "625195341d22733c4fccdfa43bcf18bb", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "e729216909cb0019ca58e3d7185efd10f9ab971a", "sha256_hash": "3830b63d6649b0682a2095054df02b7e9ed1553e61fa142206f23bc95f8c8d02", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000343-addr_0x00000056c4330000-size_0x00000000000a0000-perm_rw.bin", "filename": "process_00000004-region_00000343-addr_0x00000056c4330000-size_0x00000000000a0000-perm_rw.bin", "id": "proc_dump_351", "md5_hash": "0fba885c8220838e756cce9c710fbe58", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "e2308e82641d727cef4c6ccbbb1fc4de1b10d94c", "sha256_hash": "554f0cd6bf5315b58372aed2253951ca14fd47348f79293a8b467a238788c730", "size": 655360, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000350-addr_0x00000056c4220000-size_0x0000000000007000-perm_rw.bin", "filename": "process_00000004-region_00000350-addr_0x00000056c4220000-size_0x0000000000007000-perm_rw.bin", "id": "proc_dump_352", "md5_hash": "450fc7dd984ab777db7d6024173890dd", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "44cf72caa4c0c59bf7f42f77e19fdec39342153f", "sha256_hash": "106f34595ede0eeba0f634ce509e11c4e908c3d6447dfb1fa1513886c78fe0d1", "size": 28672, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000352-addr_0x00000056c43c0000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000004-region_00000352-addr_0x00000056c43c0000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_353", "md5_hash": "442427ed3c2285e6df73a4daa930acab", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "fd1b95308d3a8f1929d5d535c9672a3c45879c64", "sha256_hash": "d2db64195d3148d7202885872b71b4058493e4679c9858ce991506ccea79d84c", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00000909-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "filename": "process_00000006-region_00000909-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "id": "proc_dump_365", "md5_hash": "f832c33f0670cebb8fc7c38db9fe80e6", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "a980e9d4fdfb5e3b18c9968ebf465a9c6669d593", "sha256_hash": "868aca7443c2e8b6c84083427f50c7b356d32f3c944d49cef53a6d4139b1c9c7", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00000910-addr_0x000000bd41bf0000-size_0x0000000000020000-perm_rw.bin", "filename": "process_00000006-region_00000910-addr_0x000000bd41bf0000-size_0x0000000000020000-perm_rw.bin", "id": "proc_dump_366", "md5_hash": "09d9bed12a7941d95451058f4a46745b", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "264f36dd96a32c50392e79567d85c86a3855ab5f", "sha256_hash": "a33be0f7b220a81a0d4a8ff960e9bee495a473e2c51a75467f16b817161eee25", "size": 131072, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00000912-addr_0x000000bd41c20000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000006-region_00000912-addr_0x000000bd41c20000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_367", "md5_hash": "6bf029c9801677b6cd7b97b320d9bc85", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "1319d9fc01c33238ecab287b19f140515dca32ea", "sha256_hash": "5fd5e40756f03d9a910eca359a85d2ca4bbb050a1b8000434a8f6b1882e6cd31", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00000915-addr_0x000000bd41d40000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000006-region_00000915-addr_0x000000bd41d40000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_368", "md5_hash": "97e94d8e03248862572e059420c79c21", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "aeb7ebda98a1c341d8ec0dbd3376aad5bdb0ca25", "sha256_hash": "178840366dd40aa6c5e7a41937d5655a7c0a9ab5952f70f73b7031b8b35e570d", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00000917-addr_0x00007ff6230fb000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000006-region_00000917-addr_0x00007ff6230fb000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_369", "md5_hash": "33ff1f6015ff7b487a992d975b3e2fa8", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "b6bd43e251c6e0cbeb1ac961a8f4cd5de82ca1f0", "sha256_hash": "4cbfc049212ca875f72080ba657d512c0a352fab087126831a8eadd7368c191c", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00000918-addr_0x00007ff6230fe000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000006-region_00000918-addr_0x00007ff6230fe000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_370", "md5_hash": "51889e81ba8f46af40cacbbf2649803a", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "239b762513526c18584fca6af1794e1d4fad1875", "sha256_hash": "055e62bd300f32ee7a9463ae222df98f317c819522c6d4e1fb0abdd20484f106", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00000945-addr_0x000000bd41d50000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000006-region_00000945-addr_0x000000bd41d50000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_383", "md5_hash": "867c55646e0c84f7211561de9e5f6e95", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "46d59a38819c53f508f5084d5d8cad6bbdbfdcc5", "sha256_hash": "875f410f0e4c5e8d2c14710e5c0042451b6e3258aa0fa0ddf78256f1a56e955d", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001226-addr_0x000000bd41c00000-size_0x0000000000007000-perm_rw.bin", "filename": "process_00000006-region_00001226-addr_0x000000bd41c00000-size_0x0000000000007000-perm_rw.bin", "id": "proc_dump_425", "md5_hash": "d4985c801d9b7db16e078cf53d619576", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "44175830996b215d42d0489918a71d5316ce818b", "sha256_hash": "6676b037a137d558e422cd197fba74f71f0cfdd42379a2e23ae5b40ae1bc5851", "size": 28672, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001228-addr_0x000000bd42070000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000006-region_00001228-addr_0x000000bd42070000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_426", "md5_hash": "21312328cad4408065ce1766d08ba2e0", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "22f9457cf560f8580700cf31af8df09590505b23", "sha256_hash": "a06a15044207a1a1405eebe5cd8bbb5c282b6de112f24cb41e3bb5dd3999d8fd", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00000921-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "filename": "process_00000007-region_00000921-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "id": "proc_dump_371", "md5_hash": "aabcbeb0cd9083cbb5e7e74313b51770", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "be65c990c316de9111dfed2cae869d6cef3b0955", "sha256_hash": "252ca625c643fe9c043a2075dbd1a190456cb5b9e445b2efa9da80f899991700", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00000922-addr_0x0000009a39f30000-size_0x0000000000020000-perm_rw.bin", "filename": "process_00000007-region_00000922-addr_0x0000009a39f30000-size_0x0000000000020000-perm_rw.bin", "id": "proc_dump_372", "md5_hash": "09d9bed12a7941d95451058f4a46745b", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "264f36dd96a32c50392e79567d85c86a3855ab5f", "sha256_hash": "a33be0f7b220a81a0d4a8ff960e9bee495a473e2c51a75467f16b817161eee25", "size": 131072, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00000924-addr_0x0000009a39f60000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000007-region_00000924-addr_0x0000009a39f60000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_373", "md5_hash": "139d38c5313fc27fee1596a14b88b677", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "8d415d8d741f0bc3d60cdcb70e6e17101d01f2cf", "sha256_hash": "9049d13b6f3e7a694bac0a0cebcd6391349fcc8eaf587b1653ca65e8e2791a24", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00000927-addr_0x0000009a3a080000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000007-region_00000927-addr_0x0000009a3a080000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_374", "md5_hash": "97e94d8e03248862572e059420c79c21", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "aeb7ebda98a1c341d8ec0dbd3376aad5bdb0ca25", "sha256_hash": "178840366dd40aa6c5e7a41937d5655a7c0a9ab5952f70f73b7031b8b35e570d", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00000929-addr_0x00007ff622ccd000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000007-region_00000929-addr_0x00007ff622ccd000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_375", "md5_hash": "7c5dc445ab3751a2cf2a2c31352355be", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "07555e336bd8ddb9b563b4afd0edd37142c78ea4", "sha256_hash": "0ac9222fbe999546564e92fb706e0a6abdf26a6d2511c7bc4c72949c80849094", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00000930-addr_0x00007ff622ccf000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000007-region_00000930-addr_0x00007ff622ccf000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_376", "md5_hash": "c82b1aa4ff483e7fb2831e09c3b26a48", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "724d2efd9d04dfa23118dc765227ab4e1a94f2ed", "sha256_hash": "47c436da9ef385305251f4e59725c5c4f362e72faac4a07f2864594e0952778c", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00000948-addr_0x0000009a3a230000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000007-region_00000948-addr_0x0000009a3a230000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_384", "md5_hash": "aac915ce0b7b079edfc4d52670e76ca2", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "dce93b0cf45ecd1747d6564535d6e35110d29e37", "sha256_hash": "1a7c8da415a2e4ab9a9f9af74a34e9b6359046022663ef792046113c74f8b167", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00001220-addr_0x0000009a39f40000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000007-region_00001220-addr_0x0000009a39f40000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_423", "md5_hash": "b12a400a851d560edbf1231e73adac46", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "a5e002ffb6226f73e4985fb6070f4a7c2349628a", "sha256_hash": "9d09f20dfa9b26733a44d9f66f9e0798797383a43b00c35d9f86a8b8cfddb365", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00001222-addr_0x0000009a3a110000-size_0x0000000000007000-perm_rw.bin", "filename": "process_00000007-region_00001222-addr_0x0000009a3a110000-size_0x0000000000007000-perm_rw.bin", "id": "proc_dump_424", "md5_hash": "cf1f6d0b3e966e377a5e308dd965743a", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "b5f0ca32aac89c7c364af163b955a16bed7fda16", "sha256_hash": "bc974521ad2ac4232b03f6f0865c5f65c7b01757e2c7d358c9f419648b9a4115", "size": 28672, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00000933-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "filename": "process_00000008-region_00000933-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "id": "proc_dump_377", "md5_hash": "aabcbeb0cd9083cbb5e7e74313b51770", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "be65c990c316de9111dfed2cae869d6cef3b0955", "sha256_hash": "252ca625c643fe9c043a2075dbd1a190456cb5b9e445b2efa9da80f899991700", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00000934-addr_0x00000091de340000-size_0x0000000000020000-perm_rw.bin", "filename": "process_00000008-region_00000934-addr_0x00000091de340000-size_0x0000000000020000-perm_rw.bin", "id": "proc_dump_378", "md5_hash": "09d9bed12a7941d95451058f4a46745b", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "264f36dd96a32c50392e79567d85c86a3855ab5f", "sha256_hash": "a33be0f7b220a81a0d4a8ff960e9bee495a473e2c51a75467f16b817161eee25", "size": 131072, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00000936-addr_0x00000091de370000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000008-region_00000936-addr_0x00000091de370000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_379", "md5_hash": "dea38b6e5c9bbe67c6889d4406ba10da", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "362ca6e83b6fef7c81b8b42286c8b5e74c989907", "sha256_hash": "ae50e9f3252c65b6354283018c912e1e83f1a11cbc692a4393f634fe2437f97f", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00000939-addr_0x00000091de490000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000008-region_00000939-addr_0x00000091de490000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_380", "md5_hash": "97e94d8e03248862572e059420c79c21", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "aeb7ebda98a1c341d8ec0dbd3376aad5bdb0ca25", "sha256_hash": "178840366dd40aa6c5e7a41937d5655a7c0a9ab5952f70f73b7031b8b35e570d", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00000941-addr_0x00007ff62231d000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000008-region_00000941-addr_0x00007ff62231d000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_381", "md5_hash": "ef5ba8750e9814fbbd58a1d5dc94444d", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "7211b2fedc247d726c81d008de2f81e66d00392a", "sha256_hash": "aff0fe59bc640deb6a2d5bfe57c62af9f338583c63a37a9f8915b23ad272182f", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00000942-addr_0x00007ff62231f000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000008-region_00000942-addr_0x00007ff62231f000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_382", "md5_hash": "61d6609c4445860b341892b491f70736", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "28e6e1b9afe9f0a6683483a7cc3ea37ffc08da27", "sha256_hash": "288f5e557f6a3b7f1ee487b663479a0ab1b28cd9d8466e3d82b5459abde858c1", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00000951-addr_0x00000091de5e0000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000008-region_00000951-addr_0x00000091de5e0000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_385", "md5_hash": "dda8b418523ecff5b67182822ecb15ac", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "f004c1641416cd42124e4f1974fa0503cbe73742", "sha256_hash": "c56e602eeca126dc7b26731e439ad1abd7b1025bbd9c7485eac7319ba75ba4d0", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00001232-addr_0x00000091de350000-size_0x0000000000007000-perm_rw.bin", "filename": "process_00000008-region_00001232-addr_0x00000091de350000-size_0x0000000000007000-perm_rw.bin", "id": "proc_dump_427", "md5_hash": "b129544e67df916f45f9253881aeb93f", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "10aeadca4f8deb1c338104ce15762b2d8c8a371f", "sha256_hash": "6f28fd88860f904546adef9b6665b552b39793e17cd4cc365ecf7e72f708a48a", "size": 28672, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00001234-addr_0x00000091de560000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000008-region_00001234-addr_0x00000091de560000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_428", "md5_hash": "5b6df2159ab15f7b51fad594f7b4f61e", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "765cee3ff4c7c9c44de7aea52e903be5887e32da", "sha256_hash": "cad656a49e48f64510b5a71c8f5bed2e51ace7570171f7ce2a9d96eac8ad1566", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00001297-addr_0x00000091de520000-size_0x0000000000007000-perm_rw.bin", "filename": "process_00000008-region_00001297-addr_0x00000091de520000-size_0x0000000000007000-perm_rw.bin", "id": "proc_dump_459", "md5_hash": "15f3b144e7fefd0bddbe986dde1b16ce", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "4bff32456918e5c5d6d67ba251d0560eab3e7085", "sha256_hash": "fad7b1d6043a545eb58409c97e544b62450b65ddde770a2aa6c3a6ef2989e17e", "size": 28672, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000013-region_00001247-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "filename": "process_00000013-region_00001247-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "id": "proc_dump_435", "md5_hash": "5a0231e6e4181f2bd3ddbca32397dcb6", "ref_process": { "ref_id": "proc_13", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "8cbd52ac16f81ca468682c0097bfb1e9372c5295", "sha256_hash": "2e2fdcf9c7459120f913456900908d43c742647008961de6a10ab4799b1a2b9d", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000013-region_00001248-addr_0x000000ae42f10000-size_0x0000000000020000-perm_rw.bin", "filename": "process_00000013-region_00001248-addr_0x000000ae42f10000-size_0x0000000000020000-perm_rw.bin", "id": "proc_dump_436", "md5_hash": "09d9bed12a7941d95451058f4a46745b", "ref_process": { "ref_id": "proc_13", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "264f36dd96a32c50392e79567d85c86a3855ab5f", "sha256_hash": "a33be0f7b220a81a0d4a8ff960e9bee495a473e2c51a75467f16b817161eee25", "size": 131072, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000013-region_00001250-addr_0x000000ae42f40000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000013-region_00001250-addr_0x000000ae42f40000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_437", "md5_hash": "602e579d13f9dc1afda5ceb14a4c0219", "ref_process": { "ref_id": "proc_13", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "292e50d458941b1f6d101318608651dea5e8e9c4", "sha256_hash": "f9b6aa5ec3e87c916af14a44e7ea363ab599b82c01ec0a145dbfe2846866ac09", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000013-region_00001253-addr_0x000000ae43060000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000013-region_00001253-addr_0x000000ae43060000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_438", "md5_hash": "e4d274f3af9dfe56883918db531d9da9", "ref_process": { "ref_id": "proc_13", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "9a431ad037bd20df2e76b1da0818d1cb0f3d4d97", "sha256_hash": "e3906b9325b98c4274b7860aee2c44c25e0dee99b1dfa79884873bab91737671", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000013-region_00001255-addr_0x00007ff622e5d000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000013-region_00001255-addr_0x00007ff622e5d000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_439", "md5_hash": "0a97a2b8b0815d260e583da71a42d533", "ref_process": { "ref_id": "proc_13", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "27cee05dc7588c6c39216ec4c9e11b1b4333fc10", "sha256_hash": "d35d1747a8e607a057db3c76e7eecb6a83b02938a3a28dd4e57e6b97bbcff21e", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000013-region_00001256-addr_0x00007ff622e5f000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000013-region_00001256-addr_0x00007ff622e5f000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_440", "md5_hash": "8d6e094487462a34e66ae602cab602ad", "ref_process": { "ref_id": "proc_13", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "3e08e0d9cfcfff9bfda293dfd625a8d3c735f5bd", "sha256_hash": "411a6a44c0c77a6a1df25d0123f393079e147e7842392cd3df99f4afc063be11", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000013-region_00001310-addr_0x000000ae43260000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000013-region_00001310-addr_0x000000ae43260000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_466", "md5_hash": "9dd36db4e5121e15d07b646e52b8d8ae", "ref_process": { "ref_id": "proc_13", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "4afb62a54565240338cb0c1aea3aafd6eeec0980", "sha256_hash": "43ac5e81a3deaa775ade6403820b554539389831c9132fd32e6a8b8ec340905d", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000013-region_00001338-addr_0x000000ae42f20000-size_0x0000000000007000-perm_rw.bin", "filename": "process_00000013-region_00001338-addr_0x000000ae42f20000-size_0x0000000000007000-perm_rw.bin", "id": "proc_dump_476", "md5_hash": "405a4ed800acf723dfdc13cbd69e291e", "ref_process": { "ref_id": "proc_13", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "0671236af0cd1aa750072a21fc3e20c8c0bb8dc4", "sha256_hash": "ea534c9b69ba57be2fd1edf91e7baa2f1cbbd972a95151f6bd6a27262a8a8c2c", "size": 28672, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000013-region_00001340-addr_0x000000ae43550000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000013-region_00001340-addr_0x000000ae43550000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_477", "md5_hash": "159e796c65125616b772240375004624", "ref_process": { "ref_id": "proc_13", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "2c3575f717732157c7324211279a9651dd5e9d94", "sha256_hash": "7b3f262a37e73f7754c5160f2cd807f1317774d8f268ca237f3a5cecbaf2f0d8", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000014-region_00001259-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "filename": "process_00000014-region_00001259-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "id": "proc_dump_441", "md5_hash": "0768c8b7e41a99c3764485e37c342d09", "ref_process": { "ref_id": "proc_14", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "8766d95070bb50244d07b3be83aa107b013a3bab", "sha256_hash": "990479a1356d14f12cc29e41bdcf1460265481935784e9363b98b80b1cceb157", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000014-region_00001260-addr_0x0000002450310000-size_0x0000000000020000-perm_rw.bin", "filename": "process_00000014-region_00001260-addr_0x0000002450310000-size_0x0000000000020000-perm_rw.bin", "id": "proc_dump_442", "md5_hash": "09d9bed12a7941d95451058f4a46745b", "ref_process": { "ref_id": "proc_14", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "264f36dd96a32c50392e79567d85c86a3855ab5f", "sha256_hash": "a33be0f7b220a81a0d4a8ff960e9bee495a473e2c51a75467f16b817161eee25", "size": 131072, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000014-region_00001262-addr_0x0000002450340000-size_0x0000000000080000-perm_rw.bin", "filename": "process_00000014-region_00001262-addr_0x0000002450340000-size_0x0000000000080000-perm_rw.bin", "id": "proc_dump_443", "md5_hash": "a67d85c5ac2c7e45c8c0ccd3a9aaa7b4", "ref_process": { "ref_id": "proc_14", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "c76d5a87965fdff6103d2826d350272613f8c6e2", "sha256_hash": "e15e58f3859826ab7f60cfe0ef7472fb65f3b204b10f8f7617fa363d77a30f17", "size": 524288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000014-region_00001265-addr_0x00000024503e0000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000014-region_00001265-addr_0x00000024503e0000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_444", "md5_hash": "6682567cc1bbdc8516ca323953203471", "ref_process": { "ref_id": "proc_14", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "d6ced7e0577944e2d6acb1a9a5d962a2010e07af", "sha256_hash": "1817584975d2981ae1fd0b4a739126ae900b6db7b325002db654140daa5f5586", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000014-region_00001267-addr_0x00007ff69527d000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000014-region_00001267-addr_0x00007ff69527d000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_445", "md5_hash": "5592cfe7a6b2f86ea88f6aab4002de91", "ref_process": { "ref_id": "proc_14", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "f8739cc5962095c78cc4be08b176053f74690005", "sha256_hash": "a200a232d49caefeb57543beeff72d89267d1a95e6b8868d462f5ea8941330dd", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000014-region_00001268-addr_0x00007ff69527f000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000014-region_00001268-addr_0x00007ff69527f000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_446", "md5_hash": "74f3387a0e20f9065f1d0c5037d6472b", "ref_process": { "ref_id": "proc_14", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "0bc1d946504a967c2edb1ac9049ea1f6259c1427", "sha256_hash": "d2bcabf5fc303b0699dcf8466723456823ac02d7947fbdbd3f5481375af718bc", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000014-region_00001332-addr_0x00000024505a0000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000014-region_00001332-addr_0x00000024505a0000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_475", "md5_hash": "8d9bdad8f71aa863f469a429c2d6c1a0", "ref_process": { "ref_id": "proc_14", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "8b048dcf4df70c574fdd2eb02b7438166ab51325", "sha256_hash": "56f8d9c0acce78c232ed6a05803d661b23fd0ce0bb09732354c8770a5bbe7bcc", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000015-region_00001272-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "filename": "process_00000015-region_00001272-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "id": "proc_dump_447", "md5_hash": "317ad2c5b41e3a436f89a9c1a88e6058", "ref_process": { "ref_id": "proc_15", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "1d2890330214954672018e495bc2e264981a75a4", "sha256_hash": "14d27200f85bb50c6f6201cce5b8a8e4ab9b3b97e9693571bc6d49836baffdc5", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000015-region_00001273-addr_0x0000000a1fdb0000-size_0x0000000000020000-perm_rw.bin", "filename": "process_00000015-region_00001273-addr_0x0000000a1fdb0000-size_0x0000000000020000-perm_rw.bin", "id": "proc_dump_448", "md5_hash": "09d9bed12a7941d95451058f4a46745b", "ref_process": { "ref_id": "proc_15", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "264f36dd96a32c50392e79567d85c86a3855ab5f", "sha256_hash": "a33be0f7b220a81a0d4a8ff960e9bee495a473e2c51a75467f16b817161eee25", "size": 131072, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000015-region_00001275-addr_0x0000000a1fde0000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000015-region_00001275-addr_0x0000000a1fde0000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_449", "md5_hash": "9b1a63ab4f9a3a6730c0276c07407336", "ref_process": { "ref_id": "proc_15", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "bbf6b841a9b5cedc7e758e57dac099c43ef4ba34", "sha256_hash": "a26da83f8b2ce67926f11f56394709ba0fffaccc5e3161134823dcaeb079036a", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000015-region_00001278-addr_0x0000000a1ff00000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000015-region_00001278-addr_0x0000000a1ff00000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_450", "md5_hash": "878e395da10cf53c67d7cf2c954a7120", "ref_process": { "ref_id": "proc_15", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "c8b0b79bec0e4e23ab83d121c6e54526073536d1", "sha256_hash": "d372927e3910704b518efb95b6a05f6a6c7e5dc736be9e6864941e36ce0ea125", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000015-region_00001280-addr_0x00007ff6229a6000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000015-region_00001280-addr_0x00007ff6229a6000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_451", "md5_hash": "51bd403279700866214c64b1533e2ffd", "ref_process": { "ref_id": "proc_15", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "3fa03b6e0d773a898e75b3b77221543779e47a55", "sha256_hash": "0440121d7444f6d60f17635effcd6a1288ed9ee6afbba8282d191ce7c254918a", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000015-region_00001281-addr_0x00007ff6229ae000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000015-region_00001281-addr_0x00007ff6229ae000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_452", "md5_hash": "767de687a0665eafb0224f109b698bdc", "ref_process": { "ref_id": "proc_15", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "b27f54ccf297cf758680cc56a775386a337fbc5f", "sha256_hash": "11098c69a411c90a993bac669f94f1696cf28d0996af0e3a77d2acd404b9bd01", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000015-region_00001314-addr_0x0000000a200f0000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000015-region_00001314-addr_0x0000000a200f0000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_467", "md5_hash": "2050143865589a4400b8866ddeb2cad1", "ref_process": { "ref_id": "proc_15", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "b87795a62c1a237984792772a9f6f0d2c8db17df", "sha256_hash": "b3076e0a90dae92f116c5c5cfc356c6850653367fc167f2ba3eea938587fe399", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000015-region_00001344-addr_0x0000000a1fdc0000-size_0x0000000000007000-perm_rw.bin", "filename": "process_00000015-region_00001344-addr_0x0000000a1fdc0000-size_0x0000000000007000-perm_rw.bin", "id": "proc_dump_478", "md5_hash": "ff2b16c64f6973a6a168ed4bc3b4ebe7", "ref_process": { "ref_id": "proc_15", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "255128d1379fd1917c07ab69058bdbece3990cff", "sha256_hash": "419a813973db66c29eb45ec99d88dc19d97f5d1397f7c4b1b27abfae221cfaca", "size": 28672, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000015-region_00001346-addr_0x0000000a20380000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000015-region_00001346-addr_0x0000000a20380000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_479", "md5_hash": "91ee605f898f82b29c998e9efa70390e", "ref_process": { "ref_id": "proc_15", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "338bee64cbe74468d01df7ace74215b995bb0261", "sha256_hash": "3bd4dc2657c72d08d84d9530eeaaf080006aba959f65961e5bb23a392320df12", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000016-region_00001317-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "filename": "process_00000016-region_00001317-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "id": "proc_dump_468", "md5_hash": "4dc89c929a07ff21ddeb8b7adf55646e", "ref_process": { "ref_id": "proc_16", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "beecf9197d1a7f42ae59d47075becf8da2360634", "sha256_hash": "22b72e02bc2a45e4604afae132dbcd226a385b148be1196ec49878e100e62b99", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000016-region_00001318-addr_0x00000075b99c0000-size_0x0000000000020000-perm_rw.bin", "filename": "process_00000016-region_00001318-addr_0x00000075b99c0000-size_0x0000000000020000-perm_rw.bin", "id": "proc_dump_469", "md5_hash": "09d9bed12a7941d95451058f4a46745b", "ref_process": { "ref_id": "proc_16", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "264f36dd96a32c50392e79567d85c86a3855ab5f", "sha256_hash": "a33be0f7b220a81a0d4a8ff960e9bee495a473e2c51a75467f16b817161eee25", "size": 131072, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000016-region_00001320-addr_0x00000075b99f0000-size_0x0000000000080000-perm_rw.bin", "filename": "process_00000016-region_00001320-addr_0x00000075b99f0000-size_0x0000000000080000-perm_rw.bin", "id": "proc_dump_470", "md5_hash": "14cf25bdcf9e352960055e5f2a6aa60d", "ref_process": { "ref_id": "proc_16", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "c843c77cb5e22e187f03de5b4a353a4b0d85f74c", "sha256_hash": "243c7899e9f1fc1044b79e71f282f516f54b379ac2fb10275114d6fa2f61f5d8", "size": 524288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000016-region_00001324-addr_0x00007ff607976000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000016-region_00001324-addr_0x00007ff607976000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_471", "md5_hash": "4132ed5a4f5e39b11054a8ba0f34c43c", "ref_process": { "ref_id": "proc_16", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "2b02c0ae681fe0a05be6ca6a0b50ea1b82c979c6", "sha256_hash": "d430813e760700c9f4ee6c2e218e4d8bd3978342d3bd7168a78ebcc36b674b9b", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000016-region_00001325-addr_0x00007ff60797e000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000016-region_00001325-addr_0x00007ff60797e000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_472", "md5_hash": "bffa6e983f1309e2c911859084ba4448", "ref_process": { "ref_id": "proc_16", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "9f86209e17680da3ad273ea9912459c81b06f5b5", "sha256_hash": "7dfc5933b3971106b41abcd93f3ca459ebfabf4d5d030db4852e87cb3468049c", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000016-region_00001328-addr_0x00000075b9a90000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000016-region_00001328-addr_0x00000075b9a90000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_473", "md5_hash": "fd5d242d5e11b8ac447e828af14bcacd", "ref_process": { "ref_id": "proc_16", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "926cd209863e61938dc09ef8d664142ad05aae8c", "sha256_hash": "48ed48cd068a427594c76939522463489dd112943df6e5359da7fa7fd64ad4aa", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000016-region_00001349-addr_0x00000075b9ab0000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000016-region_00001349-addr_0x00000075b9ab0000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_480", "md5_hash": "68ee329924c7fb41af9bb824fd7bcfd2", "ref_process": { "ref_id": "proc_16", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "7cd755f2d6e789f7e78e279093387f4af06be4d6", "sha256_hash": "84c54256427e7af6dae3e8279ab1f63983049b8929a05a702fda99f925cc51d9", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000016-region_00001364-addr_0x00000075b99d0000-size_0x0000000000007000-perm_rw.bin", "filename": "process_00000016-region_00001364-addr_0x00000075b99d0000-size_0x0000000000007000-perm_rw.bin", "id": "proc_dump_484", "md5_hash": "df14d17d81598aa5c6ffc3840ac8375d", "ref_process": { "ref_id": "proc_16", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "a858a20fde266cdfb4f678c13e3d102d8ccf70a8", "sha256_hash": "fe2278294aefa8030e20115bdf86076482f456115c9145ea9ac2c4cc2525350d", "size": 28672, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000016-region_00001365-addr_0x00000075b9aa0000-size_0x0000000000007000-perm_rw.bin", "filename": "process_00000016-region_00001365-addr_0x00000075b9aa0000-size_0x0000000000007000-perm_rw.bin", "id": "proc_dump_485", "md5_hash": "ef6a022f8676a7d278fda33c9e518ab8", "ref_process": { "ref_id": "proc_16", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "d92f2c0a6694dc2919d24102493567accd84deda", "sha256_hash": "992b4f8f58130733b58f56a6ad3bd293c6c03bccef53fa0d44e36e3d57105003", "size": 28672, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000016-region_00001370-addr_0x00000075b9c60000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000016-region_00001370-addr_0x00000075b9c60000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_486", "md5_hash": "da9adb0edff6b1288bb306a461ced314", "ref_process": { "ref_id": "proc_16", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "7998f849a970a20fa4f1f914856f34aee7b77ad0", "sha256_hash": "b0497522164234977a6922b917cf9bc4d3b87a6ec589bd936c1b63b108f7479d", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000016-region_00001371-addr_0x00000075b9c70000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000016-region_00001371-addr_0x00000075b9c70000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_487", "md5_hash": "620f0b67a91f7f74151bc5be745b7110", "ref_process": { "ref_id": "proc_16", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "1ceaf73df40e531df3bfb26b4fb7cd95fb7bff1d", "sha256_hash": "ad7facb2586fc6e966c004d7d1d16b024f5805ff7cb47c7a85dabd8b48892ca7", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000016-region_00001372-addr_0x00000075b9c90000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000016-region_00001372-addr_0x00000075b9c90000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_488", "md5_hash": "97157f44ec25e3cac07e485ac961447e", "ref_process": { "ref_id": "proc_16", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "22b9bd465cdb1da88762edee8fe7b2043424a628", "sha256_hash": "bf4b602e8acc048b774e0331db477772a2b090a0a99774c3197ee32c60145e0c", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000016-region_00001415-addr_0x00000075bb6b0000-size_0x0000000000080000-perm_rw.bin", "filename": "process_00000016-region_00001415-addr_0x00000075bb6b0000-size_0x0000000000080000-perm_rw.bin", "id": "proc_dump_493", "md5_hash": "c7f7822fa7a4be19d45399a700eee0e9", "ref_process": { "ref_id": "proc_16", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "ef9a244c837946dab217a64aafb6a182f3680377", "sha256_hash": "a38fc3dde100271fc4de37ea5ff84c60da0674c980dce47ccc919f11460f93a4", "size": 524288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000016-region_00001416-addr_0x00007ff60797c000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000016-region_00001416-addr_0x00007ff60797c000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_494", "md5_hash": "e031bc19252f89ee48d5eeb249e8d3fd", "ref_process": { "ref_id": "proc_16", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "ac562aefce098eb280f3f3b790d96d1d290f9018", "sha256_hash": "7475d3491d814be2515ae30af56356a19f08197e29b5c7e4576a2aad9324415b", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000016-region_00001489-addr_0x00000075bb730000-size_0x0000000000080000-perm_rw.bin", "filename": "process_00000016-region_00001489-addr_0x00000075bb730000-size_0x0000000000080000-perm_rw.bin", "id": "proc_dump_509", "md5_hash": "5051490aa40a63f730c2165acc18dad2", "ref_process": { "ref_id": "proc_16", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "4d61b004a1a6934e8f4124ca6453859a36769cfe", "sha256_hash": "03a08d8803f04f0f72f97de25c4b498e89e3e33e8080b82bc649adec7a7527dd", "size": 524288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000016-region_00001490-addr_0x00000075bb7b0000-size_0x0000000000080000-perm_rw.bin", "filename": "process_00000016-region_00001490-addr_0x00000075bb7b0000-size_0x0000000000080000-perm_rw.bin", "id": "proc_dump_510", "md5_hash": "35cc2d803e32f38c30bb68dcfefd5a85", "ref_process": { "ref_id": "proc_16", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "ea9267bf66367b2defed1e0c28b0825210c15d3a", "sha256_hash": "f9856eef9e320d484aedf8efedfd9302a6eb36bfd4a2e2860d48634048170704", "size": 524288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000016-region_00001491-addr_0x00007ff607978000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000016-region_00001491-addr_0x00007ff607978000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_511", "md5_hash": "a637dff3f7ace126ce67bc8a39431cbf", "ref_process": { "ref_id": "proc_16", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "62c4f583575e2e211d72dc79ae37b830805c5af8", "sha256_hash": "5eccbdf5165b86c9e971d45b999fc89dc5be2e62f9f70b08435887d1b5c5568b", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000016-region_00001492-addr_0x00007ff60797a000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000016-region_00001492-addr_0x00007ff60797a000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_512", "md5_hash": "6a2d69478204d8112b53bcbea0a88e0a", "ref_process": { "ref_id": "proc_16", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "8b3e974bc79be3ca0abc89f931204f3d51619ff4", "sha256_hash": "b7df21d4b37f001f00ccd7e66d8f22fc6add195d99656dba448df4395fab34be", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000017-region_00001285-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "filename": "process_00000017-region_00001285-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "id": "proc_dump_453", "md5_hash": "317ad2c5b41e3a436f89a9c1a88e6058", "ref_process": { "ref_id": "proc_17", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "1d2890330214954672018e495bc2e264981a75a4", "sha256_hash": "14d27200f85bb50c6f6201cce5b8a8e4ab9b3b97e9693571bc6d49836baffdc5", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000017-region_00001286-addr_0x000000b6c9d50000-size_0x0000000000020000-perm_rw.bin", "filename": "process_00000017-region_00001286-addr_0x000000b6c9d50000-size_0x0000000000020000-perm_rw.bin", "id": "proc_dump_454", "md5_hash": "09d9bed12a7941d95451058f4a46745b", "ref_process": { "ref_id": "proc_17", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "264f36dd96a32c50392e79567d85c86a3855ab5f", "sha256_hash": "a33be0f7b220a81a0d4a8ff960e9bee495a473e2c51a75467f16b817161eee25", "size": 131072, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000017-region_00001288-addr_0x000000b6c9d80000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000017-region_00001288-addr_0x000000b6c9d80000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_455", "md5_hash": "fc4a2e30e19a4bd51d7f56eeaabc89e9", "ref_process": { "ref_id": "proc_17", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "4a80639a21328cefe1a32758ca599344ec7a93f0", "sha256_hash": "20b177c2a18e36cbb061982efad2cb69ab86f501f5e3582e2f7f37cb12448dab", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000017-region_00001291-addr_0x000000b6c9ea0000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000017-region_00001291-addr_0x000000b6c9ea0000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_456", "md5_hash": "dc44d3168674d81b999a04dbfae4e7b2", "ref_process": { "ref_id": "proc_17", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "9d10eae309d01e40ac7f1aff354d99a67f344db8", "sha256_hash": "2843552bbce00016537f1d9f7380d44a4baede5005300518666c37a1a61731d7", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000017-region_00001293-addr_0x00007ff6226dd000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000017-region_00001293-addr_0x00007ff6226dd000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_457", "md5_hash": "8b008b32da5cb9a703cd54fe27337806", "ref_process": { "ref_id": "proc_17", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "88b2cb5442fd1ba2eec9eb92abe64c1b17d77feb", "sha256_hash": "3c15ac6623195c799d775654088a8c4db909b5c376a572c0aa2b7eeeed6bf9a2", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000017-region_00001294-addr_0x00007ff6226df000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000017-region_00001294-addr_0x00007ff6226df000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_458", "md5_hash": "6378f42d3180974abdf854d9dbac57e7", "ref_process": { "ref_id": "proc_17", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "cb25271128a25dec75cacde509d82f076103742f", "sha256_hash": "3f05a3b8e07d4511d0af3eca2d7527bf6adfd1818e1f647b7d6a0f5c52b79656", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000017-region_00001329-addr_0x000000b6c9ee0000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000017-region_00001329-addr_0x000000b6c9ee0000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_474", "md5_hash": "ad5597fc2a0b3e8b768d0b9ef9494b90", "ref_process": { "ref_id": "proc_17", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "348b8184348be542b1f55771a571f792373cd9b6", "sha256_hash": "6a4dcb3417b3f615a0b2b6f35b58d9d7c69a46a8cf4495a117cbb69106f3b35c", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000017-region_00001353-addr_0x000000b6c9d60000-size_0x0000000000007000-perm_rw.bin", "filename": "process_00000017-region_00001353-addr_0x000000b6c9d60000-size_0x0000000000007000-perm_rw.bin", "id": "proc_dump_481", "md5_hash": "8c930ea2526fec36135c9f736adee9ac", "ref_process": { "ref_id": "proc_17", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "1e0b458c9dbc1bf80c608bc7f0e1c8e5992637ff", "sha256_hash": "1aa243be400cf05326749c1cf5121b32eb62db73ab12c297036b8d020acb5291", "size": 28672, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000017-region_00001355-addr_0x000000b6ca210000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000017-region_00001355-addr_0x000000b6ca210000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_482", "md5_hash": "29e4613301b7c9f20e0a34a97f394aa8", "ref_process": { "ref_id": "proc_17", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "9b417d9cbf4c9902a2981522eb2f73378bfdb770", "sha256_hash": "5d32b51483f2bb6ea61f06b4d929770b64b381513f72702240de5cb574e391c2", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000018-region_00001298-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "filename": "process_00000018-region_00001298-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "id": "proc_dump_460", "md5_hash": "19f0fc9cb0fdf3f4ba033bc2dfdb960d", "ref_process": { "ref_id": "proc_18", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "baabf2c024a99a2e21cb4ff64057525085688618", "sha256_hash": "8e7688c4c7471ce123e5310feff5b38bf0528212ee43ec96127d913d30c60d42", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000018-region_00001299-addr_0x0000003b884a0000-size_0x0000000000020000-perm_rw.bin", "filename": "process_00000018-region_00001299-addr_0x0000003b884a0000-size_0x0000000000020000-perm_rw.bin", "id": "proc_dump_461", "md5_hash": "09d9bed12a7941d95451058f4a46745b", "ref_process": { "ref_id": "proc_18", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "264f36dd96a32c50392e79567d85c86a3855ab5f", "sha256_hash": "a33be0f7b220a81a0d4a8ff960e9bee495a473e2c51a75467f16b817161eee25", "size": 131072, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000018-region_00001301-addr_0x0000003b884d0000-size_0x0000000000080000-perm_rw.bin", "filename": "process_00000018-region_00001301-addr_0x0000003b884d0000-size_0x0000000000080000-perm_rw.bin", "id": "proc_dump_462", "md5_hash": "26dcf853fe9f8436a2af77bd806140e8", "ref_process": { "ref_id": "proc_18", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "e66edb1a68e279f3556efab8e11681051b930959", "sha256_hash": "4f4037e73797a27221a1e1e73d34d01f93f95c6718b77d6ab3f65dda4b598ac4", "size": 524288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000018-region_00001304-addr_0x0000003b88570000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000018-region_00001304-addr_0x0000003b88570000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_463", "md5_hash": "406bbb79043bd0270e6fc617716ecf15", "ref_process": { "ref_id": "proc_18", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "5373acecdfc4660e03f16bf97dc17017d380febf", "sha256_hash": "d5516d03da9bf2935c0c36c1e2d2e5be08f876fdf70d7d5b51af59da6eba8bb7", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000018-region_00001306-addr_0x00007ff695286000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000018-region_00001306-addr_0x00007ff695286000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_464", "md5_hash": "1f9090947f93a7561b0c085279ce30c2", "ref_process": { "ref_id": "proc_18", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "d56f5226c2eee249da85959704710ef4f5d5b9b1", "sha256_hash": "db9191144e3939ae423a42164f71297b51e827304b3372a90c83a85996523f2a", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000018-region_00001307-addr_0x00007ff69528e000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000018-region_00001307-addr_0x00007ff69528e000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_465", "md5_hash": "dbb95803ccc029f0d41939cd42f0565b", "ref_process": { "ref_id": "proc_18", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "beae37cee4dfe408616b9c084eec0c82e492753d", "sha256_hash": "171ece79543627b735e0232ceef8d5c76f866a40b91c90361a77267b40284806", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000018-region_00001358-addr_0x0000003b88610000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000018-region_00001358-addr_0x0000003b88610000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_483", "md5_hash": "1dd2601281694cfd9850346794827d00", "ref_process": { "ref_id": "proc_18", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "847665ded697860d04757b10822b1a71b0f8fc6f", "sha256_hash": "32efcde1c6da94fedfec21f027f4d2894473c89702197d23be01530cc4875d0c", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000018-region_00001399-addr_0x0000003b884b0000-size_0x0000000000007000-perm_rw.bin", "filename": "process_00000018-region_00001399-addr_0x0000003b884b0000-size_0x0000000000007000-perm_rw.bin", "id": "proc_dump_491", "md5_hash": "36e0963f4162318e229369f64e6480b9", "ref_process": { "ref_id": "proc_18", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "e944a4ceebd58299ffd840c8613cf9139be591da", "sha256_hash": "580c25a1113027e469de89d974939484469544384829452d0c4495608b9d0d23", "size": 28672, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000018-region_00001401-addr_0x0000003b88800000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000018-region_00001401-addr_0x0000003b88800000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_492", "md5_hash": "e62e74f0b6420d32ecc7e182cb020ecc", "ref_process": { "ref_id": "proc_18", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "39c04bc33d873672bc0f793997d662f291787b70", "sha256_hash": "cf9da97e50e4da956248c6bfa755b3f158350a6c3b37d5504ee02479a0e8af38", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000019-region_00001424-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "filename": "process_00000019-region_00001424-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "id": "proc_dump_495", "md5_hash": "dbb8d70f90fcb6670b45739d42f4a844", "ref_process": { "ref_id": "proc_19", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "746c34e943050b281ff2d826ef61a2cc922980e0", "sha256_hash": "3003bdfb75644ee3ee6b335edd7800cb5d41d6c687049f353d1ba3bacf9ad29d", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000019-region_00001425-addr_0x000000c80c720000-size_0x0000000000020000-perm_rw.bin", "filename": "process_00000019-region_00001425-addr_0x000000c80c720000-size_0x0000000000020000-perm_rw.bin", "id": "proc_dump_496", "md5_hash": "09d9bed12a7941d95451058f4a46745b", "ref_process": { "ref_id": "proc_19", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "264f36dd96a32c50392e79567d85c86a3855ab5f", "sha256_hash": "a33be0f7b220a81a0d4a8ff960e9bee495a473e2c51a75467f16b817161eee25", "size": 131072, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000019-region_00001427-addr_0x000000c80c750000-size_0x0000000000400000-perm_rw.bin", "filename": "process_00000019-region_00001427-addr_0x000000c80c750000-size_0x0000000000400000-perm_rw.bin", "id": "proc_dump_497", "md5_hash": "a65db660a949ce1871751aa1847649a8", "ref_process": { "ref_id": "proc_19", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "b07354648626a84fb62a793f97750e4a9c3358b8", "sha256_hash": "e61418feb8bf5584b3385dceccd5cff3b236ff4423b5031d779da0009a8b3857", "size": 4194304, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000019-region_00001430-addr_0x000000c80cb70000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000019-region_00001430-addr_0x000000c80cb70000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_498", "md5_hash": "c1c90c08f60a6c200516d9f4d2ee3991", "ref_process": { "ref_id": "proc_19", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "d6e8423e9c296c954364b09453c8e9ec50e56be1", "sha256_hash": "8c928297ead04f829247b4ab8225fa81027d63fd2675ec9967410a14d97505f5", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000019-region_00001432-addr_0x00007ff755f9c000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000019-region_00001432-addr_0x00007ff755f9c000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_499", "md5_hash": "3664aba7c2a02c637a1a66452a619dff", "ref_process": { "ref_id": "proc_19", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "423ab5986b825294e4b485a5280e5145991fdfbb", "sha256_hash": "7b9980299cce4e2148bc381facc0fcc831f84c01e0065f8db907df5fb7541ea7", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000019-region_00001433-addr_0x00007ff755f9e000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000019-region_00001433-addr_0x00007ff755f9e000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_500", "md5_hash": "680c4972fab5e9b5b1cf12724f32696e", "ref_process": { "ref_id": "proc_19", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "1b61151b47395cae6dbfacf19014af8a402a3a93", "sha256_hash": "3ebf3fb19742aa2a7d644f8ea7e1adacb76e056ea53630fe31daeec640d88ab3", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000019-region_00001434-addr_0x00007ff756b50000-size_0x0000000000109000-perm_rwx.bin", "filename": "process_00000019-region_00001434-addr_0x00007ff756b50000-size_0x0000000000109000-perm_rwx.bin", "id": "proc_dump_501", "md5_hash": "ed6c9e1b6e14217936e28b0a78761c20", "ref_process": { "ref_id": "proc_19", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "c535ae0ce5d3040c86149939fd88020ca0db34fa", "sha256_hash": "50977deba418043350e03abc6d8296bf8b56ed132b7b4167169a8111ecd86080", "size": 1085440, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000019-region_00001436-addr_0x000000c80cbf0000-size_0x0000000000400000-perm_rw.bin", "filename": "process_00000019-region_00001436-addr_0x000000c80cbf0000-size_0x0000000000400000-perm_rw.bin", "id": "proc_dump_502", "md5_hash": "927a470d33abbff8cab0e75a7f94fca6", "ref_process": { "ref_id": "proc_19", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "e6e73ca10ee4592cab49636b578da03bfbcc11c1", "sha256_hash": "47170c5b3b99116ea30f64515efdefcc3f1c224d51ca59b6760c8ad4d8f52c20", "size": 4194304, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000019-region_00001440-addr_0x000000c80c730000-size_0x0000000000007000-perm_rw.bin", "filename": "process_00000019-region_00001440-addr_0x000000c80c730000-size_0x0000000000007000-perm_rw.bin", "id": "proc_dump_503", "md5_hash": "5ac92f3894037858947b4890dd0a0714", "ref_process": { "ref_id": "proc_19", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "e1b9599a05bac97c63049aef757edcf40416833c", "sha256_hash": "122e13e62e77783d1c4e99ee10e9294ba7d107c4759ef18f76fc99adbe2b58a5", "size": 28672, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000019-region_00001441-addr_0x000000c80cb80000-size_0x0000000000007000-perm_rw.bin", "filename": "process_00000019-region_00001441-addr_0x000000c80cb80000-size_0x0000000000007000-perm_rw.bin", "id": "proc_dump_504", "md5_hash": "abdf5731d40a6fe6a50963aebf87b448", "ref_process": { "ref_id": "proc_19", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "abcbd28243463e7edd637525665a569040538257", "sha256_hash": "a65c43a578ac35ab9becab1bd0b9ef0dfcd459ca0dfcf647926677abc910d609", "size": 28672, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000019-region_00001442-addr_0x000000c80cb90000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000019-region_00001442-addr_0x000000c80cb90000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_505", "md5_hash": "9e276829f8afca47aa8730b5068969b0", "ref_process": { "ref_id": "proc_19", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "75dfc4680c2e0ee366ed83560ef564f09a1a1889", "sha256_hash": "6d3ea01046e6d4b5c0d88989b591981e599c66e7cf2d84e1fdc5c7531f146251", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000019-region_00001443-addr_0x000000c80cba0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000019-region_00001443-addr_0x000000c80cba0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_506", "md5_hash": "60e41b6653567b95da14ed1143e83941", "ref_process": { "ref_id": "proc_19", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "33529fb29610ce3e385414db4fa5a9f34f7c379d", "sha256_hash": "f5c9ee4f9734b716e9f7c49d7d209d0740a863045a87191ddf1624a788f495b8", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000019-region_00001444-addr_0x000000c80cbb0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000019-region_00001444-addr_0x000000c80cbb0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_507", "md5_hash": "13cd5acce1019f36fa9a3be924a0fefc", "ref_process": { "ref_id": "proc_19", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "271aa2723b2461df41f5e6668004f8a49d152e76", "sha256_hash": "aedb3ac9966f3d0af651486b2c39b68c145e7fa83b91b6e4efc026cc8b18d0ba", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000019-region_00001484-addr_0x000000c80e800000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000019-region_00001484-addr_0x000000c80e800000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_508", "md5_hash": "91a529f5b707bb0af4d4406fa7852185", "ref_process": { "ref_id": "proc_19", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "0f482d46a843d392830754ff5f48ecd0a2d8bee5", "sha256_hash": "2faef4b0f499f75f8575aaece98bc7d5416474e729725a201c1d5c2cf947d7b6", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000019-region_00001577-addr_0x000000c80cbe0000-size_0x0000000000007000-perm_rw.bin", "filename": "process_00000019-region_00001577-addr_0x000000c80cbe0000-size_0x0000000000007000-perm_rw.bin", "id": "proc_dump_515", "md5_hash": "34577921ca9d021cea28de7417203fef", "ref_process": { "ref_id": "proc_19", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "acb67afc0c80e43ab2128ea547698ef886112810", "sha256_hash": "6c7428e0e110356b55c36b66855092a2be516d5c28b74a4b3a889a5d8bbe3acd", "size": 28672, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000019-region_00001578-addr_0x000000c80e900000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000019-region_00001578-addr_0x000000c80e900000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_516", "md5_hash": "354dc837c19242219afe5ccf76abbb48", "ref_process": { "ref_id": "proc_19", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "30e0cef168187c24c2d96aeed2337f420f654dbf", "sha256_hash": "063f217d8ef381df237a732a8d81179717ca13123a664ed1ad237fef74054241", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000019-region_00001580-addr_0x000000c80e790000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000019-region_00001580-addr_0x000000c80e790000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_517", "md5_hash": "0033b6a89c8eb49f66eb1553914783b5", "ref_process": { "ref_id": "proc_19", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "12588e2ef9b5e0a4e7df328702fc56065bc090e4", "sha256_hash": "c9f25cf3878420598007ab307afba1aecaa68eaa2e7536bba5bf74e46286cc0f", "size": 4096, "type": "process_dump", "version": 1 } ], "processes": [ { "cmd_line": "\"C:\\Users\\5JgHKoaOfdp\\Desktop\\wanacry6.malware.exe\" ", "filename": "c:\\users\\5jghkoaofdp\\desktop\\wanacry6.malware.exe", "id": "proc_1", "image_name": "wanacry6.malware.exe", "monitor_reason": "analysis_target", "monitored_id": 1, "origin_monitor_id": 0, "ref_parent_process": null, "regions": [ { "dump": { "filename": "process_00000001-region_00000001-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable" ], "ref_process_dump": { "ref_id": "proc_dump_297", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_1", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:00:13.628", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000002-addr_0x000000e8f39f0000-size_0x0000000000020000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_298", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 131072, "start_va": 1000519696384, "type": "region", "version": 1 }, "end_va": 1000519827455, "entry_point": 0, "filename": null, "id": "region_2", "name": "private_0x000000e8f39f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1000519696384, "timestamp": "00:00:13.628", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 61440, "start_va": 1000519827456, "type": "region", "version": 1 }, "end_va": 1000519888895, "entry_point": 0, "filename": null, "id": "region_3", "name": "pagefile_0x000000e8f3a10000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1000519827456, "timestamp": "00:00:13.628", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000004-addr_0x000000e8f3a20000-size_0x0000000000400000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_299", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4194304, "start_va": 1000519892992, "type": "region", "version": 1 }, "end_va": 1000524087295, "entry_point": 0, "filename": null, "id": "region_4", "name": "private_0x000000e8f3a20000", "norm_filename": null, "region_type": "private_memory", "start_va": 1000519892992, "timestamp": "00:00:13.629", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 1000524087296, "type": "region", "version": 1 }, "end_va": 1000524103679, "entry_point": 0, "filename": null, "id": "region_5", "name": "pagefile_0x000000e8f3e20000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1000524087296, "timestamp": "00:00:13.629", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 1000524152832, "type": "region", "version": 1 }, "end_va": 1000524161023, "entry_point": 0, "filename": null, "id": "region_6", "name": "pagefile_0x000000e8f3e30000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1000524152832, "timestamp": "00:00:13.629", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000007-addr_0x000000e8f3e40000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_300", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 1000524218368, "type": "region", "version": 1 }, "end_va": 1000524226559, "entry_point": 0, "filename": null, "id": "region_7", "name": "private_0x000000e8f3e40000", "norm_filename": null, "region_type": "private_memory", "start_va": 1000524218368, "timestamp": "00:00:13.629", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 140700279242752, "type": "region", "version": 1 }, "end_va": 140700279386111, "entry_point": 0, "filename": null, "id": "region_8", "name": "pagefile_0x00007ff7562a0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 140700279242752, "timestamp": "00:00:13.629", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000009-addr_0x00007ff7562c4000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_301", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 140700279390208, "type": "region", "version": 1 }, "end_va": 140700279394303, "entry_point": 0, "filename": null, "id": "region_9", "name": "private_0x00007ff7562c4000", "norm_filename": null, "region_type": "private_memory", "start_va": 140700279390208, "timestamp": "00:00:13.629", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000010-addr_0x00007ff7562ce000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_302", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 140700279431168, "type": "region", "version": 1 }, "end_va": 140700279439359, "entry_point": 0, "filename": null, "id": "region_10", "name": "private_0x00007ff7562ce000", "norm_filename": null, "region_type": "private_memory", "start_va": 140700279431168, "timestamp": "00:00:13.630", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000011-addr_0x00007ff756b50000-size_0x0000000000109000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_303", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1085440, "start_va": 140700288352256, "type": "region", "version": 1 }, "end_va": 140700289437695, "entry_point": 140700288352256, "filename": "\\Users\\5JgHKoaOfdp\\Desktop\\wanacry6.malware.exe", "id": "region_11", "name": "wanacry6.malware.exe", "norm_filename": "c:\\users\\5jghkoaofdp\\desktop\\wanacry6.malware.exe", "region_type": "memory_mapped_file", "start_va": 140700288352256, "timestamp": "00:00:13.630", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 140729648283648, "type": "region", "version": 1 }, "end_va": 140729650024447, "entry_point": 140729648283648, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_12", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 140729648283648, "timestamp": "00:00:13.631", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000148-addr_0x000000e8f4010000-size_0x0000000000400000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_304", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4194304, "start_va": 1000526118912, "type": "region", "version": 1 }, "end_va": 1000530313215, "entry_point": 0, "filename": null, "id": "region_148", "name": "private_0x000000e8f4010000", "norm_filename": null, "region_type": "private_memory", "start_va": 1000526118912, "timestamp": "00:00:15.347", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1105920, "start_va": 140729603522560, "type": "region", "version": 1 }, "end_va": 140729604628479, "entry_point": 140729603522560, "filename": "\\Windows\\System32\\KernelBase.dll", "id": "region_149", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\system32\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 140729603522560, "timestamp": "00:00:15.347", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1282048, "start_va": 140729609617408, "type": "region", "version": 1 }, "end_va": 140729610899455, "entry_point": 140729609617408, "filename": "\\Windows\\System32\\kernel32.dll", "id": "region_150", "name": "kernel32.dll", "norm_filename": "c:\\windows\\system32\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 140729609617408, "timestamp": "00:00:15.438", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 1000519696384, "type": "region", "version": 1 }, "end_va": 1000519761919, "entry_point": 0, "filename": null, "id": "region_151", "name": "pagefile_0x000000e8f39f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1000519696384, "timestamp": "00:00:15.836", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000152-addr_0x000000e8f3a00000-size_0x0000000000007000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_305", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 28672, "start_va": 1000519761920, "type": "region", "version": 1 }, "end_va": 1000519790591, "entry_point": 0, "filename": null, "id": "region_152", "name": "private_0x000000e8f3a00000", "norm_filename": null, "region_type": "private_memory", "start_va": 1000519761920, "timestamp": "00:00:15.836", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 516096, "start_va": 1000524283904, "type": "region", "version": 1 }, "end_va": 1000524799999, "entry_point": 1000524283904, "filename": "\\Windows\\System32\\locale.nls", "id": "region_153", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 1000524283904, "timestamp": "00:00:15.836", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 140700278194176, "type": "region", "version": 1 }, "end_va": 140700279242751, "entry_point": 0, "filename": null, "id": "region_154", "name": "pagefile_0x00007ff7561a0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 140700278194176, "timestamp": "00:00:15.837", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 140729467273216, "type": "region", "version": 1 }, "end_va": 140729467314175, "entry_point": 140729467273216, "filename": "\\Windows\\System32\\version.dll", "id": "region_155", "name": "version.dll", "norm_filename": "c:\\windows\\system32\\version.dll", "region_type": "memory_mapped_file", "start_va": 140729467273216, "timestamp": "00:00:15.837", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 172032, "start_va": 140729480118272, "type": "region", "version": 1 }, "end_va": 140729480290303, "entry_point": 140729480118272, "filename": "\\Windows\\System32\\winmmbase.dll", "id": "region_156", "name": "winmmbase.dll", "norm_filename": "c:\\windows\\system32\\winmmbase.dll", "region_type": "memory_mapped_file", "start_va": 140729480118272, "timestamp": "00:00:15.844", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 126976, "start_va": 140729480314880, "type": "region", "version": 1 }, "end_va": 140729480441855, "entry_point": 140729480314880, "filename": "\\Windows\\System32\\winmm.dll", "id": "region_157", "name": "winmm.dll", "norm_filename": "c:\\windows\\system32\\winmm.dll", "region_type": "memory_mapped_file", "start_va": 140729480314880, "timestamp": "00:00:15.854", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 110592, "start_va": 140729514524672, "type": "region", "version": 1 }, "end_va": 140729514635263, "entry_point": 140729514524672, "filename": "\\Windows\\System32\\mpr.dll", "id": "region_158", "name": "mpr.dll", "norm_filename": "c:\\windows\\system32\\mpr.dll", "region_type": "memory_mapped_file", "start_va": 140729514524672, "timestamp": "00:00:15.868", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2785280, "start_va": 140729514655744, "type": "region", "version": 1 }, "end_va": 140729517441023, "entry_point": 140729514655744, "filename": "\\Windows\\System32\\iertutil.dll", "id": "region_159", "name": "iertutil.dll", "norm_filename": "c:\\windows\\system32\\iertutil.dll", "region_type": "memory_mapped_file", "start_va": 140729514655744, "timestamp": "00:00:15.877", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2359296, "start_va": 140729517473792, "type": "region", "version": 1 }, "end_va": 140729519833087, "entry_point": 140729517473792, "filename": "\\Windows\\System32\\wininet.dll", "id": "region_160", "name": "wininet.dll", "norm_filename": "c:\\windows\\system32\\wininet.dll", "region_type": "memory_mapped_file", "start_va": 140729517473792, "timestamp": "00:00:15.886", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 140729531891712, "type": "region", "version": 1 }, "end_va": 140729531932671, "entry_point": 140729531891712, "filename": "\\Windows\\System32\\winnsi.dll", "id": "region_161", "name": "winnsi.dll", "norm_filename": "c:\\windows\\system32\\winnsi.dll", "region_type": "memory_mapped_file", "start_va": 140729531891712, "timestamp": "00:00:15.897", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 36864, "start_va": 140729532350464, "type": "region", "version": 1 }, "end_va": 140729532387327, "entry_point": 140729532350464, "filename": "\\Windows\\System32\\wsock32.dll", "id": "region_162", "name": "wsock32.dll", "norm_filename": "c:\\windows\\system32\\wsock32.dll", "region_type": "memory_mapped_file", "start_va": 140729532350464, "timestamp": "00:00:15.904", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 167936, "start_va": 140729534971904, "type": "region", "version": 1 }, "end_va": 140729535139839, "entry_point": 140729534971904, "filename": "\\Windows\\System32\\IPHLPAPI.DLL", "id": "region_163", "name": "iphlpapi.dll", "norm_filename": "c:\\windows\\system32\\iphlpapi.dll", "region_type": "memory_mapped_file", "start_va": 140729534971904, "timestamp": "00:00:15.913", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2465792, "start_va": 140729570230272, "type": "region", "version": 1 }, "end_va": 140729572696063, "entry_point": 140729570230272, "filename": "\\Windows\\WinSxS\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_62475f7becb72503\\comctl32.dll", "id": "region_164", "name": "comctl32.dll", "norm_filename": "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_62475f7becb72503\\comctl32.dll", "region_type": "memory_mapped_file", "start_va": 140729570230272, "timestamp": "00:00:15.922", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 659456, "start_va": 140729577242624, "type": "region", "version": 1 }, "end_va": 140729577902079, "entry_point": 140729577242624, "filename": "\\Windows\\System32\\SHCore.dll", "id": "region_165", "name": "shcore.dll", "norm_filename": "c:\\windows\\system32\\shcore.dll", "region_type": "memory_mapped_file", "start_va": 140729577242624, "timestamp": "00:00:15.934", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1187840, "start_va": 140729581699072, "type": "region", "version": 1 }, "end_va": 140729582886911, "entry_point": 140729581699072, "filename": "\\Windows\\System32\\uxtheme.dll", "id": "region_166", "name": "uxtheme.dll", "norm_filename": "c:\\windows\\system32\\uxtheme.dll", "region_type": "memory_mapped_file", "start_va": 140729581699072, "timestamp": "00:00:15.943", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 155648, "start_va": 140729583271936, "type": "region", "version": 1 }, "end_va": 140729583427583, "entry_point": 140729583271936, "filename": "\\Windows\\System32\\devobj.dll", "id": "region_167", "name": "devobj.dll", "norm_filename": "c:\\windows\\system32\\devobj.dll", "region_type": "memory_mapped_file", "start_va": 140729583271936, "timestamp": "00:00:15.952", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 126976, "start_va": 140729590874112, "type": "region", "version": 1 }, "end_va": 140729591001087, "entry_point": 140729590874112, "filename": "\\Windows\\System32\\userenv.dll", "id": "region_168", "name": "userenv.dll", "norm_filename": "c:\\windows\\system32\\userenv.dll", "region_type": "memory_mapped_file", "start_va": 140729590874112, "timestamp": "00:00:15.959", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 81920, "start_va": 140729601622016, "type": "region", "version": 1 }, "end_va": 140729601703935, "entry_point": 140729601622016, "filename": "\\Windows\\System32\\profapi.dll", "id": "region_169", "name": "profapi.dll", "norm_filename": "c:\\windows\\system32\\profapi.dll", "region_type": "memory_mapped_file", "start_va": 140729601622016, "timestamp": "00:00:15.968", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 303104, "start_va": 140729606602752, "type": "region", "version": 1 }, "end_va": 140729606905855, "entry_point": 140729606602752, "filename": "\\Windows\\System32\\cfgmgr32.dll", "id": "region_170", "name": "cfgmgr32.dll", "norm_filename": "c:\\windows\\system32\\cfgmgr32.dll", "region_type": "memory_mapped_file", "start_va": 140729606602752, "timestamp": "00:00:15.970", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1511424, "start_va": 140729606930432, "type": "region", "version": 1 }, "end_va": 140729608441855, "entry_point": 140729606930432, "filename": "\\Windows\\System32\\user32.dll", "id": "region_171", "name": "user32.dll", "norm_filename": "c:\\windows\\system32\\user32.dll", "region_type": "memory_mapped_file", "start_va": 140729606930432, "timestamp": "00:00:15.979", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 356352, "start_va": 140729608503296, "type": "region", "version": 1 }, "end_va": 140729608859647, "entry_point": 140729608503296, "filename": "\\Windows\\System32\\sechost.dll", "id": "region_172", "name": "sechost.dll", "norm_filename": "c:\\windows\\system32\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 140729608503296, "timestamp": "00:00:16.045", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 675840, "start_va": 140729608896512, "type": "region", "version": 1 }, "end_va": 140729609572351, "entry_point": 140729608896512, "filename": "\\Windows\\System32\\advapi32.dll", "id": "region_173", "name": "advapi32.dll", "norm_filename": "c:\\windows\\system32\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 140729608896512, "timestamp": "00:00:16.053", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 749568, "start_va": 140729610928128, "type": "region", "version": 1 }, "end_va": 140729611677695, "entry_point": 140729610928128, "filename": "\\Windows\\System32\\oleaut32.dll", "id": "region_174", "name": "oleaut32.dll", "norm_filename": "c:\\windows\\system32\\oleaut32.dll", "region_type": "memory_mapped_file", "start_va": 140729610928128, "timestamp": "00:00:16.108", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 684032, "start_va": 140729612173312, "type": "region", "version": 1 }, "end_va": 140729612857343, "entry_point": 140729612173312, "filename": "\\Windows\\System32\\msvcrt.dll", "id": "region_175", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\system32\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 140729612173312, "timestamp": "00:00:16.117", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1331200, "start_va": 140729612894208, "type": "region", "version": 1 }, "end_va": 140729614225407, "entry_point": 140729612894208, "filename": "\\Windows\\System32\\gdi32.dll", "id": "region_176", "name": "gdi32.dll", "norm_filename": "c:\\windows\\system32\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 140729612894208, "timestamp": "00:00:16.130", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 21032960, "start_va": 140729614270464, "type": "region", "version": 1 }, "end_va": 140729635303423, "entry_point": 140729614270464, "filename": "\\Windows\\System32\\shell32.dll", "id": "region_177", "name": "shell32.dll", "norm_filename": "c:\\windows\\system32\\shell32.dll", "region_type": "memory_mapped_file", "start_va": 140729614270464, "timestamp": "00:00:16.194", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1929216, "start_va": 140729635831808, "type": "region", "version": 1 }, "end_va": 140729637761023, "entry_point": 140729635831808, "filename": "\\Windows\\System32\\combase.dll", "id": "region_178", "name": "combase.dll", "norm_filename": "c:\\windows\\system32\\combase.dll", "region_type": "memory_mapped_file", "start_va": 140729635831808, "timestamp": "00:00:17.498", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1531904, "start_va": 140729638780928, "type": "region", "version": 1 }, "end_va": 140729640312831, "entry_point": 140729638780928, "filename": "\\Windows\\System32\\ole32.dll", "id": "region_179", "name": "ole32.dll", "norm_filename": "c:\\windows\\system32\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 140729638780928, "timestamp": "00:00:17.765", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 360448, "start_va": 140729641664512, "type": "region", "version": 1 }, "end_va": 140729642024959, "entry_point": 140729641664512, "filename": "\\Windows\\System32\\ws2_32.dll", "id": "region_180", "name": "ws2_32.dll", "norm_filename": "c:\\windows\\system32\\ws2_32.dll", "region_type": "memory_mapped_file", "start_va": 140729641664512, "timestamp": "00:00:17.951", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 630784, "start_va": 140729644023808, "type": "region", "version": 1 }, "end_va": 140729644654591, "entry_point": 140729644023808, "filename": "\\Windows\\System32\\comdlg32.dll", "id": "region_181", "name": "comdlg32.dll", "norm_filename": "c:\\windows\\system32\\comdlg32.dll", "region_type": "memory_mapped_file", "start_va": 140729644023808, "timestamp": "00:00:17.961", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1269760, "start_va": 140729644679168, "type": "region", "version": 1 }, "end_va": 140729645948927, "entry_point": 140729644679168, "filename": "\\Windows\\System32\\rpcrt4.dll", "id": "region_182", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\system32\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 140729644679168, "timestamp": "00:00:17.971", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 28672, "start_va": 140729647759360, "type": "region", "version": 1 }, "end_va": 140729647788031, "entry_point": 140729647759360, "filename": "\\Windows\\System32\\psapi.dll", "id": "region_183", "name": "psapi.dll", "norm_filename": "c:\\windows\\system32\\psapi.dll", "region_type": "memory_mapped_file", "start_va": 140729647759360, "timestamp": "00:00:18.207", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 36864, "start_va": 140729647824896, "type": "region", "version": 1 }, "end_va": 140729647861759, "entry_point": 140729647824896, "filename": "\\Windows\\System32\\nsi.dll", "id": "region_184", "name": "nsi.dll", "norm_filename": "c:\\windows\\system32\\nsi.dll", "region_type": "memory_mapped_file", "start_va": 140729647824896, "timestamp": "00:00:18.215", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 331776, "start_va": 140729647890432, "type": "region", "version": 1 }, "end_va": 140729648222207, "entry_point": 140729647890432, "filename": "\\Windows\\System32\\shlwapi.dll", "id": "region_185", "name": "shlwapi.dll", "norm_filename": "c:\\windows\\system32\\shlwapi.dll", "region_type": "memory_mapped_file", "start_va": 140729647890432, "timestamp": "00:00:18.222", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000186-addr_0x000000e8f3ed0000-size_0x0000000000007000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_306", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 28672, "start_va": 1000524808192, "type": "region", "version": 1 }, "end_va": 1000524836863, "entry_point": 0, "filename": null, "id": "region_186", "name": "private_0x000000e8f3ed0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1000524808192, "timestamp": "00:00:18.322", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000187-addr_0x000000e8f3f20000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_307", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 1000525135872, "type": "region", "version": 1 }, "end_va": 1000525201407, "entry_point": 0, "filename": null, "id": "region_187", "name": "private_0x000000e8f3f20000", "norm_filename": null, "region_type": "private_memory", "start_va": 1000525135872, "timestamp": "00:00:18.322", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 1000530313216, "type": "region", "version": 1 }, "end_va": 1000531918847, "entry_point": 0, "filename": null, "id": "region_188", "name": "pagefile_0x000000e8f4410000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1000530313216, "timestamp": "00:00:18.322", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 212992, "start_va": 140729638518784, "type": "region", "version": 1 }, "end_va": 140729638731775, "entry_point": 140729638518784, "filename": "\\Windows\\System32\\imm32.dll", "id": "region_189", "name": "imm32.dll", "norm_filename": "c:\\windows\\system32\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 140729638518784, "timestamp": "00:00:18.322", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1277952, "start_va": 140729640353792, "type": "region", "version": 1 }, "end_va": 140729641631743, "entry_point": 140729640353792, "filename": "\\Windows\\System32\\msctf.dll", "id": "region_190", "name": "msctf.dll", "norm_filename": "c:\\windows\\system32\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 140729640353792, "timestamp": "00:00:18.331", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000191-addr_0x000000e8f3ee0000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_308", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 1000524873728, "type": "region", "version": 1 }, "end_va": 1000524877823, "entry_point": 0, "filename": null, "id": "region_191", "name": "private_0x000000e8f3ee0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1000524873728, "timestamp": "00:00:18.354", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000192-addr_0x000000e8f3ef0000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_309", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 1000524939264, "type": "region", "version": 1 }, "end_va": 1000524943359, "entry_point": 0, "filename": null, "id": "region_192", "name": "private_0x000000e8f3ef0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1000524939264, "timestamp": "00:00:18.354", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 1000525070336, "type": "region", "version": 1 }, "end_va": 1000525078527, "entry_point": 0, "filename": null, "id": "region_193", "name": "pagefile_0x000000e8f3f10000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1000525070336, "timestamp": "00:00:18.354", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000194-addr_0x000000e8f3f80000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_310", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 1000525529088, "type": "region", "version": 1 }, "end_va": 1000525594623, "entry_point": 0, "filename": null, "id": "region_194", "name": "private_0x000000e8f3f80000", "norm_filename": null, "region_type": "private_memory", "start_va": 1000525529088, "timestamp": "00:00:18.354", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 1000531951616, "type": "region", "version": 1 }, "end_va": 1000533528575, "entry_point": 0, "filename": null, "id": "region_195", "name": "pagefile_0x000000e8f45a0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1000531951616, "timestamp": "00:00:18.354", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20971520, "start_va": 1000533590016, "type": "region", "version": 1 }, "end_va": 1000554561535, "entry_point": 0, "filename": null, "id": "region_196", "name": "pagefile_0x000000e8f4730000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1000533590016, "timestamp": "00:00:18.355", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 761856, "start_va": 1000554561536, "type": "region", "version": 1 }, "end_va": 1000555323391, "entry_point": 1000554561536, "filename": "\\Windows\\System32\\rpcss.dll", "id": "region_197", "name": "rpcss.dll", "norm_filename": "c:\\windows\\system32\\rpcss.dll", "region_type": "memory_mapped_file", "start_va": 1000554561536, "timestamp": "00:00:18.364", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 140729583599616, "type": "region", "version": 1 }, "end_va": 140729583640575, "entry_point": 140729583599616, "filename": "\\Windows\\System32\\kernel.appcore.dll", "id": "region_198", "name": "kernel.appcore.dll", "norm_filename": "c:\\windows\\system32\\kernel.appcore.dll", "region_type": "memory_mapped_file", "start_va": 140729583599616, "timestamp": "00:00:18.377", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 140729601490944, "type": "region", "version": 1 }, "end_va": 140729601531903, "entry_point": 140729601490944, "filename": "\\Windows\\System32\\cryptbase.dll", "id": "region_199", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\system32\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 140729601490944, "timestamp": "00:00:18.387", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 385024, "start_va": 140729599590400, "type": "region", "version": 1 }, "end_va": 140729599975423, "entry_point": 140729599590400, "filename": "\\Windows\\System32\\bcryptprimitives.dll", "id": "region_200", "name": "bcryptprimitives.dll", "norm_filename": "c:\\windows\\system32\\bcryptprimitives.dll", "region_type": "memory_mapped_file", "start_va": 140729599590400, "timestamp": "00:00:18.400", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 1000525004800, "type": "region", "version": 1 }, "end_va": 1000525008895, "entry_point": 0, "filename": null, "id": "region_201", "name": "pagefile_0x000000e8f3f00000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1000525004800, "timestamp": "00:00:18.420", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 983040, "start_va": 1000554561536, "type": "region", "version": 1 }, "end_va": 1000555544575, "entry_point": 0, "filename": null, "id": "region_202", "name": "pagefile_0x000000e8f5b30000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1000554561536, "timestamp": "00:00:18.421", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 1000525004800, "type": "region", "version": 1 }, "end_va": 1000525021183, "entry_point": 0, "filename": null, "id": "region_203", "name": "pagefile_0x000000e8f3f00000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1000525004800, "timestamp": "00:00:18.421", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000204-addr_0x000000e8f3f30000-size_0x0000000000007000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_311", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 28672, "start_va": 1000525201408, "type": "region", "version": 1 }, "end_va": 1000525230079, "entry_point": 0, "filename": null, "id": "region_204", "name": "private_0x000000e8f3f30000", "norm_filename": null, "region_type": "private_memory", "start_va": 1000525201408, "timestamp": "00:00:18.422", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000205-addr_0x000000e8f5c20000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_312", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 1000555544576, "type": "region", "version": 1 }, "end_va": 1000556593151, "entry_point": 0, "filename": null, "id": "region_205", "name": "private_0x000000e8f5c20000", "norm_filename": null, "region_type": "private_memory", "start_va": 1000555544576, "timestamp": "00:00:18.434", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000206-addr_0x000000e8f3f40000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_313", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 1000525266944, "type": "region", "version": 1 }, "end_va": 1000525271039, "entry_point": 0, "filename": null, "id": "region_206", "name": "private_0x000000e8f3f40000", "norm_filename": null, "region_type": "private_memory", "start_va": 1000525266944, "timestamp": "00:00:18.498", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 135168, "start_va": 140729575276544, "type": "region", "version": 1 }, "end_va": 140729575411711, "entry_point": 140729575276544, "filename": "\\Windows\\System32\\dwmapi.dll", "id": "region_207", "name": "dwmapi.dll", "norm_filename": "c:\\windows\\system32\\dwmapi.dll", "region_type": "memory_mapped_file", "start_va": 140729575276544, "timestamp": "00:00:18.498", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2969600, "start_va": 1000556593152, "type": "region", "version": 1 }, "end_va": 1000559562751, "entry_point": 1000556593152, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_208", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 1000556593152, "timestamp": "00:00:18.511", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 1000525332480, "type": "region", "version": 1 }, "end_va": 1000525336575, "entry_point": 0, "filename": null, "id": "region_209", "name": "pagefile_0x000000e8f3f50000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1000525332480, "timestamp": "00:00:18.518", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 196608, "start_va": 140729544015872, "type": "region", "version": 1 }, "end_va": 140729544212479, "entry_point": 140729544015872, "filename": "\\Windows\\System32\\ntmarta.dll", "id": "region_210", "name": "ntmarta.dll", "norm_filename": "c:\\windows\\system32\\ntmarta.dll", "region_type": "memory_mapped_file", "start_va": 140729544015872, "timestamp": "00:00:19.549", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 86016, "start_va": 140729541525504, "type": "region", "version": 1 }, "end_va": 140729541611519, "entry_point": 140729541525504, "filename": "\\Windows\\System32\\netapi32.dll", "id": "region_223", "name": "netapi32.dll", "norm_filename": "c:\\windows\\system32\\netapi32.dll", "region_type": "memory_mapped_file", "start_va": 140729541525504, "timestamp": "00:00:19.623", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 140729593954304, "type": "region", "version": 1 }, "end_va": 140729594003455, "entry_point": 140729593954304, "filename": "\\Windows\\System32\\netutils.dll", "id": "region_224", "name": "netutils.dll", "norm_filename": "c:\\windows\\system32\\netutils.dll", "region_type": "memory_mapped_file", "start_va": 140729593954304, "timestamp": "00:00:19.634", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 151552, "start_va": 140729599000576, "type": "region", "version": 1 }, "end_va": 140729599152127, "entry_point": 140729599000576, "filename": "\\Windows\\System32\\srvcli.dll", "id": "region_225", "name": "srvcli.dll", "norm_filename": "c:\\windows\\system32\\srvcli.dll", "region_type": "memory_mapped_file", "start_va": 140729599000576, "timestamp": "00:00:19.642", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 90112, "start_va": 140729541263360, "type": "region", "version": 1 }, "end_va": 140729541353471, "entry_point": 140729541263360, "filename": "\\Windows\\System32\\wkscli.dll", "id": "region_226", "name": "wkscli.dll", "norm_filename": "c:\\windows\\system32\\wkscli.dll", "region_type": "memory_mapped_file", "start_va": 140729541263360, "timestamp": "00:00:19.653", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 86016, "start_va": 140729541525504, "type": "region", "version": 1 }, "end_va": 140729541611519, "entry_point": 140729541529664, "filename": "\\Windows\\System32\\netapi32.dll", "id": "region_264", "name": "netapi32.dll", "norm_filename": "c:\\windows\\system32\\netapi32.dll", "region_type": "memory_mapped_file", "start_va": 140729541525504, "timestamp": "00:00:19.730", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 140729593954304, "type": "region", "version": 1 }, "end_va": 140729594003455, "entry_point": 140729593959516, "filename": "\\Windows\\System32\\netutils.dll", "id": "region_265", "name": "netutils.dll", "norm_filename": "c:\\windows\\system32\\netutils.dll", "region_type": "memory_mapped_file", "start_va": 140729593954304, "timestamp": "00:00:19.731", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 151552, "start_va": 140729599000576, "type": "region", "version": 1 }, "end_va": 140729599152127, "entry_point": 140729599004788, "filename": "\\Windows\\System32\\srvcli.dll", "id": "region_266", "name": "srvcli.dll", "norm_filename": "c:\\windows\\system32\\srvcli.dll", "region_type": "memory_mapped_file", "start_va": 140729599000576, "timestamp": "00:00:19.732", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 90112, "start_va": 140729541263360, "type": "region", "version": 1 }, "end_va": 140729541353471, "entry_point": 140729541267528, "filename": "\\Windows\\System32\\wkscli.dll", "id": "region_267", "name": "wkscli.dll", "norm_filename": "c:\\windows\\system32\\wkscli.dll", "region_type": "memory_mapped_file", "start_va": 140729541263360, "timestamp": "00:00:19.733", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 122880, "start_va": 140729594019840, "type": "region", "version": 1 }, "end_va": 140729594142719, "entry_point": 140729594019840, "filename": "\\Windows\\System32\\cryptsp.dll", "id": "region_344", "name": "cryptsp.dll", "norm_filename": "c:\\windows\\system32\\cryptsp.dll", "region_type": "memory_mapped_file", "start_va": 140729594019840, "timestamp": "00:00:20.051", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 217088, "start_va": 140729589760000, "type": "region", "version": 1 }, "end_va": 140729589977087, "entry_point": 140729589760000, "filename": "\\Windows\\System32\\rsaenh.dll", "id": "region_345", "name": "rsaenh.dll", "norm_filename": "c:\\windows\\system32\\rsaenh.dll", "region_type": "memory_mapped_file", "start_va": 140729589760000, "timestamp": "00:00:20.060", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 155648, "start_va": 140729596313600, "type": "region", "version": 1 }, "end_va": 140729596469247, "entry_point": 140729596313600, "filename": "\\Windows\\System32\\bcrypt.dll", "id": "region_346", "name": "bcrypt.dll", "norm_filename": "c:\\windows\\system32\\bcrypt.dll", "region_type": "memory_mapped_file", "start_va": 140729596313600, "timestamp": "00:00:20.074", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000887-addr_0x000000e8f6000000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_354", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 1000559607808, "type": "region", "version": 1 }, "end_va": 1000560656383, "entry_point": 0, "filename": null, "id": "region_887", "name": "private_0x000000e8f6000000", "norm_filename": null, "region_type": "private_memory", "start_va": 1000559607808, "timestamp": "00:00:25.061", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000888-addr_0x000000e8f6100000-size_0x0000000000107000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_355", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1077248, "start_va": 1000560656384, "type": "region", "version": 1 }, "end_va": 1000561733631, "entry_point": 0, "filename": null, "id": "region_888", "name": "private_0x000000e8f6100000", "norm_filename": null, "region_type": "private_memory", "start_va": 1000560656384, "timestamp": "00:00:26.324", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000889-addr_0x000000e8f6210000-size_0x0000000000103000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_356", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1060864, "start_va": 1000561770496, "type": "region", "version": 1 }, "end_va": 1000562831359, "entry_point": 0, "filename": null, "id": "region_889", "name": "private_0x000000e8f6210000", "norm_filename": null, "region_type": "private_memory", "start_va": 1000561770496, "timestamp": "00:00:26.324", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000890-addr_0x000000e8f6320000-size_0x0000000000109000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_357", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1085440, "start_va": 1000562884608, "type": "region", "version": 1 }, "end_va": 1000563970047, "entry_point": 0, "filename": null, "id": "region_890", "name": "private_0x000000e8f6320000", "norm_filename": null, "region_type": "private_memory", "start_va": 1000562884608, "timestamp": "00:00:26.324", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000891-addr_0x000000e8f6430000-size_0x000000000010b000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_358", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1093632, "start_va": 1000563998720, "type": "region", "version": 1 }, "end_va": 1000565092351, "entry_point": 0, "filename": null, "id": "region_891", "name": "private_0x000000e8f6430000", "norm_filename": null, "region_type": "private_memory", "start_va": 1000563998720, "timestamp": "00:00:26.325", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 1000525398016, "type": "region", "version": 1 }, "end_va": 1000525402111, "entry_point": 0, "filename": null, "id": "region_892", "name": "pagefile_0x000000e8f3f60000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1000525398016, "timestamp": "00:00:30.153", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 671744, "start_va": 140729637797888, "type": "region", "version": 1 }, "end_va": 140729638469631, "entry_point": 140729637802352, "filename": "\\Windows\\System32\\clbcatq.dll", "id": "region_893", "name": "clbcatq.dll", "norm_filename": "c:\\windows\\system32\\clbcatq.dll", "region_type": "memory_mapped_file", "start_va": 140729637797888, "timestamp": "00:00:30.154", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 1000525463552, "type": "region", "version": 1 }, "end_va": 1000525467647, "entry_point": 0, "filename": null, "id": "region_894", "name": "pagefile_0x000000e8f3f70000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1000525463552, "timestamp": "00:00:30.157", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000895-addr_0x000000e8f6100000-size_0x0000000000400000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_359", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4194304, "start_va": 1000560656384, "type": "region", "version": 1 }, "end_va": 1000564850687, "entry_point": 0, "filename": null, "id": "region_895", "name": "private_0x000000e8f6100000", "norm_filename": null, "region_type": "private_memory", "start_va": 1000560656384, "timestamp": "00:00:30.188", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000896-addr_0x00007ff7562cc000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_360", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 140700279422976, "type": "region", "version": 1 }, "end_va": 140700279431167, "entry_point": 0, "filename": null, "id": "region_896", "name": "private_0x00007ff7562cc000", "norm_filename": null, "region_type": "private_memory", "start_va": 140700279422976, "timestamp": "00:00:30.189", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1925120, "start_va": 140729642057728, "type": "region", "version": 1 }, "end_va": 140729643982847, "entry_point": 140729642062016, "filename": "\\Windows\\System32\\setupapi.dll", "id": "region_897", "name": "setupapi.dll", "norm_filename": "c:\\windows\\system32\\setupapi.dll", "region_type": "memory_mapped_file", "start_va": 140729642057728, "timestamp": "00:00:30.189", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 12288, "start_va": 1000525594624, "type": "region", "version": 1 }, "end_va": 1000525606911, "entry_point": 0, "filename": null, "id": "region_898", "name": "pagefile_0x000000e8f3f90000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1000525594624, "timestamp": "00:00:30.227", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 1000525660160, "type": "region", "version": 1 }, "end_va": 1000525664255, "entry_point": 0, "filename": null, "id": "region_899", "name": "pagefile_0x000000e8f3fa0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1000525660160, "timestamp": "00:00:30.227", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4169728, "start_va": 1000564850688, "type": "region", "version": 1 }, "end_va": 1000569020415, "entry_point": 0, "filename": null, "id": "region_900", "name": "pagefile_0x000000e8f6500000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1000564850688, "timestamp": "00:00:30.227", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000901-addr_0x000000e8f6900000-size_0x0000000000400000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_361", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4194304, "start_va": 1000569044992, "type": "region", "version": 1 }, "end_va": 1000573239295, "entry_point": 0, "filename": null, "id": "region_901", "name": "private_0x000000e8f6900000", "norm_filename": null, "region_type": "private_memory", "start_va": 1000569044992, "timestamp": "00:00:30.228", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000902-addr_0x00007ff7562ca000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_362", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 140700279414784, "type": "region", "version": 1 }, "end_va": 140700279422975, "entry_point": 0, "filename": null, "id": "region_902", "name": "private_0x00007ff7562ca000", "norm_filename": null, "region_type": "private_memory", "start_va": 140700279414784, "timestamp": "00:00:30.228", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1458176, "start_va": 140729546637312, "type": "region", "version": 1 }, "end_va": 140729548095487, "entry_point": 140729546776816, "filename": "\\Windows\\System32\\propsys.dll", "id": "region_903", "name": "propsys.dll", "norm_filename": "c:\\windows\\system32\\propsys.dll", "region_type": "memory_mapped_file", "start_va": 140729546637312, "timestamp": "00:00:30.228", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 1000525725696, "type": "region", "version": 1 }, "end_va": 1000525742079, "entry_point": 1000525725696, "filename": "\\Users\\5JgHKoaOfdp\\AppData\\Local\\Microsoft\\Windows\\Caches\\cversions.1.db", "id": "region_904", "name": "cversions.1.db", "norm_filename": "c:\\users\\5jghkoaofdp\\appdata\\local\\microsoft\\windows\\caches\\cversions.1.db", "region_type": "memory_mapped_file", "start_va": 1000525725696, "timestamp": "00:00:30.231", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable" ], "ref_process_dump": null, "size": 110592, "start_va": 1000525791232, "type": "region", "version": 1 }, "end_va": 1000525901823, "entry_point": 1000525791232, "filename": "\\Users\\5JgHKoaOfdp\\AppData\\Local\\Microsoft\\Windows\\Caches\\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x000000000000001a.db", "id": "region_905", "name": "{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x000000000000001a.db", "norm_filename": "c:\\users\\5jghkoaofdp\\appdata\\local\\microsoft\\windows\\caches\\{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x000000000000001a.db", "region_type": "memory_mapped_file", "start_va": 1000525791232, "timestamp": "00:00:30.232", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 1000525725696, "type": "region", "version": 1 }, "end_va": 1000525729791, "entry_point": 0, "filename": null, "id": "region_906", "name": "pagefile_0x000000e8f3fb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1000525725696, "timestamp": "00:00:30.233", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000907-addr_0x000000e8f6d00000-size_0x0000000000101000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_363", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1052672, "start_va": 1000573239296, "type": "region", "version": 1 }, "end_va": 1000574291967, "entry_point": 0, "filename": null, "id": "region_907", "name": "private_0x000000e8f6d00000", "norm_filename": null, "region_type": "private_memory", "start_va": 1000573239296, "timestamp": "00:00:30.234", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 45056, "start_va": 140729485426688, "type": "region", "version": 1 }, "end_va": 140729485471743, "entry_point": 140729485430832, "filename": "\\Windows\\System32\\secur32.dll", "id": "region_1060", "name": "secur32.dll", "norm_filename": "c:\\windows\\system32\\secur32.dll", "region_type": "memory_mapped_file", "start_va": 140729485426688, "timestamp": "00:00:30.444", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 176128, "start_va": 140729599393792, "type": "region", "version": 1 }, "end_va": 140729599569919, "entry_point": 140729599399056, "filename": "\\Windows\\System32\\sspicli.dll", "id": "region_1061", "name": "sspicli.dll", "norm_filename": "c:\\windows\\system32\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 140729599393792, "timestamp": "00:00:30.446", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00001062-addr_0x000000e8f3fe0000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_419", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 1000525922304, "type": "region", "version": 1 }, "end_va": 1000525926399, "entry_point": 1000525922304, "filename": "\\Users\\5JgHKoaOfdp\\AppData\\Local\\Microsoft\\Windows\\INetCache\\counters.dat", "id": "region_1062", "name": "counters.dat", "norm_filename": "c:\\users\\5jghkoaofdp\\appdata\\local\\microsoft\\windows\\inetcache\\counters.dat", "region_type": "memory_mapped_file", "start_va": 1000525922304, "timestamp": "00:00:30.449", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 140729559154688, "type": "region", "version": 1 }, "end_va": 140729559203839, "entry_point": 140729559154688, "filename": "\\Windows\\System32\\OnDemandConnRouteHelper.dll", "id": "region_1063", "name": "ondemandconnroutehelper.dll", "norm_filename": "c:\\windows\\system32\\ondemandconnroutehelper.dll", "region_type": "memory_mapped_file", "start_va": 140729559154688, "timestamp": "00:00:30.455", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 806912, "start_va": 140729470156800, "type": "region", "version": 1 }, "end_va": 140729470963711, "entry_point": 140729470161052, "filename": "\\Windows\\System32\\winhttp.dll", "id": "region_1064", "name": "winhttp.dll", "norm_filename": "c:\\windows\\system32\\winhttp.dll", "region_type": "memory_mapped_file", "start_va": 140729470156800, "timestamp": "00:00:30.466", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00001065-addr_0x000000e8f6d00000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_420", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 1000573239296, "type": "region", "version": 1 }, "end_va": 1000574287871, "entry_point": 0, "filename": null, "id": "region_1065", "name": "private_0x000000e8f6d00000", "norm_filename": null, "region_type": "private_memory", "start_va": 1000573239296, "timestamp": "00:00:30.469", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1929216, "start_va": 140729604636672, "type": "region", "version": 1 }, "end_va": 140729606565887, "entry_point": 140729604640932, "filename": "\\Windows\\System32\\crypt32.dll", "id": "region_1066", "name": "crypt32.dll", "norm_filename": "c:\\windows\\system32\\crypt32.dll", "region_type": "memory_mapped_file", "start_va": 140729604636672, "timestamp": "00:00:30.478", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 73728, "start_va": 140729602342912, "type": "region", "version": 1 }, "end_va": 140729602416639, "entry_point": 140729602347252, "filename": "\\Windows\\System32\\msasn1.dll", "id": "region_1067", "name": "msasn1.dll", "norm_filename": "c:\\windows\\system32\\msasn1.dll", "region_type": "memory_mapped_file", "start_va": 140729602342912, "timestamp": "00:00:30.480", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00001068-addr_0x000000e8f6e00000-size_0x0000000000400000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_421", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4194304, "start_va": 1000574287872, "type": "region", "version": 1 }, "end_va": 1000578482175, "entry_point": 0, "filename": null, "id": "region_1068", "name": "private_0x000000e8f6e00000", "norm_filename": null, "region_type": "private_memory", "start_va": 1000574287872, "timestamp": "00:00:30.498", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00001069-addr_0x00007ff7562c8000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_422", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 140700279406592, "type": "region", "version": 1 }, "end_va": 140700279414783, "entry_point": 0, "filename": null, "id": "region_1069", "name": "private_0x00007ff7562c8000", "norm_filename": null, "region_type": "private_memory", "start_va": 140700279406592, "timestamp": "00:00:30.498", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 360448, "start_va": 140729593561088, "type": "region", "version": 1 }, "end_va": 140729593921535, "entry_point": 140729593565200, "filename": "\\Windows\\System32\\mswsock.dll", "id": "region_1070", "name": "mswsock.dll", "norm_filename": "c:\\windows\\system32\\mswsock.dll", "region_type": "memory_mapped_file", "start_va": 140729593561088, "timestamp": "00:00:30.498", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00001237-addr_0x000000e8f7200000-size_0x0000000000400000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_429", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4194304, "start_va": 1000578482176, "type": "region", "version": 1 }, "end_va": 1000582676479, "entry_point": 0, "filename": null, "id": "region_1237", "name": "private_0x000000e8f7200000", "norm_filename": null, "region_type": "private_memory", "start_va": 1000578482176, "timestamp": "00:00:30.655", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00001238-addr_0x000000e8f7600000-size_0x0000000000400000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_430", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4194304, "start_va": 1000582676480, "type": "region", "version": 1 }, "end_va": 1000586870783, "entry_point": 0, "filename": null, "id": "region_1238", "name": "private_0x000000e8f7600000", "norm_filename": null, "region_type": "private_memory", "start_va": 1000582676480, "timestamp": "00:00:30.656", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00001239-addr_0x000000e8f7a00000-size_0x0000000000400000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_431", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4194304, "start_va": 1000586870784, "type": "region", "version": 1 }, "end_va": 1000591065087, "entry_point": 0, "filename": null, "id": "region_1239", "name": "private_0x000000e8f7a00000", "norm_filename": null, "region_type": "private_memory", "start_va": 1000586870784, "timestamp": "00:00:30.656", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00001240-addr_0x00007ff75619c000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_432", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 140700278177792, "type": "region", "version": 1 }, "end_va": 140700278185983, "entry_point": 0, "filename": null, "id": "region_1240", "name": "private_0x00007ff75619c000", "norm_filename": null, "region_type": "private_memory", "start_va": 140700278177792, "timestamp": "00:00:30.657", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00001241-addr_0x00007ff75619e000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_433", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 140700278185984, "type": "region", "version": 1 }, "end_va": 140700278194175, "entry_point": 0, "filename": null, "id": "region_1241", "name": "private_0x00007ff75619e000", "norm_filename": null, "region_type": "private_memory", "start_va": 140700278185984, "timestamp": "00:00:30.657", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00001242-addr_0x00007ff7562c6000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_434", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 140700279398400, "type": "region", "version": 1 }, "end_va": 140700279406591, "entry_point": 0, "filename": null, "id": "region_1242", "name": "private_0x00007ff7562c6000", "norm_filename": null, "region_type": "private_memory", "start_va": 140700279398400, "timestamp": "00:00:30.657", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1437696, "start_va": 140729485492224, "type": "region", "version": 1 }, "end_va": 140729486929919, "entry_point": 140729485492224, "filename": "\\Windows\\System32\\urlmon.dll", "id": "region_1243", "name": "urlmon.dll", "norm_filename": "c:\\windows\\system32\\urlmon.dll", "region_type": "memory_mapped_file", "start_va": 140729485492224, "timestamp": "00:00:30.657", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 65536, "start_va": 1000525987840, "type": "region", "version": 1 }, "end_va": 1000526053375, "entry_point": 0, "filename": null, "id": "region_1244", "name": "pagefile_0x000000e8f3ff0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1000525987840, "timestamp": "00:00:30.675", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 667648, "start_va": 140729591267328, "type": "region", "version": 1 }, "end_va": 140729591934975, "entry_point": 140729591356392, "filename": "\\Windows\\System32\\dnsapi.dll", "id": "region_1245", "name": "dnsapi.dll", "norm_filename": "c:\\windows\\system32\\dnsapi.dll", "region_type": "memory_mapped_file", "start_va": 140729591267328, "timestamp": "00:00:30.678", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 1000526053376, "type": "region", "version": 1 }, "end_va": 1000526057471, "entry_point": 0, "filename": null, "id": "region_1313", "name": "pagefile_0x000000e8f4000000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1000526053376, "timestamp": "00:00:30.817", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 36864, "start_va": 140729461571584, "type": "region", "version": 1 }, "end_va": 140729461608447, "entry_point": 140729461576324, "filename": "\\Windows\\System32\\rasadhlp.dll", "id": "region_1335", "name": "rasadhlp.dll", "norm_filename": "c:\\windows\\system32\\rasadhlp.dll", "region_type": "memory_mapped_file", "start_va": 140729461571584, "timestamp": "00:00:30.870", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 421888, "start_va": 140729523961856, "type": "region", "version": 1 }, "end_va": 140729524383743, "entry_point": 140729523969044, "filename": "\\Windows\\System32\\FWPUCLNT.DLL", "id": "region_1336", "name": "fwpuclnt.dll", "norm_filename": "c:\\windows\\system32\\fwpuclnt.dll", "region_type": "memory_mapped_file", "start_va": 140729523961856, "timestamp": "00:00:30.871", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 1000591065088, "type": "region", "version": 1 }, "end_va": 1000591073279, "entry_point": 0, "filename": null, "id": "region_1361", "name": "pagefile_0x000000e8f7e00000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1000591065088, "timestamp": "00:00:30.922", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 442368, "start_va": 140729589039104, "type": "region", "version": 1 }, "end_va": 140729589481471, "entry_point": 140729589132976, "filename": "\\Windows\\System32\\schannel.dll", "id": "region_1362", "name": "schannel.dll", "norm_filename": "c:\\windows\\system32\\schannel.dll", "region_type": "memory_mapped_file", "start_va": 140729589039104, "timestamp": "00:00:30.925", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00001396-addr_0x000000e8f7e10000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_489", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 1000591130624, "type": "region", "version": 1 }, "end_va": 1000591138815, "entry_point": 0, "filename": null, "id": "region_1396", "name": "private_0x000000e8f7e10000", "norm_filename": null, "region_type": "private_memory", "start_va": 1000591130624, "timestamp": "00:00:31.030", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00001397-addr_0x000000e8f7e20000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_490", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 1000591196160, "type": "region", "version": 1 }, "end_va": 1000591200255, "entry_point": 0, "filename": null, "id": "region_1397", "name": "private_0x000000e8f7e20000", "norm_filename": null, "region_type": "private_memory", "start_va": 1000591196160, "timestamp": "00:00:31.031", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 319488, "start_va": 140729603194880, "type": "region", "version": 1 }, "end_va": 140729603514367, "entry_point": 140729603199608, "filename": "\\Windows\\System32\\wintrust.dll", "id": "region_1407", "name": "wintrust.dll", "norm_filename": "c:\\windows\\system32\\wintrust.dll", "region_type": "memory_mapped_file", "start_va": 140729603194880, "timestamp": "00:00:31.058", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 143360, "start_va": 140729586941952, "type": "region", "version": 1 }, "end_va": 140729587085311, "entry_point": 140729586946208, "filename": "\\Windows\\System32\\gpapi.dll", "id": "region_1408", "name": "gpapi.dll", "norm_filename": "c:\\windows\\system32\\gpapi.dll", "region_type": "memory_mapped_file", "start_va": 140729586941952, "timestamp": "00:00:31.076", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 147456, "start_va": 140729596116992, "type": "region", "version": 1 }, "end_va": 140729596264447, "entry_point": 140729596147952, "filename": "\\Windows\\System32\\ncrypt.dll", "id": "region_1409", "name": "ncrypt.dll", "norm_filename": "c:\\windows\\system32\\ncrypt.dll", "region_type": "memory_mapped_file", "start_va": 140729596116992, "timestamp": "00:00:31.100", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 237568, "start_va": 140729595854848, "type": "region", "version": 1 }, "end_va": 140729596092415, "entry_point": 140729596010208, "filename": "\\Windows\\System32\\ntasn1.dll", "id": "region_1410", "name": "ntasn1.dll", "norm_filename": "c:\\windows\\system32\\ntasn1.dll", "region_type": "memory_mapped_file", "start_va": 140729595854848, "timestamp": "00:00:31.101", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 110592, "start_va": 140729379127296, "type": "region", "version": 1 }, "end_va": 140729379237887, "entry_point": 140729379207944, "filename": "\\Windows\\System32\\ncryptsslp.dll", "id": "region_1411", "name": "ncryptsslp.dll", "norm_filename": "c:\\windows\\system32\\ncryptsslp.dll", "region_type": "memory_mapped_file", "start_va": 140729379127296, "timestamp": "00:00:31.138", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "C:\\Windows\\system32\\cmd.exe /c schtasks /create /sc onlogon /tn 3123635631 /rl highest /tr C:\\PROGRA~1\\COMMON~1\\WANACR~1.EXE", "filename": "c:\\windows\\system32\\cmd.exe", "id": "proc_2", "image_name": "cmd.exe", "monitor_reason": "child_process", "monitored_id": 2, "origin_monitor_id": 1, "ref_parent_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "process_00000002-region_00000211-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable" ], "ref_process_dump": { "ref_id": "proc_dump_314", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_211", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:00:19.611", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000212-addr_0x000000c2ce910000-size_0x0000000000020000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_315", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 131072, "start_va": 836689264640, "type": "region", "version": 1 }, "end_va": 836689395711, "entry_point": 0, "filename": null, "id": "region_212", "name": "private_0x000000c2ce910000", "norm_filename": null, "region_type": "private_memory", "start_va": 836689264640, "timestamp": "00:00:19.611", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 61440, "start_va": 836689395712, "type": "region", "version": 1 }, "end_va": 836689457151, "entry_point": 0, "filename": null, "id": "region_213", "name": "pagefile_0x000000c2ce930000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 836689395712, "timestamp": "00:00:19.611", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000214-addr_0x000000c2ce940000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_316", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 836689461248, "type": "region", "version": 1 }, "end_va": 836690509823, "entry_point": 0, "filename": null, "id": "region_214", "name": "private_0x000000c2ce940000", "norm_filename": null, "region_type": "private_memory", "start_va": 836689461248, "timestamp": "00:00:19.611", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 836690509824, "type": "region", "version": 1 }, "end_va": 836690526207, "entry_point": 0, "filename": null, "id": "region_215", "name": "pagefile_0x000000c2cea40000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 836690509824, "timestamp": "00:00:19.611", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 836690575360, "type": "region", "version": 1 }, "end_va": 836690579455, "entry_point": 0, "filename": null, "id": "region_216", "name": "pagefile_0x000000c2cea50000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 836690575360, "timestamp": "00:00:19.611", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000217-addr_0x000000c2cea60000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_317", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 836690640896, "type": "region", "version": 1 }, "end_va": 836690649087, "entry_point": 0, "filename": null, "id": "region_217", "name": "private_0x000000c2cea60000", "norm_filename": null, "region_type": "private_memory", "start_va": 836690640896, "timestamp": "00:00:19.612", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 140695117758464, "type": "region", "version": 1 }, "end_va": 140695117901823, "entry_point": 0, "filename": null, "id": "region_218", "name": "pagefile_0x00007ff622840000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 140695117758464, "timestamp": "00:00:19.612", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000219-addr_0x00007ff62286d000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_318", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 140695117942784, "type": "region", "version": 1 }, "end_va": 140695117946879, "entry_point": 0, "filename": null, "id": "region_219", "name": "private_0x00007ff62286d000", "norm_filename": null, "region_type": "private_memory", "start_va": 140695117942784, "timestamp": "00:00:19.612", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000220-addr_0x00007ff62286e000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_319", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 140695117946880, "type": "region", "version": 1 }, "end_va": 140695117955071, "entry_point": 0, "filename": null, "id": "region_220", "name": "private_0x00007ff62286e000", "norm_filename": null, "region_type": "private_memory", "start_va": 140695117946880, "timestamp": "00:00:19.612", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 372736, "start_va": 140695127195648, "type": "region", "version": 1 }, "end_va": 140695127568383, "entry_point": 140695127195648, "filename": "\\Windows\\System32\\cmd.exe", "id": "region_221", "name": "cmd.exe", "norm_filename": "c:\\windows\\system32\\cmd.exe", "region_type": "memory_mapped_file", "start_va": 140695127195648, "timestamp": "00:00:19.612", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 140729648283648, "type": "region", "version": 1 }, "end_va": 140729650024447, "entry_point": 140729648283648, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_222", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 140729648283648, "timestamp": "00:00:19.620", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000227-addr_0x000000c2ceb60000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_320", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 836691689472, "type": "region", "version": 1 }, "end_va": 836692738047, "entry_point": 0, "filename": null, "id": "region_227", "name": "private_0x000000c2ceb60000", "norm_filename": null, "region_type": "private_memory", "start_va": 836691689472, "timestamp": "00:00:19.675", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1105920, "start_va": 140729603522560, "type": "region", "version": 1 }, "end_va": 140729604628479, "entry_point": 140729603531424, "filename": "\\Windows\\System32\\KernelBase.dll", "id": "region_228", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\system32\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 140729603522560, "timestamp": "00:00:19.675", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1282048, "start_va": 140729609617408, "type": "region", "version": 1 }, "end_va": 140729610899455, "entry_point": 140729609637940, "filename": "\\Windows\\System32\\kernel32.dll", "id": "region_229", "name": "kernel32.dll", "norm_filename": "c:\\windows\\system32\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 140729609617408, "timestamp": "00:00:19.675", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 836689264640, "type": "region", "version": 1 }, "end_va": 836689330175, "entry_point": 0, "filename": null, "id": "region_289", "name": "pagefile_0x000000c2ce910000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 836689264640, "timestamp": "00:00:19.894", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000290-addr_0x000000c2ce920000-size_0x0000000000007000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_337", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 28672, "start_va": 836689330176, "type": "region", "version": 1 }, "end_va": 836689358847, "entry_point": 0, "filename": null, "id": "region_290", "name": "private_0x000000c2ce920000", "norm_filename": null, "region_type": "private_memory", "start_va": 836689330176, "timestamp": "00:00:19.894", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 516096, "start_va": 836690706432, "type": "region", "version": 1 }, "end_va": 836691222527, "entry_point": 836690706432, "filename": "\\Windows\\System32\\locale.nls", "id": "region_291", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 836690706432, "timestamp": "00:00:19.894", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000292-addr_0x000000c2ced00000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_338", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 836693393408, "type": "region", "version": 1 }, "end_va": 836693458943, "entry_point": 0, "filename": null, "id": "region_292", "name": "private_0x000000c2ced00000", "norm_filename": null, "region_type": "private_memory", "start_va": 836693393408, "timestamp": "00:00:19.895", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 140695116709888, "type": "region", "version": 1 }, "end_va": 140695117758463, "entry_point": 0, "filename": null, "id": "region_293", "name": "pagefile_0x00007ff622740000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 140695116709888, "timestamp": "00:00:19.895", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 684032, "start_va": 140729612173312, "type": "region", "version": 1 }, "end_va": 140729612857343, "entry_point": 140729612183596, "filename": "\\Windows\\System32\\msvcrt.dll", "id": "region_294", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\system32\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 140729612173312, "timestamp": "00:00:19.895", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "schtasks /create /sc onlogon /tn 3123635631 /rl highest /tr C:\\PROGRA~1\\COMMON~1\\WANACR~1.EXE", "filename": "c:\\windows\\system32\\schtasks.exe", "id": "proc_4", "image_name": "schtasks.exe", "monitor_reason": "child_process", "monitored_id": 4, "origin_monitor_id": 2, "ref_parent_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "process_00000004-region_00000295-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable" ], "ref_process_dump": { "ref_id": "proc_dump_339", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_295", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:00:19.923", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00000296-addr_0x00000056c4060000-size_0x0000000000020000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_340", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 131072, "start_va": 372655915008, "type": "region", "version": 1 }, "end_va": 372656046079, "entry_point": 0, "filename": null, "id": "region_296", "name": "private_0x00000056c4060000", "norm_filename": null, "region_type": "private_memory", "start_va": 372655915008, "timestamp": "00:00:19.924", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 61440, "start_va": 372656046080, "type": "region", "version": 1 }, "end_va": 372656107519, "entry_point": 0, "filename": null, "id": "region_297", "name": "pagefile_0x00000056c4080000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 372656046080, "timestamp": "00:00:19.924", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00000298-addr_0x00000056c4090000-size_0x0000000000080000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_341", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 524288, "start_va": 372656111616, "type": "region", "version": 1 }, "end_va": 372656635903, "entry_point": 0, "filename": null, "id": "region_298", "name": "private_0x00000056c4090000", "norm_filename": null, "region_type": "private_memory", "start_va": 372656111616, "timestamp": "00:00:19.924", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 372656635904, "type": "region", "version": 1 }, "end_va": 372656652287, "entry_point": 0, "filename": null, "id": "region_299", "name": "pagefile_0x00000056c4110000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 372656635904, "timestamp": "00:00:19.924", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 372656701440, "type": "region", "version": 1 }, "end_va": 372656705535, "entry_point": 0, "filename": null, "id": "region_300", "name": "pagefile_0x00000056c4120000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 372656701440, "timestamp": "00:00:19.924", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00000301-addr_0x00000056c4130000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_342", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 372656766976, "type": "region", "version": 1 }, "end_va": 372656775167, "entry_point": 0, "filename": null, "id": "region_301", "name": "private_0x00000056c4130000", "norm_filename": null, "region_type": "private_memory", "start_va": 372656766976, "timestamp": "00:00:19.924", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 140696293343232, "type": "region", "version": 1 }, "end_va": 140696293486591, "entry_point": 0, "filename": null, "id": "region_302", "name": "pagefile_0x00007ff668960000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 140696293343232, "timestamp": "00:00:19.924", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00000303-addr_0x00007ff66898d000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_343", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 140696293527552, "type": "region", "version": 1 }, "end_va": 140696293535743, "entry_point": 0, "filename": null, "id": "region_303", "name": "private_0x00007ff66898d000", "norm_filename": null, "region_type": "private_memory", "start_va": 140696293527552, "timestamp": "00:00:19.925", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00000304-addr_0x00007ff66898f000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_344", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 140696293535744, "type": "region", "version": 1 }, "end_va": 140696293539839, "entry_point": 0, "filename": null, "id": "region_304", "name": "private_0x00007ff66898f000", "norm_filename": null, "region_type": "private_memory", "start_va": 140696293535744, "timestamp": "00:00:19.925", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 233472, "start_va": 140696304287744, "type": "region", "version": 1 }, "end_va": 140696304521215, "entry_point": 140696304287744, "filename": "\\Windows\\System32\\schtasks.exe", "id": "region_305", "name": "schtasks.exe", "norm_filename": "c:\\windows\\system32\\schtasks.exe", "region_type": "memory_mapped_file", "start_va": 140696304287744, "timestamp": "00:00:19.925", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 140729648283648, "type": "region", "version": 1 }, "end_va": 140729650024447, "entry_point": 140729648283648, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_306", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 140729648283648, "timestamp": "00:00:19.933", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00000307-addr_0x00000056c4230000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_345", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 372657815552, "type": "region", "version": 1 }, "end_va": 372658864127, "entry_point": 0, "filename": null, "id": "region_307", "name": "private_0x00000056c4230000", "norm_filename": null, "region_type": "private_memory", "start_va": 372657815552, "timestamp": "00:00:19.945", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1105920, "start_va": 140729603522560, "type": "region", "version": 1 }, "end_va": 140729604628479, "entry_point": 140729603531424, "filename": "\\Windows\\System32\\KernelBase.dll", "id": "region_308", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\system32\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 140729603522560, "timestamp": "00:00:19.945", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1282048, "start_va": 140729609617408, "type": "region", "version": 1 }, "end_va": 140729610899455, "entry_point": 140729609637940, "filename": "\\Windows\\System32\\kernel32.dll", "id": "region_309", "name": "kernel32.dll", "norm_filename": "c:\\windows\\system32\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 140729609617408, "timestamp": "00:00:19.946", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 372655915008, "type": "region", "version": 1 }, "end_va": 372655980543, "entry_point": 0, "filename": null, "id": "region_310", "name": "pagefile_0x00000056c4060000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 372655915008, "timestamp": "00:00:19.967", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00000311-addr_0x00000056c4070000-size_0x0000000000007000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_346", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 28672, "start_va": 372655980544, "type": "region", "version": 1 }, "end_va": 372656009215, "entry_point": 0, "filename": null, "id": "region_311", "name": "private_0x00000056c4070000", "norm_filename": null, "region_type": "private_memory", "start_va": 372655980544, "timestamp": "00:00:19.968", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 516096, "start_va": 372656832512, "type": "region", "version": 1 }, "end_va": 372657348607, "entry_point": 372656832512, "filename": "\\Windows\\System32\\locale.nls", "id": "region_312", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 372656832512, "timestamp": "00:00:19.968", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00000313-addr_0x00000056c41c0000-size_0x0000000000007000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_347", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 28672, "start_va": 372657356800, "type": "region", "version": 1 }, "end_va": 372657385471, "entry_point": 0, "filename": null, "id": "region_313", "name": "private_0x00000056c41c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 372657356800, "timestamp": "00:00:19.970", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 12288, "start_va": 372657422336, "type": "region", "version": 1 }, "end_va": 372657434623, "entry_point": 0, "filename": null, "id": "region_314", "name": "pagefile_0x00000056c41d0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 372657422336, "timestamp": "00:00:19.970", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 372657487872, "type": "region", "version": 1 }, "end_va": 372657491967, "entry_point": 0, "filename": null, "id": "region_315", "name": "pagefile_0x00000056c41e0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 372657487872, "timestamp": "00:00:19.970", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00000316-addr_0x00000056c41f0000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_348", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 372657553408, "type": "region", "version": 1 }, "end_va": 372657557503, "entry_point": 0, "filename": null, "id": "region_316", "name": "private_0x00000056c41f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 372657553408, "timestamp": "00:00:19.970", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00000317-addr_0x00000056c4200000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_349", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 372657618944, "type": "region", "version": 1 }, "end_va": 372657623039, "entry_point": 0, "filename": null, "id": "region_317", "name": "private_0x00000056c4200000", "norm_filename": null, "region_type": "private_memory", "start_va": 372657618944, "timestamp": "00:00:19.971", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00000318-addr_0x00000056c4460000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_350", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 372660109312, "type": "region", "version": 1 }, "end_va": 372660174847, "entry_point": 0, "filename": null, "id": "region_318", "name": "private_0x00000056c4460000", "norm_filename": null, "region_type": "private_memory", "start_va": 372660109312, "timestamp": "00:00:19.971", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 372660174848, "type": "region", "version": 1 }, "end_va": 372661780479, "entry_point": 0, "filename": null, "id": "region_319", "name": "pagefile_0x00000056c4470000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 372660174848, "timestamp": "00:00:19.971", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 372661813248, "type": "region", "version": 1 }, "end_va": 372663390207, "entry_point": 0, "filename": null, "id": "region_320", "name": "pagefile_0x00000056c4600000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 372661813248, "timestamp": "00:00:19.971", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20971520, "start_va": 372663451648, "type": "region", "version": 1 }, "end_va": 372684423167, "entry_point": 0, "filename": null, "id": "region_321", "name": "pagefile_0x00000056c4790000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 372663451648, "timestamp": "00:00:19.971", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4169728, "start_va": 372684423168, "type": "region", "version": 1 }, "end_va": 372688592895, "entry_point": 0, "filename": null, "id": "region_322", "name": "pagefile_0x00000056c5b90000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 372684423168, "timestamp": "00:00:19.971", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 140696292294656, "type": "region", "version": 1 }, "end_va": 140696293343231, "entry_point": 0, "filename": null, "id": "region_323", "name": "pagefile_0x00007ff668860000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 140696292294656, "timestamp": "00:00:19.971", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 45056, "start_va": 140729519964160, "type": "region", "version": 1 }, "end_va": 140729520009215, "entry_point": 140729519964160, "filename": "\\Windows\\System32\\ktmw32.dll", "id": "region_324", "name": "ktmw32.dll", "norm_filename": "c:\\windows\\system32\\ktmw32.dll", "region_type": "memory_mapped_file", "start_va": 140729519964160, "timestamp": "00:00:19.972", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1511424, "start_va": 140729606930432, "type": "region", "version": 1 }, "end_va": 140729608441855, "entry_point": 140729607084736, "filename": "\\Windows\\System32\\user32.dll", "id": "region_325", "name": "user32.dll", "norm_filename": "c:\\windows\\system32\\user32.dll", "region_type": "memory_mapped_file", "start_va": 140729606930432, "timestamp": "00:00:19.982", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 356352, "start_va": 140729608503296, "type": "region", "version": 1 }, "end_va": 140729608859647, "entry_point": 140729608512768, "filename": "\\Windows\\System32\\sechost.dll", "id": "region_326", "name": "sechost.dll", "norm_filename": "c:\\windows\\system32\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 140729608503296, "timestamp": "00:00:19.983", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 749568, "start_va": 140729610928128, "type": "region", "version": 1 }, "end_va": 140729611677695, "entry_point": 140729610932512, "filename": "\\Windows\\System32\\oleaut32.dll", "id": "region_327", "name": "oleaut32.dll", "norm_filename": "c:\\windows\\system32\\oleaut32.dll", "region_type": "memory_mapped_file", "start_va": 140729610928128, "timestamp": "00:00:19.983", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 684032, "start_va": 140729612173312, "type": "region", "version": 1 }, "end_va": 140729612857343, "entry_point": 140729612183596, "filename": "\\Windows\\System32\\msvcrt.dll", "id": "region_328", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\system32\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 140729612173312, "timestamp": "00:00:19.984", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1331200, "start_va": 140729612894208, "type": "region", "version": 1 }, "end_va": 140729614225407, "entry_point": 140729612967000, "filename": "\\Windows\\System32\\gdi32.dll", "id": "region_329", "name": "gdi32.dll", "norm_filename": "c:\\windows\\system32\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 140729612894208, "timestamp": "00:00:19.984", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1929216, "start_va": 140729635831808, "type": "region", "version": 1 }, "end_va": 140729637761023, "entry_point": 140729635839840, "filename": "\\Windows\\System32\\combase.dll", "id": "region_330", "name": "combase.dll", "norm_filename": "c:\\windows\\system32\\combase.dll", "region_type": "memory_mapped_file", "start_va": 140729635831808, "timestamp": "00:00:19.985", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 212992, "start_va": 140729638518784, "type": "region", "version": 1 }, "end_va": 140729638731775, "entry_point": 140729638522928, "filename": "\\Windows\\System32\\imm32.dll", "id": "region_331", "name": "imm32.dll", "norm_filename": "c:\\windows\\system32\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 140729638518784, "timestamp": "00:00:19.985", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1531904, "start_va": 140729638780928, "type": "region", "version": 1 }, "end_va": 140729640312831, "entry_point": 140729638785204, "filename": "\\Windows\\System32\\ole32.dll", "id": "region_332", "name": "ole32.dll", "norm_filename": "c:\\windows\\system32\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 140729638780928, "timestamp": "00:00:19.986", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1277952, "start_va": 140729640353792, "type": "region", "version": 1 }, "end_va": 140729641631743, "entry_point": 140729640357904, "filename": "\\Windows\\System32\\msctf.dll", "id": "region_333", "name": "msctf.dll", "norm_filename": "c:\\windows\\system32\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 140729640353792, "timestamp": "00:00:19.986", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1269760, "start_va": 140729644679168, "type": "region", "version": 1 }, "end_va": 140729645948927, "entry_point": 140729644683600, "filename": "\\Windows\\System32\\rpcrt4.dll", "id": "region_334", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\system32\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 140729644679168, "timestamp": "00:00:19.986", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 331776, "start_va": 140729647890432, "type": "region", "version": 1 }, "end_va": 140729648222207, "entry_point": 140729647895232, "filename": "\\Windows\\System32\\shlwapi.dll", "id": "region_335", "name": "shlwapi.dll", "norm_filename": "c:\\windows\\system32\\shlwapi.dll", "region_type": "memory_mapped_file", "start_va": 140729647890432, "timestamp": "00:00:19.987", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 140729467273216, "type": "region", "version": 1 }, "end_va": 140729467314175, "entry_point": 140729467277504, "filename": "\\Windows\\System32\\version.dll", "id": "region_336", "name": "version.dll", "norm_filename": "c:\\windows\\system32\\version.dll", "region_type": "memory_mapped_file", "start_va": 140729467273216, "timestamp": "00:00:19.994", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2969600, "start_va": 372688617472, "type": "region", "version": 1 }, "end_va": 372691587071, "entry_point": 372688617472, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_337", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 372688617472, "timestamp": "00:00:19.996", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 761856, "start_va": 372658864128, "type": "region", "version": 1 }, "end_va": 372659625983, "entry_point": 372659046248, "filename": "\\Windows\\System32\\rpcss.dll", "id": "region_338", "name": "rpcss.dll", "norm_filename": "c:\\windows\\system32\\rpcss.dll", "region_type": "memory_mapped_file", "start_va": 372658864128, "timestamp": "00:00:20.029", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 140729583599616, "type": "region", "version": 1 }, "end_va": 140729583640575, "entry_point": 140729583605576, "filename": "\\Windows\\System32\\kernel.appcore.dll", "id": "region_339", "name": "kernel.appcore.dll", "norm_filename": "c:\\windows\\system32\\kernel.appcore.dll", "region_type": "memory_mapped_file", "start_va": 140729583599616, "timestamp": "00:00:20.031", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 140729601490944, "type": "region", "version": 1 }, "end_va": 140729601531903, "entry_point": 140729601495056, "filename": "\\Windows\\System32\\cryptbase.dll", "id": "region_340", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\system32\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 140729601490944, "timestamp": "00:00:20.032", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 385024, "start_va": 140729599590400, "type": "region", "version": 1 }, "end_va": 140729599975423, "entry_point": 140729599719072, "filename": "\\Windows\\System32\\bcryptprimitives.dll", "id": "region_341", "name": "bcryptprimitives.dll", "norm_filename": "c:\\windows\\system32\\bcryptprimitives.dll", "region_type": "memory_mapped_file", "start_va": 140729599590400, "timestamp": "00:00:20.035", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1187840, "start_va": 140729581699072, "type": "region", "version": 1 }, "end_va": 140729582886911, "entry_point": 140729581745220, "filename": "\\Windows\\System32\\uxtheme.dll", "id": "region_342", "name": "uxtheme.dll", "norm_filename": "c:\\windows\\system32\\uxtheme.dll", "region_type": "memory_mapped_file", "start_va": 140729581699072, "timestamp": "00:00:20.038", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00000343-addr_0x00000056c4330000-size_0x00000000000a0000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_351", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 655360, "start_va": 372658864128, "type": "region", "version": 1 }, "end_va": 372659519487, "entry_point": 0, "filename": null, "id": "region_343", "name": "private_0x00000056c4330000", "norm_filename": null, "region_type": "private_memory", "start_va": 372658864128, "timestamp": "00:00:20.041", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 372657684480, "type": "region", "version": 1 }, "end_va": 372657688575, "entry_point": 0, "filename": null, "id": "region_347", "name": "pagefile_0x00000056c4210000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 372657684480, "timestamp": "00:00:20.087", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 983040, "start_va": 372691632128, "type": "region", "version": 1 }, "end_va": 372692615167, "entry_point": 0, "filename": null, "id": "region_348", "name": "pagefile_0x00000056c6270000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 372691632128, "timestamp": "00:00:20.087", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 372657684480, "type": "region", "version": 1 }, "end_va": 372657700863, "entry_point": 0, "filename": null, "id": "region_349", "name": "pagefile_0x00000056c4210000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 372657684480, "timestamp": "00:00:20.087", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00000350-addr_0x00000056c4220000-size_0x0000000000007000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_352", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 28672, "start_va": 372657750016, "type": "region", "version": 1 }, "end_va": 372657778687, "entry_point": 0, "filename": null, "id": "region_350", "name": "private_0x00000056c4220000", "norm_filename": null, "region_type": "private_memory", "start_va": 372657750016, "timestamp": "00:00:20.088", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 372658864128, "type": "region", "version": 1 }, "end_va": 372658868223, "entry_point": 0, "filename": null, "id": "region_351", "name": "pagefile_0x00000056c4330000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 372658864128, "timestamp": "00:00:20.137", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00000352-addr_0x00000056c43c0000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_353", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 372659453952, "type": "region", "version": 1 }, "end_va": 372659519487, "entry_point": 0, "filename": null, "id": "region_352", "name": "private_0x00000056c43c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 372659453952, "timestamp": "00:00:20.137", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 671744, "start_va": 140729637797888, "type": "region", "version": 1 }, "end_va": 140729638469631, "entry_point": 140729637797888, "filename": "\\Windows\\System32\\clbcatq.dll", "id": "region_353", "name": "clbcatq.dll", "norm_filename": "c:\\windows\\system32\\clbcatq.dll", "region_type": "memory_mapped_file", "start_va": 140729637797888, "timestamp": "00:00:20.138", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 372658929664, "type": "region", "version": 1 }, "end_va": 372658933759, "entry_point": 0, "filename": null, "id": "region_354", "name": "pagefile_0x00000056c4340000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 372658929664, "timestamp": "00:00:20.151", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1691648, "start_va": 140729539035136, "type": "region", "version": 1 }, "end_va": 140729540726783, "entry_point": 140729539035136, "filename": "\\Windows\\System32\\taskschd.dll", "id": "region_355", "name": "taskschd.dll", "norm_filename": "c:\\windows\\system32\\taskschd.dll", "region_type": "memory_mapped_file", "start_va": 140729539035136, "timestamp": "00:00:20.152", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 176128, "start_va": 140729599393792, "type": "region", "version": 1 }, "end_va": 140729599569919, "entry_point": 140729599393792, "filename": "\\Windows\\System32\\sspicli.dll", "id": "region_356", "name": "sspicli.dll", "norm_filename": "c:\\windows\\system32\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 140729599393792, "timestamp": "00:00:20.185", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 675840, "start_va": 140729608896512, "type": "region", "version": 1 }, "end_va": 140729609572351, "entry_point": 140729608900624, "filename": "\\Windows\\System32\\advapi32.dll", "id": "region_357", "name": "advapi32.dll", "norm_filename": "c:\\windows\\system32\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 140729608896512, "timestamp": "00:00:20.199", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 229376, "start_va": 140729551028224, "type": "region", "version": 1 }, "end_va": 140729551257599, "entry_point": 140729551028224, "filename": "\\Windows\\System32\\xmllite.dll", "id": "region_358", "name": "xmllite.dll", "norm_filename": "c:\\windows\\system32\\xmllite.dll", "region_type": "memory_mapped_file", "start_va": 140729551028224, "timestamp": "00:00:20.202", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "C:\\Windows\\system32\\svchost.exe -k netsvcs", "filename": "c:\\windows\\system32\\svchost.exe", "id": "proc_5", "image_name": "svchost.exe", "monitor_reason": "created_scheduled_job", "monitored_id": 5, "origin_monitor_id": 4, "ref_parent_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable" ], "ref_process_dump": null, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_359", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:00:20.219", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 827400454144, "type": "region", "version": 1 }, "end_va": 827400519679, "entry_point": 0, "filename": null, "id": "region_360", "name": "pagefile_0x000000c0a4e90000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 827400454144, "timestamp": "00:00:20.219", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 28672, "start_va": 827400519680, "type": "region", "version": 1 }, "end_va": 827400548351, "entry_point": 0, "filename": null, "id": "region_361", "name": "private_0x000000c0a4ea0000", "norm_filename": null, "region_type": "private_memory", "start_va": 827400519680, "timestamp": "00:00:20.220", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 61440, "start_va": 827400585216, "type": "region", "version": 1 }, "end_va": 827400646655, "entry_point": 0, "filename": null, "id": "region_362", "name": "pagefile_0x000000c0a4eb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 827400585216, "timestamp": "00:00:20.220", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 827400650752, "type": "region", "version": 1 }, "end_va": 827401175039, "entry_point": 0, "filename": null, "id": "region_363", "name": "private_0x000000c0a4ec0000", "norm_filename": null, "region_type": "private_memory", "start_va": 827400650752, "timestamp": "00:00:20.220", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 827401175040, "type": "region", "version": 1 }, "end_va": 827401191423, "entry_point": 0, "filename": null, "id": "region_364", "name": "pagefile_0x000000c0a4f40000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 827401175040, "timestamp": "00:00:20.220", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 827401240576, "type": "region", "version": 1 }, "end_va": 827401244671, "entry_point": 0, "filename": null, "id": "region_365", "name": "pagefile_0x000000c0a4f50000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 827401240576, "timestamp": "00:00:20.220", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 827401306112, "type": "region", "version": 1 }, "end_va": 827401314303, "entry_point": 0, "filename": null, "id": "region_366", "name": "private_0x000000c0a4f60000", "norm_filename": null, "region_type": "private_memory", "start_va": 827401306112, "timestamp": "00:00:20.220", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 516096, "start_va": 827401371648, "type": "region", "version": 1 }, "end_va": 827401887743, "entry_point": 827401371648, "filename": "\\Windows\\System32\\locale.nls", "id": "region_367", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 827401371648, "timestamp": "00:00:20.220", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 28672, "start_va": 827401895936, "type": "region", "version": 1 }, "end_va": 827401924607, "entry_point": 0, "filename": null, "id": "region_368", "name": "private_0x000000c0a4ff0000", "norm_filename": null, "region_type": "private_memory", "start_va": 827401895936, "timestamp": "00:00:20.221", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 12288, "start_va": 827401961472, "type": "region", "version": 1 }, "end_va": 827401973759, "entry_point": 0, "filename": null, "id": "region_369", "name": "pagefile_0x000000c0a5000000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 827401961472, "timestamp": "00:00:20.221", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 827402027008, "type": "region", "version": 1 }, "end_va": 827402031103, "entry_point": 0, "filename": null, "id": "region_370", "name": "pagefile_0x000000c0a5010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 827402027008, "timestamp": "00:00:20.221", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 827402092544, "type": "region", "version": 1 }, "end_va": 827402096639, "entry_point": 0, "filename": null, "id": "region_371", "name": "private_0x000000c0a5020000", "norm_filename": null, "region_type": "private_memory", "start_va": 827402092544, "timestamp": "00:00:20.221", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 827402158080, "type": "region", "version": 1 }, "end_va": 827402162175, "entry_point": 0, "filename": null, "id": "region_372", "name": "private_0x000000c0a5030000", "norm_filename": null, "region_type": "private_memory", "start_va": 827402158080, "timestamp": "00:00:20.222", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 827402223616, "type": "region", "version": 1 }, "end_va": 827403272191, "entry_point": 0, "filename": null, "id": "region_373", "name": "private_0x000000c0a5040000", "norm_filename": null, "region_type": "private_memory", "start_va": 827402223616, "timestamp": "00:00:20.222", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 827403272192, "type": "region", "version": 1 }, "end_va": 827404877823, "entry_point": 0, "filename": null, "id": "region_374", "name": "pagefile_0x000000c0a5140000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 827403272192, "timestamp": "00:00:20.222", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 827404910592, "type": "region", "version": 1 }, "end_va": 827404914687, "entry_point": 0, "filename": null, "id": "region_375", "name": "pagefile_0x000000c0a52d0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 827404910592, "timestamp": "00:00:20.222", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 827404976128, "type": "region", "version": 1 }, "end_va": 827404980223, "entry_point": 0, "filename": null, "id": "region_376", "name": "pagefile_0x000000c0a52e0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 827404976128, "timestamp": "00:00:20.222", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 827405041664, "type": "region", "version": 1 }, "end_va": 827405045759, "entry_point": 0, "filename": null, "id": "region_377", "name": "pagefile_0x000000c0a52f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 827405041664, "timestamp": "00:00:20.222", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 827405107200, "type": "region", "version": 1 }, "end_va": 827405111295, "entry_point": 0, "filename": null, "id": "region_378", "name": "pagefile_0x000000c0a5300000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 827405107200, "timestamp": "00:00:20.222", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 12288, "start_va": 827405172736, "type": "region", "version": 1 }, "end_va": 827405185023, "entry_point": 0, "filename": null, "id": "region_379", "name": "pagefile_0x000000c0a5310000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 827405172736, "timestamp": "00:00:20.222", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 827405238272, "type": "region", "version": 1 }, "end_va": 827405303807, "entry_point": 0, "filename": null, "id": "region_380", "name": "private_0x000000c0a5320000", "norm_filename": null, "region_type": "private_memory", "start_va": 827405238272, "timestamp": "00:00:20.222", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 827405303808, "type": "region", "version": 1 }, "end_va": 827406880767, "entry_point": 0, "filename": null, "id": "region_381", "name": "pagefile_0x000000c0a5330000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 827405303808, "timestamp": "00:00:20.222", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 786432, "start_va": 827406942208, "type": "region", "version": 1 }, "end_va": 827407728639, "entry_point": 0, "filename": null, "id": "region_382", "name": "pagefile_0x000000c0a54c0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 827406942208, "timestamp": "00:00:20.222", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4169728, "start_va": 827407728640, "type": "region", "version": 1 }, "end_va": 827411898367, "entry_point": 0, "filename": null, "id": "region_383", "name": "pagefile_0x000000c0a5580000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 827407728640, "timestamp": "00:00:20.222", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 827411922944, "type": "region", "version": 1 }, "end_va": 827412447231, "entry_point": 0, "filename": null, "id": "region_384", "name": "private_0x000000c0a5980000", "norm_filename": null, "region_type": "private_memory", "start_va": 827411922944, "timestamp": "00:00:20.223", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 827412447232, "type": "region", "version": 1 }, "end_va": 827412971519, "entry_point": 0, "filename": null, "id": "region_385", "name": "private_0x000000c0a5a00000", "norm_filename": null, "region_type": "private_memory", "start_va": 827412447232, "timestamp": "00:00:20.223", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2969600, "start_va": 827412971520, "type": "region", "version": 1 }, "end_va": 827415941119, "entry_point": 827412971520, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_386", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 827412971520, "timestamp": "00:00:20.223", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 827415986176, "type": "region", "version": 1 }, "end_va": 827416510463, "entry_point": 0, "filename": null, "id": "region_387", "name": "private_0x000000c0a5d60000", "norm_filename": null, "region_type": "private_memory", "start_va": 827415986176, "timestamp": "00:00:20.223", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 827416510464, "type": "region", "version": 1 }, "end_va": 827417034751, "entry_point": 0, "filename": null, "id": "region_388", "name": "private_0x000000c0a5de0000", "norm_filename": null, "region_type": "private_memory", "start_va": 827416510464, "timestamp": "00:00:20.224", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 827417034752, "type": "region", "version": 1 }, "end_va": 827417559039, "entry_point": 0, "filename": null, "id": "region_389", "name": "private_0x000000c0a5e60000", "norm_filename": null, "region_type": "private_memory", "start_va": 827417034752, "timestamp": "00:00:20.224", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 28672, "start_va": 827417559040, "type": "region", "version": 1 }, "end_va": 827417587711, "entry_point": 0, "filename": null, "id": "region_390", "name": "private_0x000000c0a5ee0000", "norm_filename": null, "region_type": "private_memory", "start_va": 827417559040, "timestamp": "00:00:20.224", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 28672, "start_va": 827417624576, "type": "region", "version": 1 }, "end_va": 827417653247, "entry_point": 0, "filename": null, "id": "region_391", "name": "private_0x000000c0a5ef0000", "norm_filename": null, "region_type": "private_memory", "start_va": 827417624576, "timestamp": "00:00:20.224", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 827417690112, "type": "region", "version": 1 }, "end_va": 827417706495, "entry_point": 827417690112, "filename": "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db", "id": "region_392", "name": "cversions.2.db", "norm_filename": "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db", "region_type": "memory_mapped_file", "start_va": 827417690112, "timestamp": "00:00:20.224", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 827417755648, "type": "region", "version": 1 }, "end_va": 827417772031, "entry_point": 827417755648, "filename": "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db", "id": "region_393", "name": "cversions.2.db", "norm_filename": "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db", "region_type": "memory_mapped_file", "start_va": 827417755648, "timestamp": "00:00:20.225", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 827417821184, "type": "region", "version": 1 }, "end_va": 827417886719, "entry_point": 0, "filename": null, "id": "region_394", "name": "private_0x000000c0a5f20000", "norm_filename": null, "region_type": "private_memory", "start_va": 827417821184, "timestamp": "00:00:20.225", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 827417886720, "type": "region", "version": 1 }, "end_va": 827417890815, "entry_point": 0, "filename": null, "id": "region_395", "name": "pagefile_0x000000c0a5f30000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 827417886720, "timestamp": "00:00:20.225", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 827417952256, "type": "region", "version": 1 }, "end_va": 827418017791, "entry_point": 0, "filename": null, "id": "region_396", "name": "private_0x000000c0a5f40000", "norm_filename": null, "region_type": "private_memory", "start_va": 827417952256, "timestamp": "00:00:20.225", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 827418017792, "type": "region", "version": 1 }, "end_va": 827418542079, "entry_point": 0, "filename": null, "id": "region_397", "name": "private_0x000000c0a5f50000", "norm_filename": null, "region_type": "private_memory", "start_va": 827418017792, "timestamp": "00:00:20.226", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 827418542080, "type": "region", "version": 1 }, "end_va": 827419066367, "entry_point": 0, "filename": null, "id": "region_398", "name": "private_0x000000c0a5fd0000", "norm_filename": null, "region_type": "private_memory", "start_va": 827418542080, "timestamp": "00:00:20.226", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 827419066368, "type": "region", "version": 1 }, "end_va": 827419590655, "entry_point": 0, "filename": null, "id": "region_399", "name": "private_0x000000c0a6050000", "norm_filename": null, "region_type": "private_memory", "start_va": 827419066368, "timestamp": "00:00:20.226", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 827419590656, "type": "region", "version": 1 }, "end_va": 827420114943, "entry_point": 0, "filename": null, "id": "region_400", "name": "private_0x000000c0a60d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 827419590656, "timestamp": "00:00:20.226", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 827420114944, "type": "region", "version": 1 }, "end_va": 827420639231, "entry_point": 0, "filename": null, "id": "region_401", "name": "private_0x000000c0a6150000", "norm_filename": null, "region_type": "private_memory", "start_va": 827420114944, "timestamp": "00:00:20.227", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 827420639232, "type": "region", "version": 1 }, "end_va": 827421163519, "entry_point": 0, "filename": null, "id": "region_402", "name": "private_0x000000c0a61d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 827420639232, "timestamp": "00:00:20.227", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 827421163520, "type": "region", "version": 1 }, "end_va": 827422212095, "entry_point": 0, "filename": null, "id": "region_403", "name": "private_0x000000c0a6250000", "norm_filename": null, "region_type": "private_memory", "start_va": 827421163520, "timestamp": "00:00:20.227", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 827422212096, "type": "region", "version": 1 }, "end_va": 827422736383, "entry_point": 0, "filename": null, "id": "region_404", "name": "private_0x000000c0a6350000", "norm_filename": null, "region_type": "private_memory", "start_va": 827422212096, "timestamp": "00:00:20.227", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 827422736384, "type": "region", "version": 1 }, "end_va": 827423260671, "entry_point": 0, "filename": null, "id": "region_405", "name": "private_0x000000c0a63d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 827422736384, "timestamp": "00:00:20.228", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 827423260672, "type": "region", "version": 1 }, "end_va": 827423784959, "entry_point": 0, "filename": null, "id": "region_406", "name": "private_0x000000c0a6450000", "norm_filename": null, "region_type": "private_memory", "start_va": 827423260672, "timestamp": "00:00:20.228", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 827423784960, "type": "region", "version": 1 }, "end_va": 827424309247, "entry_point": 0, "filename": null, "id": "region_407", "name": "private_0x000000c0a64d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 827423784960, "timestamp": "00:00:20.228", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 827424309248, "type": "region", "version": 1 }, "end_va": 827424833535, "entry_point": 0, "filename": null, "id": "region_408", "name": "private_0x000000c0a6550000", "norm_filename": null, "region_type": "private_memory", "start_va": 827424309248, "timestamp": "00:00:20.228", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 827424833536, "type": "region", "version": 1 }, "end_va": 827425357823, "entry_point": 0, "filename": null, "id": "region_409", "name": "private_0x000000c0a65d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 827424833536, "timestamp": "00:00:20.229", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 827425357824, "type": "region", "version": 1 }, "end_va": 827425882111, "entry_point": 0, "filename": null, "id": "region_410", "name": "private_0x000000c0a6650000", "norm_filename": null, "region_type": "private_memory", "start_va": 827425357824, "timestamp": "00:00:20.229", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 827425882112, "type": "region", "version": 1 }, "end_va": 827426406399, "entry_point": 0, "filename": null, "id": "region_411", "name": "private_0x000000c0a66d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 827425882112, "timestamp": "00:00:20.229", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 827426406400, "type": "region", "version": 1 }, "end_va": 827426930687, "entry_point": 0, "filename": null, "id": "region_412", "name": "private_0x000000c0a6750000", "norm_filename": null, "region_type": "private_memory", "start_va": 827426406400, "timestamp": "00:00:20.229", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 827426930688, "type": "region", "version": 1 }, "end_va": 827427454975, "entry_point": 0, "filename": null, "id": "region_413", "name": "private_0x000000c0a67d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 827426930688, "timestamp": "00:00:20.230", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 827427454976, "type": "region", "version": 1 }, "end_va": 827427979263, "entry_point": 0, "filename": null, "id": "region_414", "name": "private_0x000000c0a6850000", "norm_filename": null, "region_type": "private_memory", "start_va": 827427454976, "timestamp": "00:00:20.230", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 827427979264, "type": "region", "version": 1 }, "end_va": 827428503551, "entry_point": 0, "filename": null, "id": "region_415", "name": "private_0x000000c0a68d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 827427979264, "timestamp": "00:00:20.230", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 827428503552, "type": "region", "version": 1 }, "end_va": 827429552127, "entry_point": 0, "filename": null, "id": "region_416", "name": "private_0x000000c0a6950000", "norm_filename": null, "region_type": "private_memory", "start_va": 827428503552, "timestamp": "00:00:20.230", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable" ], "ref_process_dump": null, "size": 253952, "start_va": 827429552128, "type": "region", "version": 1 }, "end_va": 827429806079, "entry_point": 827429552128, "filename": "\\ProgramData\\Microsoft\\Windows\\Caches\\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000005.db", "id": "region_417", "name": "{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000005.db", "norm_filename": "c:\\programdata\\microsoft\\windows\\caches\\{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000005.db", "region_type": "memory_mapped_file", "start_va": 827429552128, "timestamp": "00:00:20.230", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable" ], "ref_process_dump": null, "size": 528384, "start_va": 827429814272, "type": "region", "version": 1 }, "end_va": 827430342655, "entry_point": 827429814272, "filename": "\\ProgramData\\Microsoft\\Windows\\Caches\\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000001.db", "id": "region_418", "name": "{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000001.db", "norm_filename": "c:\\programdata\\microsoft\\windows\\caches\\{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000001.db", "region_type": "memory_mapped_file", "start_va": 827429814272, "timestamp": "00:00:20.231", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 827430404096, "type": "region", "version": 1 }, "end_va": 827431452671, "entry_point": 0, "filename": null, "id": "region_419", "name": "private_0x000000c0a6b20000", "norm_filename": null, "region_type": "private_memory", "start_va": 827430404096, "timestamp": "00:00:20.231", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 827431452672, "type": "region", "version": 1 }, "end_va": 827431976959, "entry_point": 0, "filename": null, "id": "region_420", "name": "private_0x000000c0a6c20000", "norm_filename": null, "region_type": "private_memory", "start_va": 827431452672, "timestamp": "00:00:20.231", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 827431976960, "type": "region", "version": 1 }, "end_va": 827432501247, "entry_point": 0, "filename": null, "id": "region_421", "name": "private_0x000000c0a6ca0000", "norm_filename": null, "region_type": "private_memory", "start_va": 827431976960, "timestamp": "00:00:20.232", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 827432501248, "type": "region", "version": 1 }, "end_va": 827433025535, "entry_point": 0, "filename": null, "id": "region_422", "name": "private_0x000000c0a6d20000", "norm_filename": null, "region_type": "private_memory", "start_va": 827432501248, "timestamp": "00:00:20.232", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 827433025536, "type": "region", "version": 1 }, "end_va": 827433549823, "entry_point": 0, "filename": null, "id": "region_423", "name": "private_0x000000c0a6da0000", "norm_filename": null, "region_type": "private_memory", "start_va": 827433025536, "timestamp": "00:00:20.232", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 827433549824, "type": "region", "version": 1 }, "end_va": 827434074111, "entry_point": 0, "filename": null, "id": "region_424", "name": "private_0x000000c0a6e20000", "norm_filename": null, "region_type": "private_memory", "start_va": 827433549824, "timestamp": "00:00:20.234", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 827434074112, "type": "region", "version": 1 }, "end_va": 827434598399, "entry_point": 0, "filename": null, "id": "region_425", "name": "private_0x000000c0a6ea0000", "norm_filename": null, "region_type": "private_memory", "start_va": 827434074112, "timestamp": "00:00:20.234", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 827434598400, "type": "region", "version": 1 }, "end_va": 827435122687, "entry_point": 0, "filename": null, "id": "region_426", "name": "private_0x000000c0a6f20000", "norm_filename": null, "region_type": "private_memory", "start_va": 827434598400, "timestamp": "00:00:20.235", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 827435122688, "type": "region", "version": 1 }, "end_va": 827435646975, "entry_point": 0, "filename": null, "id": "region_427", "name": "private_0x000000c0a6fa0000", "norm_filename": null, "region_type": "private_memory", "start_va": 827435122688, "timestamp": "00:00:20.235", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 827435646976, "type": "region", "version": 1 }, "end_va": 827436171263, "entry_point": 0, "filename": null, "id": "region_428", "name": "private_0x000000c0a7020000", "norm_filename": null, "region_type": "private_memory", "start_va": 827435646976, "timestamp": "00:00:20.235", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 827436171264, "type": "region", "version": 1 }, "end_va": 827436695551, "entry_point": 0, "filename": null, "id": "region_429", "name": "private_0x000000c0a70a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 827436171264, "timestamp": "00:00:20.235", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 827436695552, "type": "region", "version": 1 }, "end_va": 827437219839, "entry_point": 0, "filename": null, "id": "region_430", "name": "private_0x000000c0a7120000", "norm_filename": null, "region_type": "private_memory", "start_va": 827436695552, "timestamp": "00:00:20.235", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 827437219840, "type": "region", "version": 1 }, "end_va": 827437223935, "entry_point": 0, "filename": null, "id": "region_431", "name": "private_0x000000c0a71a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 827437219840, "timestamp": "00:00:20.236", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 827437285376, "type": "region", "version": 1 }, "end_va": 827437809663, "entry_point": 0, "filename": null, "id": "region_432", "name": "private_0x000000c0a71b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 827437285376, "timestamp": "00:00:20.236", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 827437809664, "type": "region", "version": 1 }, "end_va": 827437813759, "entry_point": 827437809664, "filename": "\\Windows\\System32\\en-US\\activeds.dll.mui", "id": "region_433", "name": "activeds.dll.mui", "norm_filename": "c:\\windows\\system32\\en-us\\activeds.dll.mui", "region_type": "memory_mapped_file", "start_va": 827437809664, "timestamp": "00:00:20.236", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 827437875200, "type": "region", "version": 1 }, "end_va": 827437879295, "entry_point": 0, "filename": null, "id": "region_434", "name": "pagefile_0x000000c0a7240000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 827437875200, "timestamp": "00:00:20.242", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 827437940736, "type": "region", "version": 1 }, "end_va": 827437944831, "entry_point": 0, "filename": null, "id": "region_435", "name": "pagefile_0x000000c0a7250000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 827437940736, "timestamp": "00:00:20.242", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 827438006272, "type": "region", "version": 1 }, "end_va": 827438010367, "entry_point": 0, "filename": null, "id": "region_436", "name": "pagefile_0x000000c0a7260000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 827438006272, "timestamp": "00:00:20.242", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 28672, "start_va": 827438071808, "type": "region", "version": 1 }, "end_va": 827438100479, "entry_point": 0, "filename": null, "id": "region_437", "name": "private_0x000000c0a7270000", "norm_filename": null, "region_type": "private_memory", "start_va": 827438071808, "timestamp": "00:00:20.242", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 32768, "start_va": 827438137344, "type": "region", "version": 1 }, "end_va": 827438170111, "entry_point": 0, "filename": null, "id": "region_438", "name": "private_0x000000c0a7280000", "norm_filename": null, "region_type": "private_memory", "start_va": 827438137344, "timestamp": "00:00:20.242", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 827438202880, "type": "region", "version": 1 }, "end_va": 827438727167, "entry_point": 0, "filename": null, "id": "region_439", "name": "private_0x000000c0a7290000", "norm_filename": null, "region_type": "private_memory", "start_va": 827438202880, "timestamp": "00:00:20.242", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 24576, "start_va": 827438727168, "type": "region", "version": 1 }, "end_va": 827438751743, "entry_point": 827438727168, "filename": "\\Windows\\System32\\en-US\\netcfgx.dll.mui", "id": "region_440", "name": "netcfgx.dll.mui", "norm_filename": "c:\\windows\\system32\\en-us\\netcfgx.dll.mui", "region_type": "memory_mapped_file", "start_va": 827438727168, "timestamp": "00:00:20.242", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 827438792704, "type": "region", "version": 1 }, "end_va": 827438800895, "entry_point": 0, "filename": null, "id": "region_441", "name": "pagefile_0x000000c0a7320000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 827438792704, "timestamp": "00:00:20.248", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 65536, "start_va": 827438858240, "type": "region", "version": 1 }, "end_va": 827438923775, "entry_point": 827438858240, "filename": "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb", "id": "region_442", "name": "datastore.edb", "norm_filename": "c:\\windows\\softwaredistribution\\datastore\\datastore.edb", "region_type": "memory_mapped_file", "start_va": 827438858240, "timestamp": "00:00:20.248", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 65536, "start_va": 827438923776, "type": "region", "version": 1 }, "end_va": 827438989311, "entry_point": 827438923776, "filename": "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb", "id": "region_443", "name": "datastore.edb", "norm_filename": "c:\\windows\\softwaredistribution\\datastore\\datastore.edb", "region_type": "memory_mapped_file", "start_va": 827438923776, "timestamp": "00:00:20.248", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 827438989312, "type": "region", "version": 1 }, "end_va": 827439054847, "entry_point": 0, "filename": null, "id": "region_444", "name": "private_0x000000c0a7350000", "norm_filename": null, "region_type": "private_memory", "start_va": 827438989312, "timestamp": "00:00:20.249", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 827439054848, "type": "region", "version": 1 }, "end_va": 827439120383, "entry_point": 0, "filename": null, "id": "region_445", "name": "private_0x000000c0a7360000", "norm_filename": null, "region_type": "private_memory", "start_va": 827439054848, "timestamp": "00:00:20.249", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 2097152, "start_va": 827439120384, "type": "region", "version": 1 }, "end_va": 827441217535, "entry_point": 0, "filename": null, "id": "region_446", "name": "private_0x000000c0a7370000", "norm_filename": null, "region_type": "private_memory", "start_va": 827439120384, "timestamp": "00:00:20.249", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 827441217536, "type": "region", "version": 1 }, "end_va": 827441741823, "entry_point": 0, "filename": null, "id": "region_447", "name": "private_0x000000c0a7570000", "norm_filename": null, "region_type": "private_memory", "start_va": 827441217536, "timestamp": "00:00:20.249", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 827441741824, "type": "region", "version": 1 }, "end_va": 827442266111, "entry_point": 0, "filename": null, "id": "region_448", "name": "private_0x000000c0a75f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 827441741824, "timestamp": "00:00:20.249", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 827442266112, "type": "region", "version": 1 }, "end_va": 827442790399, "entry_point": 0, "filename": null, "id": "region_449", "name": "private_0x000000c0a7670000", "norm_filename": null, "region_type": "private_memory", "start_va": 827442266112, "timestamp": "00:00:20.250", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 827442790400, "type": "region", "version": 1 }, "end_va": 827443314687, "entry_point": 0, "filename": null, "id": "region_450", "name": "private_0x000000c0a76f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 827442790400, "timestamp": "00:00:20.250", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 827443314688, "type": "region", "version": 1 }, "end_va": 827443838975, "entry_point": 0, "filename": null, "id": "region_451", "name": "private_0x000000c0a7770000", "norm_filename": null, "region_type": "private_memory", "start_va": 827443314688, "timestamp": "00:00:20.250", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 827443838976, "type": "region", "version": 1 }, "end_va": 827444363263, "entry_point": 0, "filename": null, "id": "region_452", "name": "private_0x000000c0a77f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 827443838976, "timestamp": "00:00:20.250", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 827444363264, "type": "region", "version": 1 }, "end_va": 827444887551, "entry_point": 0, "filename": null, "id": "region_453", "name": "private_0x000000c0a7870000", "norm_filename": null, "region_type": "private_memory", "start_va": 827444363264, "timestamp": "00:00:20.250", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 827444887552, "type": "region", "version": 1 }, "end_va": 827445411839, "entry_point": 0, "filename": null, "id": "region_454", "name": "private_0x000000c0a78f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 827444887552, "timestamp": "00:00:20.251", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 827445411840, "type": "region", "version": 1 }, "end_va": 827445936127, "entry_point": 0, "filename": null, "id": "region_455", "name": "private_0x000000c0a7970000", "norm_filename": null, "region_type": "private_memory", "start_va": 827445411840, "timestamp": "00:00:20.251", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 827445936128, "type": "region", "version": 1 }, "end_va": 827446460415, "entry_point": 0, "filename": null, "id": "region_456", "name": "private_0x000000c0a79f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 827445936128, "timestamp": "00:00:20.251", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 827446460416, "type": "region", "version": 1 }, "end_va": 827446984703, "entry_point": 0, "filename": null, "id": "region_457", "name": "private_0x000000c0a7a70000", "norm_filename": null, "region_type": "private_memory", "start_va": 827446460416, "timestamp": "00:00:20.251", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 827446984704, "type": "region", "version": 1 }, "end_va": 827447508991, "entry_point": 0, "filename": null, "id": "region_458", "name": "private_0x000000c0a7af0000", "norm_filename": null, "region_type": "private_memory", "start_va": 827446984704, "timestamp": "00:00:20.252", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 827447508992, "type": "region", "version": 1 }, "end_va": 827448033279, "entry_point": 0, "filename": null, "id": "region_459", "name": "private_0x000000c0a7b70000", "norm_filename": null, "region_type": "private_memory", "start_va": 827447508992, "timestamp": "00:00:20.252", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 827448033280, "type": "region", "version": 1 }, "end_va": 827448557567, "entry_point": 0, "filename": null, "id": "region_460", "name": "private_0x000000c0a7bf0000", "norm_filename": null, "region_type": "private_memory", "start_va": 827448033280, "timestamp": "00:00:20.252", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 827448557568, "type": "region", "version": 1 }, "end_va": 827449081855, "entry_point": 0, "filename": null, "id": "region_461", "name": "private_0x000000c0a7c70000", "norm_filename": null, "region_type": "private_memory", "start_va": 827448557568, "timestamp": "00:00:20.252", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 827449081856, "type": "region", "version": 1 }, "end_va": 827450130431, "entry_point": 0, "filename": null, "id": "region_462", "name": "private_0x000000c0a7cf0000", "norm_filename": null, "region_type": "private_memory", "start_va": 827449081856, "timestamp": "00:00:20.253", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 827450130432, "type": "region", "version": 1 }, "end_va": 827450654719, "entry_point": 0, "filename": null, "id": "region_463", "name": "private_0x000000c0a7df0000", "norm_filename": null, "region_type": "private_memory", "start_va": 827450130432, "timestamp": "00:00:20.253", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 827450654720, "type": "region", "version": 1 }, "end_va": 827451179007, "entry_point": 0, "filename": null, "id": "region_464", "name": "private_0x000000c0a7e70000", "norm_filename": null, "region_type": "private_memory", "start_va": 827450654720, "timestamp": "00:00:20.253", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 258048, "start_va": 827451179008, "type": "region", "version": 1 }, "end_va": 827451437055, "entry_point": 0, "filename": null, "id": "region_465", "name": "private_0x000000c0a7ef0000", "norm_filename": null, "region_type": "private_memory", "start_va": 827451179008, "timestamp": "00:00:20.254", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 827451441152, "type": "region", "version": 1 }, "end_va": 827451506687, "entry_point": 0, "filename": null, "id": "region_466", "name": "private_0x000000c0a7f30000", "norm_filename": null, "region_type": "private_memory", "start_va": 827451441152, "timestamp": "00:00:20.254", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 827451506688, "type": "region", "version": 1 }, "end_va": 827451572223, "entry_point": 0, "filename": null, "id": "region_467", "name": "private_0x000000c0a7f40000", "norm_filename": null, "region_type": "private_memory", "start_va": 827451506688, "timestamp": "00:00:20.254", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 827451572224, "type": "region", "version": 1 }, "end_va": 827451576319, "entry_point": 0, "filename": null, "id": "region_468", "name": "private_0x000000c0a7f50000", "norm_filename": null, "region_type": "private_memory", "start_va": 827451572224, "timestamp": "00:00:20.254", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 827451637760, "type": "region", "version": 1 }, "end_va": 827451703295, "entry_point": 0, "filename": null, "id": "region_469", "name": "private_0x000000c0a7f60000", "norm_filename": null, "region_type": "private_memory", "start_va": 827451637760, "timestamp": "00:00:20.255", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 827451703296, "type": "region", "version": 1 }, "end_va": 827452751871, "entry_point": 0, "filename": null, "id": "region_470", "name": "private_0x000000c0a7f70000", "norm_filename": null, "region_type": "private_memory", "start_va": 827451703296, "timestamp": "00:00:20.255", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 827452751872, "type": "region", "version": 1 }, "end_va": 827453276159, "entry_point": 0, "filename": null, "id": "region_471", "name": "private_0x000000c0a8070000", "norm_filename": null, "region_type": "private_memory", "start_va": 827452751872, "timestamp": "00:00:20.255", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 827453276160, "type": "region", "version": 1 }, "end_va": 827453800447, "entry_point": 0, "filename": null, "id": "region_472", "name": "private_0x000000c0a80f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 827453276160, "timestamp": "00:00:20.255", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 827453800448, "type": "region", "version": 1 }, "end_va": 827454324735, "entry_point": 0, "filename": null, "id": "region_473", "name": "private_0x000000c0a8170000", "norm_filename": null, "region_type": "private_memory", "start_va": 827453800448, "timestamp": "00:00:20.256", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 827454324736, "type": "region", "version": 1 }, "end_va": 827454849023, "entry_point": 0, "filename": null, "id": "region_474", "name": "private_0x000000c0a81f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 827454324736, "timestamp": "00:00:20.256", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 827454849024, "type": "region", "version": 1 }, "end_va": 827455373311, "entry_point": 0, "filename": null, "id": "region_475", "name": "private_0x000000c0a8270000", "norm_filename": null, "region_type": "private_memory", "start_va": 827454849024, "timestamp": "00:00:20.256", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 827455373312, "type": "region", "version": 1 }, "end_va": 827455897599, "entry_point": 0, "filename": null, "id": "region_476", "name": "private_0x000000c0a82f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 827455373312, "timestamp": "00:00:20.257", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4194304, "start_va": 827455897600, "type": "region", "version": 1 }, "end_va": 827460091903, "entry_point": 0, "filename": null, "id": "region_477", "name": "private_0x000000c0a8370000", "norm_filename": null, "region_type": "private_memory", "start_va": 827455897600, "timestamp": "00:00:20.257", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 827460091904, "type": "region", "version": 1 }, "end_va": 827460616191, "entry_point": 0, "filename": null, "id": "region_478", "name": "private_0x000000c0a8770000", "norm_filename": null, "region_type": "private_memory", "start_va": 827460091904, "timestamp": "00:00:20.257", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 827461140480, "type": "region", "version": 1 }, "end_va": 827461144575, "entry_point": 0, "filename": null, "id": "region_479", "name": "private_0x000000c0a8870000", "norm_filename": null, "region_type": "private_memory", "start_va": 827461140480, "timestamp": "00:00:20.258", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 827461206016, "type": "region", "version": 1 }, "end_va": 827461271551, "entry_point": 0, "filename": null, "id": "region_480", "name": "private_0x000000c0a8880000", "norm_filename": null, "region_type": "private_memory", "start_va": 827461206016, "timestamp": "00:00:20.258", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 827461795840, "type": "region", "version": 1 }, "end_va": 827462844415, "entry_point": 0, "filename": null, "id": "region_481", "name": "private_0x000000c0a8910000", "norm_filename": null, "region_type": "private_memory", "start_va": 827461795840, "timestamp": "00:00:20.258", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 827462844416, "type": "region", "version": 1 }, "end_va": 827463368703, "entry_point": 0, "filename": null, "id": "region_482", "name": "private_0x000000c0a8a10000", "norm_filename": null, "region_type": "private_memory", "start_va": 827462844416, "timestamp": "00:00:20.258", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 827463368704, "type": "region", "version": 1 }, "end_va": 827463892991, "entry_point": 0, "filename": null, "id": "region_483", "name": "private_0x000000c0a8a90000", "norm_filename": null, "region_type": "private_memory", "start_va": 827463368704, "timestamp": "00:00:20.259", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 827463892992, "type": "region", "version": 1 }, "end_va": 827464417279, "entry_point": 0, "filename": null, "id": "region_484", "name": "private_0x000000c0a8b10000", "norm_filename": null, "region_type": "private_memory", "start_va": 827463892992, "timestamp": "00:00:20.259", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 827464417280, "type": "region", "version": 1 }, "end_va": 827464941567, "entry_point": 0, "filename": null, "id": "region_485", "name": "private_0x000000c0a8b90000", "norm_filename": null, "region_type": "private_memory", "start_va": 827464417280, "timestamp": "00:00:20.259", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 827464941568, "type": "region", "version": 1 }, "end_va": 827465465855, "entry_point": 0, "filename": null, "id": "region_486", "name": "private_0x000000c0a8c10000", "norm_filename": null, "region_type": "private_memory", "start_va": 827464941568, "timestamp": "00:00:20.260", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 16384, "start_va": 827465465856, "type": "region", "version": 1 }, "end_va": 827465482239, "entry_point": 0, "filename": null, "id": "region_487", "name": "private_0x000000c0a8c90000", "norm_filename": null, "region_type": "private_memory", "start_va": 827465465856, "timestamp": "00:00:20.260", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 827465531392, "type": "region", "version": 1 }, "end_va": 827465539583, "entry_point": 0, "filename": null, "id": "region_488", "name": "private_0x000000c0a8ca0000", "norm_filename": null, "region_type": "private_memory", "start_va": 827465531392, "timestamp": "00:00:20.260", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1277952, "start_va": 827465596928, "type": "region", "version": 1 }, "end_va": 827466874879, "entry_point": 0, "filename": null, "id": "region_489", "name": "pagefile_0x000000c0a8cb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 827465596928, "timestamp": "00:00:20.260", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 827466907648, "type": "region", "version": 1 }, "end_va": 827467431935, "entry_point": 0, "filename": null, "id": "region_490", "name": "private_0x000000c0a8df0000", "norm_filename": null, "region_type": "private_memory", "start_va": 827466907648, "timestamp": "00:00:20.261", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 827467431936, "type": "region", "version": 1 }, "end_va": 827467956223, "entry_point": 0, "filename": null, "id": "region_491", "name": "private_0x000000c0a8e70000", "norm_filename": null, "region_type": "private_memory", "start_va": 827467431936, "timestamp": "00:00:20.261", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 827467956224, "type": "region", "version": 1 }, "end_va": 827467960319, "entry_point": 0, "filename": null, "id": "region_492", "name": "private_0x000000c0a8ef0000", "norm_filename": null, "region_type": "private_memory", "start_va": 827467956224, "timestamp": "00:00:20.261", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 827468021760, "type": "region", "version": 1 }, "end_va": 827468087295, "entry_point": 0, "filename": null, "id": "region_493", "name": "private_0x000000c0a8f00000", "norm_filename": null, "region_type": "private_memory", "start_va": 827468021760, "timestamp": "00:00:20.262", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 32768, "start_va": 827468087296, "type": "region", "version": 1 }, "end_va": 827468120063, "entry_point": 0, "filename": null, "id": "region_494", "name": "private_0x000000c0a8f10000", "norm_filename": null, "region_type": "private_memory", "start_va": 827468087296, "timestamp": "00:00:20.262", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 827468152832, "type": "region", "version": 1 }, "end_va": 827468218367, "entry_point": 0, "filename": null, "id": "region_495", "name": "private_0x000000c0a8f20000", "norm_filename": null, "region_type": "private_memory", "start_va": 827468152832, "timestamp": "00:00:20.262", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 827468218368, "type": "region", "version": 1 }, "end_va": 827469266943, "entry_point": 0, "filename": null, "id": "region_496", "name": "pagefile_0x000000c0a8f30000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 827468218368, "timestamp": "00:00:20.262", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 827469266944, "type": "region", "version": 1 }, "end_va": 827469791231, "entry_point": 0, "filename": null, "id": "region_497", "name": "private_0x000000c0a9030000", "norm_filename": null, "region_type": "private_memory", "start_va": 827469266944, "timestamp": "00:00:20.262", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 827470315520, "type": "region", "version": 1 }, "end_va": 827470839807, "entry_point": 0, "filename": null, "id": "region_498", "name": "private_0x000000c0a9130000", "norm_filename": null, "region_type": "private_memory", "start_va": 827470315520, "timestamp": "00:00:20.263", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 827470839808, "type": "region", "version": 1 }, "end_va": 827471888383, "entry_point": 0, "filename": null, "id": "region_499", "name": "private_0x000000c0a91b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 827470839808, "timestamp": "00:00:20.263", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 827471888384, "type": "region", "version": 1 }, "end_va": 827472936959, "entry_point": 0, "filename": null, "id": "region_500", "name": "private_0x000000c0a92b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 827471888384, "timestamp": "00:00:20.263", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 827472936960, "type": "region", "version": 1 }, "end_va": 827473985535, "entry_point": 0, "filename": null, "id": "region_501", "name": "private_0x000000c0a93b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 827472936960, "timestamp": "00:00:20.264", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 827473985536, "type": "region", "version": 1 }, "end_va": 827475034111, "entry_point": 0, "filename": null, "id": "region_502", "name": "private_0x000000c0a94b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 827473985536, "timestamp": "00:00:20.264", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 827475034112, "type": "region", "version": 1 }, "end_va": 827476082687, "entry_point": 0, "filename": null, "id": "region_503", "name": "private_0x000000c0a95b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 827475034112, "timestamp": "00:00:20.264", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 827476082688, "type": "region", "version": 1 }, "end_va": 827476606975, "entry_point": 0, "filename": null, "id": "region_504", "name": "private_0x000000c0a96b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 827476082688, "timestamp": "00:00:20.265", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 827476606976, "type": "region", "version": 1 }, "end_va": 827476672511, "entry_point": 0, "filename": null, "id": "region_505", "name": "pagefile_0x000000c0a9730000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 827476606976, "timestamp": "00:00:20.265", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 827476672512, "type": "region", "version": 1 }, "end_va": 827476738047, "entry_point": 0, "filename": null, "id": "region_506", "name": "pagefile_0x000000c0a9740000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 827476672512, "timestamp": "00:00:20.265", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 827476738048, "type": "region", "version": 1 }, "end_va": 827476803583, "entry_point": 0, "filename": null, "id": "region_507", "name": "pagefile_0x000000c0a9750000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 827476738048, "timestamp": "00:00:20.265", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 827476803584, "type": "region", "version": 1 }, "end_va": 827476869119, "entry_point": 0, "filename": null, "id": "region_508", "name": "pagefile_0x000000c0a9760000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 827476803584, "timestamp": "00:00:20.265", "type": "region", "version": 1 } ], "terminate_reason": "timeout", "type": "monitored_process", "unmonitor_reason": "terminated", "version": 1 }, { "cmd_line": "C:\\Windows\\system32\\cmd.exe /C title 4180649|vssadmin.exe Delete Shadows /All /Quiet", "filename": "c:\\windows\\system32\\cmd.exe", "id": "proc_6", "image_name": "cmd.exe", "monitor_reason": "child_process", "monitored_id": 6, "origin_monitor_id": 1, "ref_parent_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "process_00000006-region_00000909-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable" ], "ref_process_dump": { "ref_id": "proc_dump_365", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_909", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:00:30.242", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00000910-addr_0x000000bd41bf0000-size_0x0000000000020000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_366", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 131072, "start_va": 812851855360, "type": "region", "version": 1 }, "end_va": 812851986431, "entry_point": 0, "filename": null, "id": "region_910", "name": "private_0x000000bd41bf0000", "norm_filename": null, "region_type": "private_memory", "start_va": 812851855360, "timestamp": "00:00:30.242", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 61440, "start_va": 812851986432, "type": "region", "version": 1 }, "end_va": 812852047871, "entry_point": 0, "filename": null, "id": "region_911", "name": "pagefile_0x000000bd41c10000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 812851986432, "timestamp": "00:00:30.242", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00000912-addr_0x000000bd41c20000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_367", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 812852051968, "type": "region", "version": 1 }, "end_va": 812853100543, "entry_point": 0, "filename": null, "id": "region_912", "name": "private_0x000000bd41c20000", "norm_filename": null, "region_type": "private_memory", "start_va": 812852051968, "timestamp": "00:00:30.242", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 812853100544, "type": "region", "version": 1 }, "end_va": 812853116927, "entry_point": 0, "filename": null, "id": "region_913", "name": "pagefile_0x000000bd41d20000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 812853100544, "timestamp": "00:00:30.242", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 812853166080, "type": "region", "version": 1 }, "end_va": 812853170175, "entry_point": 0, "filename": null, "id": "region_914", "name": "pagefile_0x000000bd41d30000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 812853166080, "timestamp": "00:00:30.242", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00000915-addr_0x000000bd41d40000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_368", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 812853231616, "type": "region", "version": 1 }, "end_va": 812853239807, "entry_point": 0, "filename": null, "id": "region_915", "name": "private_0x000000bd41d40000", "norm_filename": null, "region_type": "private_memory", "start_va": 812853231616, "timestamp": "00:00:30.243", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 140695126736896, "type": "region", "version": 1 }, "end_va": 140695126880255, "entry_point": 0, "filename": null, "id": "region_916", "name": "pagefile_0x00007ff6230d0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 140695126736896, "timestamp": "00:00:30.243", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00000917-addr_0x00007ff6230fb000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_369", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 140695126913024, "type": "region", "version": 1 }, "end_va": 140695126917119, "entry_point": 0, "filename": null, "id": "region_917", "name": "private_0x00007ff6230fb000", "norm_filename": null, "region_type": "private_memory", "start_va": 140695126913024, "timestamp": "00:00:30.243", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00000918-addr_0x00007ff6230fe000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_370", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 140695126925312, "type": "region", "version": 1 }, "end_va": 140695126933503, "entry_point": 0, "filename": null, "id": "region_918", "name": "private_0x00007ff6230fe000", "norm_filename": null, "region_type": "private_memory", "start_va": 140695126925312, "timestamp": "00:00:30.243", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 372736, "start_va": 140695127195648, "type": "region", "version": 1 }, "end_va": 140695127568383, "entry_point": 140695127221684, "filename": "\\Windows\\System32\\cmd.exe", "id": "region_919", "name": "cmd.exe", "norm_filename": "c:\\windows\\system32\\cmd.exe", "region_type": "memory_mapped_file", "start_va": 140695127195648, "timestamp": "00:00:30.243", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 140729648283648, "type": "region", "version": 1 }, "end_va": 140729650024447, "entry_point": 140729648283648, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_920", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 140729648283648, "timestamp": "00:00:30.245", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00000945-addr_0x000000bd41d50000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_383", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 812853297152, "type": "region", "version": 1 }, "end_va": 812854345727, "entry_point": 0, "filename": null, "id": "region_945", "name": "private_0x000000bd41d50000", "norm_filename": null, "region_type": "private_memory", "start_va": 812853297152, "timestamp": "00:00:30.267", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1105920, "start_va": 140729603522560, "type": "region", "version": 1 }, "end_va": 140729604628479, "entry_point": 140729603531424, "filename": "\\Windows\\System32\\KernelBase.dll", "id": "region_946", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\system32\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 140729603522560, "timestamp": "00:00:30.267", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1282048, "start_va": 140729609617408, "type": "region", "version": 1 }, "end_va": 140729610899455, "entry_point": 140729609637940, "filename": "\\Windows\\System32\\kernel32.dll", "id": "region_947", "name": "kernel32.dll", "norm_filename": "c:\\windows\\system32\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 140729609617408, "timestamp": "00:00:30.268", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 812851855360, "type": "region", "version": 1 }, "end_va": 812851920895, "entry_point": 0, "filename": null, "id": "region_1225", "name": "pagefile_0x000000bd41bf0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 812851855360, "timestamp": "00:00:30.641", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001226-addr_0x000000bd41c00000-size_0x0000000000007000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_425", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 28672, "start_va": 812851920896, "type": "region", "version": 1 }, "end_va": 812851949567, "entry_point": 0, "filename": null, "id": "region_1226", "name": "private_0x000000bd41c00000", "norm_filename": null, "region_type": "private_memory", "start_va": 812851920896, "timestamp": "00:00:30.641", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 516096, "start_va": 812854345728, "type": "region", "version": 1 }, "end_va": 812854861823, "entry_point": 812854345728, "filename": "\\Windows\\System32\\locale.nls", "id": "region_1227", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 812854345728, "timestamp": "00:00:30.641", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001228-addr_0x000000bd42070000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_426", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 812856573952, "type": "region", "version": 1 }, "end_va": 812856639487, "entry_point": 0, "filename": null, "id": "region_1228", "name": "private_0x000000bd42070000", "norm_filename": null, "region_type": "private_memory", "start_va": 812856573952, "timestamp": "00:00:30.642", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 140695125688320, "type": "region", "version": 1 }, "end_va": 140695126736895, "entry_point": 0, "filename": null, "id": "region_1229", "name": "pagefile_0x00007ff622fd0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 140695125688320, "timestamp": "00:00:30.642", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 684032, "start_va": 140729612173312, "type": "region", "version": 1 }, "end_va": 140729612857343, "entry_point": 140729612183596, "filename": "\\Windows\\System32\\msvcrt.dll", "id": "region_1230", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\system32\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 140729612173312, "timestamp": "00:00:30.642", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2969600, "start_va": 812856639488, "type": "region", "version": 1 }, "end_va": 812859609087, "entry_point": 812856639488, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_1271", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 812856639488, "timestamp": "00:00:30.754", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "C:\\Windows\\system32\\cmd.exe /C title 9538298|bcdedit /set {default} recoveryenabled No", "filename": "c:\\windows\\system32\\cmd.exe", "id": "proc_7", "image_name": "cmd.exe", "monitor_reason": "child_process", "monitored_id": 7, "origin_monitor_id": 1, "ref_parent_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "process_00000007-region_00000921-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable" ], "ref_process_dump": { "ref_id": "proc_dump_371", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_921", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:00:30.249", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00000922-addr_0x0000009a39f30000-size_0x0000000000020000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_372", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 131072, "start_va": 662397190144, "type": "region", "version": 1 }, "end_va": 662397321215, "entry_point": 0, "filename": null, "id": "region_922", "name": "private_0x0000009a39f30000", "norm_filename": null, "region_type": "private_memory", "start_va": 662397190144, "timestamp": "00:00:30.249", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 61440, "start_va": 662397321216, "type": "region", "version": 1 }, "end_va": 662397382655, "entry_point": 0, "filename": null, "id": "region_923", "name": "pagefile_0x0000009a39f50000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 662397321216, "timestamp": "00:00:30.249", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00000924-addr_0x0000009a39f60000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_373", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 662397386752, "type": "region", "version": 1 }, "end_va": 662398435327, "entry_point": 0, "filename": null, "id": "region_924", "name": "private_0x0000009a39f60000", "norm_filename": null, "region_type": "private_memory", "start_va": 662397386752, "timestamp": "00:00:30.250", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 662398435328, "type": "region", "version": 1 }, "end_va": 662398451711, "entry_point": 0, "filename": null, "id": "region_925", "name": "pagefile_0x0000009a3a060000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 662398435328, "timestamp": "00:00:30.250", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 662398500864, "type": "region", "version": 1 }, "end_va": 662398504959, "entry_point": 0, "filename": null, "id": "region_926", "name": "pagefile_0x0000009a3a070000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 662398500864, "timestamp": "00:00:30.250", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00000927-addr_0x0000009a3a080000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_374", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 662398566400, "type": "region", "version": 1 }, "end_va": 662398574591, "entry_point": 0, "filename": null, "id": "region_927", "name": "private_0x0000009a3a080000", "norm_filename": null, "region_type": "private_memory", "start_va": 662398566400, "timestamp": "00:00:30.250", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 140695122345984, "type": "region", "version": 1 }, "end_va": 140695122489343, "entry_point": 0, "filename": null, "id": "region_928", "name": "pagefile_0x00007ff622ca0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 140695122345984, "timestamp": "00:00:30.250", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00000929-addr_0x00007ff622ccd000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_375", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 140695122530304, "type": "region", "version": 1 }, "end_va": 140695122538495, "entry_point": 0, "filename": null, "id": "region_929", "name": "private_0x00007ff622ccd000", "norm_filename": null, "region_type": "private_memory", "start_va": 140695122530304, "timestamp": "00:00:30.250", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00000930-addr_0x00007ff622ccf000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_376", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 140695122538496, "type": "region", "version": 1 }, "end_va": 140695122542591, "entry_point": 0, "filename": null, "id": "region_930", "name": "private_0x00007ff622ccf000", "norm_filename": null, "region_type": "private_memory", "start_va": 140695122538496, "timestamp": "00:00:30.250", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 372736, "start_va": 140695127195648, "type": "region", "version": 1 }, "end_va": 140695127568383, "entry_point": 140695127221684, "filename": "\\Windows\\System32\\cmd.exe", "id": "region_931", "name": "cmd.exe", "norm_filename": "c:\\windows\\system32\\cmd.exe", "region_type": "memory_mapped_file", "start_va": 140695127195648, "timestamp": "00:00:30.250", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 140729648283648, "type": "region", "version": 1 }, "end_va": 140729650024447, "entry_point": 140729648283648, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_932", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 140729648283648, "timestamp": "00:00:30.251", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00000948-addr_0x0000009a3a230000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_384", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 662400335872, "type": "region", "version": 1 }, "end_va": 662401384447, "entry_point": 0, "filename": null, "id": "region_948", "name": "private_0x0000009a3a230000", "norm_filename": null, "region_type": "private_memory", "start_va": 662400335872, "timestamp": "00:00:30.278", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1105920, "start_va": 140729603522560, "type": "region", "version": 1 }, "end_va": 140729604628479, "entry_point": 140729603531424, "filename": "\\Windows\\System32\\KernelBase.dll", "id": "region_949", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\system32\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 140729603522560, "timestamp": "00:00:30.278", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1282048, "start_va": 140729609617408, "type": "region", "version": 1 }, "end_va": 140729610899455, "entry_point": 140729609637940, "filename": "\\Windows\\System32\\kernel32.dll", "id": "region_950", "name": "kernel32.dll", "norm_filename": "c:\\windows\\system32\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 140729609617408, "timestamp": "00:00:30.279", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 662397190144, "type": "region", "version": 1 }, "end_va": 662397255679, "entry_point": 0, "filename": null, "id": "region_1219", "name": "pagefile_0x0000009a39f30000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 662397190144, "timestamp": "00:00:30.634", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00001220-addr_0x0000009a39f40000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_423", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 662397255680, "type": "region", "version": 1 }, "end_va": 662397321215, "entry_point": 0, "filename": null, "id": "region_1220", "name": "private_0x0000009a39f40000", "norm_filename": null, "region_type": "private_memory", "start_va": 662397255680, "timestamp": "00:00:30.634", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 516096, "start_va": 662398631936, "type": "region", "version": 1 }, "end_va": 662399148031, "entry_point": 662398631936, "filename": "\\Windows\\System32\\locale.nls", "id": "region_1221", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 662398631936, "timestamp": "00:00:30.634", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00001222-addr_0x0000009a3a110000-size_0x0000000000007000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_424", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 28672, "start_va": 662399156224, "type": "region", "version": 1 }, "end_va": 662399184895, "entry_point": 0, "filename": null, "id": "region_1222", "name": "private_0x0000009a3a110000", "norm_filename": null, "region_type": "private_memory", "start_va": 662399156224, "timestamp": "00:00:30.635", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 140695121297408, "type": "region", "version": 1 }, "end_va": 140695122345983, "entry_point": 0, "filename": null, "id": "region_1223", "name": "pagefile_0x00007ff622ba0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 140695121297408, "timestamp": "00:00:30.635", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 684032, "start_va": 140729612173312, "type": "region", "version": 1 }, "end_va": 140729612857343, "entry_point": 140729612183596, "filename": "\\Windows\\System32\\msvcrt.dll", "id": "region_1224", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\system32\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 140729612173312, "timestamp": "00:00:30.635", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2969600, "start_va": 662401384448, "type": "region", "version": 1 }, "end_va": 662404354047, "entry_point": 662401384448, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_1246", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 662401384448, "timestamp": "00:00:30.713", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "C:\\Windows\\system32\\cmd.exe /C title 8997147|bcdedit /set {default} bootstatuspolicy ignoreallfailures", "filename": "c:\\windows\\system32\\cmd.exe", "id": "proc_8", "image_name": "cmd.exe", "monitor_reason": "child_process", "monitored_id": 8, "origin_monitor_id": 1, "ref_parent_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "process_00000008-region_00000933-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable" ], "ref_process_dump": { "ref_id": "proc_dump_377", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_933", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:00:30.255", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00000934-addr_0x00000091de340000-size_0x0000000000020000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_378", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 131072, "start_va": 626498207744, "type": "region", "version": 1 }, "end_va": 626498338815, "entry_point": 0, "filename": null, "id": "region_934", "name": "private_0x00000091de340000", "norm_filename": null, "region_type": "private_memory", "start_va": 626498207744, "timestamp": "00:00:30.256", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 61440, "start_va": 626498338816, "type": "region", "version": 1 }, "end_va": 626498400255, "entry_point": 0, "filename": null, "id": "region_935", "name": "pagefile_0x00000091de360000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 626498338816, "timestamp": "00:00:30.256", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00000936-addr_0x00000091de370000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_379", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 626498404352, "type": "region", "version": 1 }, "end_va": 626499452927, "entry_point": 0, "filename": null, "id": "region_936", "name": "private_0x00000091de370000", "norm_filename": null, "region_type": "private_memory", "start_va": 626498404352, "timestamp": "00:00:30.256", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 626499452928, "type": "region", "version": 1 }, "end_va": 626499469311, "entry_point": 0, "filename": null, "id": "region_937", "name": "pagefile_0x00000091de470000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 626499452928, "timestamp": "00:00:30.256", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 626499518464, "type": "region", "version": 1 }, "end_va": 626499522559, "entry_point": 0, "filename": null, "id": "region_938", "name": "pagefile_0x00000091de480000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 626499518464, "timestamp": "00:00:30.256", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00000939-addr_0x00000091de490000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_380", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 626499584000, "type": "region", "version": 1 }, "end_va": 626499592191, "entry_point": 0, "filename": null, "id": "region_939", "name": "private_0x00000091de490000", "norm_filename": null, "region_type": "private_memory", "start_va": 626499584000, "timestamp": "00:00:30.256", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 140695112187904, "type": "region", "version": 1 }, "end_va": 140695112331263, "entry_point": 0, "filename": null, "id": "region_940", "name": "pagefile_0x00007ff6222f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 140695112187904, "timestamp": "00:00:30.256", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00000941-addr_0x00007ff62231d000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_381", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 140695112372224, "type": "region", "version": 1 }, "end_va": 140695112380415, "entry_point": 0, "filename": null, "id": "region_941", "name": "private_0x00007ff62231d000", "norm_filename": null, "region_type": "private_memory", "start_va": 140695112372224, "timestamp": "00:00:30.256", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00000942-addr_0x00007ff62231f000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_382", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 140695112380416, "type": "region", "version": 1 }, "end_va": 140695112384511, "entry_point": 0, "filename": null, "id": "region_942", "name": "private_0x00007ff62231f000", "norm_filename": null, "region_type": "private_memory", "start_va": 140695112380416, "timestamp": "00:00:30.257", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 372736, "start_va": 140695127195648, "type": "region", "version": 1 }, "end_va": 140695127568383, "entry_point": 140695127221684, "filename": "\\Windows\\System32\\cmd.exe", "id": "region_943", "name": "cmd.exe", "norm_filename": "c:\\windows\\system32\\cmd.exe", "region_type": "memory_mapped_file", "start_va": 140695127195648, "timestamp": "00:00:30.257", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 140729648283648, "type": "region", "version": 1 }, "end_va": 140729650024447, "entry_point": 140729648283648, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_944", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 140729648283648, "timestamp": "00:00:30.258", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00000951-addr_0x00000091de5e0000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_385", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 626500960256, "type": "region", "version": 1 }, "end_va": 626502008831, "entry_point": 0, "filename": null, "id": "region_951", "name": "private_0x00000091de5e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 626500960256, "timestamp": "00:00:30.289", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1105920, "start_va": 140729603522560, "type": "region", "version": 1 }, "end_va": 140729604628479, "entry_point": 140729603531424, "filename": "\\Windows\\System32\\KernelBase.dll", "id": "region_952", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\system32\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 140729603522560, "timestamp": "00:00:30.289", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1282048, "start_va": 140729609617408, "type": "region", "version": 1 }, "end_va": 140729610899455, "entry_point": 140729609637940, "filename": "\\Windows\\System32\\kernel32.dll", "id": "region_953", "name": "kernel32.dll", "norm_filename": "c:\\windows\\system32\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 140729609617408, "timestamp": "00:00:30.291", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 626498207744, "type": "region", "version": 1 }, "end_va": 626498273279, "entry_point": 0, "filename": null, "id": "region_1231", "name": "pagefile_0x00000091de340000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 626498207744, "timestamp": "00:00:30.647", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00001232-addr_0x00000091de350000-size_0x0000000000007000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_427", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 28672, "start_va": 626498273280, "type": "region", "version": 1 }, "end_va": 626498301951, "entry_point": 0, "filename": null, "id": "region_1232", "name": "private_0x00000091de350000", "norm_filename": null, "region_type": "private_memory", "start_va": 626498273280, "timestamp": "00:00:30.648", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 516096, "start_va": 626499649536, "type": "region", "version": 1 }, "end_va": 626500165631, "entry_point": 626499649536, "filename": "\\Windows\\System32\\locale.nls", "id": "region_1233", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 626499649536, "timestamp": "00:00:30.648", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00001234-addr_0x00000091de560000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_428", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 626500435968, "type": "region", "version": 1 }, "end_va": 626500501503, "entry_point": 0, "filename": null, "id": "region_1234", "name": "private_0x00000091de560000", "norm_filename": null, "region_type": "private_memory", "start_va": 626500435968, "timestamp": "00:00:30.649", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 140695111139328, "type": "region", "version": 1 }, "end_va": 140695112187903, "entry_point": 0, "filename": null, "id": "region_1235", "name": "pagefile_0x00007ff6221f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 140695111139328, "timestamp": "00:00:30.649", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 684032, "start_va": 140729612173312, "type": "region", "version": 1 }, "end_va": 140729612857343, "entry_point": 140729612183596, "filename": "\\Windows\\System32\\msvcrt.dll", "id": "region_1236", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\system32\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 140729612173312, "timestamp": "00:00:30.649", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2969600, "start_va": 626502008832, "type": "region", "version": 1 }, "end_va": 626504978431, "entry_point": 626502008832, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_1284", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 626502008832, "timestamp": "00:00:30.783", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00001297-addr_0x00000091de520000-size_0x0000000000007000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_459", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 28672, "start_va": 626500173824, "type": "region", "version": 1 }, "end_va": 626500202495, "entry_point": 0, "filename": null, "id": "region_1297", "name": "private_0x00000091de520000", "norm_filename": null, "region_type": "private_memory", "start_va": 626500173824, "timestamp": "00:00:30.797", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "C:\\Windows\\system32\\cmd.exe /S /D /c\" title 9538298\"", "filename": "c:\\windows\\system32\\cmd.exe", "id": "proc_13", "image_name": "cmd.exe", "monitor_reason": "child_process", "monitored_id": 13, "origin_monitor_id": 7, "ref_parent_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "process_00000013-region_00001247-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable" ], "ref_process_dump": { "ref_id": "proc_dump_435", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_1247", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:00:30.718", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000013-region_00001248-addr_0x000000ae42f10000-size_0x0000000000020000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_436", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 131072, "start_va": 748447399936, "type": "region", "version": 1 }, "end_va": 748447531007, "entry_point": 0, "filename": null, "id": "region_1248", "name": "private_0x000000ae42f10000", "norm_filename": null, "region_type": "private_memory", "start_va": 748447399936, "timestamp": "00:00:30.718", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 61440, "start_va": 748447531008, "type": "region", "version": 1 }, "end_va": 748447592447, "entry_point": 0, "filename": null, "id": "region_1249", "name": "pagefile_0x000000ae42f30000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 748447531008, "timestamp": "00:00:30.718", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000013-region_00001250-addr_0x000000ae42f40000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_437", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 748447596544, "type": "region", "version": 1 }, "end_va": 748448645119, "entry_point": 0, "filename": null, "id": "region_1250", "name": "private_0x000000ae42f40000", "norm_filename": null, "region_type": "private_memory", "start_va": 748447596544, "timestamp": "00:00:30.718", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 748448645120, "type": "region", "version": 1 }, "end_va": 748448661503, "entry_point": 0, "filename": null, "id": "region_1251", "name": "pagefile_0x000000ae43040000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 748448645120, "timestamp": "00:00:30.718", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 748448710656, "type": "region", "version": 1 }, "end_va": 748448714751, "entry_point": 0, "filename": null, "id": "region_1252", "name": "pagefile_0x000000ae43050000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 748448710656, "timestamp": "00:00:30.718", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000013-region_00001253-addr_0x000000ae43060000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_438", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 748448776192, "type": "region", "version": 1 }, "end_va": 748448784383, "entry_point": 0, "filename": null, "id": "region_1253", "name": "private_0x000000ae43060000", "norm_filename": null, "region_type": "private_memory", "start_va": 748448776192, "timestamp": "00:00:30.719", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 140695123984384, "type": "region", "version": 1 }, "end_va": 140695124127743, "entry_point": 0, "filename": null, "id": "region_1254", "name": "pagefile_0x00007ff622e30000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 140695123984384, "timestamp": "00:00:30.719", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000013-region_00001255-addr_0x00007ff622e5d000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_439", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 140695124168704, "type": "region", "version": 1 }, "end_va": 140695124176895, "entry_point": 0, "filename": null, "id": "region_1255", "name": "private_0x00007ff622e5d000", "norm_filename": null, "region_type": "private_memory", "start_va": 140695124168704, "timestamp": "00:00:30.719", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000013-region_00001256-addr_0x00007ff622e5f000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_440", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 140695124176896, "type": "region", "version": 1 }, "end_va": 140695124180991, "entry_point": 0, "filename": null, "id": "region_1256", "name": "private_0x00007ff622e5f000", "norm_filename": null, "region_type": "private_memory", "start_va": 140695124176896, "timestamp": "00:00:30.719", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 372736, "start_va": 140695127195648, "type": "region", "version": 1 }, "end_va": 140695127568383, "entry_point": 140695127221684, "filename": "\\Windows\\System32\\cmd.exe", "id": "region_1257", "name": "cmd.exe", "norm_filename": "c:\\windows\\system32\\cmd.exe", "region_type": "memory_mapped_file", "start_va": 140695127195648, "timestamp": "00:00:30.719", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 140729648283648, "type": "region", "version": 1 }, "end_va": 140729650024447, "entry_point": 140729648283648, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_1258", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 140729648283648, "timestamp": "00:00:30.720", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000013-region_00001310-addr_0x000000ae43260000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_466", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 748450873344, "type": "region", "version": 1 }, "end_va": 748451921919, "entry_point": 0, "filename": null, "id": "region_1310", "name": "private_0x000000ae43260000", "norm_filename": null, "region_type": "private_memory", "start_va": 748450873344, "timestamp": "00:00:30.809", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1105920, "start_va": 140729603522560, "type": "region", "version": 1 }, "end_va": 140729604628479, "entry_point": 140729603531424, "filename": "\\Windows\\System32\\KernelBase.dll", "id": "region_1311", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\system32\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 140729603522560, "timestamp": "00:00:30.809", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1282048, "start_va": 140729609617408, "type": "region", "version": 1 }, "end_va": 140729610899455, "entry_point": 140729609637940, "filename": "\\Windows\\System32\\kernel32.dll", "id": "region_1312", "name": "kernel32.dll", "norm_filename": "c:\\windows\\system32\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 140729609617408, "timestamp": "00:00:30.810", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 748447399936, "type": "region", "version": 1 }, "end_va": 748447465471, "entry_point": 0, "filename": null, "id": "region_1337", "name": "pagefile_0x000000ae42f10000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 748447399936, "timestamp": "00:00:30.887", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000013-region_00001338-addr_0x000000ae42f20000-size_0x0000000000007000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_476", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 28672, "start_va": 748447465472, "type": "region", "version": 1 }, "end_va": 748447494143, "entry_point": 0, "filename": null, "id": "region_1338", "name": "private_0x000000ae42f20000", "norm_filename": null, "region_type": "private_memory", "start_va": 748447465472, "timestamp": "00:00:30.887", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 516096, "start_va": 748448841728, "type": "region", "version": 1 }, "end_va": 748449357823, "entry_point": 748448841728, "filename": "\\Windows\\System32\\locale.nls", "id": "region_1339", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 748448841728, "timestamp": "00:00:30.887", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000013-region_00001340-addr_0x000000ae43550000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_477", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 748453953536, "type": "region", "version": 1 }, "end_va": 748454019071, "entry_point": 0, "filename": null, "id": "region_1340", "name": "private_0x000000ae43550000", "norm_filename": null, "region_type": "private_memory", "start_va": 748453953536, "timestamp": "00:00:30.888", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 140695122935808, "type": "region", "version": 1 }, "end_va": 140695123984383, "entry_point": 0, "filename": null, "id": "region_1341", "name": "pagefile_0x00007ff622d30000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 140695122935808, "timestamp": "00:00:30.888", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 684032, "start_va": 140729612173312, "type": "region", "version": 1 }, "end_va": 140729612857343, "entry_point": 140729612183596, "filename": "\\Windows\\System32\\msvcrt.dll", "id": "region_1342", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\system32\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 140729612173312, "timestamp": "00:00:30.888", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "bcdedit /set {default} recoveryenabled No", "filename": "c:\\windows\\system32\\bcdedit.exe", "id": "proc_14", "image_name": "bcdedit.exe", "monitor_reason": "child_process", "monitored_id": 14, "origin_monitor_id": 7, "ref_parent_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "process_00000014-region_00001259-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable" ], "ref_process_dump": { "ref_id": "proc_dump_441", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_1259", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:00:30.734", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000014-region_00001260-addr_0x0000002450310000-size_0x0000000000020000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_442", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 131072, "start_va": 155964211200, "type": "region", "version": 1 }, "end_va": 155964342271, "entry_point": 0, "filename": null, "id": "region_1260", "name": "private_0x0000002450310000", "norm_filename": null, "region_type": "private_memory", "start_va": 155964211200, "timestamp": "00:00:30.734", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 61440, "start_va": 155964342272, "type": "region", "version": 1 }, "end_va": 155964403711, "entry_point": 0, "filename": null, "id": "region_1261", "name": "pagefile_0x0000002450330000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 155964342272, "timestamp": "00:00:30.734", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000014-region_00001262-addr_0x0000002450340000-size_0x0000000000080000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_443", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 524288, "start_va": 155964407808, "type": "region", "version": 1 }, "end_va": 155964932095, "entry_point": 0, "filename": null, "id": "region_1262", "name": "private_0x0000002450340000", "norm_filename": null, "region_type": "private_memory", "start_va": 155964407808, "timestamp": "00:00:30.734", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 155964932096, "type": "region", "version": 1 }, "end_va": 155964948479, "entry_point": 0, "filename": null, "id": "region_1263", "name": "pagefile_0x00000024503c0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 155964932096, "timestamp": "00:00:30.734", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 155964997632, "type": "region", "version": 1 }, "end_va": 155965001727, "entry_point": 0, "filename": null, "id": "region_1264", "name": "pagefile_0x00000024503d0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 155964997632, "timestamp": "00:00:30.734", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000014-region_00001265-addr_0x00000024503e0000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_444", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 155965063168, "type": "region", "version": 1 }, "end_va": 155965071359, "entry_point": 0, "filename": null, "id": "region_1265", "name": "private_0x00000024503e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 155965063168, "timestamp": "00:00:30.735", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 140697040912384, "type": "region", "version": 1 }, "end_va": 140697041055743, "entry_point": 0, "filename": null, "id": "region_1266", "name": "pagefile_0x00007ff695250000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 140697040912384, "timestamp": "00:00:30.735", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000014-region_00001267-addr_0x00007ff69527d000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_445", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 140697041096704, "type": "region", "version": 1 }, "end_va": 140697041104895, "entry_point": 0, "filename": null, "id": "region_1267", "name": "private_0x00007ff69527d000", "norm_filename": null, "region_type": "private_memory", "start_va": 140697041096704, "timestamp": "00:00:30.735", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000014-region_00001268-addr_0x00007ff69527f000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_446", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 140697041104896, "type": "region", "version": 1 }, "end_va": 140697041108991, "entry_point": 0, "filename": null, "id": "region_1268", "name": "private_0x00007ff69527f000", "norm_filename": null, "region_type": "private_memory", "start_va": 140697041104896, "timestamp": "00:00:30.735", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 360448, "start_va": 140697041633280, "type": "region", "version": 1 }, "end_va": 140697041993727, "entry_point": 140697041633280, "filename": "\\Windows\\System32\\bcdedit.exe", "id": "region_1269", "name": "bcdedit.exe", "norm_filename": "c:\\windows\\system32\\bcdedit.exe", "region_type": "memory_mapped_file", "start_va": 140697041633280, "timestamp": "00:00:30.735", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 140729648283648, "type": "region", "version": 1 }, "end_va": 140729650024447, "entry_point": 140729648283648, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_1270", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 140729648283648, "timestamp": "00:00:30.743", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000014-region_00001332-addr_0x00000024505a0000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_475", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 155966898176, "type": "region", "version": 1 }, "end_va": 155967946751, "entry_point": 0, "filename": null, "id": "region_1332", "name": "private_0x00000024505a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 155966898176, "timestamp": "00:00:30.867", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1105920, "start_va": 140729603522560, "type": "region", "version": 1 }, "end_va": 140729604628479, "entry_point": 140729603531424, "filename": "\\Windows\\System32\\KernelBase.dll", "id": "region_1333", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\system32\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 140729603522560, "timestamp": "00:00:30.868", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1282048, "start_va": 140729609617408, "type": "region", "version": 1 }, "end_va": 140729610899455, "entry_point": 140729609637940, "filename": "\\Windows\\System32\\kernel32.dll", "id": "region_1334", "name": "kernel32.dll", "norm_filename": "c:\\windows\\system32\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 140729609617408, "timestamp": "00:00:30.868", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "C:\\Windows\\system32\\cmd.exe /S /D /c\" title 4180649\"", "filename": "c:\\windows\\system32\\cmd.exe", "id": "proc_15", "image_name": "cmd.exe", "monitor_reason": "child_process", "monitored_id": 15, "origin_monitor_id": 6, "ref_parent_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "process_00000015-region_00001272-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable" ], "ref_process_dump": { "ref_id": "proc_dump_447", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_1272", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:00:30.759", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000015-region_00001273-addr_0x0000000a1fdb0000-size_0x0000000000020000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_448", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 131072, "start_va": 43484119040, "type": "region", "version": 1 }, "end_va": 43484250111, "entry_point": 0, "filename": null, "id": "region_1273", "name": "private_0x0000000a1fdb0000", "norm_filename": null, "region_type": "private_memory", "start_va": 43484119040, "timestamp": "00:00:30.760", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 61440, "start_va": 43484250112, "type": "region", "version": 1 }, "end_va": 43484311551, "entry_point": 0, "filename": null, "id": "region_1274", "name": "pagefile_0x0000000a1fdd0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 43484250112, "timestamp": "00:00:30.760", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000015-region_00001275-addr_0x0000000a1fde0000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_449", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 43484315648, "type": "region", "version": 1 }, "end_va": 43485364223, "entry_point": 0, "filename": null, "id": "region_1275", "name": "private_0x0000000a1fde0000", "norm_filename": null, "region_type": "private_memory", "start_va": 43484315648, "timestamp": "00:00:30.760", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 43485364224, "type": "region", "version": 1 }, "end_va": 43485380607, "entry_point": 0, "filename": null, "id": "region_1276", "name": "pagefile_0x0000000a1fee0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 43485364224, "timestamp": "00:00:30.760", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 43485429760, "type": "region", "version": 1 }, "end_va": 43485433855, "entry_point": 0, "filename": null, "id": "region_1277", "name": "pagefile_0x0000000a1fef0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 43485429760, "timestamp": "00:00:30.760", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000015-region_00001278-addr_0x0000000a1ff00000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_450", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 43485495296, "type": "region", "version": 1 }, "end_va": 43485503487, "entry_point": 0, "filename": null, "id": "region_1278", "name": "private_0x0000000a1ff00000", "norm_filename": null, "region_type": "private_memory", "start_va": 43485495296, "timestamp": "00:00:30.760", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 140695119069184, "type": "region", "version": 1 }, "end_va": 140695119212543, "entry_point": 0, "filename": null, "id": "region_1279", "name": "pagefile_0x00007ff622980000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 140695119069184, "timestamp": "00:00:30.760", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000015-region_00001280-addr_0x00007ff6229a6000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_451", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 140695119224832, "type": "region", "version": 1 }, "end_va": 140695119228927, "entry_point": 0, "filename": null, "id": "region_1280", "name": "private_0x00007ff6229a6000", "norm_filename": null, "region_type": "private_memory", "start_va": 140695119224832, "timestamp": "00:00:30.761", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000015-region_00001281-addr_0x00007ff6229ae000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_452", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 140695119257600, "type": "region", "version": 1 }, "end_va": 140695119265791, "entry_point": 0, "filename": null, "id": "region_1281", "name": "private_0x00007ff6229ae000", "norm_filename": null, "region_type": "private_memory", "start_va": 140695119257600, "timestamp": "00:00:30.761", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 372736, "start_va": 140695127195648, "type": "region", "version": 1 }, "end_va": 140695127568383, "entry_point": 140695127221684, "filename": "\\Windows\\System32\\cmd.exe", "id": "region_1282", "name": "cmd.exe", "norm_filename": "c:\\windows\\system32\\cmd.exe", "region_type": "memory_mapped_file", "start_va": 140695127195648, "timestamp": "00:00:30.761", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 140729648283648, "type": "region", "version": 1 }, "end_va": 140729650024447, "entry_point": 140729648283648, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_1283", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 140729648283648, "timestamp": "00:00:30.762", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000015-region_00001314-addr_0x0000000a200f0000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_467", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 43487526912, "type": "region", "version": 1 }, "end_va": 43488575487, "entry_point": 0, "filename": null, "id": "region_1314", "name": "private_0x0000000a200f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 43487526912, "timestamp": "00:00:30.833", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1105920, "start_va": 140729603522560, "type": "region", "version": 1 }, "end_va": 140729604628479, "entry_point": 140729603531424, "filename": "\\Windows\\System32\\KernelBase.dll", "id": "region_1315", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\system32\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 140729603522560, "timestamp": "00:00:30.833", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1282048, "start_va": 140729609617408, "type": "region", "version": 1 }, "end_va": 140729610899455, "entry_point": 140729609637940, "filename": "\\Windows\\System32\\kernel32.dll", "id": "region_1316", "name": "kernel32.dll", "norm_filename": "c:\\windows\\system32\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 140729609617408, "timestamp": "00:00:30.835", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 43484119040, "type": "region", "version": 1 }, "end_va": 43484184575, "entry_point": 0, "filename": null, "id": "region_1343", "name": "pagefile_0x0000000a1fdb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 43484119040, "timestamp": "00:00:30.897", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000015-region_00001344-addr_0x0000000a1fdc0000-size_0x0000000000007000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_478", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 28672, "start_va": 43484184576, "type": "region", "version": 1 }, "end_va": 43484213247, "entry_point": 0, "filename": null, "id": "region_1344", "name": "private_0x0000000a1fdc0000", "norm_filename": null, "region_type": "private_memory", "start_va": 43484184576, "timestamp": "00:00:30.897", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 516096, "start_va": 43485560832, "type": "region", "version": 1 }, "end_va": 43486076927, "entry_point": 43485560832, "filename": "\\Windows\\System32\\locale.nls", "id": "region_1345", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 43485560832, "timestamp": "00:00:30.897", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000015-region_00001346-addr_0x0000000a20380000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_479", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 43490213888, "type": "region", "version": 1 }, "end_va": 43490279423, "entry_point": 0, "filename": null, "id": "region_1346", "name": "private_0x0000000a20380000", "norm_filename": null, "region_type": "private_memory", "start_va": 43490213888, "timestamp": "00:00:30.898", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 140695118020608, "type": "region", "version": 1 }, "end_va": 140695119069183, "entry_point": 0, "filename": null, "id": "region_1347", "name": "pagefile_0x00007ff622880000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 140695118020608, "timestamp": "00:00:30.898", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 684032, "start_va": 140729612173312, "type": "region", "version": 1 }, "end_va": 140729612857343, "entry_point": 140729612183596, "filename": "\\Windows\\System32\\msvcrt.dll", "id": "region_1348", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\system32\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 140729612173312, "timestamp": "00:00:30.898", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "vssadmin.exe Delete Shadows /All /Quiet", "filename": "c:\\windows\\system32\\vssadmin.exe", "id": "proc_16", "image_name": "vssadmin.exe", "monitor_reason": "child_process", "monitored_id": 16, "origin_monitor_id": 6, "ref_parent_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "process_00000016-region_00001317-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable" ], "ref_process_dump": { "ref_id": "proc_dump_468", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_1317", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:00:30.837", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000016-region_00001318-addr_0x00000075b99c0000-size_0x0000000000020000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_469", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 131072, "start_va": 505625182208, "type": "region", "version": 1 }, "end_va": 505625313279, "entry_point": 0, "filename": null, "id": "region_1318", "name": "private_0x00000075b99c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 505625182208, "timestamp": "00:00:30.837", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 61440, "start_va": 505625313280, "type": "region", "version": 1 }, "end_va": 505625374719, "entry_point": 0, "filename": null, "id": "region_1319", "name": "pagefile_0x00000075b99e0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 505625313280, "timestamp": "00:00:30.838", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000016-region_00001320-addr_0x00000075b99f0000-size_0x0000000000080000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_470", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 524288, "start_va": 505625378816, "type": "region", "version": 1 }, "end_va": 505625903103, "entry_point": 0, "filename": null, "id": "region_1320", "name": "private_0x00000075b99f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 505625378816, "timestamp": "00:00:30.838", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 505625903104, "type": "region", "version": 1 }, "end_va": 505625919487, "entry_point": 0, "filename": null, "id": "region_1321", "name": "pagefile_0x00000075b9a70000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 505625903104, "timestamp": "00:00:30.838", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 505625968640, "type": "region", "version": 1 }, "end_va": 505625972735, "entry_point": 0, "filename": null, "id": "region_1322", "name": "pagefile_0x00000075b9a80000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 505625968640, "timestamp": "00:00:30.838", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 140694665887744, "type": "region", "version": 1 }, "end_va": 140694666031103, "entry_point": 0, "filename": null, "id": "region_1323", "name": "pagefile_0x00007ff607950000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 140694665887744, "timestamp": "00:00:30.838", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000016-region_00001324-addr_0x00007ff607976000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_471", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 140694666043392, "type": "region", "version": 1 }, "end_va": 140694666047487, "entry_point": 0, "filename": null, "id": "region_1324", "name": "private_0x00007ff607976000", "norm_filename": null, "region_type": "private_memory", "start_va": 140694666043392, "timestamp": "00:00:30.838", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000016-region_00001325-addr_0x00007ff60797e000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_472", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 140694666076160, "type": "region", "version": 1 }, "end_va": 140694666084351, "entry_point": 0, "filename": null, "id": "region_1325", "name": "private_0x00007ff60797e000", "norm_filename": null, "region_type": "private_memory", "start_va": 140694666076160, "timestamp": "00:00:30.838", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 167936, "start_va": 140694680436736, "type": "region", "version": 1 }, "end_va": 140694680604671, "entry_point": 140694680436736, "filename": "\\Windows\\System32\\vssadmin.exe", "id": "region_1326", "name": "vssadmin.exe", "norm_filename": "c:\\windows\\system32\\vssadmin.exe", "region_type": "memory_mapped_file", "start_va": 140694680436736, "timestamp": "00:00:30.838", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 140729648283648, "type": "region", "version": 1 }, "end_va": 140729650024447, "entry_point": 140729648283648, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_1327", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 140729648283648, "timestamp": "00:00:30.845", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000016-region_00001328-addr_0x00000075b9a90000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_473", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 505626034176, "type": "region", "version": 1 }, "end_va": 505626042367, "entry_point": 0, "filename": null, "id": "region_1328", "name": "private_0x00000075b9a90000", "norm_filename": null, "region_type": "private_memory", "start_va": 505626034176, "timestamp": "00:00:30.846", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000016-region_00001349-addr_0x00000075b9ab0000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_480", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 505626165248, "type": "region", "version": 1 }, "end_va": 505627213823, "entry_point": 0, "filename": null, "id": "region_1349", "name": "private_0x00000075b9ab0000", "norm_filename": null, "region_type": "private_memory", "start_va": 505626165248, "timestamp": "00:00:30.903", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1105920, "start_va": 140729603522560, "type": "region", "version": 1 }, "end_va": 140729604628479, "entry_point": 140729603531424, "filename": "\\Windows\\System32\\KernelBase.dll", "id": "region_1350", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\system32\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 140729603522560, "timestamp": "00:00:30.903", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1282048, "start_va": 140729609617408, "type": "region", "version": 1 }, "end_va": 140729610899455, "entry_point": 140729609637940, "filename": "\\Windows\\System32\\kernel32.dll", "id": "region_1351", "name": "kernel32.dll", "norm_filename": "c:\\windows\\system32\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 140729609617408, "timestamp": "00:00:30.904", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 505625182208, "type": "region", "version": 1 }, "end_va": 505625247743, "entry_point": 0, "filename": null, "id": "region_1363", "name": "pagefile_0x00000075b99c0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 505625182208, "timestamp": "00:00:31.001", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000016-region_00001364-addr_0x00000075b99d0000-size_0x0000000000007000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_484", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 28672, "start_va": 505625247744, "type": "region", "version": 1 }, "end_va": 505625276415, "entry_point": 0, "filename": null, "id": "region_1364", "name": "private_0x00000075b99d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 505625247744, "timestamp": "00:00:31.001", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000016-region_00001365-addr_0x00000075b9aa0000-size_0x0000000000007000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_485", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 28672, "start_va": 505626099712, "type": "region", "version": 1 }, "end_va": 505626128383, "entry_point": 0, "filename": null, "id": "region_1365", "name": "private_0x00000075b9aa0000", "norm_filename": null, "region_type": "private_memory", "start_va": 505626099712, "timestamp": "00:00:31.002", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 516096, "start_va": 505627213824, "type": "region", "version": 1 }, "end_va": 505627729919, "entry_point": 505627213824, "filename": "\\Windows\\System32\\locale.nls", "id": "region_1366", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 505627213824, "timestamp": "00:00:31.002", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 12288, "start_va": 505627738112, "type": "region", "version": 1 }, "end_va": 505627750399, "entry_point": 0, "filename": null, "id": "region_1367", "name": "pagefile_0x00000075b9c30000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 505627738112, "timestamp": "00:00:31.002", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 505627803648, "type": "region", "version": 1 }, "end_va": 505627807743, "entry_point": 0, "filename": null, "id": "region_1368", "name": "pagefile_0x00000075b9c40000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 505627803648, "timestamp": "00:00:31.002", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 53248, "start_va": 505627869184, "type": "region", "version": 1 }, "end_va": 505627922431, "entry_point": 505627869184, "filename": "\\Windows\\System32\\en-US\\vssadmin.exe.mui", "id": "region_1369", "name": "vssadmin.exe.mui", "norm_filename": "c:\\windows\\system32\\en-us\\vssadmin.exe.mui", "region_type": "memory_mapped_file", "start_va": 505627869184, "timestamp": "00:00:31.002", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000016-region_00001370-addr_0x00000075b9c60000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_486", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 505627934720, "type": "region", "version": 1 }, "end_va": 505627938815, "entry_point": 0, "filename": null, "id": "region_1370", "name": "private_0x00000075b9c60000", "norm_filename": null, "region_type": "private_memory", "start_va": 505627934720, "timestamp": "00:00:31.008", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000016-region_00001371-addr_0x00000075b9c70000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_487", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 505628000256, "type": "region", "version": 1 }, "end_va": 505628004351, "entry_point": 0, "filename": null, "id": "region_1371", "name": "private_0x00000075b9c70000", "norm_filename": null, "region_type": "private_memory", "start_va": 505628000256, "timestamp": "00:00:31.008", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000016-region_00001372-addr_0x00000075b9c90000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_488", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 505628131328, "type": "region", "version": 1 }, "end_va": 505628196863, "entry_point": 0, "filename": null, "id": "region_1372", "name": "private_0x00000075b9c90000", "norm_filename": null, "region_type": "private_memory", "start_va": 505628131328, "timestamp": "00:00:31.008", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 505628196864, "type": "region", "version": 1 }, "end_va": 505629802495, "entry_point": 0, "filename": null, "id": "region_1373", "name": "pagefile_0x00000075b9ca0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 505628196864, "timestamp": "00:00:31.008", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 505629835264, "type": "region", "version": 1 }, "end_va": 505631412223, "entry_point": 0, "filename": null, "id": "region_1374", "name": "pagefile_0x00000075b9e30000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 505629835264, "timestamp": "00:00:31.009", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20971520, "start_va": 505631473664, "type": "region", "version": 1 }, "end_va": 505652445183, "entry_point": 0, "filename": null, "id": "region_1375", "name": "pagefile_0x00000075b9fc0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 505631473664, "timestamp": "00:00:31.009", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 140694664839168, "type": "region", "version": 1 }, "end_va": 140694665887743, "entry_point": 0, "filename": null, "id": "region_1376", "name": "pagefile_0x00007ff607850000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 140694664839168, "timestamp": "00:00:31.009", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 90112, "start_va": 140729467928576, "type": "region", "version": 1 }, "end_va": 140729468018687, "entry_point": 140729467932832, "filename": "\\Windows\\System32\\vsstrace.dll", "id": "region_1377", "name": "vsstrace.dll", "norm_filename": "c:\\windows\\system32\\vsstrace.dll", "region_type": "memory_mapped_file", "start_va": 140729467928576, "timestamp": "00:00:31.009", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1572864, "start_va": 140729468059648, "type": "region", "version": 1 }, "end_va": 140729469632511, "entry_point": 140729468063856, "filename": "\\Windows\\System32\\vssapi.dll", "id": "region_1378", "name": "vssapi.dll", "norm_filename": "c:\\windows\\system32\\vssapi.dll", "region_type": "memory_mapped_file", "start_va": 140729468059648, "timestamp": "00:00:31.010", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 106496, "start_va": 140729530187776, "type": "region", "version": 1 }, "end_va": 140729530294271, "entry_point": 140729530257156, "filename": "\\Windows\\System32\\bcd.dll", "id": "region_1379", "name": "bcd.dll", "norm_filename": "c:\\windows\\system32\\bcd.dll", "region_type": "memory_mapped_file", "start_va": 140729530187776, "timestamp": "00:00:31.010", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 110592, "start_va": 140729541394432, "type": "region", "version": 1 }, "end_va": 140729541505023, "entry_point": 140729541399704, "filename": "\\Windows\\System32\\atl.dll", "id": "region_1380", "name": "atl.dll", "norm_filename": "c:\\windows\\system32\\atl.dll", "region_type": "memory_mapped_file", "start_va": 140729541394432, "timestamp": "00:00:31.010", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 36864, "start_va": 140729542049792, "type": "region", "version": 1 }, "end_va": 140729542086655, "entry_point": 140729542053932, "filename": "\\Windows\\System32\\dsrole.dll", "id": "region_1381", "name": "dsrole.dll", "norm_filename": "c:\\windows\\system32\\dsrole.dll", "region_type": "memory_mapped_file", "start_va": 140729542049792, "timestamp": "00:00:31.011", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1511424, "start_va": 140729606930432, "type": "region", "version": 1 }, "end_va": 140729608441855, "entry_point": 140729607084736, "filename": "\\Windows\\System32\\user32.dll", "id": "region_1382", "name": "user32.dll", "norm_filename": "c:\\windows\\system32\\user32.dll", "region_type": "memory_mapped_file", "start_va": 140729606930432, "timestamp": "00:00:31.011", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 356352, "start_va": 140729608503296, "type": "region", "version": 1 }, "end_va": 140729608859647, "entry_point": 140729608512768, "filename": "\\Windows\\System32\\sechost.dll", "id": "region_1383", "name": "sechost.dll", "norm_filename": "c:\\windows\\system32\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 140729608503296, "timestamp": "00:00:31.012", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 675840, "start_va": 140729608896512, "type": "region", "version": 1 }, "end_va": 140729609572351, "entry_point": 140729608900624, "filename": "\\Windows\\System32\\advapi32.dll", "id": "region_1384", "name": "advapi32.dll", "norm_filename": "c:\\windows\\system32\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 140729608896512, "timestamp": "00:00:31.012", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 749568, "start_va": 140729610928128, "type": "region", "version": 1 }, "end_va": 140729611677695, "entry_point": 140729610932512, "filename": "\\Windows\\System32\\oleaut32.dll", "id": "region_1385", "name": "oleaut32.dll", "norm_filename": "c:\\windows\\system32\\oleaut32.dll", "region_type": "memory_mapped_file", "start_va": 140729610928128, "timestamp": "00:00:31.013", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 684032, "start_va": 140729612173312, "type": "region", "version": 1 }, "end_va": 140729612857343, "entry_point": 140729612183596, "filename": "\\Windows\\System32\\msvcrt.dll", "id": "region_1386", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\system32\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 140729612173312, "timestamp": "00:00:31.013", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1331200, "start_va": 140729612894208, "type": "region", "version": 1 }, "end_va": 140729614225407, "entry_point": 140729612967000, "filename": "\\Windows\\System32\\gdi32.dll", "id": "region_1387", "name": "gdi32.dll", "norm_filename": "c:\\windows\\system32\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 140729612894208, "timestamp": "00:00:31.013", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1929216, "start_va": 140729635831808, "type": "region", "version": 1 }, "end_va": 140729637761023, "entry_point": 140729635839840, "filename": "\\Windows\\System32\\combase.dll", "id": "region_1388", "name": "combase.dll", "norm_filename": "c:\\windows\\system32\\combase.dll", "region_type": "memory_mapped_file", "start_va": 140729635831808, "timestamp": "00:00:31.014", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 212992, "start_va": 140729638518784, "type": "region", "version": 1 }, "end_va": 140729638731775, "entry_point": 140729638522928, "filename": "\\Windows\\System32\\imm32.dll", "id": "region_1389", "name": "imm32.dll", "norm_filename": "c:\\windows\\system32\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 140729638518784, "timestamp": "00:00:31.014", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1531904, "start_va": 140729638780928, "type": "region", "version": 1 }, "end_va": 140729640312831, "entry_point": 140729638785204, "filename": "\\Windows\\System32\\ole32.dll", "id": "region_1390", "name": "ole32.dll", "norm_filename": "c:\\windows\\system32\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 140729638780928, "timestamp": "00:00:31.015", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1277952, "start_va": 140729640353792, "type": "region", "version": 1 }, "end_va": 140729641631743, "entry_point": 140729640357904, "filename": "\\Windows\\System32\\msctf.dll", "id": "region_1391", "name": "msctf.dll", "norm_filename": "c:\\windows\\system32\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 140729640353792, "timestamp": "00:00:31.015", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 360448, "start_va": 140729641664512, "type": "region", "version": 1 }, "end_va": 140729642024959, "entry_point": 140729641668764, "filename": "\\Windows\\System32\\ws2_32.dll", "id": "region_1392", "name": "ws2_32.dll", "norm_filename": "c:\\windows\\system32\\ws2_32.dll", "region_type": "memory_mapped_file", "start_va": 140729641664512, "timestamp": "00:00:31.016", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1269760, "start_va": 140729644679168, "type": "region", "version": 1 }, "end_va": 140729645948927, "entry_point": 140729644683600, "filename": "\\Windows\\System32\\rpcrt4.dll", "id": "region_1393", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\system32\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 140729644679168, "timestamp": "00:00:31.016", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 36864, "start_va": 140729647824896, "type": "region", "version": 1 }, "end_va": 140729647861759, "entry_point": 140729647830016, "filename": "\\Windows\\System32\\nsi.dll", "id": "region_1394", "name": "nsi.dll", "norm_filename": "c:\\windows\\system32\\nsi.dll", "region_type": "memory_mapped_file", "start_va": 140729647824896, "timestamp": "00:00:31.016", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 331776, "start_va": 140729647890432, "type": "region", "version": 1 }, "end_va": 140729648222207, "entry_point": 140729647895232, "filename": "\\Windows\\System32\\shlwapi.dll", "id": "region_1395", "name": "shlwapi.dll", "norm_filename": "c:\\windows\\system32\\shlwapi.dll", "region_type": "memory_mapped_file", "start_va": 140729647890432, "timestamp": "00:00:31.017", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 505628065792, "type": "region", "version": 1 }, "end_va": 505628069887, "entry_point": 0, "filename": null, "id": "region_1412", "name": "pagefile_0x00000075b9c80000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 505628065792, "timestamp": "00:00:31.144", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 505652445184, "type": "region", "version": 1 }, "end_va": 505652449279, "entry_point": 0, "filename": null, "id": "region_1413", "name": "pagefile_0x00000075bb3c0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 505652445184, "timestamp": "00:00:31.144", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2969600, "start_va": 505652510720, "type": "region", "version": 1 }, "end_va": 505655480319, "entry_point": 505652510720, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_1414", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 505652510720, "timestamp": "00:00:31.144", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000016-region_00001415-addr_0x00000075bb6b0000-size_0x0000000000080000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_493", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 524288, "start_va": 505655525376, "type": "region", "version": 1 }, "end_va": 505656049663, "entry_point": 0, "filename": null, "id": "region_1415", "name": "private_0x00000075bb6b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 505655525376, "timestamp": "00:00:31.145", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000016-region_00001416-addr_0x00007ff60797c000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_494", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 140694666067968, "type": "region", "version": 1 }, "end_va": 140694666076159, "entry_point": 0, "filename": null, "id": "region_1416", "name": "private_0x00007ff60797c000", "norm_filename": null, "region_type": "private_memory", "start_va": 140694666067968, "timestamp": "00:00:31.146", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 140729583599616, "type": "region", "version": 1 }, "end_va": 140729583640575, "entry_point": 140729583605576, "filename": "\\Windows\\System32\\kernel.appcore.dll", "id": "region_1417", "name": "kernel.appcore.dll", "norm_filename": "c:\\windows\\system32\\kernel.appcore.dll", "region_type": "memory_mapped_file", "start_va": 140729583599616, "timestamp": "00:00:31.146", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 217088, "start_va": 140729589760000, "type": "region", "version": 1 }, "end_va": 140729589977087, "entry_point": 140729589765080, "filename": "\\Windows\\System32\\rsaenh.dll", "id": "region_1418", "name": "rsaenh.dll", "norm_filename": "c:\\windows\\system32\\rsaenh.dll", "region_type": "memory_mapped_file", "start_va": 140729589760000, "timestamp": "00:00:31.146", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 122880, "start_va": 140729594019840, "type": "region", "version": 1 }, "end_va": 140729594142719, "entry_point": 140729594024392, "filename": "\\Windows\\System32\\cryptsp.dll", "id": "region_1419", "name": "cryptsp.dll", "norm_filename": "c:\\windows\\system32\\cryptsp.dll", "region_type": "memory_mapped_file", "start_va": 140729594019840, "timestamp": "00:00:31.147", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 155648, "start_va": 140729596313600, "type": "region", "version": 1 }, "end_va": 140729596469247, "entry_point": 140729596337000, "filename": "\\Windows\\System32\\bcrypt.dll", "id": "region_1420", "name": "bcrypt.dll", "norm_filename": "c:\\windows\\system32\\bcrypt.dll", "region_type": "memory_mapped_file", "start_va": 140729596313600, "timestamp": "00:00:31.147", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 385024, "start_va": 140729599590400, "type": "region", "version": 1 }, "end_va": 140729599975423, "entry_point": 140729599719072, "filename": "\\Windows\\System32\\bcryptprimitives.dll", "id": "region_1421", "name": "bcryptprimitives.dll", "norm_filename": "c:\\windows\\system32\\bcryptprimitives.dll", "region_type": "memory_mapped_file", "start_va": 140729599590400, "timestamp": "00:00:31.148", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 140729601490944, "type": "region", "version": 1 }, "end_va": 140729601531903, "entry_point": 140729601495056, "filename": "\\Windows\\System32\\cryptbase.dll", "id": "region_1422", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\system32\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 140729601490944, "timestamp": "00:00:31.148", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 671744, "start_va": 140729637797888, "type": "region", "version": 1 }, "end_va": 140729638469631, "entry_point": 140729637802352, "filename": "\\Windows\\System32\\clbcatq.dll", "id": "region_1423", "name": "clbcatq.dll", "norm_filename": "c:\\windows\\system32\\clbcatq.dll", "region_type": "memory_mapped_file", "start_va": 140729637797888, "timestamp": "00:00:31.149", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000016-region_00001489-addr_0x00000075bb730000-size_0x0000000000080000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_509", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 524288, "start_va": 505656049664, "type": "region", "version": 1 }, "end_va": 505656573951, "entry_point": 0, "filename": null, "id": "region_1489", "name": "private_0x00000075bb730000", "norm_filename": null, "region_type": "private_memory", "start_va": 505656049664, "timestamp": "00:00:31.367", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000016-region_00001490-addr_0x00000075bb7b0000-size_0x0000000000080000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_510", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 524288, "start_va": 505656573952, "type": "region", "version": 1 }, "end_va": 505657098239, "entry_point": 0, "filename": null, "id": "region_1490", "name": "private_0x00000075bb7b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 505656573952, "timestamp": "00:00:31.367", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000016-region_00001491-addr_0x00007ff607978000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_511", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 140694666051584, "type": "region", "version": 1 }, "end_va": 140694666059775, "entry_point": 0, "filename": null, "id": "region_1491", "name": "private_0x00007ff607978000", "norm_filename": null, "region_type": "private_memory", "start_va": 140694666051584, "timestamp": "00:00:31.367", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000016-region_00001492-addr_0x00007ff60797a000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_512", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 140694666059776, "type": "region", "version": 1 }, "end_va": 140694666067967, "entry_point": 0, "filename": null, "id": "region_1492", "name": "private_0x00007ff60797a000", "norm_filename": null, "region_type": "private_memory", "start_va": 140694666059776, "timestamp": "00:00:31.368", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 86016, "start_va": 140729525338112, "type": "region", "version": 1 }, "end_va": 140729525424127, "entry_point": 140729525338112, "filename": "\\Windows\\System32\\vss_ps.dll", "id": "region_1493", "name": "vss_ps.dll", "norm_filename": "c:\\windows\\system32\\vss_ps.dll", "region_type": "memory_mapped_file", "start_va": 140729525338112, "timestamp": "00:00:31.368", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "C:\\Windows\\system32\\cmd.exe /S /D /c\" title 8997147\"", "filename": "c:\\windows\\system32\\cmd.exe", "id": "proc_17", "image_name": "cmd.exe", "monitor_reason": "child_process", "monitored_id": 17, "origin_monitor_id": 8, "ref_parent_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "process_00000017-region_00001285-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable" ], "ref_process_dump": { "ref_id": "proc_dump_453", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_1285", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:00:30.787", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000017-region_00001286-addr_0x000000b6c9d50000-size_0x0000000000020000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_454", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 131072, "start_va": 785070227456, "type": "region", "version": 1 }, "end_va": 785070358527, "entry_point": 0, "filename": null, "id": "region_1286", "name": "private_0x000000b6c9d50000", "norm_filename": null, "region_type": "private_memory", "start_va": 785070227456, "timestamp": "00:00:30.788", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 61440, "start_va": 785070358528, "type": "region", "version": 1 }, "end_va": 785070419967, "entry_point": 0, "filename": null, "id": "region_1287", "name": "pagefile_0x000000b6c9d70000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 785070358528, "timestamp": "00:00:30.788", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000017-region_00001288-addr_0x000000b6c9d80000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_455", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 785070424064, "type": "region", "version": 1 }, "end_va": 785071472639, "entry_point": 0, "filename": null, "id": "region_1288", "name": "private_0x000000b6c9d80000", "norm_filename": null, "region_type": "private_memory", "start_va": 785070424064, "timestamp": "00:00:30.788", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 785071472640, "type": "region", "version": 1 }, "end_va": 785071489023, "entry_point": 0, "filename": null, "id": "region_1289", "name": "pagefile_0x000000b6c9e80000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 785071472640, "timestamp": "00:00:30.788", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 785071538176, "type": "region", "version": 1 }, "end_va": 785071542271, "entry_point": 0, "filename": null, "id": "region_1290", "name": "pagefile_0x000000b6c9e90000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 785071538176, "timestamp": "00:00:30.788", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000017-region_00001291-addr_0x000000b6c9ea0000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_456", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 785071603712, "type": "region", "version": 1 }, "end_va": 785071611903, "entry_point": 0, "filename": null, "id": "region_1291", "name": "private_0x000000b6c9ea0000", "norm_filename": null, "region_type": "private_memory", "start_va": 785071603712, "timestamp": "00:00:30.789", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 140695116120064, "type": "region", "version": 1 }, "end_va": 140695116263423, "entry_point": 0, "filename": null, "id": "region_1292", "name": "pagefile_0x00007ff6226b0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 140695116120064, "timestamp": "00:00:30.789", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000017-region_00001293-addr_0x00007ff6226dd000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_457", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 140695116304384, "type": "region", "version": 1 }, "end_va": 140695116312575, "entry_point": 0, "filename": null, "id": "region_1293", "name": "private_0x00007ff6226dd000", "norm_filename": null, "region_type": "private_memory", "start_va": 140695116304384, "timestamp": "00:00:30.789", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000017-region_00001294-addr_0x00007ff6226df000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_458", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 140695116312576, "type": "region", "version": 1 }, "end_va": 140695116316671, "entry_point": 0, "filename": null, "id": "region_1294", "name": "private_0x00007ff6226df000", "norm_filename": null, "region_type": "private_memory", "start_va": 140695116312576, "timestamp": "00:00:30.789", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 372736, "start_va": 140695127195648, "type": "region", "version": 1 }, "end_va": 140695127568383, "entry_point": 140695127221684, "filename": "\\Windows\\System32\\cmd.exe", "id": "region_1295", "name": "cmd.exe", "norm_filename": "c:\\windows\\system32\\cmd.exe", "region_type": "memory_mapped_file", "start_va": 140695127195648, "timestamp": "00:00:30.790", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 140729648283648, "type": "region", "version": 1 }, "end_va": 140729650024447, "entry_point": 140729648283648, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_1296", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 140729648283648, "timestamp": "00:00:30.790", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000017-region_00001329-addr_0x000000b6c9ee0000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_474", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 785071865856, "type": "region", "version": 1 }, "end_va": 785072914431, "entry_point": 0, "filename": null, "id": "region_1329", "name": "private_0x000000b6c9ee0000", "norm_filename": null, "region_type": "private_memory", "start_va": 785071865856, "timestamp": "00:00:30.852", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1105920, "start_va": 140729603522560, "type": "region", "version": 1 }, "end_va": 140729604628479, "entry_point": 140729603531424, "filename": "\\Windows\\System32\\KernelBase.dll", "id": "region_1330", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\system32\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 140729603522560, "timestamp": "00:00:30.853", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1282048, "start_va": 140729609617408, "type": "region", "version": 1 }, "end_va": 140729610899455, "entry_point": 140729609637940, "filename": "\\Windows\\System32\\kernel32.dll", "id": "region_1331", "name": "kernel32.dll", "norm_filename": "c:\\windows\\system32\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 140729609617408, "timestamp": "00:00:30.854", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 785070227456, "type": "region", "version": 1 }, "end_va": 785070292991, "entry_point": 0, "filename": null, "id": "region_1352", "name": "pagefile_0x000000b6c9d50000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 785070227456, "timestamp": "00:00:30.909", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000017-region_00001353-addr_0x000000b6c9d60000-size_0x0000000000007000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_481", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 28672, "start_va": 785070292992, "type": "region", "version": 1 }, "end_va": 785070321663, "entry_point": 0, "filename": null, "id": "region_1353", "name": "private_0x000000b6c9d60000", "norm_filename": null, "region_type": "private_memory", "start_va": 785070292992, "timestamp": "00:00:30.909", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 516096, "start_va": 785072914432, "type": "region", "version": 1 }, "end_va": 785073430527, "entry_point": 785072914432, "filename": "\\Windows\\System32\\locale.nls", "id": "region_1354", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 785072914432, "timestamp": "00:00:30.909", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000017-region_00001355-addr_0x000000b6ca210000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_482", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 785075208192, "type": "region", "version": 1 }, "end_va": 785075273727, "entry_point": 0, "filename": null, "id": "region_1355", "name": "private_0x000000b6ca210000", "norm_filename": null, "region_type": "private_memory", "start_va": 785075208192, "timestamp": "00:00:30.910", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 140695115071488, "type": "region", "version": 1 }, "end_va": 140695116120063, "entry_point": 0, "filename": null, "id": "region_1356", "name": "pagefile_0x00007ff6225b0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 140695115071488, "timestamp": "00:00:30.910", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 684032, "start_va": 140729612173312, "type": "region", "version": 1 }, "end_va": 140729612857343, "entry_point": 140729612183596, "filename": "\\Windows\\System32\\msvcrt.dll", "id": "region_1357", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\system32\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 140729612173312, "timestamp": "00:00:30.910", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "bcdedit /set {default} bootstatuspolicy ignoreallfailures", "filename": "c:\\windows\\system32\\bcdedit.exe", "id": "proc_18", "image_name": "bcdedit.exe", "monitor_reason": "child_process", "monitored_id": 18, "origin_monitor_id": 8, "ref_parent_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "process_00000018-region_00001298-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable" ], "ref_process_dump": { "ref_id": "proc_dump_460", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_1298", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:00:30.799", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000018-region_00001299-addr_0x0000003b884a0000-size_0x0000000000020000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_461", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 131072, "start_va": 255689621504, "type": "region", "version": 1 }, "end_va": 255689752575, "entry_point": 0, "filename": null, "id": "region_1299", "name": "private_0x0000003b884a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 255689621504, "timestamp": "00:00:30.800", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 61440, "start_va": 255689752576, "type": "region", "version": 1 }, "end_va": 255689814015, "entry_point": 0, "filename": null, "id": "region_1300", "name": "pagefile_0x0000003b884c0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 255689752576, "timestamp": "00:00:30.800", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000018-region_00001301-addr_0x0000003b884d0000-size_0x0000000000080000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_462", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 524288, "start_va": 255689818112, "type": "region", "version": 1 }, "end_va": 255690342399, "entry_point": 0, "filename": null, "id": "region_1301", "name": "private_0x0000003b884d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 255689818112, "timestamp": "00:00:30.800", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 255690342400, "type": "region", "version": 1 }, "end_va": 255690358783, "entry_point": 0, "filename": null, "id": "region_1302", "name": "pagefile_0x0000003b88550000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 255690342400, "timestamp": "00:00:30.800", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 255690407936, "type": "region", "version": 1 }, "end_va": 255690412031, "entry_point": 0, "filename": null, "id": "region_1303", "name": "pagefile_0x0000003b88560000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 255690407936, "timestamp": "00:00:30.800", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000018-region_00001304-addr_0x0000003b88570000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_463", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 255690473472, "type": "region", "version": 1 }, "end_va": 255690481663, "entry_point": 0, "filename": null, "id": "region_1304", "name": "private_0x0000003b88570000", "norm_filename": null, "region_type": "private_memory", "start_va": 255690473472, "timestamp": "00:00:30.800", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 140697040977920, "type": "region", "version": 1 }, "end_va": 140697041121279, "entry_point": 0, "filename": null, "id": "region_1305", "name": "pagefile_0x00007ff695260000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 140697040977920, "timestamp": "00:00:30.800", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000018-region_00001306-addr_0x00007ff695286000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_464", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 140697041133568, "type": "region", "version": 1 }, "end_va": 140697041137663, "entry_point": 0, "filename": null, "id": "region_1306", "name": "private_0x00007ff695286000", "norm_filename": null, "region_type": "private_memory", "start_va": 140697041133568, "timestamp": "00:00:30.801", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000018-region_00001307-addr_0x00007ff69528e000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_465", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 140697041166336, "type": "region", "version": 1 }, "end_va": 140697041174527, "entry_point": 0, "filename": null, "id": "region_1307", "name": "private_0x00007ff69528e000", "norm_filename": null, "region_type": "private_memory", "start_va": 140697041166336, "timestamp": "00:00:30.801", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 360448, "start_va": 140697041633280, "type": "region", "version": 1 }, "end_va": 140697041993727, "entry_point": 140697041811408, "filename": "\\Windows\\System32\\bcdedit.exe", "id": "region_1308", "name": "bcdedit.exe", "norm_filename": "c:\\windows\\system32\\bcdedit.exe", "region_type": "memory_mapped_file", "start_va": 140697041633280, "timestamp": "00:00:30.801", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 140729648283648, "type": "region", "version": 1 }, "end_va": 140729650024447, "entry_point": 140729648283648, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_1309", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 140729648283648, "timestamp": "00:00:30.802", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000018-region_00001358-addr_0x0000003b88610000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_483", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 255691128832, "type": "region", "version": 1 }, "end_va": 255692177407, "entry_point": 0, "filename": null, "id": "region_1358", "name": "private_0x0000003b88610000", "norm_filename": null, "region_type": "private_memory", "start_va": 255691128832, "timestamp": "00:00:30.916", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1105920, "start_va": 140729603522560, "type": "region", "version": 1 }, "end_va": 140729604628479, "entry_point": 140729603531424, "filename": "\\Windows\\System32\\KernelBase.dll", "id": "region_1359", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\system32\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 140729603522560, "timestamp": "00:00:30.916", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1282048, "start_va": 140729609617408, "type": "region", "version": 1 }, "end_va": 140729610899455, "entry_point": 140729609637940, "filename": "\\Windows\\System32\\kernel32.dll", "id": "region_1360", "name": "kernel32.dll", "norm_filename": "c:\\windows\\system32\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 140729609617408, "timestamp": "00:00:30.917", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 255689621504, "type": "region", "version": 1 }, "end_va": 255689687039, "entry_point": 0, "filename": null, "id": "region_1398", "name": "pagefile_0x0000003b884a0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 255689621504, "timestamp": "00:00:31.040", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000018-region_00001399-addr_0x0000003b884b0000-size_0x0000000000007000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_491", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 28672, "start_va": 255689687040, "type": "region", "version": 1 }, "end_va": 255689715711, "entry_point": 0, "filename": null, "id": "region_1399", "name": "private_0x0000003b884b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 255689687040, "timestamp": "00:00:31.040", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 516096, "start_va": 255690539008, "type": "region", "version": 1 }, "end_va": 255691055103, "entry_point": 255690539008, "filename": "\\Windows\\System32\\locale.nls", "id": "region_1400", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 255690539008, "timestamp": "00:00:31.040", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000018-region_00001401-addr_0x0000003b88800000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_492", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 255693160448, "type": "region", "version": 1 }, "end_va": 255693225983, "entry_point": 0, "filename": null, "id": "region_1401", "name": "private_0x0000003b88800000", "norm_filename": null, "region_type": "private_memory", "start_va": 255693160448, "timestamp": "00:00:31.042", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 140697039929344, "type": "region", "version": 1 }, "end_va": 140697040977919, "entry_point": 0, "filename": null, "id": "region_1402", "name": "pagefile_0x00007ff695160000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 140697039929344, "timestamp": "00:00:31.042", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 356352, "start_va": 140729608503296, "type": "region", "version": 1 }, "end_va": 140729608859647, "entry_point": 140729608512768, "filename": "\\Windows\\System32\\sechost.dll", "id": "region_1403", "name": "sechost.dll", "norm_filename": "c:\\windows\\system32\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 140729608503296, "timestamp": "00:00:31.042", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 675840, "start_va": 140729608896512, "type": "region", "version": 1 }, "end_va": 140729609572351, "entry_point": 140729608900624, "filename": "\\Windows\\System32\\advapi32.dll", "id": "region_1404", "name": "advapi32.dll", "norm_filename": "c:\\windows\\system32\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 140729608896512, "timestamp": "00:00:31.042", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 684032, "start_va": 140729612173312, "type": "region", "version": 1 }, "end_va": 140729612857343, "entry_point": 140729612183596, "filename": "\\Windows\\System32\\msvcrt.dll", "id": "region_1405", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\system32\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 140729612173312, "timestamp": "00:00:31.043", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1269760, "start_va": 140729644679168, "type": "region", "version": 1 }, "end_va": 140729645948927, "entry_point": 140729644683600, "filename": "\\Windows\\System32\\rpcrt4.dll", "id": "region_1406", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\system32\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 140729644679168, "timestamp": "00:00:31.043", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "C:\\Users\\5JGHKO~1\\Desktop\\WANACR~1.EXE", "filename": "c:\\users\\5jghko~1\\desktop\\wanacr~1.exe", "id": "proc_19", "image_name": "wanacr~1.exe", "monitor_reason": "child_process", "monitored_id": 19, "origin_monitor_id": 1, "ref_parent_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "process_00000019-region_00001424-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable" ], "ref_process_dump": { "ref_id": "proc_dump_495", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_1424", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:00:31.205", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000019-region_00001425-addr_0x000000c80c720000-size_0x0000000000020000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_496", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 131072, "start_va": 859202256896, "type": "region", "version": 1 }, "end_va": 859202387967, "entry_point": 0, "filename": null, "id": "region_1425", "name": "private_0x000000c80c720000", "norm_filename": null, "region_type": "private_memory", "start_va": 859202256896, "timestamp": "00:00:31.205", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 61440, "start_va": 859202387968, "type": "region", "version": 1 }, "end_va": 859202449407, "entry_point": 0, "filename": null, "id": "region_1426", "name": "pagefile_0x000000c80c740000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 859202387968, "timestamp": "00:00:31.205", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000019-region_00001427-addr_0x000000c80c750000-size_0x0000000000400000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_497", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4194304, "start_va": 859202453504, "type": "region", "version": 1 }, "end_va": 859206647807, "entry_point": 0, "filename": null, "id": "region_1427", "name": "private_0x000000c80c750000", "norm_filename": null, "region_type": "private_memory", "start_va": 859202453504, "timestamp": "00:00:31.206", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 859206647808, "type": "region", "version": 1 }, "end_va": 859206664191, "entry_point": 0, "filename": null, "id": "region_1428", "name": "pagefile_0x000000c80cb50000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 859206647808, "timestamp": "00:00:31.206", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 859206713344, "type": "region", "version": 1 }, "end_va": 859206721535, "entry_point": 0, "filename": null, "id": "region_1429", "name": "pagefile_0x000000c80cb60000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 859206713344, "timestamp": "00:00:31.206", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000019-region_00001430-addr_0x000000c80cb70000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_498", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 859206778880, "type": "region", "version": 1 }, "end_va": 859206787071, "entry_point": 0, "filename": null, "id": "region_1430", "name": "private_0x000000c80cb70000", "norm_filename": null, "region_type": "private_memory", "start_va": 859206778880, "timestamp": "00:00:31.206", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 140700275900416, "type": "region", "version": 1 }, "end_va": 140700276043775, "entry_point": 0, "filename": null, "id": "region_1431", "name": "pagefile_0x00007ff755f70000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 140700275900416, "timestamp": "00:00:31.206", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000019-region_00001432-addr_0x00007ff755f9c000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_499", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 140700276080640, "type": "region", "version": 1 }, "end_va": 140700276084735, "entry_point": 0, "filename": null, "id": "region_1432", "name": "private_0x00007ff755f9c000", "norm_filename": null, "region_type": "private_memory", "start_va": 140700276080640, "timestamp": "00:00:31.206", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000019-region_00001433-addr_0x00007ff755f9e000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_500", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 140700276088832, "type": "region", "version": 1 }, "end_va": 140700276097023, "entry_point": 0, "filename": null, "id": "region_1433", "name": "private_0x00007ff755f9e000", "norm_filename": null, "region_type": "private_memory", "start_va": 140700276088832, "timestamp": "00:00:31.207", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000019-region_00001434-addr_0x00007ff756b50000-size_0x0000000000109000-perm_rwx.bin", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_501", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1085440, "start_va": 140700288352256, "type": "region", "version": 1 }, "end_va": 140700289437695, "entry_point": 140700288547356, "filename": "\\Users\\5JgHKoaOfdp\\Desktop\\wanacry6.malware.exe", "id": "region_1434", "name": "wanacry6.malware.exe", "norm_filename": "c:\\users\\5jghkoaofdp\\desktop\\wanacry6.malware.exe", "region_type": "memory_mapped_file", "start_va": 140700288352256, "timestamp": "00:00:31.207", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 140729648283648, "type": "region", "version": 1 }, "end_va": 140729650024447, "entry_point": 140729648283648, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_1435", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 140729648283648, "timestamp": "00:00:31.208", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000019-region_00001436-addr_0x000000c80cbf0000-size_0x0000000000400000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_502", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4194304, "start_va": 859207303168, "type": "region", "version": 1 }, "end_va": 859211497471, "entry_point": 0, "filename": null, "id": "region_1436", "name": "private_0x000000c80cbf0000", "norm_filename": null, "region_type": "private_memory", "start_va": 859207303168, "timestamp": "00:00:31.263", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1105920, "start_va": 140729603522560, "type": "region", "version": 1 }, "end_va": 140729604628479, "entry_point": 140729603531424, "filename": "\\Windows\\System32\\KernelBase.dll", "id": "region_1437", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\system32\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 140729603522560, "timestamp": "00:00:31.263", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1282048, "start_va": 140729609617408, "type": "region", "version": 1 }, "end_va": 140729610899455, "entry_point": 140729609637940, "filename": "\\Windows\\System32\\kernel32.dll", "id": "region_1438", "name": "kernel32.dll", "norm_filename": "c:\\windows\\system32\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 140729609617408, "timestamp": "00:00:31.264", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 859202256896, "type": "region", "version": 1 }, "end_va": 859202322431, "entry_point": 0, "filename": null, "id": "region_1439", "name": "pagefile_0x000000c80c720000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 859202256896, "timestamp": "00:00:31.298", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000019-region_00001440-addr_0x000000c80c730000-size_0x0000000000007000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_503", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 28672, "start_va": 859202322432, "type": "region", "version": 1 }, "end_va": 859202351103, "entry_point": 0, "filename": null, "id": "region_1440", "name": "private_0x000000c80c730000", "norm_filename": null, "region_type": "private_memory", "start_va": 859202322432, "timestamp": "00:00:31.298", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000019-region_00001441-addr_0x000000c80cb80000-size_0x0000000000007000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_504", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 28672, "start_va": 859206844416, "type": "region", "version": 1 }, "end_va": 859206873087, "entry_point": 0, "filename": null, "id": "region_1441", "name": "private_0x000000c80cb80000", "norm_filename": null, "region_type": "private_memory", "start_va": 859206844416, "timestamp": "00:00:31.299", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000019-region_00001442-addr_0x000000c80cb90000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_505", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 859206909952, "type": "region", "version": 1 }, "end_va": 859206975487, "entry_point": 0, "filename": null, "id": "region_1442", "name": "private_0x000000c80cb90000", "norm_filename": null, "region_type": "private_memory", "start_va": 859206909952, "timestamp": "00:00:31.299", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000019-region_00001443-addr_0x000000c80cba0000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_506", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 859206975488, "type": "region", "version": 1 }, "end_va": 859206979583, "entry_point": 0, "filename": null, "id": "region_1443", "name": "private_0x000000c80cba0000", "norm_filename": null, "region_type": "private_memory", "start_va": 859206975488, "timestamp": "00:00:31.299", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000019-region_00001444-addr_0x000000c80cbb0000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_507", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 859207041024, "type": "region", "version": 1 }, "end_va": 859207045119, "entry_point": 0, "filename": null, "id": "region_1444", "name": "private_0x000000c80cbb0000", "norm_filename": null, "region_type": "private_memory", "start_va": 859207041024, "timestamp": "00:00:31.299", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 516096, "start_va": 859211497472, "type": "region", "version": 1 }, "end_va": 859212013567, "entry_point": 859211497472, "filename": "\\Windows\\System32\\locale.nls", "id": "region_1445", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 859211497472, "timestamp": "00:00:31.299", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 859212021760, "type": "region", "version": 1 }, "end_va": 859213627391, "entry_point": 0, "filename": null, "id": "region_1446", "name": "pagefile_0x000000c80d070000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 859212021760, "timestamp": "00:00:31.300", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 859213660160, "type": "region", "version": 1 }, "end_va": 859215237119, "entry_point": 0, "filename": null, "id": "region_1447", "name": "pagefile_0x000000c80d200000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 859213660160, "timestamp": "00:00:31.300", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20971520, "start_va": 859215298560, "type": "region", "version": 1 }, "end_va": 859236270079, "entry_point": 0, "filename": null, "id": "region_1448", "name": "pagefile_0x000000c80d390000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 859215298560, "timestamp": "00:00:31.301", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 140700274851840, "type": "region", "version": 1 }, "end_va": 140700275900415, "entry_point": 0, "filename": null, "id": "region_1449", "name": "pagefile_0x00007ff755e70000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 140700274851840, "timestamp": "00:00:31.301", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 140729467273216, "type": "region", "version": 1 }, "end_va": 140729467314175, "entry_point": 140729467277504, "filename": "\\Windows\\System32\\version.dll", "id": "region_1450", "name": "version.dll", "norm_filename": "c:\\windows\\system32\\version.dll", "region_type": "memory_mapped_file", "start_va": 140729467273216, "timestamp": "00:00:31.301", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 172032, "start_va": 140729480118272, "type": "region", "version": 1 }, "end_va": 140729480290303, "entry_point": 140729480161128, "filename": "\\Windows\\System32\\winmmbase.dll", "id": "region_1451", "name": "winmmbase.dll", "norm_filename": "c:\\windows\\system32\\winmmbase.dll", "region_type": "memory_mapped_file", "start_va": 140729480118272, "timestamp": "00:00:31.302", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 126976, "start_va": 140729480314880, "type": "region", "version": 1 }, "end_va": 140729480441855, "entry_point": 140729480324088, "filename": "\\Windows\\System32\\winmm.dll", "id": "region_1452", "name": "winmm.dll", "norm_filename": "c:\\windows\\system32\\winmm.dll", "region_type": "memory_mapped_file", "start_va": 140729480314880, "timestamp": "00:00:31.302", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 110592, "start_va": 140729514524672, "type": "region", "version": 1 }, "end_va": 140729514635263, "entry_point": 140729514528848, "filename": "\\Windows\\System32\\mpr.dll", "id": "region_1453", "name": "mpr.dll", "norm_filename": "c:\\windows\\system32\\mpr.dll", "region_type": "memory_mapped_file", "start_va": 140729514524672, "timestamp": "00:00:31.303", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2785280, "start_va": 140729514655744, "type": "region", "version": 1 }, "end_va": 140729517441023, "entry_point": 140729514712516, "filename": "\\Windows\\System32\\iertutil.dll", "id": "region_1454", "name": "iertutil.dll", "norm_filename": "c:\\windows\\system32\\iertutil.dll", "region_type": "memory_mapped_file", "start_va": 140729514655744, "timestamp": "00:00:31.303", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2359296, "start_va": 140729517473792, "type": "region", "version": 1 }, "end_va": 140729519833087, "entry_point": 140729517478896, "filename": "\\Windows\\System32\\wininet.dll", "id": "region_1455", "name": "wininet.dll", "norm_filename": "c:\\windows\\system32\\wininet.dll", "region_type": "memory_mapped_file", "start_va": 140729517473792, "timestamp": "00:00:31.304", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 140729531891712, "type": "region", "version": 1 }, "end_va": 140729531932671, "entry_point": 140729531896004, "filename": "\\Windows\\System32\\winnsi.dll", "id": "region_1456", "name": "winnsi.dll", "norm_filename": "c:\\windows\\system32\\winnsi.dll", "region_type": "memory_mapped_file", "start_va": 140729531891712, "timestamp": "00:00:31.304", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 36864, "start_va": 140729532350464, "type": "region", "version": 1 }, "end_va": 140729532387327, "entry_point": 140729532354688, "filename": "\\Windows\\System32\\wsock32.dll", "id": "region_1457", "name": "wsock32.dll", "norm_filename": "c:\\windows\\system32\\wsock32.dll", "region_type": "memory_mapped_file", "start_va": 140729532350464, "timestamp": "00:00:31.305", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 167936, "start_va": 140729534971904, "type": "region", "version": 1 }, "end_va": 140729535139839, "entry_point": 140729535002984, "filename": "\\Windows\\System32\\IPHLPAPI.DLL", "id": "region_1458", "name": "iphlpapi.dll", "norm_filename": "c:\\windows\\system32\\iphlpapi.dll", "region_type": "memory_mapped_file", "start_va": 140729534971904, "timestamp": "00:00:31.305", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2465792, "start_va": 140729570230272, "type": "region", "version": 1 }, "end_va": 140729572696063, "entry_point": 140729570248512, "filename": "\\Windows\\WinSxS\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_62475f7becb72503\\comctl32.dll", "id": "region_1459", "name": "comctl32.dll", "norm_filename": "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_62475f7becb72503\\comctl32.dll", "region_type": "memory_mapped_file", "start_va": 140729570230272, "timestamp": "00:00:31.306", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 659456, "start_va": 140729577242624, "type": "region", "version": 1 }, "end_va": 140729577902079, "entry_point": 140729577246880, "filename": "\\Windows\\System32\\SHCore.dll", "id": "region_1460", "name": "shcore.dll", "norm_filename": "c:\\windows\\system32\\shcore.dll", "region_type": "memory_mapped_file", "start_va": 140729577242624, "timestamp": "00:00:31.306", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1187840, "start_va": 140729581699072, "type": "region", "version": 1 }, "end_va": 140729582886911, "entry_point": 140729581745220, "filename": "\\Windows\\System32\\uxtheme.dll", "id": "region_1461", "name": "uxtheme.dll", "norm_filename": "c:\\windows\\system32\\uxtheme.dll", "region_type": "memory_mapped_file", "start_va": 140729581699072, "timestamp": "00:00:31.307", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 155648, "start_va": 140729583271936, "type": "region", "version": 1 }, "end_va": 140729583427583, "entry_point": 140729583277468, "filename": "\\Windows\\System32\\devobj.dll", "id": "region_1462", "name": "devobj.dll", "norm_filename": "c:\\windows\\system32\\devobj.dll", "region_type": "memory_mapped_file", "start_va": 140729583271936, "timestamp": "00:00:31.307", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 126976, "start_va": 140729590874112, "type": "region", "version": 1 }, "end_va": 140729591001087, "entry_point": 140729590878960, "filename": "\\Windows\\System32\\userenv.dll", "id": "region_1463", "name": "userenv.dll", "norm_filename": "c:\\windows\\system32\\userenv.dll", "region_type": "memory_mapped_file", "start_va": 140729590874112, "timestamp": "00:00:31.307", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 81920, "start_va": 140729601622016, "type": "region", "version": 1 }, "end_va": 140729601703935, "entry_point": 140729601637068, "filename": "\\Windows\\System32\\profapi.dll", "id": "region_1464", "name": "profapi.dll", "norm_filename": "c:\\windows\\system32\\profapi.dll", "region_type": "memory_mapped_file", "start_va": 140729601622016, "timestamp": "00:00:31.308", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 303104, "start_va": 140729606602752, "type": "region", "version": 1 }, "end_va": 140729606905855, "entry_point": 140729606607448, "filename": "\\Windows\\System32\\cfgmgr32.dll", "id": "region_1465", "name": "cfgmgr32.dll", "norm_filename": "c:\\windows\\system32\\cfgmgr32.dll", "region_type": "memory_mapped_file", "start_va": 140729606602752, "timestamp": "00:00:31.310", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1511424, "start_va": 140729606930432, "type": "region", "version": 1 }, "end_va": 140729608441855, "entry_point": 140729607084736, "filename": "\\Windows\\System32\\user32.dll", "id": "region_1466", "name": "user32.dll", "norm_filename": "c:\\windows\\system32\\user32.dll", "region_type": "memory_mapped_file", "start_va": 140729606930432, "timestamp": "00:00:31.310", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 356352, "start_va": 140729608503296, "type": "region", "version": 1 }, "end_va": 140729608859647, "entry_point": 140729608512768, "filename": "\\Windows\\System32\\sechost.dll", "id": "region_1467", "name": "sechost.dll", "norm_filename": "c:\\windows\\system32\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 140729608503296, "timestamp": "00:00:31.311", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 675840, "start_va": 140729608896512, "type": "region", "version": 1 }, "end_va": 140729609572351, "entry_point": 140729608900624, "filename": "\\Windows\\System32\\advapi32.dll", "id": "region_1468", "name": "advapi32.dll", "norm_filename": "c:\\windows\\system32\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 140729608896512, "timestamp": "00:00:31.311", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 749568, "start_va": 140729610928128, "type": "region", "version": 1 }, "end_va": 140729611677695, "entry_point": 140729610932512, "filename": "\\Windows\\System32\\oleaut32.dll", "id": "region_1469", "name": "oleaut32.dll", "norm_filename": "c:\\windows\\system32\\oleaut32.dll", "region_type": "memory_mapped_file", "start_va": 140729610928128, "timestamp": "00:00:31.312", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 684032, "start_va": 140729612173312, "type": "region", "version": 1 }, "end_va": 140729612857343, "entry_point": 140729612183596, "filename": "\\Windows\\System32\\msvcrt.dll", "id": "region_1470", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\system32\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 140729612173312, "timestamp": "00:00:31.312", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1331200, "start_va": 140729612894208, "type": "region", "version": 1 }, "end_va": 140729614225407, "entry_point": 140729612967000, "filename": "\\Windows\\System32\\gdi32.dll", "id": "region_1471", "name": "gdi32.dll", "norm_filename": "c:\\windows\\system32\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 140729612894208, "timestamp": "00:00:31.312", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 21032960, "start_va": 140729614270464, "type": "region", "version": 1 }, "end_va": 140729635303423, "entry_point": 140729614274816, "filename": "\\Windows\\System32\\shell32.dll", "id": "region_1472", "name": "shell32.dll", "norm_filename": "c:\\windows\\system32\\shell32.dll", "region_type": "memory_mapped_file", "start_va": 140729614270464, "timestamp": "00:00:31.313", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1929216, "start_va": 140729635831808, "type": "region", "version": 1 }, "end_va": 140729637761023, "entry_point": 140729635839840, "filename": "\\Windows\\System32\\combase.dll", "id": "region_1473", "name": "combase.dll", "norm_filename": "c:\\windows\\system32\\combase.dll", "region_type": "memory_mapped_file", "start_va": 140729635831808, "timestamp": "00:00:31.314", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 212992, "start_va": 140729638518784, "type": "region", "version": 1 }, "end_va": 140729638731775, "entry_point": 140729638522928, "filename": "\\Windows\\System32\\imm32.dll", "id": "region_1474", "name": "imm32.dll", "norm_filename": "c:\\windows\\system32\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 140729638518784, "timestamp": "00:00:31.314", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1531904, "start_va": 140729638780928, "type": "region", "version": 1 }, "end_va": 140729640312831, "entry_point": 140729638785204, "filename": "\\Windows\\System32\\ole32.dll", "id": "region_1475", "name": "ole32.dll", "norm_filename": "c:\\windows\\system32\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 140729638780928, "timestamp": "00:00:31.315", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1277952, "start_va": 140729640353792, "type": "region", "version": 1 }, "end_va": 140729641631743, "entry_point": 140729640357904, "filename": "\\Windows\\System32\\msctf.dll", "id": "region_1476", "name": "msctf.dll", "norm_filename": "c:\\windows\\system32\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 140729640353792, "timestamp": "00:00:31.315", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 360448, "start_va": 140729641664512, "type": "region", "version": 1 }, "end_va": 140729642024959, "entry_point": 140729641668764, "filename": "\\Windows\\System32\\ws2_32.dll", "id": "region_1477", "name": "ws2_32.dll", "norm_filename": "c:\\windows\\system32\\ws2_32.dll", "region_type": "memory_mapped_file", "start_va": 140729641664512, "timestamp": "00:00:31.315", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 630784, "start_va": 140729644023808, "type": "region", "version": 1 }, "end_va": 140729644654591, "entry_point": 140729644028324, "filename": "\\Windows\\System32\\comdlg32.dll", "id": "region_1478", "name": "comdlg32.dll", "norm_filename": "c:\\windows\\system32\\comdlg32.dll", "region_type": "memory_mapped_file", "start_va": 140729644023808, "timestamp": "00:00:31.316", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1269760, "start_va": 140729644679168, "type": "region", "version": 1 }, "end_va": 140729645948927, "entry_point": 140729644683600, "filename": "\\Windows\\System32\\rpcrt4.dll", "id": "region_1479", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\system32\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 140729644679168, "timestamp": "00:00:31.316", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 28672, "start_va": 140729647759360, "type": "region", "version": 1 }, "end_va": 140729647788031, "entry_point": 140729647763472, "filename": "\\Windows\\System32\\psapi.dll", "id": "region_1480", "name": "psapi.dll", "norm_filename": "c:\\windows\\system32\\psapi.dll", "region_type": "memory_mapped_file", "start_va": 140729647759360, "timestamp": "00:00:31.317", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 36864, "start_va": 140729647824896, "type": "region", "version": 1 }, "end_va": 140729647861759, "entry_point": 140729647830016, "filename": "\\Windows\\System32\\nsi.dll", "id": "region_1481", "name": "nsi.dll", "norm_filename": "c:\\windows\\system32\\nsi.dll", "region_type": "memory_mapped_file", "start_va": 140729647824896, "timestamp": "00:00:31.317", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 331776, "start_va": 140729647890432, "type": "region", "version": 1 }, "end_va": 140729648222207, "entry_point": 140729647895232, "filename": "\\Windows\\System32\\shlwapi.dll", "id": "region_1482", "name": "shlwapi.dll", "norm_filename": "c:\\windows\\system32\\shlwapi.dll", "region_type": "memory_mapped_file", "start_va": 140729647890432, "timestamp": "00:00:31.318", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 859207172096, "type": "region", "version": 1 }, "end_va": 859207180287, "entry_point": 0, "filename": null, "id": "region_1483", "name": "pagefile_0x000000c80cbd0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 859207172096, "timestamp": "00:00:31.346", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000019-region_00001484-addr_0x000000c80e800000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_508", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 859236728832, "type": "region", "version": 1 }, "end_va": 859236794367, "entry_point": 0, "filename": null, "id": "region_1484", "name": "private_0x000000c80e800000", "norm_filename": null, "region_type": "private_memory", "start_va": 859236728832, "timestamp": "00:00:31.346", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 761856, "start_va": 859236794368, "type": "region", "version": 1 }, "end_va": 859237556223, "entry_point": 859236976488, "filename": "\\Windows\\System32\\rpcss.dll", "id": "region_1485", "name": "rpcss.dll", "norm_filename": "c:\\windows\\system32\\rpcss.dll", "region_type": "memory_mapped_file", "start_va": 859236794368, "timestamp": "00:00:31.353", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 140729583599616, "type": "region", "version": 1 }, "end_va": 140729583640575, "entry_point": 140729583605576, "filename": "\\Windows\\System32\\kernel.appcore.dll", "id": "region_1486", "name": "kernel.appcore.dll", "norm_filename": "c:\\windows\\system32\\kernel.appcore.dll", "region_type": "memory_mapped_file", "start_va": 140729583599616, "timestamp": "00:00:31.355", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 140729601490944, "type": "region", "version": 1 }, "end_va": 140729601531903, "entry_point": 140729601495056, "filename": "\\Windows\\System32\\cryptbase.dll", "id": "region_1487", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\system32\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 140729601490944, "timestamp": "00:00:31.356", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 385024, "start_va": 140729599590400, "type": "region", "version": 1 }, "end_va": 140729599975423, "entry_point": 140729599719072, "filename": "\\Windows\\System32\\bcryptprimitives.dll", "id": "region_1488", "name": "bcryptprimitives.dll", "norm_filename": "c:\\windows\\system32\\bcryptprimitives.dll", "region_type": "memory_mapped_file", "start_va": 140729599590400, "timestamp": "00:00:31.357", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 859207106560, "type": "region", "version": 1 }, "end_va": 859207110655, "entry_point": 0, "filename": null, "id": "region_1574", "name": "pagefile_0x000000c80cbc0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 859207106560, "timestamp": "00:00:31.477", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 983040, "start_va": 859236794368, "type": "region", "version": 1 }, "end_va": 859237777407, "entry_point": 0, "filename": null, "id": "region_1575", "name": "pagefile_0x000000c80e810000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 859236794368, "timestamp": "00:00:31.477", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 859207106560, "type": "region", "version": 1 }, "end_va": 859207122943, "entry_point": 0, "filename": null, "id": "region_1576", "name": "pagefile_0x000000c80cbc0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 859207106560, "timestamp": "00:00:31.478", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000019-region_00001577-addr_0x000000c80cbe0000-size_0x0000000000007000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_515", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 28672, "start_va": 859207237632, "type": "region", "version": 1 }, "end_va": 859207266303, "entry_point": 0, "filename": null, "id": "region_1577", "name": "private_0x000000c80cbe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 859207237632, "timestamp": "00:00:31.479", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000019-region_00001578-addr_0x000000c80e900000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_516", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 859237777408, "type": "region", "version": 1 }, "end_va": 859238825983, "entry_point": 0, "filename": null, "id": "region_1578", "name": "private_0x000000c80e900000", "norm_filename": null, "region_type": "private_memory", "start_va": 859237777408, "timestamp": "00:00:31.500", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1052672, "start_va": 859238825984, "type": "region", "version": 1 }, "end_va": 859239878655, "entry_point": 0, "filename": null, "id": "region_1579", "name": "pagefile_0x000000c80ea00000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 859238825984, "timestamp": "00:00:31.509", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000019-region_00001580-addr_0x000000c80e790000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_517", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 859236270080, "type": "region", "version": 1 }, "end_va": 859236274175, "entry_point": 0, "filename": null, "id": "region_1580", "name": "private_0x000000c80e790000", "norm_filename": null, "region_type": "private_memory", "start_va": 859236270080, "timestamp": "00:00:31.553", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 135168, "start_va": 140729575276544, "type": "region", "version": 1 }, "end_va": 140729575411711, "entry_point": 140729575280896, "filename": "\\Windows\\System32\\dwmapi.dll", "id": "region_1581", "name": "dwmapi.dll", "norm_filename": "c:\\windows\\system32\\dwmapi.dll", "region_type": "memory_mapped_file", "start_va": 140729575276544, "timestamp": "00:00:31.554", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2969600, "start_va": 859238825984, "type": "region", "version": 1 }, "end_va": 859241795583, "entry_point": 859238825984, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_1582", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 859238825984, "timestamp": "00:00:31.556", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 859236335616, "type": "region", "version": 1 }, "end_va": 859236339711, "entry_point": 0, "filename": null, "id": "region_1583", "name": "pagefile_0x000000c80e7a0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 859236335616, "timestamp": "00:00:31.564", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 859236401152, "type": "region", "version": 1 }, "end_va": 859236405247, "entry_point": 0, "filename": null, "id": "region_1650", "name": "private_0x000000c80e7b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 859236401152, "timestamp": "00:00:32.679", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 5185536, "start_va": 859241840640, "type": "region", "version": 1 }, "end_va": 859247026175, "entry_point": 0, "filename": null, "id": "region_1651", "name": "pagefile_0x000000c80ece0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 859241840640, "timestamp": "00:00:32.762", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 15138816, "start_va": 859247083520, "type": "region", "version": 1 }, "end_va": 859262222335, "entry_point": 859247083520, "filename": "\\Windows\\Fonts\\StaticCache.dat", "id": "region_1652", "name": "staticcache.dat", "norm_filename": "c:\\windows\\fonts\\staticcache.dat", "region_type": "memory_mapped_file", "start_va": 859247083520, "timestamp": "00:00:32.762", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 86016, "start_va": 140729541525504, "type": "region", "version": 1 }, "end_va": 140729541611519, "entry_point": 140729541529664, "filename": "\\Windows\\System32\\netapi32.dll", "id": "region_1653", "name": "netapi32.dll", "norm_filename": "c:\\windows\\system32\\netapi32.dll", "region_type": "memory_mapped_file", "start_va": 140729541525504, "timestamp": "00:00:33.259", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 140729593954304, "type": "region", "version": 1 }, "end_va": 140729594003455, "entry_point": 140729593959516, "filename": "\\Windows\\System32\\netutils.dll", "id": "region_1654", "name": "netutils.dll", "norm_filename": "c:\\windows\\system32\\netutils.dll", "region_type": "memory_mapped_file", "start_va": 140729593954304, "timestamp": "00:00:33.283", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 151552, "start_va": 140729599000576, "type": "region", "version": 1 }, "end_va": 140729599152127, "entry_point": 140729599004788, "filename": "\\Windows\\System32\\srvcli.dll", "id": "region_1655", "name": "srvcli.dll", "norm_filename": "c:\\windows\\system32\\srvcli.dll", "region_type": "memory_mapped_file", "start_va": 140729599000576, "timestamp": "00:00:33.292", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 90112, "start_va": 140729541263360, "type": "region", "version": 1 }, "end_va": 140729541353471, "entry_point": 140729541267528, "filename": "\\Windows\\System32\\wkscli.dll", "id": "region_1656", "name": "wkscli.dll", "norm_filename": "c:\\windows\\system32\\wkscli.dll", "region_type": "memory_mapped_file", "start_va": 140729541263360, "timestamp": "00:00:33.321", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 859236466688, "type": "region", "version": 1 }, "end_va": 859236470783, "entry_point": 0, "filename": null, "id": "region_1673", "name": "pagefile_0x000000c80e7c0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 859236466688, "timestamp": "00:00:33.494", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 2195456, "start_va": 859262222336, "type": "region", "version": 1 }, "end_va": 859264417791, "entry_point": 0, "filename": null, "id": "region_1674", "name": "pagefile_0x000000c810050000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 859262222336, "timestamp": "00:00:33.494", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 12288, "start_va": 859236466688, "type": "region", "version": 1 }, "end_va": 859236478975, "entry_point": 0, "filename": null, "id": "region_1675", "name": "pagefile_0x000000c80e7c0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 859236466688, "timestamp": "00:00:33.778", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 859236532224, "type": "region", "version": 1 }, "end_va": 859236536319, "entry_point": 0, "filename": null, "id": "region_1676", "name": "pagefile_0x000000c80e7d0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 859236532224, "timestamp": "00:00:33.778", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20480, "start_va": 859236597760, "type": "region", "version": 1 }, "end_va": 859236618239, "entry_point": 859236597760, "filename": "\\Windows\\System32\\en-US\\user32.dll.mui", "id": "region_1677", "name": "user32.dll.mui", "norm_filename": "c:\\windows\\system32\\en-us\\user32.dll.mui", "region_type": "memory_mapped_file", "start_va": 859236597760, "timestamp": "00:00:33.778", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 48848896, "start_va": 859264450560, "type": "region", "version": 1 }, "end_va": 859313299455, "entry_point": 859264450560, "filename": "\\Windows\\System32\\imageres.dll", "id": "region_1678", "name": "imageres.dll", "norm_filename": "c:\\windows\\system32\\imageres.dll", "region_type": "memory_mapped_file", "start_va": 859264450560, "timestamp": "00:00:33.783", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4169728, "start_va": 859313340416, "type": "region", "version": 1 }, "end_va": 859317510143, "entry_point": 0, "filename": null, "id": "region_1679", "name": "pagefile_0x000000c813110000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 859313340416, "timestamp": "00:00:34.199", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 278528, "start_va": 859317534720, "type": "region", "version": 1 }, "end_va": 859317813247, "entry_point": 0, "filename": null, "id": "region_1680", "name": "pagefile_0x000000c813510000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 859317534720, "timestamp": "00:00:34.199", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 122880, "start_va": 140729594019840, "type": "region", "version": 1 }, "end_va": 140729594142719, "entry_point": 140729594024392, "filename": "\\Windows\\System32\\cryptsp.dll", "id": "region_1681", "name": "cryptsp.dll", "norm_filename": "c:\\windows\\system32\\cryptsp.dll", "region_type": "memory_mapped_file", "start_va": 140729594019840, "timestamp": "00:00:34.203", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 217088, "start_va": 140729589760000, "type": "region", "version": 1 }, "end_va": 140729589977087, "entry_point": 140729589765080, "filename": "\\Windows\\System32\\rsaenh.dll", "id": "region_1682", "name": "rsaenh.dll", "norm_filename": "c:\\windows\\system32\\rsaenh.dll", "region_type": "memory_mapped_file", "start_va": 140729589760000, "timestamp": "00:00:34.205", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 155648, "start_va": 140729596313600, "type": "region", "version": 1 }, "end_va": 140729596469247, "entry_point": 140729596337000, "filename": "\\Windows\\System32\\bcrypt.dll", "id": "region_1683", "name": "bcrypt.dll", "norm_filename": "c:\\windows\\system32\\bcrypt.dll", "region_type": "memory_mapped_file", "start_va": 140729596313600, "timestamp": "00:00:34.206", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 151552, "start_va": 859317862400, "type": "region", "version": 1 }, "end_va": 859318013951, "entry_point": 0, "filename": null, "id": "region_1696", "name": "pagefile_0x000000c813560000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 859317862400, "timestamp": "00:00:34.623", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "C:\\Users\\5JGHKO~1\\Desktop\\WANACR~1.EXE", "filename": "c:\\users\\5jghko~1\\desktop\\wanacr~1.exe", "id": "proc_22", "image_name": "wanacr~1.exe", "monitor_reason": "child_process", "monitored_id": 22, "origin_monitor_id": 19, "ref_parent_process": { "ref_id": "proc_19", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable" ], "ref_process_dump": null, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_1684", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:00:34.578", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 131072, "start_va": 165966839808, "type": "region", "version": 1 }, "end_va": 165966970879, "entry_point": 0, "filename": null, "id": "region_1685", "name": "private_0x00000026a4650000", "norm_filename": null, "region_type": "private_memory", "start_va": 165966839808, "timestamp": "00:00:34.578", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 61440, "start_va": 165966970880, "type": "region", "version": 1 }, "end_va": 165967032319, "entry_point": 0, "filename": null, "id": "region_1686", "name": "pagefile_0x00000026a4670000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 165966970880, "timestamp": "00:00:34.578", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4194304, "start_va": 165967036416, "type": "region", "version": 1 }, "end_va": 165971230719, "entry_point": 0, "filename": null, "id": "region_1687", "name": "private_0x00000026a4680000", "norm_filename": null, "region_type": "private_memory", "start_va": 165967036416, "timestamp": "00:00:34.578", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 165971230720, "type": "region", "version": 1 }, "end_va": 165971247103, "entry_point": 0, "filename": null, "id": "region_1688", "name": "pagefile_0x00000026a4a80000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 165971230720, "timestamp": "00:00:34.578", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 165971296256, "type": "region", "version": 1 }, "end_va": 165971304447, "entry_point": 0, "filename": null, "id": "region_1689", "name": "pagefile_0x00000026a4a90000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 165971296256, "timestamp": "00:00:34.578", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 165971361792, "type": "region", "version": 1 }, "end_va": 165971369983, "entry_point": 0, "filename": null, "id": "region_1690", "name": "private_0x00000026a4aa0000", "norm_filename": null, "region_type": "private_memory", "start_va": 165971361792, "timestamp": "00:00:34.578", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 140700277604352, "type": "region", "version": 1 }, "end_va": 140700277747711, "entry_point": 0, "filename": null, "id": "region_1691", "name": "pagefile_0x00007ff756110000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 140700277604352, "timestamp": "00:00:34.578", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 140700277764096, "type": "region", "version": 1 }, "end_va": 140700277768191, "entry_point": 0, "filename": null, "id": "region_1692", "name": "private_0x00007ff756137000", "norm_filename": null, "region_type": "private_memory", "start_va": 140700277764096, "timestamp": "00:00:34.578", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140700277792768, "type": "region", "version": 1 }, "end_va": 140700277800959, "entry_point": 0, "filename": null, "id": "region_1693", "name": "private_0x00007ff75613e000", "norm_filename": null, "region_type": "private_memory", "start_va": 140700277792768, "timestamp": "00:00:34.578", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1085440, "start_va": 140700288352256, "type": "region", "version": 1 }, "end_va": 140700289437695, "entry_point": 140700288547356, "filename": "\\Users\\5JgHKoaOfdp\\Desktop\\wanacry6.malware.exe", "id": "region_1694", "name": "wanacry6.malware.exe", "norm_filename": "c:\\users\\5jghkoaofdp\\desktop\\wanacry6.malware.exe", "region_type": "memory_mapped_file", "start_va": 140700288352256, "timestamp": "00:00:34.579", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 140729648283648, "type": "region", "version": 1 }, "end_va": 140729650024447, "entry_point": 140729648283648, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_1695", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 140729648283648, "timestamp": "00:00:34.579", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4194304, "start_va": 165971755008, "type": "region", "version": 1 }, "end_va": 165975949311, "entry_point": 0, "filename": null, "id": "region_1697", "name": "private_0x00000026a4b00000", "norm_filename": null, "region_type": "private_memory", "start_va": 165971755008, "timestamp": "00:00:34.658", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1105920, "start_va": 140729603522560, "type": "region", "version": 1 }, "end_va": 140729604628479, "entry_point": 140729603531424, "filename": "\\Windows\\System32\\KernelBase.dll", "id": "region_1698", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\system32\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 140729603522560, "timestamp": "00:00:34.658", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1282048, "start_va": 140729609617408, "type": "region", "version": 1 }, "end_va": 140729610899455, "entry_point": 140729609637940, "filename": "\\Windows\\System32\\kernel32.dll", "id": "region_1699", "name": "kernel32.dll", "norm_filename": "c:\\windows\\system32\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 140729609617408, "timestamp": "00:00:34.659", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 165966839808, "type": "region", "version": 1 }, "end_va": 165966905343, "entry_point": 0, "filename": null, "id": "region_1700", "name": "pagefile_0x00000026a4650000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 165966839808, "timestamp": "00:00:34.700", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 28672, "start_va": 165966905344, "type": "region", "version": 1 }, "end_va": 165966934015, "entry_point": 0, "filename": null, "id": "region_1701", "name": "private_0x00000026a4660000", "norm_filename": null, "region_type": "private_memory", "start_va": 165966905344, "timestamp": "00:00:34.700", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 28672, "start_va": 165971427328, "type": "region", "version": 1 }, "end_va": 165971455999, "entry_point": 0, "filename": null, "id": "region_1702", "name": "private_0x00000026a4ab0000", "norm_filename": null, "region_type": "private_memory", "start_va": 165971427328, "timestamp": "00:00:34.700", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 165971492864, "type": "region", "version": 1 }, "end_va": 165971496959, "entry_point": 0, "filename": null, "id": "region_1703", "name": "private_0x00000026a4ac0000", "norm_filename": null, "region_type": "private_memory", "start_va": 165971492864, "timestamp": "00:00:34.700", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 165971558400, "type": "region", "version": 1 }, "end_va": 165971562495, "entry_point": 0, "filename": null, "id": "region_1704", "name": "private_0x00000026a4ad0000", "norm_filename": null, "region_type": "private_memory", "start_va": 165971558400, "timestamp": "00:00:34.700", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 516096, "start_va": 165975949312, "type": "region", "version": 1 }, "end_va": 165976465407, "entry_point": 165975949312, "filename": "\\Windows\\System32\\locale.nls", "id": "region_1705", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 165975949312, "timestamp": "00:00:34.700", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 165976473600, "type": "region", "version": 1 }, "end_va": 165978079231, "entry_point": 0, "filename": null, "id": "region_1706", "name": "pagefile_0x00000026a4f80000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 165976473600, "timestamp": "00:00:34.701", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 165978243072, "type": "region", "version": 1 }, "end_va": 165978308607, "entry_point": 0, "filename": null, "id": "region_1707", "name": "private_0x00000026a5130000", "norm_filename": null, "region_type": "private_memory", "start_va": 165978243072, "timestamp": "00:00:34.701", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 165978308608, "type": "region", "version": 1 }, "end_va": 165979885567, "entry_point": 0, "filename": null, "id": "region_1708", "name": "pagefile_0x00000026a5140000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 165978308608, "timestamp": "00:00:34.701", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20971520, "start_va": 165979947008, "type": "region", "version": 1 }, "end_va": 166000918527, "entry_point": 0, "filename": null, "id": "region_1709", "name": "pagefile_0x00000026a52d0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 165979947008, "timestamp": "00:00:34.702", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 140700276555776, "type": "region", "version": 1 }, "end_va": 140700277604351, "entry_point": 0, "filename": null, "id": "region_1710", "name": "pagefile_0x00007ff756010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 140700276555776, "timestamp": "00:00:34.702", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 140729467273216, "type": "region", "version": 1 }, "end_va": 140729467314175, "entry_point": 140729467277504, "filename": "\\Windows\\System32\\version.dll", "id": "region_1711", "name": "version.dll", "norm_filename": "c:\\windows\\system32\\version.dll", "region_type": "memory_mapped_file", "start_va": 140729467273216, "timestamp": "00:00:34.702", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 172032, "start_va": 140729480118272, "type": "region", "version": 1 }, "end_va": 140729480290303, "entry_point": 140729480161128, "filename": "\\Windows\\System32\\winmmbase.dll", "id": "region_1712", "name": "winmmbase.dll", "norm_filename": "c:\\windows\\system32\\winmmbase.dll", "region_type": "memory_mapped_file", "start_va": 140729480118272, "timestamp": "00:00:34.702", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 126976, "start_va": 140729480314880, "type": "region", "version": 1 }, "end_va": 140729480441855, "entry_point": 140729480324088, "filename": "\\Windows\\System32\\winmm.dll", "id": "region_1713", "name": "winmm.dll", "norm_filename": "c:\\windows\\system32\\winmm.dll", "region_type": "memory_mapped_file", "start_va": 140729480314880, "timestamp": "00:00:34.703", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 110592, "start_va": 140729514524672, "type": "region", "version": 1 }, "end_va": 140729514635263, "entry_point": 140729514528848, "filename": "\\Windows\\System32\\mpr.dll", "id": "region_1714", "name": "mpr.dll", "norm_filename": "c:\\windows\\system32\\mpr.dll", "region_type": "memory_mapped_file", "start_va": 140729514524672, "timestamp": "00:00:34.703", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2785280, "start_va": 140729514655744, "type": "region", "version": 1 }, "end_va": 140729517441023, "entry_point": 140729514712516, "filename": "\\Windows\\System32\\iertutil.dll", "id": "region_1715", "name": "iertutil.dll", "norm_filename": "c:\\windows\\system32\\iertutil.dll", "region_type": "memory_mapped_file", "start_va": 140729514655744, "timestamp": "00:00:34.704", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2359296, "start_va": 140729517473792, "type": "region", "version": 1 }, "end_va": 140729519833087, "entry_point": 140729517478896, "filename": "\\Windows\\System32\\wininet.dll", "id": "region_1716", "name": "wininet.dll", "norm_filename": "c:\\windows\\system32\\wininet.dll", "region_type": "memory_mapped_file", "start_va": 140729517473792, "timestamp": "00:00:34.704", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 140729531891712, "type": "region", "version": 1 }, "end_va": 140729531932671, "entry_point": 140729531896004, "filename": "\\Windows\\System32\\winnsi.dll", "id": "region_1717", "name": "winnsi.dll", "norm_filename": "c:\\windows\\system32\\winnsi.dll", "region_type": "memory_mapped_file", "start_va": 140729531891712, "timestamp": "00:00:34.705", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 36864, "start_va": 140729532350464, "type": "region", "version": 1 }, "end_va": 140729532387327, "entry_point": 140729532354688, "filename": "\\Windows\\System32\\wsock32.dll", "id": "region_1718", "name": "wsock32.dll", "norm_filename": "c:\\windows\\system32\\wsock32.dll", "region_type": "memory_mapped_file", "start_va": 140729532350464, "timestamp": "00:00:34.705", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 167936, "start_va": 140729534971904, "type": "region", "version": 1 }, "end_va": 140729535139839, "entry_point": 140729535002984, "filename": "\\Windows\\System32\\IPHLPAPI.DLL", "id": "region_1719", "name": "iphlpapi.dll", "norm_filename": "c:\\windows\\system32\\iphlpapi.dll", "region_type": "memory_mapped_file", "start_va": 140729534971904, "timestamp": "00:00:34.706", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2465792, "start_va": 140729570230272, "type": "region", "version": 1 }, "end_va": 140729572696063, "entry_point": 140729570248512, "filename": "\\Windows\\WinSxS\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_62475f7becb72503\\comctl32.dll", "id": "region_1720", "name": "comctl32.dll", "norm_filename": "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_62475f7becb72503\\comctl32.dll", "region_type": "memory_mapped_file", "start_va": 140729570230272, "timestamp": "00:00:34.707", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 659456, "start_va": 140729577242624, "type": "region", "version": 1 }, "end_va": 140729577902079, "entry_point": 140729577246880, "filename": "\\Windows\\System32\\SHCore.dll", "id": "region_1721", "name": "shcore.dll", "norm_filename": "c:\\windows\\system32\\shcore.dll", "region_type": "memory_mapped_file", "start_va": 140729577242624, "timestamp": "00:00:34.707", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1187840, "start_va": 140729581699072, "type": "region", "version": 1 }, "end_va": 140729582886911, "entry_point": 140729581745220, "filename": "\\Windows\\System32\\uxtheme.dll", "id": "region_1722", "name": "uxtheme.dll", "norm_filename": "c:\\windows\\system32\\uxtheme.dll", "region_type": "memory_mapped_file", "start_va": 140729581699072, "timestamp": "00:00:34.708", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 155648, "start_va": 140729583271936, "type": "region", "version": 1 }, "end_va": 140729583427583, "entry_point": 140729583277468, "filename": "\\Windows\\System32\\devobj.dll", "id": "region_1723", "name": "devobj.dll", "norm_filename": "c:\\windows\\system32\\devobj.dll", "region_type": "memory_mapped_file", "start_va": 140729583271936, "timestamp": "00:00:34.708", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 126976, "start_va": 140729590874112, "type": "region", "version": 1 }, "end_va": 140729591001087, "entry_point": 140729590878960, "filename": "\\Windows\\System32\\userenv.dll", "id": "region_1724", "name": "userenv.dll", "norm_filename": "c:\\windows\\system32\\userenv.dll", "region_type": "memory_mapped_file", "start_va": 140729590874112, "timestamp": "00:00:34.708", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 81920, "start_va": 140729601622016, "type": "region", "version": 1 }, "end_va": 140729601703935, "entry_point": 140729601637068, "filename": "\\Windows\\System32\\profapi.dll", "id": "region_1725", "name": "profapi.dll", "norm_filename": "c:\\windows\\system32\\profapi.dll", "region_type": "memory_mapped_file", "start_va": 140729601622016, "timestamp": "00:00:34.709", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 303104, "start_va": 140729606602752, "type": "region", "version": 1 }, "end_va": 140729606905855, "entry_point": 140729606607448, "filename": "\\Windows\\System32\\cfgmgr32.dll", "id": "region_1726", "name": "cfgmgr32.dll", "norm_filename": "c:\\windows\\system32\\cfgmgr32.dll", "region_type": "memory_mapped_file", "start_va": 140729606602752, "timestamp": "00:00:34.711", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1511424, "start_va": 140729606930432, "type": "region", "version": 1 }, "end_va": 140729608441855, "entry_point": 140729607084736, "filename": "\\Windows\\System32\\user32.dll", "id": "region_1727", "name": "user32.dll", "norm_filename": "c:\\windows\\system32\\user32.dll", "region_type": "memory_mapped_file", "start_va": 140729606930432, "timestamp": "00:00:34.711", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 356352, "start_va": 140729608503296, "type": "region", "version": 1 }, "end_va": 140729608859647, "entry_point": 140729608512768, "filename": "\\Windows\\System32\\sechost.dll", "id": "region_1728", "name": "sechost.dll", "norm_filename": "c:\\windows\\system32\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 140729608503296, "timestamp": "00:00:34.712", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 675840, "start_va": 140729608896512, "type": "region", "version": 1 }, "end_va": 140729609572351, "entry_point": 140729608900624, "filename": "\\Windows\\System32\\advapi32.dll", "id": "region_1729", "name": "advapi32.dll", "norm_filename": "c:\\windows\\system32\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 140729608896512, "timestamp": "00:00:34.712", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 749568, "start_va": 140729610928128, "type": "region", "version": 1 }, "end_va": 140729611677695, "entry_point": 140729610932512, "filename": "\\Windows\\System32\\oleaut32.dll", "id": "region_1730", "name": "oleaut32.dll", "norm_filename": "c:\\windows\\system32\\oleaut32.dll", "region_type": "memory_mapped_file", "start_va": 140729610928128, "timestamp": "00:00:34.713", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 684032, "start_va": 140729612173312, "type": "region", "version": 1 }, "end_va": 140729612857343, "entry_point": 140729612183596, "filename": "\\Windows\\System32\\msvcrt.dll", "id": "region_1731", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\system32\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 140729612173312, "timestamp": "00:00:34.713", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1331200, "start_va": 140729612894208, "type": "region", "version": 1 }, "end_va": 140729614225407, "entry_point": 140729612967000, "filename": "\\Windows\\System32\\gdi32.dll", "id": "region_1732", "name": "gdi32.dll", "norm_filename": "c:\\windows\\system32\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 140729612894208, "timestamp": "00:00:34.714", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 21032960, "start_va": 140729614270464, "type": "region", "version": 1 }, "end_va": 140729635303423, "entry_point": 140729614274816, "filename": "\\Windows\\System32\\shell32.dll", "id": "region_1733", "name": "shell32.dll", "norm_filename": "c:\\windows\\system32\\shell32.dll", "region_type": "memory_mapped_file", "start_va": 140729614270464, "timestamp": "00:00:34.715", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1929216, "start_va": 140729635831808, "type": "region", "version": 1 }, "end_va": 140729637761023, "entry_point": 140729635839840, "filename": "\\Windows\\System32\\combase.dll", "id": "region_1734", "name": "combase.dll", "norm_filename": "c:\\windows\\system32\\combase.dll", "region_type": "memory_mapped_file", "start_va": 140729635831808, "timestamp": "00:00:34.715", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 212992, "start_va": 140729638518784, "type": "region", "version": 1 }, "end_va": 140729638731775, "entry_point": 140729638522928, "filename": "\\Windows\\System32\\imm32.dll", "id": "region_1735", "name": "imm32.dll", "norm_filename": "c:\\windows\\system32\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 140729638518784, "timestamp": "00:00:34.715", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1531904, "start_va": 140729638780928, "type": "region", "version": 1 }, "end_va": 140729640312831, "entry_point": 140729638785204, "filename": "\\Windows\\System32\\ole32.dll", "id": "region_1736", "name": "ole32.dll", "norm_filename": "c:\\windows\\system32\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 140729638780928, "timestamp": "00:00:34.716", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1277952, "start_va": 140729640353792, "type": "region", "version": 1 }, "end_va": 140729641631743, "entry_point": 140729640357904, "filename": "\\Windows\\System32\\msctf.dll", "id": "region_1737", "name": "msctf.dll", "norm_filename": "c:\\windows\\system32\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 140729640353792, "timestamp": "00:00:34.716", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 360448, "start_va": 140729641664512, "type": "region", "version": 1 }, "end_va": 140729642024959, "entry_point": 140729641668764, "filename": "\\Windows\\System32\\ws2_32.dll", "id": "region_1738", "name": "ws2_32.dll", "norm_filename": "c:\\windows\\system32\\ws2_32.dll", "region_type": "memory_mapped_file", "start_va": 140729641664512, "timestamp": "00:00:34.717", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 630784, "start_va": 140729644023808, "type": "region", "version": 1 }, "end_va": 140729644654591, "entry_point": 140729644028324, "filename": "\\Windows\\System32\\comdlg32.dll", "id": "region_1739", "name": "comdlg32.dll", "norm_filename": "c:\\windows\\system32\\comdlg32.dll", "region_type": "memory_mapped_file", "start_va": 140729644023808, "timestamp": "00:00:34.717", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1269760, "start_va": 140729644679168, "type": "region", "version": 1 }, "end_va": 140729645948927, "entry_point": 140729644683600, "filename": "\\Windows\\System32\\rpcrt4.dll", "id": "region_1740", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\system32\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 140729644679168, "timestamp": "00:00:34.718", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 28672, "start_va": 140729647759360, "type": "region", "version": 1 }, "end_va": 140729647788031, "entry_point": 140729647763472, "filename": "\\Windows\\System32\\psapi.dll", "id": "region_1741", "name": "psapi.dll", "norm_filename": "c:\\windows\\system32\\psapi.dll", "region_type": "memory_mapped_file", "start_va": 140729647759360, "timestamp": "00:00:34.718", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 36864, "start_va": 140729647824896, "type": "region", "version": 1 }, "end_va": 140729647861759, "entry_point": 140729647830016, "filename": "\\Windows\\System32\\nsi.dll", "id": "region_1742", "name": "nsi.dll", "norm_filename": "c:\\windows\\system32\\nsi.dll", "region_type": "memory_mapped_file", "start_va": 140729647824896, "timestamp": "00:00:34.719", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 331776, "start_va": 140729647890432, "type": "region", "version": 1 }, "end_va": 140729648222207, "entry_point": 140729647895232, "filename": "\\Windows\\System32\\shlwapi.dll", "id": "region_1743", "name": "shlwapi.dll", "norm_filename": "c:\\windows\\system32\\shlwapi.dll", "region_type": "memory_mapped_file", "start_va": 140729647890432, "timestamp": "00:00:34.719", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 165971689472, "type": "region", "version": 1 }, "end_va": 165971697663, "entry_point": 0, "filename": null, "id": "region_1744", "name": "pagefile_0x00000026a4af0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 165971689472, "timestamp": "00:00:34.756", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 166002950144, "type": "region", "version": 1 }, "end_va": 166003015679, "entry_point": 0, "filename": null, "id": "region_1745", "name": "private_0x00000026a68c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 166002950144, "timestamp": "00:00:34.756", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 761856, "start_va": 166000918528, "type": "region", "version": 1 }, "end_va": 166001680383, "entry_point": 166001100648, "filename": "\\Windows\\System32\\rpcss.dll", "id": "region_1746", "name": "rpcss.dll", "norm_filename": "c:\\windows\\system32\\rpcss.dll", "region_type": "memory_mapped_file", "start_va": 166000918528, "timestamp": "00:00:34.763", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 140729583599616, "type": "region", "version": 1 }, "end_va": 140729583640575, "entry_point": 140729583605576, "filename": "\\Windows\\System32\\kernel.appcore.dll", "id": "region_1747", "name": "kernel.appcore.dll", "norm_filename": "c:\\windows\\system32\\kernel.appcore.dll", "region_type": "memory_mapped_file", "start_va": 140729583599616, "timestamp": "00:00:34.765", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 140729601490944, "type": "region", "version": 1 }, "end_va": 140729601531903, "entry_point": 140729601495056, "filename": "\\Windows\\System32\\cryptbase.dll", "id": "region_1748", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\system32\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 140729601490944, "timestamp": "00:00:34.767", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 385024, "start_va": 140729599590400, "type": "region", "version": 1 }, "end_va": 140729599975423, "entry_point": 140729599719072, "filename": "\\Windows\\System32\\bcryptprimitives.dll", "id": "region_1749", "name": "bcryptprimitives.dll", "norm_filename": "c:\\windows\\system32\\bcryptprimitives.dll", "region_type": "memory_mapped_file", "start_va": 140729599590400, "timestamp": "00:00:34.768", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 165971623936, "type": "region", "version": 1 }, "end_va": 165971628031, "entry_point": 0, "filename": null, "id": "region_1750", "name": "pagefile_0x00000026a4ae0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 165971623936, "timestamp": "00:00:34.779", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 983040, "start_va": 166000918528, "type": "region", "version": 1 }, "end_va": 166001901567, "entry_point": 0, "filename": null, "id": "region_1751", "name": "pagefile_0x00000026a66d0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 166000918528, "timestamp": "00:00:34.780", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 165971623936, "type": "region", "version": 1 }, "end_va": 165971640319, "entry_point": 0, "filename": null, "id": "region_1752", "name": "pagefile_0x00000026a4ae0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 165971623936, "timestamp": "00:00:34.780", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 28672, "start_va": 165978112000, "type": "region", "version": 1 }, "end_va": 165978140671, "entry_point": 0, "filename": null, "id": "region_1753", "name": "private_0x00000026a5110000", "norm_filename": null, "region_type": "private_memory", "start_va": 165978112000, "timestamp": "00:00:34.780", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 166001901568, "type": "region", "version": 1 }, "end_va": 166002950143, "entry_point": 0, "filename": null, "id": "region_1754", "name": "private_0x00000026a67c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 166001901568, "timestamp": "00:00:34.792", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1052672, "start_va": 166003015680, "type": "region", "version": 1 }, "end_va": 166004068351, "entry_point": 0, "filename": null, "id": "region_1755", "name": "pagefile_0x00000026a68d0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 166003015680, "timestamp": "00:00:34.800", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 165978177536, "type": "region", "version": 1 }, "end_va": 165978181631, "entry_point": 0, "filename": null, "id": "region_1756", "name": "private_0x00000026a5120000", "norm_filename": null, "region_type": "private_memory", "start_va": 165978177536, "timestamp": "00:00:34.833", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 135168, "start_va": 140729575276544, "type": "region", "version": 1 }, "end_va": 140729575411711, "entry_point": 140729575280896, "filename": "\\Windows\\System32\\dwmapi.dll", "id": "region_1757", "name": "dwmapi.dll", "norm_filename": "c:\\windows\\system32\\dwmapi.dll", "region_type": "memory_mapped_file", "start_va": 140729575276544, "timestamp": "00:00:34.833", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2969600, "start_va": 166003015680, "type": "region", "version": 1 }, "end_va": 166005985279, "entry_point": 166003015680, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_1758", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 166003015680, "timestamp": "00:00:34.837", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 166006030336, "type": "region", "version": 1 }, "end_va": 166006034431, "entry_point": 0, "filename": null, "id": "region_1759", "name": "pagefile_0x00000026a6bb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 166006030336, "timestamp": "00:00:34.845", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 166006095872, "type": "region", "version": 1 }, "end_va": 166006099967, "entry_point": 0, "filename": null, "id": "region_1760", "name": "private_0x00000026a6bc0000", "norm_filename": null, "region_type": "private_memory", "start_va": 166006095872, "timestamp": "00:00:35.885", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 5185536, "start_va": 166006161408, "type": "region", "version": 1 }, "end_va": 166011346943, "entry_point": 0, "filename": null, "id": "region_1761", "name": "pagefile_0x00000026a6bd0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 166006161408, "timestamp": "00:00:35.893", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 15138816, "start_va": 166011404288, "type": "region", "version": 1 }, "end_va": 166026543103, "entry_point": 166011404288, "filename": "\\Windows\\Fonts\\StaticCache.dat", "id": "region_1762", "name": "staticcache.dat", "norm_filename": "c:\\windows\\fonts\\staticcache.dat", "region_type": "memory_mapped_file", "start_va": 166011404288, "timestamp": "00:00:35.894", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 86016, "start_va": 140729541525504, "type": "region", "version": 1 }, "end_va": 140729541611519, "entry_point": 140729541529664, "filename": "\\Windows\\System32\\netapi32.dll", "id": "region_1763", "name": "netapi32.dll", "norm_filename": "c:\\windows\\system32\\netapi32.dll", "region_type": "memory_mapped_file", "start_va": 140729541525504, "timestamp": "00:00:35.904", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 140729593954304, "type": "region", "version": 1 }, "end_va": 140729594003455, "entry_point": 140729593959516, "filename": "\\Windows\\System32\\netutils.dll", "id": "region_1764", "name": "netutils.dll", "norm_filename": "c:\\windows\\system32\\netutils.dll", "region_type": "memory_mapped_file", "start_va": 140729593954304, "timestamp": "00:00:35.905", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 151552, "start_va": 140729599000576, "type": "region", "version": 1 }, "end_va": 140729599152127, "entry_point": 140729599004788, "filename": "\\Windows\\System32\\srvcli.dll", "id": "region_1765", "name": "srvcli.dll", "norm_filename": "c:\\windows\\system32\\srvcli.dll", "region_type": "memory_mapped_file", "start_va": 140729599000576, "timestamp": "00:00:35.907", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 90112, "start_va": 140729541263360, "type": "region", "version": 1 }, "end_va": 140729541353471, "entry_point": 140729541267528, "filename": "\\Windows\\System32\\wkscli.dll", "id": "region_1766", "name": "wkscli.dll", "norm_filename": "c:\\windows\\system32\\wkscli.dll", "region_type": "memory_mapped_file", "start_va": 140729541263360, "timestamp": "00:00:35.908", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 2195456, "start_va": 166026543104, "type": "region", "version": 1 }, "end_va": 166028738559, "entry_point": 0, "filename": null, "id": "region_1783", "name": "pagefile_0x00000026a7f40000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 166026543104, "timestamp": "00:00:35.986", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 166028771328, "type": "region", "version": 1 }, "end_va": 166028775423, "entry_point": 0, "filename": null, "id": "region_1784", "name": "pagefile_0x00000026a8160000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 166028771328, "timestamp": "00:00:35.986", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 48848896, "start_va": 166028771328, "type": "region", "version": 1 }, "end_va": 166077620223, "entry_point": 166028771328, "filename": "\\Windows\\System32\\imageres.dll", "id": "region_1785", "name": "imageres.dll", "norm_filename": "c:\\windows\\system32\\imageres.dll", "region_type": "memory_mapped_file", "start_va": 166028771328, "timestamp": "00:00:36.313", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 12288, "start_va": 166077661184, "type": "region", "version": 1 }, "end_va": 166077673471, "entry_point": 0, "filename": null, "id": "region_1786", "name": "pagefile_0x00000026ab000000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 166077661184, "timestamp": "00:00:36.764", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 166077726720, "type": "region", "version": 1 }, "end_va": 166077730815, "entry_point": 0, "filename": null, "id": "region_1787", "name": "pagefile_0x00000026ab010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 166077726720, "timestamp": "00:00:36.764", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4169728, "start_va": 166077792256, "type": "region", "version": 1 }, "end_va": 166081961983, "entry_point": 0, "filename": null, "id": "region_1788", "name": "pagefile_0x00000026ab020000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 166077792256, "timestamp": "00:00:36.764", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 278528, "start_va": 166081986560, "type": "region", "version": 1 }, "end_va": 166082265087, "entry_point": 0, "filename": null, "id": "region_1789", "name": "pagefile_0x00000026ab420000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 166081986560, "timestamp": "00:00:36.764", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 122880, "start_va": 140729594019840, "type": "region", "version": 1 }, "end_va": 140729594142719, "entry_point": 140729594024392, "filename": "\\Windows\\System32\\cryptsp.dll", "id": "region_1790", "name": "cryptsp.dll", "norm_filename": "c:\\windows\\system32\\cryptsp.dll", "region_type": "memory_mapped_file", "start_va": 140729594019840, "timestamp": "00:00:36.767", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 217088, "start_va": 140729589760000, "type": "region", "version": 1 }, "end_va": 140729589977087, "entry_point": 140729589765080, "filename": "\\Windows\\System32\\rsaenh.dll", "id": "region_1791", "name": "rsaenh.dll", "norm_filename": "c:\\windows\\system32\\rsaenh.dll", "region_type": "memory_mapped_file", "start_va": 140729589760000, "timestamp": "00:00:36.769", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 155648, "start_va": 140729596313600, "type": "region", "version": 1 }, "end_va": 140729596469247, "entry_point": 140729596337000, "filename": "\\Windows\\System32\\bcrypt.dll", "id": "region_1792", "name": "bcrypt.dll", "norm_filename": "c:\\windows\\system32\\bcrypt.dll", "region_type": "memory_mapped_file", "start_va": 140729596313600, "timestamp": "00:00:36.772", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 151552, "start_va": 166082314240, "type": "region", "version": 1 }, "end_va": 166082465791, "entry_point": 0, "filename": null, "id": "region_1805", "name": "pagefile_0x00000026ab470000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 166082314240, "timestamp": "00:00:37.201", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "C:\\Users\\5JGHKO~1\\Desktop\\WANACR~1.EXE", "filename": "c:\\users\\5jghko~1\\desktop\\wanacr~1.exe", "id": "proc_23", "image_name": "wanacr~1.exe", "monitor_reason": "child_process", "monitored_id": 23, "origin_monitor_id": 22, "ref_parent_process": { "ref_id": "proc_22", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable" ], "ref_process_dump": null, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_1793", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:00:37.150", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 131072, "start_va": 48886054912, "type": "region", "version": 1 }, "end_va": 48886185983, "entry_point": 0, "filename": null, "id": "region_1794", "name": "private_0x0000000b61d60000", "norm_filename": null, "region_type": "private_memory", "start_va": 48886054912, "timestamp": "00:00:37.150", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 61440, "start_va": 48886185984, "type": "region", "version": 1 }, "end_va": 48886247423, "entry_point": 0, "filename": null, "id": "region_1795", "name": "pagefile_0x0000000b61d80000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 48886185984, "timestamp": "00:00:37.150", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4194304, "start_va": 48886251520, "type": "region", "version": 1 }, "end_va": 48890445823, "entry_point": 0, "filename": null, "id": "region_1796", "name": "private_0x0000000b61d90000", "norm_filename": null, "region_type": "private_memory", "start_va": 48886251520, "timestamp": "00:00:37.150", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 48890445824, "type": "region", "version": 1 }, "end_va": 48890462207, "entry_point": 0, "filename": null, "id": "region_1797", "name": "pagefile_0x0000000b62190000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 48890445824, "timestamp": "00:00:37.150", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 48890511360, "type": "region", "version": 1 }, "end_va": 48890519551, "entry_point": 0, "filename": null, "id": "region_1798", "name": "pagefile_0x0000000b621a0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 48890511360, "timestamp": "00:00:37.150", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 48890576896, "type": "region", "version": 1 }, "end_va": 48890585087, "entry_point": 0, "filename": null, "id": "region_1799", "name": "private_0x0000000b621b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 48890576896, "timestamp": "00:00:37.150", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 140700277473280, "type": "region", "version": 1 }, "end_va": 140700277616639, "entry_point": 0, "filename": null, "id": "region_1800", "name": "pagefile_0x00007ff7560f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 140700277473280, "timestamp": "00:00:37.150", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140700277657600, "type": "region", "version": 1 }, "end_va": 140700277665791, "entry_point": 0, "filename": null, "id": "region_1801", "name": "private_0x00007ff75611d000", "norm_filename": null, "region_type": "private_memory", "start_va": 140700277657600, "timestamp": "00:00:37.150", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 140700277665792, "type": "region", "version": 1 }, "end_va": 140700277669887, "entry_point": 0, "filename": null, "id": "region_1802", "name": "private_0x00007ff75611f000", "norm_filename": null, "region_type": "private_memory", "start_va": 140700277665792, "timestamp": "00:00:37.150", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1085440, "start_va": 140700288352256, "type": "region", "version": 1 }, "end_va": 140700289437695, "entry_point": 140700288547356, "filename": "\\Users\\5JgHKoaOfdp\\Desktop\\wanacry6.malware.exe", "id": "region_1803", "name": "wanacry6.malware.exe", "norm_filename": "c:\\users\\5jghkoaofdp\\desktop\\wanacry6.malware.exe", "region_type": "memory_mapped_file", "start_va": 140700288352256, "timestamp": "00:00:37.150", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 140729648283648, "type": "region", "version": 1 }, "end_va": 140729650024447, "entry_point": 140729648283648, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_1804", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 140729648283648, "timestamp": "00:00:37.151", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4194304, "start_va": 48891822080, "type": "region", "version": 1 }, "end_va": 48896016383, "entry_point": 0, "filename": null, "id": "region_1806", "name": "private_0x0000000b622e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 48891822080, "timestamp": "00:00:37.235", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1105920, "start_va": 140729603522560, "type": "region", "version": 1 }, "end_va": 140729604628479, "entry_point": 140729603531424, "filename": "\\Windows\\System32\\KernelBase.dll", "id": "region_1807", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\system32\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 140729603522560, "timestamp": "00:00:37.236", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1282048, "start_va": 140729609617408, "type": "region", "version": 1 }, "end_va": 140729610899455, "entry_point": 140729609637940, "filename": "\\Windows\\System32\\kernel32.dll", "id": "region_1808", "name": "kernel32.dll", "norm_filename": "c:\\windows\\system32\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 140729609617408, "timestamp": "00:00:37.237", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 48886054912, "type": "region", "version": 1 }, "end_va": 48886120447, "entry_point": 0, "filename": null, "id": "region_1809", "name": "pagefile_0x0000000b61d60000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 48886054912, "timestamp": "00:00:37.287", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 28672, "start_va": 48886120448, "type": "region", "version": 1 }, "end_va": 48886149119, "entry_point": 0, "filename": null, "id": "region_1810", "name": "private_0x0000000b61d70000", "norm_filename": null, "region_type": "private_memory", "start_va": 48886120448, "timestamp": "00:00:37.287", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 516096, "start_va": 48890642432, "type": "region", "version": 1 }, "end_va": 48891158527, "entry_point": 48890642432, "filename": "\\Windows\\System32\\locale.nls", "id": "region_1811", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 48890642432, "timestamp": "00:00:37.287", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 28672, "start_va": 48891166720, "type": "region", "version": 1 }, "end_va": 48891195391, "entry_point": 0, "filename": null, "id": "region_1812", "name": "private_0x0000000b62240000", "norm_filename": null, "region_type": "private_memory", "start_va": 48891166720, "timestamp": "00:00:37.287", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 48891232256, "type": "region", "version": 1 }, "end_va": 48891236351, "entry_point": 0, "filename": null, "id": "region_1813", "name": "private_0x0000000b62250000", "norm_filename": null, "region_type": "private_memory", "start_va": 48891232256, "timestamp": "00:00:37.287", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 48891297792, "type": "region", "version": 1 }, "end_va": 48891301887, "entry_point": 0, "filename": null, "id": "region_1814", "name": "private_0x0000000b62260000", "norm_filename": null, "region_type": "private_memory", "start_va": 48891297792, "timestamp": "00:00:37.287", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 48896016384, "type": "region", "version": 1 }, "end_va": 48897622015, "entry_point": 0, "filename": null, "id": "region_1815", "name": "pagefile_0x0000000b626e0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 48896016384, "timestamp": "00:00:37.287", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 48897785856, "type": "region", "version": 1 }, "end_va": 48897851391, "entry_point": 0, "filename": null, "id": "region_1816", "name": "private_0x0000000b62890000", "norm_filename": null, "region_type": "private_memory", "start_va": 48897785856, "timestamp": "00:00:37.287", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 48897851392, "type": "region", "version": 1 }, "end_va": 48899428351, "entry_point": 0, "filename": null, "id": "region_1817", "name": "pagefile_0x0000000b628a0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 48897851392, "timestamp": "00:00:37.287", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20971520, "start_va": 48899489792, "type": "region", "version": 1 }, "end_va": 48920461311, "entry_point": 0, "filename": null, "id": "region_1818", "name": "pagefile_0x0000000b62a30000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 48899489792, "timestamp": "00:00:37.288", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 140700276424704, "type": "region", "version": 1 }, "end_va": 140700277473279, "entry_point": 0, "filename": null, "id": "region_1819", "name": "pagefile_0x00007ff755ff0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 140700276424704, "timestamp": "00:00:37.288", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 140729467273216, "type": "region", "version": 1 }, "end_va": 140729467314175, "entry_point": 140729467277504, "filename": "\\Windows\\System32\\version.dll", "id": "region_1820", "name": "version.dll", "norm_filename": "c:\\windows\\system32\\version.dll", "region_type": "memory_mapped_file", "start_va": 140729467273216, "timestamp": "00:00:37.288", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 172032, "start_va": 140729480118272, "type": "region", "version": 1 }, "end_va": 140729480290303, "entry_point": 140729480161128, "filename": "\\Windows\\System32\\winmmbase.dll", "id": "region_1821", "name": "winmmbase.dll", "norm_filename": "c:\\windows\\system32\\winmmbase.dll", "region_type": "memory_mapped_file", "start_va": 140729480118272, "timestamp": "00:00:37.289", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 126976, "start_va": 140729480314880, "type": "region", "version": 1 }, "end_va": 140729480441855, "entry_point": 140729480324088, "filename": "\\Windows\\System32\\winmm.dll", "id": "region_1822", "name": "winmm.dll", "norm_filename": "c:\\windows\\system32\\winmm.dll", "region_type": "memory_mapped_file", "start_va": 140729480314880, "timestamp": "00:00:37.289", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 110592, "start_va": 140729514524672, "type": "region", "version": 1 }, "end_va": 140729514635263, "entry_point": 140729514528848, "filename": "\\Windows\\System32\\mpr.dll", "id": "region_1823", "name": "mpr.dll", "norm_filename": "c:\\windows\\system32\\mpr.dll", "region_type": "memory_mapped_file", "start_va": 140729514524672, "timestamp": "00:00:37.290", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2785280, "start_va": 140729514655744, "type": "region", "version": 1 }, "end_va": 140729517441023, "entry_point": 140729514712516, "filename": "\\Windows\\System32\\iertutil.dll", "id": "region_1824", "name": "iertutil.dll", "norm_filename": "c:\\windows\\system32\\iertutil.dll", "region_type": "memory_mapped_file", "start_va": 140729514655744, "timestamp": "00:00:37.291", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2359296, "start_va": 140729517473792, "type": "region", "version": 1 }, "end_va": 140729519833087, "entry_point": 140729517478896, "filename": "\\Windows\\System32\\wininet.dll", "id": "region_1825", "name": "wininet.dll", "norm_filename": "c:\\windows\\system32\\wininet.dll", "region_type": "memory_mapped_file", "start_va": 140729517473792, "timestamp": "00:00:37.291", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 140729531891712, "type": "region", "version": 1 }, "end_va": 140729531932671, "entry_point": 140729531896004, "filename": "\\Windows\\System32\\winnsi.dll", "id": "region_1826", "name": "winnsi.dll", "norm_filename": "c:\\windows\\system32\\winnsi.dll", "region_type": "memory_mapped_file", "start_va": 140729531891712, "timestamp": "00:00:37.291", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 36864, "start_va": 140729532350464, "type": "region", "version": 1 }, "end_va": 140729532387327, "entry_point": 140729532354688, "filename": "\\Windows\\System32\\wsock32.dll", "id": "region_1827", "name": "wsock32.dll", "norm_filename": "c:\\windows\\system32\\wsock32.dll", "region_type": "memory_mapped_file", "start_va": 140729532350464, "timestamp": "00:00:37.292", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 167936, "start_va": 140729534971904, "type": "region", "version": 1 }, "end_va": 140729535139839, "entry_point": 140729535002984, "filename": "\\Windows\\System32\\IPHLPAPI.DLL", "id": "region_1828", "name": "iphlpapi.dll", "norm_filename": "c:\\windows\\system32\\iphlpapi.dll", "region_type": "memory_mapped_file", "start_va": 140729534971904, "timestamp": "00:00:37.292", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2465792, "start_va": 140729570230272, "type": "region", "version": 1 }, "end_va": 140729572696063, "entry_point": 140729570248512, "filename": "\\Windows\\WinSxS\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_62475f7becb72503\\comctl32.dll", "id": "region_1829", "name": "comctl32.dll", "norm_filename": "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_62475f7becb72503\\comctl32.dll", "region_type": "memory_mapped_file", "start_va": 140729570230272, "timestamp": "00:00:37.293", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 659456, "start_va": 140729577242624, "type": "region", "version": 1 }, "end_va": 140729577902079, "entry_point": 140729577246880, "filename": "\\Windows\\System32\\SHCore.dll", "id": "region_1830", "name": "shcore.dll", "norm_filename": "c:\\windows\\system32\\shcore.dll", "region_type": "memory_mapped_file", "start_va": 140729577242624, "timestamp": "00:00:37.293", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1187840, "start_va": 140729581699072, "type": "region", "version": 1 }, "end_va": 140729582886911, "entry_point": 140729581745220, "filename": "\\Windows\\System32\\uxtheme.dll", "id": "region_1831", "name": "uxtheme.dll", "norm_filename": "c:\\windows\\system32\\uxtheme.dll", "region_type": "memory_mapped_file", "start_va": 140729581699072, "timestamp": "00:00:37.294", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 155648, "start_va": 140729583271936, "type": "region", "version": 1 }, "end_va": 140729583427583, "entry_point": 140729583277468, "filename": "\\Windows\\System32\\devobj.dll", "id": "region_1832", "name": "devobj.dll", "norm_filename": "c:\\windows\\system32\\devobj.dll", "region_type": "memory_mapped_file", "start_va": 140729583271936, "timestamp": "00:00:37.294", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 126976, "start_va": 140729590874112, "type": "region", "version": 1 }, "end_va": 140729591001087, "entry_point": 140729590878960, "filename": "\\Windows\\System32\\userenv.dll", "id": "region_1833", "name": "userenv.dll", "norm_filename": "c:\\windows\\system32\\userenv.dll", "region_type": "memory_mapped_file", "start_va": 140729590874112, "timestamp": "00:00:37.295", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 81920, "start_va": 140729601622016, "type": "region", "version": 1 }, "end_va": 140729601703935, "entry_point": 140729601637068, "filename": "\\Windows\\System32\\profapi.dll", "id": "region_1834", "name": "profapi.dll", "norm_filename": "c:\\windows\\system32\\profapi.dll", "region_type": "memory_mapped_file", "start_va": 140729601622016, "timestamp": "00:00:37.295", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 303104, "start_va": 140729606602752, "type": "region", "version": 1 }, "end_va": 140729606905855, "entry_point": 140729606607448, "filename": "\\Windows\\System32\\cfgmgr32.dll", "id": "region_1835", "name": "cfgmgr32.dll", "norm_filename": "c:\\windows\\system32\\cfgmgr32.dll", "region_type": "memory_mapped_file", "start_va": 140729606602752, "timestamp": "00:00:37.297", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1511424, "start_va": 140729606930432, "type": "region", "version": 1 }, "end_va": 140729608441855, "entry_point": 140729607084736, "filename": "\\Windows\\System32\\user32.dll", "id": "region_1836", "name": "user32.dll", "norm_filename": "c:\\windows\\system32\\user32.dll", "region_type": "memory_mapped_file", "start_va": 140729606930432, "timestamp": "00:00:37.298", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 356352, "start_va": 140729608503296, "type": "region", "version": 1 }, "end_va": 140729608859647, "entry_point": 140729608512768, "filename": "\\Windows\\System32\\sechost.dll", "id": "region_1837", "name": "sechost.dll", "norm_filename": "c:\\windows\\system32\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 140729608503296, "timestamp": "00:00:37.298", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 675840, "start_va": 140729608896512, "type": "region", "version": 1 }, "end_va": 140729609572351, "entry_point": 140729608900624, "filename": "\\Windows\\System32\\advapi32.dll", "id": "region_1838", "name": "advapi32.dll", "norm_filename": "c:\\windows\\system32\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 140729608896512, "timestamp": "00:00:37.299", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 749568, "start_va": 140729610928128, "type": "region", "version": 1 }, "end_va": 140729611677695, "entry_point": 140729610932512, "filename": "\\Windows\\System32\\oleaut32.dll", "id": "region_1839", "name": "oleaut32.dll", "norm_filename": "c:\\windows\\system32\\oleaut32.dll", "region_type": "memory_mapped_file", "start_va": 140729610928128, "timestamp": "00:00:37.299", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 684032, "start_va": 140729612173312, "type": "region", "version": 1 }, "end_va": 140729612857343, "entry_point": 140729612183596, "filename": "\\Windows\\System32\\msvcrt.dll", "id": "region_1840", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\system32\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 140729612173312, "timestamp": "00:00:37.300", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1331200, "start_va": 140729612894208, "type": "region", "version": 1 }, "end_va": 140729614225407, "entry_point": 140729612967000, "filename": "\\Windows\\System32\\gdi32.dll", "id": "region_1841", "name": "gdi32.dll", "norm_filename": "c:\\windows\\system32\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 140729612894208, "timestamp": "00:00:37.300", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 21032960, "start_va": 140729614270464, "type": "region", "version": 1 }, "end_va": 140729635303423, "entry_point": 140729614274816, "filename": "\\Windows\\System32\\shell32.dll", "id": "region_1842", "name": "shell32.dll", "norm_filename": "c:\\windows\\system32\\shell32.dll", "region_type": "memory_mapped_file", "start_va": 140729614270464, "timestamp": "00:00:37.301", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1929216, "start_va": 140729635831808, "type": "region", "version": 1 }, "end_va": 140729637761023, "entry_point": 140729635839840, "filename": "\\Windows\\System32\\combase.dll", "id": "region_1843", "name": "combase.dll", "norm_filename": "c:\\windows\\system32\\combase.dll", "region_type": "memory_mapped_file", "start_va": 140729635831808, "timestamp": "00:00:37.301", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 212992, "start_va": 140729638518784, "type": "region", "version": 1 }, "end_va": 140729638731775, "entry_point": 140729638522928, "filename": "\\Windows\\System32\\imm32.dll", "id": "region_1844", "name": "imm32.dll", "norm_filename": "c:\\windows\\system32\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 140729638518784, "timestamp": "00:00:37.302", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1531904, "start_va": 140729638780928, "type": "region", "version": 1 }, "end_va": 140729640312831, "entry_point": 140729638785204, "filename": "\\Windows\\System32\\ole32.dll", "id": "region_1845", "name": "ole32.dll", "norm_filename": "c:\\windows\\system32\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 140729638780928, "timestamp": "00:00:37.302", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1277952, "start_va": 140729640353792, "type": "region", "version": 1 }, "end_va": 140729641631743, "entry_point": 140729640357904, "filename": "\\Windows\\System32\\msctf.dll", "id": "region_1846", "name": "msctf.dll", "norm_filename": "c:\\windows\\system32\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 140729640353792, "timestamp": "00:00:37.303", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 360448, "start_va": 140729641664512, "type": "region", "version": 1 }, "end_va": 140729642024959, "entry_point": 140729641668764, "filename": "\\Windows\\System32\\ws2_32.dll", "id": "region_1847", "name": "ws2_32.dll", "norm_filename": "c:\\windows\\system32\\ws2_32.dll", "region_type": "memory_mapped_file", "start_va": 140729641664512, "timestamp": "00:00:37.303", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 630784, "start_va": 140729644023808, "type": "region", "version": 1 }, "end_va": 140729644654591, "entry_point": 140729644028324, "filename": "\\Windows\\System32\\comdlg32.dll", "id": "region_1848", "name": "comdlg32.dll", "norm_filename": "c:\\windows\\system32\\comdlg32.dll", "region_type": "memory_mapped_file", "start_va": 140729644023808, "timestamp": "00:00:37.304", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1269760, "start_va": 140729644679168, "type": "region", "version": 1 }, "end_va": 140729645948927, "entry_point": 140729644683600, "filename": "\\Windows\\System32\\rpcrt4.dll", "id": "region_1849", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\system32\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 140729644679168, "timestamp": "00:00:37.304", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 28672, "start_va": 140729647759360, "type": "region", "version": 1 }, "end_va": 140729647788031, "entry_point": 140729647763472, "filename": "\\Windows\\System32\\psapi.dll", "id": "region_1850", "name": "psapi.dll", "norm_filename": "c:\\windows\\system32\\psapi.dll", "region_type": "memory_mapped_file", "start_va": 140729647759360, "timestamp": "00:00:37.305", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 36864, "start_va": 140729647824896, "type": "region", "version": 1 }, "end_va": 140729647861759, "entry_point": 140729647830016, "filename": "\\Windows\\System32\\nsi.dll", "id": "region_1851", "name": "nsi.dll", "norm_filename": "c:\\windows\\system32\\nsi.dll", "region_type": "memory_mapped_file", "start_va": 140729647824896, "timestamp": "00:00:37.305", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 331776, "start_va": 140729647890432, "type": "region", "version": 1 }, "end_va": 140729648222207, "entry_point": 140729647895232, "filename": "\\Windows\\System32\\shlwapi.dll", "id": "region_1852", "name": "shlwapi.dll", "norm_filename": "c:\\windows\\system32\\shlwapi.dll", "region_type": "memory_mapped_file", "start_va": 140729647890432, "timestamp": "00:00:37.306", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 48891428864, "type": "region", "version": 1 }, "end_va": 48891437055, "entry_point": 0, "filename": null, "id": "region_1853", "name": "pagefile_0x0000000b62280000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 48891428864, "timestamp": "00:00:37.325", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 48921968640, "type": "region", "version": 1 }, "end_va": 48922034175, "entry_point": 0, "filename": null, "id": "region_1854", "name": "private_0x0000000b63fa0000", "norm_filename": null, "region_type": "private_memory", "start_va": 48921968640, "timestamp": "00:00:37.325", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 761856, "start_va": 48920461312, "type": "region", "version": 1 }, "end_va": 48921223167, "entry_point": 48920643432, "filename": "\\Windows\\System32\\rpcss.dll", "id": "region_1855", "name": "rpcss.dll", "norm_filename": "c:\\windows\\system32\\rpcss.dll", "region_type": "memory_mapped_file", "start_va": 48920461312, "timestamp": "00:00:37.332", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 140729583599616, "type": "region", "version": 1 }, "end_va": 140729583640575, "entry_point": 140729583605576, "filename": "\\Windows\\System32\\kernel.appcore.dll", "id": "region_1856", "name": "kernel.appcore.dll", "norm_filename": "c:\\windows\\system32\\kernel.appcore.dll", "region_type": "memory_mapped_file", "start_va": 140729583599616, "timestamp": "00:00:37.334", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 140729601490944, "type": "region", "version": 1 }, "end_va": 140729601531903, "entry_point": 140729601495056, "filename": "\\Windows\\System32\\cryptbase.dll", "id": "region_1857", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\system32\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 140729601490944, "timestamp": "00:00:37.335", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 385024, "start_va": 140729599590400, "type": "region", "version": 1 }, "end_va": 140729599975423, "entry_point": 140729599719072, "filename": "\\Windows\\System32\\bcryptprimitives.dll", "id": "region_1858", "name": "bcryptprimitives.dll", "norm_filename": "c:\\windows\\system32\\bcryptprimitives.dll", "region_type": "memory_mapped_file", "start_va": 140729599590400, "timestamp": "00:00:37.337", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 48891363328, "type": "region", "version": 1 }, "end_va": 48891367423, "entry_point": 0, "filename": null, "id": "region_1859", "name": "pagefile_0x0000000b62270000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 48891363328, "timestamp": "00:00:37.354", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 983040, "start_va": 48920461312, "type": "region", "version": 1 }, "end_va": 48921444351, "entry_point": 0, "filename": null, "id": "region_1860", "name": "pagefile_0x0000000b63e30000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 48920461312, "timestamp": "00:00:37.354", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 48891363328, "type": "region", "version": 1 }, "end_va": 48891379711, "entry_point": 0, "filename": null, "id": "region_1861", "name": "pagefile_0x0000000b62270000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 48891363328, "timestamp": "00:00:37.354", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 28672, "start_va": 48891494400, "type": "region", "version": 1 }, "end_va": 48891523071, "entry_point": 0, "filename": null, "id": "region_1862", "name": "private_0x0000000b62290000", "norm_filename": null, "region_type": "private_memory", "start_va": 48891494400, "timestamp": "00:00:37.355", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 48922034176, "type": "region", "version": 1 }, "end_va": 48923082751, "entry_point": 0, "filename": null, "id": "region_1863", "name": "private_0x0000000b63fb0000", "norm_filename": null, "region_type": "private_memory", "start_va": 48922034176, "timestamp": "00:00:37.373", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1052672, "start_va": 48923082752, "type": "region", "version": 1 }, "end_va": 48924135423, "entry_point": 0, "filename": null, "id": "region_1864", "name": "pagefile_0x0000000b640b0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 48923082752, "timestamp": "00:00:37.381", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 48891559936, "type": "region", "version": 1 }, "end_va": 48891564031, "entry_point": 0, "filename": null, "id": "region_1865", "name": "private_0x0000000b622a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 48891559936, "timestamp": "00:00:37.416", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 135168, "start_va": 140729575276544, "type": "region", "version": 1 }, "end_va": 140729575411711, "entry_point": 140729575280896, "filename": "\\Windows\\System32\\dwmapi.dll", "id": "region_1866", "name": "dwmapi.dll", "norm_filename": "c:\\windows\\system32\\dwmapi.dll", "region_type": "memory_mapped_file", "start_va": 140729575276544, "timestamp": "00:00:37.416", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2969600, "start_va": 48923082752, "type": "region", "version": 1 }, "end_va": 48926052351, "entry_point": 48923082752, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_1867", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 48923082752, "timestamp": "00:00:37.420", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 48891625472, "type": "region", "version": 1 }, "end_va": 48891629567, "entry_point": 0, "filename": null, "id": "region_1868", "name": "pagefile_0x0000000b622b0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 48891625472, "timestamp": "00:00:37.428", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 48891691008, "type": "region", "version": 1 }, "end_va": 48891695103, "entry_point": 0, "filename": null, "id": "region_1869", "name": "private_0x0000000b622c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 48891691008, "timestamp": "00:00:38.467", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 5185536, "start_va": 48926097408, "type": "region", "version": 1 }, "end_va": 48931282943, "entry_point": 0, "filename": null, "id": "region_1870", "name": "pagefile_0x0000000b64390000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 48926097408, "timestamp": "00:00:38.475", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 15138816, "start_va": 48931340288, "type": "region", "version": 1 }, "end_va": 48946479103, "entry_point": 48931340288, "filename": "\\Windows\\Fonts\\StaticCache.dat", "id": "region_1871", "name": "staticcache.dat", "norm_filename": "c:\\windows\\fonts\\staticcache.dat", "region_type": "memory_mapped_file", "start_va": 48931340288, "timestamp": "00:00:38.475", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 86016, "start_va": 140729541525504, "type": "region", "version": 1 }, "end_va": 140729541611519, "entry_point": 140729541529664, "filename": "\\Windows\\System32\\netapi32.dll", "id": "region_1872", "name": "netapi32.dll", "norm_filename": "c:\\windows\\system32\\netapi32.dll", "region_type": "memory_mapped_file", "start_va": 140729541525504, "timestamp": "00:00:38.485", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 140729593954304, "type": "region", "version": 1 }, "end_va": 140729594003455, "entry_point": 140729593959516, "filename": "\\Windows\\System32\\netutils.dll", "id": "region_1873", "name": "netutils.dll", "norm_filename": "c:\\windows\\system32\\netutils.dll", "region_type": "memory_mapped_file", "start_va": 140729593954304, "timestamp": "00:00:38.488", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 151552, "start_va": 140729599000576, "type": "region", "version": 1 }, "end_va": 140729599152127, "entry_point": 140729599004788, "filename": "\\Windows\\System32\\srvcli.dll", "id": "region_1874", "name": "srvcli.dll", "norm_filename": "c:\\windows\\system32\\srvcli.dll", "region_type": "memory_mapped_file", "start_va": 140729599000576, "timestamp": "00:00:38.489", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 90112, "start_va": 140729541263360, "type": "region", "version": 1 }, "end_va": 140729541353471, "entry_point": 140729541267528, "filename": "\\Windows\\System32\\wkscli.dll", "id": "region_1875", "name": "wkscli.dll", "norm_filename": "c:\\windows\\system32\\wkscli.dll", "region_type": "memory_mapped_file", "start_va": 140729541263360, "timestamp": "00:00:38.489", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 48891756544, "type": "region", "version": 1 }, "end_va": 48891760639, "entry_point": 0, "filename": null, "id": "region_1892", "name": "pagefile_0x0000000b622d0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 48891756544, "timestamp": "00:00:38.573", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 2195456, "start_va": 48946479104, "type": "region", "version": 1 }, "end_va": 48948674559, "entry_point": 0, "filename": null, "id": "region_1893", "name": "pagefile_0x0000000b65700000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 48946479104, "timestamp": "00:00:38.573", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 48848896, "start_va": 48948707328, "type": "region", "version": 1 }, "end_va": 48997556223, "entry_point": 48948707328, "filename": "\\Windows\\System32\\imageres.dll", "id": "region_1894", "name": "imageres.dll", "norm_filename": "c:\\windows\\system32\\imageres.dll", "region_type": "memory_mapped_file", "start_va": 48948707328, "timestamp": "00:00:38.867", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 12288, "start_va": 48891756544, "type": "region", "version": 1 }, "end_va": 48891768831, "entry_point": 0, "filename": null, "id": "region_1895", "name": "pagefile_0x0000000b622d0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 48891756544, "timestamp": "00:00:39.254", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 48897654784, "type": "region", "version": 1 }, "end_va": 48897658879, "entry_point": 0, "filename": null, "id": "region_1896", "name": "pagefile_0x0000000b62870000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 48897654784, "timestamp": "00:00:39.254", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 278528, "start_va": 48921444352, "type": "region", "version": 1 }, "end_va": 48921722879, "entry_point": 0, "filename": null, "id": "region_1897", "name": "pagefile_0x0000000b63f20000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 48921444352, "timestamp": "00:00:39.254", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4169728, "start_va": 48997597184, "type": "region", "version": 1 }, "end_va": 49001766911, "entry_point": 0, "filename": null, "id": "region_1898", "name": "pagefile_0x0000000b687c0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 48997597184, "timestamp": "00:00:39.254", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 122880, "start_va": 140729594019840, "type": "region", "version": 1 }, "end_va": 140729594142719, "entry_point": 140729594024392, "filename": "\\Windows\\System32\\cryptsp.dll", "id": "region_1899", "name": "cryptsp.dll", "norm_filename": "c:\\windows\\system32\\cryptsp.dll", "region_type": "memory_mapped_file", "start_va": 140729594019840, "timestamp": "00:00:39.263", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 217088, "start_va": 140729589760000, "type": "region", "version": 1 }, "end_va": 140729589977087, "entry_point": 140729589765080, "filename": "\\Windows\\System32\\rsaenh.dll", "id": "region_1900", "name": "rsaenh.dll", "norm_filename": "c:\\windows\\system32\\rsaenh.dll", "region_type": "memory_mapped_file", "start_va": 140729589760000, "timestamp": "00:00:39.265", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 155648, "start_va": 140729596313600, "type": "region", "version": 1 }, "end_va": 140729596469247, "entry_point": 140729596337000, "filename": "\\Windows\\System32\\bcrypt.dll", "id": "region_1901", "name": "bcrypt.dll", "norm_filename": "c:\\windows\\system32\\bcrypt.dll", "region_type": "memory_mapped_file", "start_va": 140729596313600, "timestamp": "00:00:39.266", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 151552, "start_va": 48921772032, "type": "region", "version": 1 }, "end_va": 48921923583, "entry_point": 0, "filename": null, "id": "region_1914", "name": "pagefile_0x0000000b63f70000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 48921772032, "timestamp": "00:00:39.722", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "C:\\Users\\5JGHKO~1\\Desktop\\WANACR~1.EXE", "filename": "c:\\users\\5jghko~1\\desktop\\wanacr~1.exe", "id": "proc_24", "image_name": "wanacr~1.exe", "monitor_reason": "child_process", "monitored_id": 24, "origin_monitor_id": 23, "ref_parent_process": { "ref_id": "proc_23", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable" ], "ref_process_dump": null, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_1902", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:00:39.663", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 131072, "start_va": 821958737920, "type": "region", "version": 1 }, "end_va": 821958868991, "entry_point": 0, "filename": null, "id": "region_1903", "name": "private_0x000000bf608f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 821958737920, "timestamp": "00:00:39.664", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 61440, "start_va": 821958868992, "type": "region", "version": 1 }, "end_va": 821958930431, "entry_point": 0, "filename": null, "id": "region_1904", "name": "pagefile_0x000000bf60910000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 821958868992, "timestamp": "00:00:39.664", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4194304, "start_va": 821958934528, "type": "region", "version": 1 }, "end_va": 821963128831, "entry_point": 0, "filename": null, "id": "region_1905", "name": "private_0x000000bf60920000", "norm_filename": null, "region_type": "private_memory", "start_va": 821958934528, "timestamp": "00:00:39.664", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 821963128832, "type": "region", "version": 1 }, "end_va": 821963145215, "entry_point": 0, "filename": null, "id": "region_1906", "name": "pagefile_0x000000bf60d20000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 821963128832, "timestamp": "00:00:39.664", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 821963194368, "type": "region", "version": 1 }, "end_va": 821963202559, "entry_point": 0, "filename": null, "id": "region_1907", "name": "pagefile_0x000000bf60d30000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 821963194368, "timestamp": "00:00:39.664", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 821963259904, "type": "region", "version": 1 }, "end_va": 821963268095, "entry_point": 0, "filename": null, "id": "region_1908", "name": "private_0x000000bf60d40000", "norm_filename": null, "region_type": "private_memory", "start_va": 821963259904, "timestamp": "00:00:39.664", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 140700275769344, "type": "region", "version": 1 }, "end_va": 140700275912703, "entry_point": 0, "filename": null, "id": "region_1909", "name": "pagefile_0x00007ff755f50000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 140700275769344, "timestamp": "00:00:39.664", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 140700275920896, "type": "region", "version": 1 }, "end_va": 140700275924991, "entry_point": 0, "filename": null, "id": "region_1910", "name": "private_0x00007ff755f75000", "norm_filename": null, "region_type": "private_memory", "start_va": 140700275920896, "timestamp": "00:00:39.664", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140700275957760, "type": "region", "version": 1 }, "end_va": 140700275965951, "entry_point": 0, "filename": null, "id": "region_1911", "name": "private_0x00007ff755f7e000", "norm_filename": null, "region_type": "private_memory", "start_va": 140700275957760, "timestamp": "00:00:39.664", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1085440, "start_va": 140700288352256, "type": "region", "version": 1 }, "end_va": 140700289437695, "entry_point": 140700288547356, "filename": "\\Users\\5JgHKoaOfdp\\Desktop\\wanacry6.malware.exe", "id": "region_1912", "name": "wanacry6.malware.exe", "norm_filename": "c:\\users\\5jghkoaofdp\\desktop\\wanacry6.malware.exe", "region_type": "memory_mapped_file", "start_va": 140700288352256, "timestamp": "00:00:39.664", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 140729648283648, "type": "region", "version": 1 }, "end_va": 140729650024447, "entry_point": 140729648283648, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_1913", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 140729648283648, "timestamp": "00:00:39.665", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4194304, "start_va": 821963653120, "type": "region", "version": 1 }, "end_va": 821967847423, "entry_point": 0, "filename": null, "id": "region_1915", "name": "private_0x000000bf60da0000", "norm_filename": null, "region_type": "private_memory", "start_va": 821963653120, "timestamp": "00:00:39.753", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1105920, "start_va": 140729603522560, "type": "region", "version": 1 }, "end_va": 140729604628479, "entry_point": 140729603531424, "filename": "\\Windows\\System32\\KernelBase.dll", "id": "region_1916", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\system32\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 140729603522560, "timestamp": "00:00:39.753", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1282048, "start_va": 140729609617408, "type": "region", "version": 1 }, "end_va": 140729610899455, "entry_point": 140729609637940, "filename": "\\Windows\\System32\\kernel32.dll", "id": "region_1917", "name": "kernel32.dll", "norm_filename": "c:\\windows\\system32\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 140729609617408, "timestamp": "00:00:39.754", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 821958737920, "type": "region", "version": 1 }, "end_va": 821958803455, "entry_point": 0, "filename": null, "id": "region_1918", "name": "pagefile_0x000000bf608f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 821958737920, "timestamp": "00:00:39.798", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 28672, "start_va": 821958803456, "type": "region", "version": 1 }, "end_va": 821958832127, "entry_point": 0, "filename": null, "id": "region_1919", "name": "private_0x000000bf60900000", "norm_filename": null, "region_type": "private_memory", "start_va": 821958803456, "timestamp": "00:00:39.798", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 28672, "start_va": 821963325440, "type": "region", "version": 1 }, "end_va": 821963354111, "entry_point": 0, "filename": null, "id": "region_1920", "name": "private_0x000000bf60d50000", "norm_filename": null, "region_type": "private_memory", "start_va": 821963325440, "timestamp": "00:00:39.798", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 821963390976, "type": "region", "version": 1 }, "end_va": 821963395071, "entry_point": 0, "filename": null, "id": "region_1921", "name": "private_0x000000bf60d60000", "norm_filename": null, "region_type": "private_memory", "start_va": 821963390976, "timestamp": "00:00:39.798", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 821963456512, "type": "region", "version": 1 }, "end_va": 821963460607, "entry_point": 0, "filename": null, "id": "region_1922", "name": "private_0x000000bf60d70000", "norm_filename": null, "region_type": "private_memory", "start_va": 821963456512, "timestamp": "00:00:39.798", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 516096, "start_va": 821967847424, "type": "region", "version": 1 }, "end_va": 821968363519, "entry_point": 821967847424, "filename": "\\Windows\\System32\\locale.nls", "id": "region_1923", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 821967847424, "timestamp": "00:00:39.798", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 821968371712, "type": "region", "version": 1 }, "end_va": 821969977343, "entry_point": 0, "filename": null, "id": "region_1924", "name": "pagefile_0x000000bf61220000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 821968371712, "timestamp": "00:00:39.798", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 821970206720, "type": "region", "version": 1 }, "end_va": 821970272255, "entry_point": 0, "filename": null, "id": "region_1925", "name": "private_0x000000bf613e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 821970206720, "timestamp": "00:00:39.798", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 821970272256, "type": "region", "version": 1 }, "end_va": 821971849215, "entry_point": 0, "filename": null, "id": "region_1926", "name": "pagefile_0x000000bf613f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 821970272256, "timestamp": "00:00:39.799", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20971520, "start_va": 821971910656, "type": "region", "version": 1 }, "end_va": 821992882175, "entry_point": 0, "filename": null, "id": "region_1927", "name": "pagefile_0x000000bf61580000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 821971910656, "timestamp": "00:00:39.799", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 140700274720768, "type": "region", "version": 1 }, "end_va": 140700275769343, "entry_point": 0, "filename": null, "id": "region_1928", "name": "pagefile_0x00007ff755e50000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 140700274720768, "timestamp": "00:00:39.799", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 140729467273216, "type": "region", "version": 1 }, "end_va": 140729467314175, "entry_point": 140729467277504, "filename": "\\Windows\\System32\\version.dll", "id": "region_1929", "name": "version.dll", "norm_filename": "c:\\windows\\system32\\version.dll", "region_type": "memory_mapped_file", "start_va": 140729467273216, "timestamp": "00:00:39.799", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 172032, "start_va": 140729480118272, "type": "region", "version": 1 }, "end_va": 140729480290303, "entry_point": 140729480161128, "filename": "\\Windows\\System32\\winmmbase.dll", "id": "region_1930", "name": "winmmbase.dll", "norm_filename": "c:\\windows\\system32\\winmmbase.dll", "region_type": "memory_mapped_file", "start_va": 140729480118272, "timestamp": "00:00:39.800", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 126976, "start_va": 140729480314880, "type": "region", "version": 1 }, "end_va": 140729480441855, "entry_point": 140729480324088, "filename": "\\Windows\\System32\\winmm.dll", "id": "region_1931", "name": "winmm.dll", "norm_filename": "c:\\windows\\system32\\winmm.dll", "region_type": "memory_mapped_file", "start_va": 140729480314880, "timestamp": "00:00:39.800", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 110592, "start_va": 140729514524672, "type": "region", "version": 1 }, "end_va": 140729514635263, "entry_point": 140729514528848, "filename": "\\Windows\\System32\\mpr.dll", "id": "region_1932", "name": "mpr.dll", "norm_filename": "c:\\windows\\system32\\mpr.dll", "region_type": "memory_mapped_file", "start_va": 140729514524672, "timestamp": "00:00:39.801", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2785280, "start_va": 140729514655744, "type": "region", "version": 1 }, "end_va": 140729517441023, "entry_point": 140729514712516, "filename": "\\Windows\\System32\\iertutil.dll", "id": "region_1933", "name": "iertutil.dll", "norm_filename": "c:\\windows\\system32\\iertutil.dll", "region_type": "memory_mapped_file", "start_va": 140729514655744, "timestamp": "00:00:39.801", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2359296, "start_va": 140729517473792, "type": "region", "version": 1 }, "end_va": 140729519833087, "entry_point": 140729517478896, "filename": "\\Windows\\System32\\wininet.dll", "id": "region_1934", "name": "wininet.dll", "norm_filename": "c:\\windows\\system32\\wininet.dll", "region_type": "memory_mapped_file", "start_va": 140729517473792, "timestamp": "00:00:39.802", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 140729531891712, "type": "region", "version": 1 }, "end_va": 140729531932671, "entry_point": 140729531896004, "filename": "\\Windows\\System32\\winnsi.dll", "id": "region_1935", "name": "winnsi.dll", "norm_filename": "c:\\windows\\system32\\winnsi.dll", "region_type": "memory_mapped_file", "start_va": 140729531891712, "timestamp": "00:00:39.802", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 36864, "start_va": 140729532350464, "type": "region", "version": 1 }, "end_va": 140729532387327, "entry_point": 140729532354688, "filename": "\\Windows\\System32\\wsock32.dll", "id": "region_1936", "name": "wsock32.dll", "norm_filename": "c:\\windows\\system32\\wsock32.dll", "region_type": "memory_mapped_file", "start_va": 140729532350464, "timestamp": "00:00:39.802", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 167936, "start_va": 140729534971904, "type": "region", "version": 1 }, "end_va": 140729535139839, "entry_point": 140729535002984, "filename": "\\Windows\\System32\\IPHLPAPI.DLL", "id": "region_1937", "name": "iphlpapi.dll", "norm_filename": "c:\\windows\\system32\\iphlpapi.dll", "region_type": "memory_mapped_file", "start_va": 140729534971904, "timestamp": "00:00:39.803", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2465792, "start_va": 140729570230272, "type": "region", "version": 1 }, "end_va": 140729572696063, "entry_point": 140729570248512, "filename": "\\Windows\\WinSxS\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_62475f7becb72503\\comctl32.dll", "id": "region_1938", "name": "comctl32.dll", "norm_filename": "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_62475f7becb72503\\comctl32.dll", "region_type": "memory_mapped_file", "start_va": 140729570230272, "timestamp": "00:00:39.803", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 659456, "start_va": 140729577242624, "type": "region", "version": 1 }, "end_va": 140729577902079, "entry_point": 140729577246880, "filename": "\\Windows\\System32\\SHCore.dll", "id": "region_1939", "name": "shcore.dll", "norm_filename": "c:\\windows\\system32\\shcore.dll", "region_type": "memory_mapped_file", "start_va": 140729577242624, "timestamp": "00:00:39.804", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1187840, "start_va": 140729581699072, "type": "region", "version": 1 }, "end_va": 140729582886911, "entry_point": 140729581745220, "filename": "\\Windows\\System32\\uxtheme.dll", "id": "region_1940", "name": "uxtheme.dll", "norm_filename": "c:\\windows\\system32\\uxtheme.dll", "region_type": "memory_mapped_file", "start_va": 140729581699072, "timestamp": "00:00:39.804", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 155648, "start_va": 140729583271936, "type": "region", "version": 1 }, "end_va": 140729583427583, "entry_point": 140729583277468, "filename": "\\Windows\\System32\\devobj.dll", "id": "region_1941", "name": "devobj.dll", "norm_filename": "c:\\windows\\system32\\devobj.dll", "region_type": "memory_mapped_file", "start_va": 140729583271936, "timestamp": "00:00:39.805", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 126976, "start_va": 140729590874112, "type": "region", "version": 1 }, "end_va": 140729591001087, "entry_point": 140729590878960, "filename": "\\Windows\\System32\\userenv.dll", "id": "region_1942", "name": "userenv.dll", "norm_filename": "c:\\windows\\system32\\userenv.dll", "region_type": "memory_mapped_file", "start_va": 140729590874112, "timestamp": "00:00:39.805", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 81920, "start_va": 140729601622016, "type": "region", "version": 1 }, "end_va": 140729601703935, "entry_point": 140729601637068, "filename": "\\Windows\\System32\\profapi.dll", "id": "region_1943", "name": "profapi.dll", "norm_filename": "c:\\windows\\system32\\profapi.dll", "region_type": "memory_mapped_file", "start_va": 140729601622016, "timestamp": "00:00:39.806", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 303104, "start_va": 140729606602752, "type": "region", "version": 1 }, "end_va": 140729606905855, "entry_point": 140729606607448, "filename": "\\Windows\\System32\\cfgmgr32.dll", "id": "region_1944", "name": "cfgmgr32.dll", "norm_filename": "c:\\windows\\system32\\cfgmgr32.dll", "region_type": "memory_mapped_file", "start_va": 140729606602752, "timestamp": "00:00:39.808", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1511424, "start_va": 140729606930432, "type": "region", "version": 1 }, "end_va": 140729608441855, "entry_point": 140729607084736, "filename": "\\Windows\\System32\\user32.dll", "id": "region_1945", "name": "user32.dll", "norm_filename": "c:\\windows\\system32\\user32.dll", "region_type": "memory_mapped_file", "start_va": 140729606930432, "timestamp": "00:00:39.808", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 356352, "start_va": 140729608503296, "type": "region", "version": 1 }, "end_va": 140729608859647, "entry_point": 140729608512768, "filename": "\\Windows\\System32\\sechost.dll", "id": "region_1946", "name": "sechost.dll", "norm_filename": "c:\\windows\\system32\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 140729608503296, "timestamp": "00:00:39.809", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 675840, "start_va": 140729608896512, "type": "region", "version": 1 }, "end_va": 140729609572351, "entry_point": 140729608900624, "filename": "\\Windows\\System32\\advapi32.dll", "id": "region_1947", "name": "advapi32.dll", "norm_filename": "c:\\windows\\system32\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 140729608896512, "timestamp": "00:00:39.809", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 749568, "start_va": 140729610928128, "type": "region", "version": 1 }, "end_va": 140729611677695, "entry_point": 140729610932512, "filename": "\\Windows\\System32\\oleaut32.dll", "id": "region_1948", "name": "oleaut32.dll", "norm_filename": "c:\\windows\\system32\\oleaut32.dll", "region_type": "memory_mapped_file", "start_va": 140729610928128, "timestamp": "00:00:39.810", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 684032, "start_va": 140729612173312, "type": "region", "version": 1 }, "end_va": 140729612857343, "entry_point": 140729612183596, "filename": "\\Windows\\System32\\msvcrt.dll", "id": "region_1949", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\system32\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 140729612173312, "timestamp": "00:00:39.810", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1331200, "start_va": 140729612894208, "type": "region", "version": 1 }, "end_va": 140729614225407, "entry_point": 140729612967000, "filename": "\\Windows\\System32\\gdi32.dll", "id": "region_1950", "name": "gdi32.dll", "norm_filename": "c:\\windows\\system32\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 140729612894208, "timestamp": "00:00:39.811", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 21032960, "start_va": 140729614270464, "type": "region", "version": 1 }, "end_va": 140729635303423, "entry_point": 140729614274816, "filename": "\\Windows\\System32\\shell32.dll", "id": "region_1951", "name": "shell32.dll", "norm_filename": "c:\\windows\\system32\\shell32.dll", "region_type": "memory_mapped_file", "start_va": 140729614270464, "timestamp": "00:00:39.812", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1929216, "start_va": 140729635831808, "type": "region", "version": 1 }, "end_va": 140729637761023, "entry_point": 140729635839840, "filename": "\\Windows\\System32\\combase.dll", "id": "region_1952", "name": "combase.dll", "norm_filename": "c:\\windows\\system32\\combase.dll", "region_type": "memory_mapped_file", "start_va": 140729635831808, "timestamp": "00:00:39.812", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 212992, "start_va": 140729638518784, "type": "region", "version": 1 }, "end_va": 140729638731775, "entry_point": 140729638522928, "filename": "\\Windows\\System32\\imm32.dll", "id": "region_1953", "name": "imm32.dll", "norm_filename": "c:\\windows\\system32\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 140729638518784, "timestamp": "00:00:39.813", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1531904, "start_va": 140729638780928, "type": "region", "version": 1 }, "end_va": 140729640312831, "entry_point": 140729638785204, "filename": "\\Windows\\System32\\ole32.dll", "id": "region_1954", "name": "ole32.dll", "norm_filename": "c:\\windows\\system32\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 140729638780928, "timestamp": "00:00:39.813", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1277952, "start_va": 140729640353792, "type": "region", "version": 1 }, "end_va": 140729641631743, "entry_point": 140729640357904, "filename": "\\Windows\\System32\\msctf.dll", "id": "region_1955", "name": "msctf.dll", "norm_filename": "c:\\windows\\system32\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 140729640353792, "timestamp": "00:00:39.814", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 360448, "start_va": 140729641664512, "type": "region", "version": 1 }, "end_va": 140729642024959, "entry_point": 140729641668764, "filename": "\\Windows\\System32\\ws2_32.dll", "id": "region_1956", "name": "ws2_32.dll", "norm_filename": "c:\\windows\\system32\\ws2_32.dll", "region_type": "memory_mapped_file", "start_va": 140729641664512, "timestamp": "00:00:39.814", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 630784, "start_va": 140729644023808, "type": "region", "version": 1 }, "end_va": 140729644654591, "entry_point": 140729644028324, "filename": "\\Windows\\System32\\comdlg32.dll", "id": "region_1957", "name": "comdlg32.dll", "norm_filename": "c:\\windows\\system32\\comdlg32.dll", "region_type": "memory_mapped_file", "start_va": 140729644023808, "timestamp": "00:00:39.814", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1269760, "start_va": 140729644679168, "type": "region", "version": 1 }, "end_va": 140729645948927, "entry_point": 140729644683600, "filename": "\\Windows\\System32\\rpcrt4.dll", "id": "region_1958", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\system32\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 140729644679168, "timestamp": "00:00:39.815", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 28672, "start_va": 140729647759360, "type": "region", "version": 1 }, "end_va": 140729647788031, "entry_point": 140729647763472, "filename": "\\Windows\\System32\\psapi.dll", "id": "region_1959", "name": "psapi.dll", "norm_filename": "c:\\windows\\system32\\psapi.dll", "region_type": "memory_mapped_file", "start_va": 140729647759360, "timestamp": "00:00:39.815", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 36864, "start_va": 140729647824896, "type": "region", "version": 1 }, "end_va": 140729647861759, "entry_point": 140729647830016, "filename": "\\Windows\\System32\\nsi.dll", "id": "region_1960", "name": "nsi.dll", "norm_filename": "c:\\windows\\system32\\nsi.dll", "region_type": "memory_mapped_file", "start_va": 140729647824896, "timestamp": "00:00:39.816", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 331776, "start_va": 140729647890432, "type": "region", "version": 1 }, "end_va": 140729648222207, "entry_point": 140729647895232, "filename": "\\Windows\\System32\\shlwapi.dll", "id": "region_1961", "name": "shlwapi.dll", "norm_filename": "c:\\windows\\system32\\shlwapi.dll", "region_type": "memory_mapped_file", "start_va": 140729647890432, "timestamp": "00:00:39.816", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 821963587584, "type": "region", "version": 1 }, "end_va": 821963595775, "entry_point": 0, "filename": null, "id": "region_1962", "name": "pagefile_0x000000bf60d90000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 821963587584, "timestamp": "00:00:39.836", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 821993799680, "type": "region", "version": 1 }, "end_va": 821993865215, "entry_point": 0, "filename": null, "id": "region_1963", "name": "private_0x000000bf62a60000", "norm_filename": null, "region_type": "private_memory", "start_va": 821993799680, "timestamp": "00:00:39.836", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 761856, "start_va": 821992882176, "type": "region", "version": 1 }, "end_va": 821993644031, "entry_point": 821993064296, "filename": "\\Windows\\System32\\rpcss.dll", "id": "region_1964", "name": "rpcss.dll", "norm_filename": "c:\\windows\\system32\\rpcss.dll", "region_type": "memory_mapped_file", "start_va": 821992882176, "timestamp": "00:00:39.844", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 140729583599616, "type": "region", "version": 1 }, "end_va": 140729583640575, "entry_point": 140729583605576, "filename": "\\Windows\\System32\\kernel.appcore.dll", "id": "region_1965", "name": "kernel.appcore.dll", "norm_filename": "c:\\windows\\system32\\kernel.appcore.dll", "region_type": "memory_mapped_file", "start_va": 140729583599616, "timestamp": "00:00:39.846", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 140729601490944, "type": "region", "version": 1 }, "end_va": 140729601531903, "entry_point": 140729601495056, "filename": "\\Windows\\System32\\cryptbase.dll", "id": "region_1966", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\system32\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 140729601490944, "timestamp": "00:00:39.847", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 385024, "start_va": 140729599590400, "type": "region", "version": 1 }, "end_va": 140729599975423, "entry_point": 140729599719072, "filename": "\\Windows\\System32\\bcryptprimitives.dll", "id": "region_1967", "name": "bcryptprimitives.dll", "norm_filename": "c:\\windows\\system32\\bcryptprimitives.dll", "region_type": "memory_mapped_file", "start_va": 140729599590400, "timestamp": "00:00:39.848", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 821963522048, "type": "region", "version": 1 }, "end_va": 821963526143, "entry_point": 0, "filename": null, "id": "region_1968", "name": "pagefile_0x000000bf60d80000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 821963522048, "timestamp": "00:00:39.863", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 983040, "start_va": 821993865216, "type": "region", "version": 1 }, "end_va": 821994848255, "entry_point": 0, "filename": null, "id": "region_1969", "name": "pagefile_0x000000bf62a70000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 821993865216, "timestamp": "00:00:39.864", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 821963522048, "type": "region", "version": 1 }, "end_va": 821963538431, "entry_point": 0, "filename": null, "id": "region_1970", "name": "pagefile_0x000000bf60d80000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 821963522048, "timestamp": "00:00:39.864", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 28672, "start_va": 821970010112, "type": "region", "version": 1 }, "end_va": 821970038783, "entry_point": 0, "filename": null, "id": "region_1971", "name": "private_0x000000bf613b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 821970010112, "timestamp": "00:00:39.864", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 821994848256, "type": "region", "version": 1 }, "end_va": 821995896831, "entry_point": 0, "filename": null, "id": "region_1972", "name": "private_0x000000bf62b60000", "norm_filename": null, "region_type": "private_memory", "start_va": 821994848256, "timestamp": "00:00:39.876", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1052672, "start_va": 821995896832, "type": "region", "version": 1 }, "end_va": 821996949503, "entry_point": 0, "filename": null, "id": "region_1973", "name": "pagefile_0x000000bf62c60000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 821995896832, "timestamp": "00:00:39.886", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 821970075648, "type": "region", "version": 1 }, "end_va": 821970079743, "entry_point": 0, "filename": null, "id": "region_1974", "name": "private_0x000000bf613c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 821970075648, "timestamp": "00:00:39.929", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 135168, "start_va": 140729575276544, "type": "region", "version": 1 }, "end_va": 140729575411711, "entry_point": 140729575280896, "filename": "\\Windows\\System32\\dwmapi.dll", "id": "region_1975", "name": "dwmapi.dll", "norm_filename": "c:\\windows\\system32\\dwmapi.dll", "region_type": "memory_mapped_file", "start_va": 140729575276544, "timestamp": "00:00:39.930", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2969600, "start_va": 821995896832, "type": "region", "version": 1 }, "end_va": 821998866431, "entry_point": 821995896832, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_1976", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 821995896832, "timestamp": "00:00:39.933", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 821970141184, "type": "region", "version": 1 }, "end_va": 821970145279, "entry_point": 0, "filename": null, "id": "region_1977", "name": "pagefile_0x000000bf613d0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 821970141184, "timestamp": "00:00:39.941", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 821992882176, "type": "region", "version": 1 }, "end_va": 821992886271, "entry_point": 0, "filename": null, "id": "region_1978", "name": "private_0x000000bf62980000", "norm_filename": null, "region_type": "private_memory", "start_va": 821992882176, "timestamp": "00:00:40.978", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 5185536, "start_va": 821998911488, "type": "region", "version": 1 }, "end_va": 822004097023, "entry_point": 0, "filename": null, "id": "region_1979", "name": "pagefile_0x000000bf62f40000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 821998911488, "timestamp": "00:00:40.985", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 15138816, "start_va": 822004154368, "type": "region", "version": 1 }, "end_va": 822019293183, "entry_point": 822004154368, "filename": "\\Windows\\Fonts\\StaticCache.dat", "id": "region_1980", "name": "staticcache.dat", "norm_filename": "c:\\windows\\fonts\\staticcache.dat", "region_type": "memory_mapped_file", "start_va": 822004154368, "timestamp": "00:00:40.986", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 86016, "start_va": 140729541525504, "type": "region", "version": 1 }, "end_va": 140729541611519, "entry_point": 140729541529664, "filename": "\\Windows\\System32\\netapi32.dll", "id": "region_1981", "name": "netapi32.dll", "norm_filename": "c:\\windows\\system32\\netapi32.dll", "region_type": "memory_mapped_file", "start_va": 140729541525504, "timestamp": "00:00:40.994", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 140729593954304, "type": "region", "version": 1 }, "end_va": 140729594003455, "entry_point": 140729593959516, "filename": "\\Windows\\System32\\netutils.dll", "id": "region_1982", "name": "netutils.dll", "norm_filename": "c:\\windows\\system32\\netutils.dll", "region_type": "memory_mapped_file", "start_va": 140729593954304, "timestamp": "00:00:40.995", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 151552, "start_va": 140729599000576, "type": "region", "version": 1 }, "end_va": 140729599152127, "entry_point": 140729599004788, "filename": "\\Windows\\System32\\srvcli.dll", "id": "region_1983", "name": "srvcli.dll", "norm_filename": "c:\\windows\\system32\\srvcli.dll", "region_type": "memory_mapped_file", "start_va": 140729599000576, "timestamp": "00:00:40.996", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 90112, "start_va": 140729541263360, "type": "region", "version": 1 }, "end_va": 140729541353471, "entry_point": 140729541267528, "filename": "\\Windows\\System32\\wkscli.dll", "id": "region_1984", "name": "wkscli.dll", "norm_filename": "c:\\windows\\system32\\wkscli.dll", "region_type": "memory_mapped_file", "start_va": 140729541263360, "timestamp": "00:00:40.997", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 821992947712, "type": "region", "version": 1 }, "end_va": 821992951807, "entry_point": 0, "filename": null, "id": "region_2001", "name": "pagefile_0x000000bf62990000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 821992947712, "timestamp": "00:00:41.075", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 2195456, "start_va": 822019293184, "type": "region", "version": 1 }, "end_va": 822021488639, "entry_point": 0, "filename": null, "id": "region_2002", "name": "pagefile_0x000000bf642b0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 822019293184, "timestamp": "00:00:41.076", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 48848896, "start_va": 822021521408, "type": "region", "version": 1 }, "end_va": 822070370303, "entry_point": 822021521408, "filename": "\\Windows\\System32\\imageres.dll", "id": "region_2003", "name": "imageres.dll", "norm_filename": "c:\\windows\\system32\\imageres.dll", "region_type": "memory_mapped_file", "start_va": 822021521408, "timestamp": "00:00:41.407", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 12288, "start_va": 821992947712, "type": "region", "version": 1 }, "end_va": 821992959999, "entry_point": 0, "filename": null, "id": "region_2004", "name": "pagefile_0x000000bf62990000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 821992947712, "timestamp": "00:00:41.799", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 821993013248, "type": "region", "version": 1 }, "end_va": 821993017343, "entry_point": 0, "filename": null, "id": "region_2005", "name": "pagefile_0x000000bf629a0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 821993013248, "timestamp": "00:00:41.799", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 278528, "start_va": 821993078784, "type": "region", "version": 1 }, "end_va": 821993357311, "entry_point": 0, "filename": null, "id": "region_2006", "name": "pagefile_0x000000bf629b0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 821993078784, "timestamp": "00:00:41.799", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4169728, "start_va": 822070411264, "type": "region", "version": 1 }, "end_va": 822074580991, "entry_point": 0, "filename": null, "id": "region_2007", "name": "pagefile_0x000000bf67370000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 822070411264, "timestamp": "00:00:41.799", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 122880, "start_va": 140729594019840, "type": "region", "version": 1 }, "end_va": 140729594142719, "entry_point": 140729594024392, "filename": "\\Windows\\System32\\cryptsp.dll", "id": "region_2008", "name": "cryptsp.dll", "norm_filename": "c:\\windows\\system32\\cryptsp.dll", "region_type": "memory_mapped_file", "start_va": 140729594019840, "timestamp": "00:00:41.802", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 217088, "start_va": 140729589760000, "type": "region", "version": 1 }, "end_va": 140729589977087, "entry_point": 140729589765080, "filename": "\\Windows\\System32\\rsaenh.dll", "id": "region_2009", "name": "rsaenh.dll", "norm_filename": "c:\\windows\\system32\\rsaenh.dll", "region_type": "memory_mapped_file", "start_va": 140729589760000, "timestamp": "00:00:41.807", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 155648, "start_va": 140729596313600, "type": "region", "version": 1 }, "end_va": 140729596469247, "entry_point": 140729596337000, "filename": "\\Windows\\System32\\bcrypt.dll", "id": "region_2010", "name": "bcrypt.dll", "norm_filename": "c:\\windows\\system32\\bcrypt.dll", "region_type": "memory_mapped_file", "start_va": 140729596313600, "timestamp": "00:00:41.809", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 151552, "start_va": 821993406464, "type": "region", "version": 1 }, "end_va": 821993558015, "entry_point": 0, "filename": null, "id": "region_2023", "name": "pagefile_0x000000bf62a00000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 821993406464, "timestamp": "00:00:42.252", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "C:\\Users\\5JGHKO~1\\Desktop\\WANACR~1.EXE", "filename": "c:\\users\\5jghko~1\\desktop\\wanacr~1.exe", "id": "proc_25", "image_name": "wanacr~1.exe", "monitor_reason": "child_process", "monitored_id": 25, "origin_monitor_id": 24, "ref_parent_process": { "ref_id": "proc_24", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable" ], "ref_process_dump": null, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_2011", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:00:42.208", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 131072, "start_va": 727636901888, "type": "region", "version": 1 }, "end_va": 727637032959, "entry_point": 0, "filename": null, "id": "region_2012", "name": "private_0x000000a96a8a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 727636901888, "timestamp": "00:00:42.208", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 61440, "start_va": 727637032960, "type": "region", "version": 1 }, "end_va": 727637094399, "entry_point": 0, "filename": null, "id": "region_2013", "name": "pagefile_0x000000a96a8c0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 727637032960, "timestamp": "00:00:42.208", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4194304, "start_va": 727637098496, "type": "region", "version": 1 }, "end_va": 727641292799, "entry_point": 0, "filename": null, "id": "region_2014", "name": "private_0x000000a96a8d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 727637098496, "timestamp": "00:00:42.208", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 727641292800, "type": "region", "version": 1 }, "end_va": 727641309183, "entry_point": 0, "filename": null, "id": "region_2015", "name": "pagefile_0x000000a96acd0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 727641292800, "timestamp": "00:00:42.208", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 727641358336, "type": "region", "version": 1 }, "end_va": 727641366527, "entry_point": 0, "filename": null, "id": "region_2016", "name": "pagefile_0x000000a96ace0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 727641358336, "timestamp": "00:00:42.208", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 727641423872, "type": "region", "version": 1 }, "end_va": 727641432063, "entry_point": 0, "filename": null, "id": "region_2017", "name": "private_0x000000a96acf0000", "norm_filename": null, "region_type": "private_memory", "start_va": 727641423872, "timestamp": "00:00:42.208", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 140700287696896, "type": "region", "version": 1 }, "end_va": 140700287840255, "entry_point": 0, "filename": null, "id": "region_2018", "name": "pagefile_0x00007ff756ab0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 140700287696896, "timestamp": "00:00:42.208", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140700287877120, "type": "region", "version": 1 }, "end_va": 140700287885311, "entry_point": 0, "filename": null, "id": "region_2019", "name": "private_0x00007ff756adc000", "norm_filename": null, "region_type": "private_memory", "start_va": 140700287877120, "timestamp": "00:00:42.208", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 140700287885312, "type": "region", "version": 1 }, "end_va": 140700287889407, "entry_point": 0, "filename": null, "id": "region_2020", "name": "private_0x00007ff756ade000", "norm_filename": null, "region_type": "private_memory", "start_va": 140700287885312, "timestamp": "00:00:42.208", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1085440, "start_va": 140700288352256, "type": "region", "version": 1 }, "end_va": 140700289437695, "entry_point": 140700288547356, "filename": "\\Users\\5JgHKoaOfdp\\Desktop\\wanacry6.malware.exe", "id": "region_2021", "name": "wanacry6.malware.exe", "norm_filename": "c:\\users\\5jghkoaofdp\\desktop\\wanacry6.malware.exe", "region_type": "memory_mapped_file", "start_va": 140700288352256, "timestamp": "00:00:42.209", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 140729648283648, "type": "region", "version": 1 }, "end_va": 140729650024447, "entry_point": 140729648283648, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_2022", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 140729648283648, "timestamp": "00:00:42.209", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4194304, "start_va": 727641882624, "type": "region", "version": 1 }, "end_va": 727646076927, "entry_point": 0, "filename": null, "id": "region_2024", "name": "private_0x000000a96ad60000", "norm_filename": null, "region_type": "private_memory", "start_va": 727641882624, "timestamp": "00:00:42.287", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1105920, "start_va": 140729603522560, "type": "region", "version": 1 }, "end_va": 140729604628479, "entry_point": 140729603531424, "filename": "\\Windows\\System32\\KernelBase.dll", "id": "region_2025", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\system32\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 140729603522560, "timestamp": "00:00:42.287", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1282048, "start_va": 140729609617408, "type": "region", "version": 1 }, "end_va": 140729610899455, "entry_point": 140729609637940, "filename": "\\Windows\\System32\\kernel32.dll", "id": "region_2026", "name": "kernel32.dll", "norm_filename": "c:\\windows\\system32\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 140729609617408, "timestamp": "00:00:42.288", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 727636901888, "type": "region", "version": 1 }, "end_va": 727636967423, "entry_point": 0, "filename": null, "id": "region_2027", "name": "pagefile_0x000000a96a8a0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 727636901888, "timestamp": "00:00:42.329", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 28672, "start_va": 727636967424, "type": "region", "version": 1 }, "end_va": 727636996095, "entry_point": 0, "filename": null, "id": "region_2028", "name": "private_0x000000a96a8b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 727636967424, "timestamp": "00:00:42.329", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 28672, "start_va": 727641489408, "type": "region", "version": 1 }, "end_va": 727641518079, "entry_point": 0, "filename": null, "id": "region_2029", "name": "private_0x000000a96ad00000", "norm_filename": null, "region_type": "private_memory", "start_va": 727641489408, "timestamp": "00:00:42.329", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 727641554944, "type": "region", "version": 1 }, "end_va": 727641559039, "entry_point": 0, "filename": null, "id": "region_2030", "name": "private_0x000000a96ad10000", "norm_filename": null, "region_type": "private_memory", "start_va": 727641554944, "timestamp": "00:00:42.329", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 727641620480, "type": "region", "version": 1 }, "end_va": 727641624575, "entry_point": 0, "filename": null, "id": "region_2031", "name": "private_0x000000a96ad20000", "norm_filename": null, "region_type": "private_memory", "start_va": 727641620480, "timestamp": "00:00:42.329", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 516096, "start_va": 727646076928, "type": "region", "version": 1 }, "end_va": 727646593023, "entry_point": 727646076928, "filename": "\\Windows\\System32\\locale.nls", "id": "region_2032", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 727646076928, "timestamp": "00:00:42.329", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 727647125504, "type": "region", "version": 1 }, "end_va": 727647191039, "entry_point": 0, "filename": null, "id": "region_2033", "name": "private_0x000000a96b260000", "norm_filename": null, "region_type": "private_memory", "start_va": 727647125504, "timestamp": "00:00:42.329", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 727647191040, "type": "region", "version": 1 }, "end_va": 727648796671, "entry_point": 0, "filename": null, "id": "region_2034", "name": "pagefile_0x000000a96b270000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 727647191040, "timestamp": "00:00:42.329", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 727648829440, "type": "region", "version": 1 }, "end_va": 727650406399, "entry_point": 0, "filename": null, "id": "region_2035", "name": "pagefile_0x000000a96b400000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 727648829440, "timestamp": "00:00:42.329", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20971520, "start_va": 727650467840, "type": "region", "version": 1 }, "end_va": 727671439359, "entry_point": 0, "filename": null, "id": "region_2036", "name": "pagefile_0x000000a96b590000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 727650467840, "timestamp": "00:00:42.330", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 140700286648320, "type": "region", "version": 1 }, "end_va": 140700287696895, "entry_point": 0, "filename": null, "id": "region_2037", "name": "pagefile_0x00007ff7569b0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 140700286648320, "timestamp": "00:00:42.330", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 140729467273216, "type": "region", "version": 1 }, "end_va": 140729467314175, "entry_point": 140729467277504, "filename": "\\Windows\\System32\\version.dll", "id": "region_2038", "name": "version.dll", "norm_filename": "c:\\windows\\system32\\version.dll", "region_type": "memory_mapped_file", "start_va": 140729467273216, "timestamp": "00:00:42.330", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 172032, "start_va": 140729480118272, "type": "region", "version": 1 }, "end_va": 140729480290303, "entry_point": 140729480161128, "filename": "\\Windows\\System32\\winmmbase.dll", "id": "region_2039", "name": "winmmbase.dll", "norm_filename": "c:\\windows\\system32\\winmmbase.dll", "region_type": "memory_mapped_file", "start_va": 140729480118272, "timestamp": "00:00:42.330", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 126976, "start_va": 140729480314880, "type": "region", "version": 1 }, "end_va": 140729480441855, "entry_point": 140729480324088, "filename": "\\Windows\\System32\\winmm.dll", "id": "region_2040", "name": "winmm.dll", "norm_filename": "c:\\windows\\system32\\winmm.dll", "region_type": "memory_mapped_file", "start_va": 140729480314880, "timestamp": "00:00:42.331", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 110592, "start_va": 140729514524672, "type": "region", "version": 1 }, "end_va": 140729514635263, "entry_point": 140729514528848, "filename": "\\Windows\\System32\\mpr.dll", "id": "region_2041", "name": "mpr.dll", "norm_filename": "c:\\windows\\system32\\mpr.dll", "region_type": "memory_mapped_file", "start_va": 140729514524672, "timestamp": "00:00:42.331", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2785280, "start_va": 140729514655744, "type": "region", "version": 1 }, "end_va": 140729517441023, "entry_point": 140729514712516, "filename": "\\Windows\\System32\\iertutil.dll", "id": "region_2042", "name": "iertutil.dll", "norm_filename": "c:\\windows\\system32\\iertutil.dll", "region_type": "memory_mapped_file", "start_va": 140729514655744, "timestamp": "00:00:42.332", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2359296, "start_va": 140729517473792, "type": "region", "version": 1 }, "end_va": 140729519833087, "entry_point": 140729517478896, "filename": "\\Windows\\System32\\wininet.dll", "id": "region_2043", "name": "wininet.dll", "norm_filename": "c:\\windows\\system32\\wininet.dll", "region_type": "memory_mapped_file", "start_va": 140729517473792, "timestamp": "00:00:42.332", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 140729531891712, "type": "region", "version": 1 }, "end_va": 140729531932671, "entry_point": 140729531896004, "filename": "\\Windows\\System32\\winnsi.dll", "id": "region_2044", "name": "winnsi.dll", "norm_filename": "c:\\windows\\system32\\winnsi.dll", "region_type": "memory_mapped_file", "start_va": 140729531891712, "timestamp": "00:00:42.333", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 36864, "start_va": 140729532350464, "type": "region", "version": 1 }, "end_va": 140729532387327, "entry_point": 140729532354688, "filename": "\\Windows\\System32\\wsock32.dll", "id": "region_2045", "name": "wsock32.dll", "norm_filename": "c:\\windows\\system32\\wsock32.dll", "region_type": "memory_mapped_file", "start_va": 140729532350464, "timestamp": "00:00:42.333", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 167936, "start_va": 140729534971904, "type": "region", "version": 1 }, "end_va": 140729535139839, "entry_point": 140729535002984, "filename": "\\Windows\\System32\\IPHLPAPI.DLL", "id": "region_2046", "name": "iphlpapi.dll", "norm_filename": "c:\\windows\\system32\\iphlpapi.dll", "region_type": "memory_mapped_file", "start_va": 140729534971904, "timestamp": "00:00:42.334", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2465792, "start_va": 140729570230272, "type": "region", "version": 1 }, "end_va": 140729572696063, "entry_point": 140729570248512, "filename": "\\Windows\\WinSxS\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_62475f7becb72503\\comctl32.dll", "id": "region_2047", "name": "comctl32.dll", "norm_filename": "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_62475f7becb72503\\comctl32.dll", "region_type": "memory_mapped_file", "start_va": 140729570230272, "timestamp": "00:00:42.334", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 659456, "start_va": 140729577242624, "type": "region", "version": 1 }, "end_va": 140729577902079, "entry_point": 140729577246880, "filename": "\\Windows\\System32\\SHCore.dll", "id": "region_2048", "name": "shcore.dll", "norm_filename": "c:\\windows\\system32\\shcore.dll", "region_type": "memory_mapped_file", "start_va": 140729577242624, "timestamp": "00:00:42.335", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1187840, "start_va": 140729581699072, "type": "region", "version": 1 }, "end_va": 140729582886911, "entry_point": 140729581745220, "filename": "\\Windows\\System32\\uxtheme.dll", "id": "region_2049", "name": "uxtheme.dll", "norm_filename": "c:\\windows\\system32\\uxtheme.dll", "region_type": "memory_mapped_file", "start_va": 140729581699072, "timestamp": "00:00:42.335", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 155648, "start_va": 140729583271936, "type": "region", "version": 1 }, "end_va": 140729583427583, "entry_point": 140729583277468, "filename": "\\Windows\\System32\\devobj.dll", "id": "region_2050", "name": "devobj.dll", "norm_filename": "c:\\windows\\system32\\devobj.dll", "region_type": "memory_mapped_file", "start_va": 140729583271936, "timestamp": "00:00:42.336", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 126976, "start_va": 140729590874112, "type": "region", "version": 1 }, "end_va": 140729591001087, "entry_point": 140729590878960, "filename": "\\Windows\\System32\\userenv.dll", "id": "region_2051", "name": "userenv.dll", "norm_filename": "c:\\windows\\system32\\userenv.dll", "region_type": "memory_mapped_file", "start_va": 140729590874112, "timestamp": "00:00:42.336", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 81920, "start_va": 140729601622016, "type": "region", "version": 1 }, "end_va": 140729601703935, "entry_point": 140729601637068, "filename": "\\Windows\\System32\\profapi.dll", "id": "region_2052", "name": "profapi.dll", "norm_filename": "c:\\windows\\system32\\profapi.dll", "region_type": "memory_mapped_file", "start_va": 140729601622016, "timestamp": "00:00:42.337", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 303104, "start_va": 140729606602752, "type": "region", "version": 1 }, "end_va": 140729606905855, "entry_point": 140729606607448, "filename": "\\Windows\\System32\\cfgmgr32.dll", "id": "region_2053", "name": "cfgmgr32.dll", "norm_filename": "c:\\windows\\system32\\cfgmgr32.dll", "region_type": "memory_mapped_file", "start_va": 140729606602752, "timestamp": "00:00:42.339", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1511424, "start_va": 140729606930432, "type": "region", "version": 1 }, "end_va": 140729608441855, "entry_point": 140729607084736, "filename": "\\Windows\\System32\\user32.dll", "id": "region_2054", "name": "user32.dll", "norm_filename": "c:\\windows\\system32\\user32.dll", "region_type": "memory_mapped_file", "start_va": 140729606930432, "timestamp": "00:00:42.339", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 356352, "start_va": 140729608503296, "type": "region", "version": 1 }, "end_va": 140729608859647, "entry_point": 140729608512768, "filename": "\\Windows\\System32\\sechost.dll", "id": "region_2055", "name": "sechost.dll", "norm_filename": "c:\\windows\\system32\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 140729608503296, "timestamp": "00:00:42.339", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 675840, "start_va": 140729608896512, "type": "region", "version": 1 }, "end_va": 140729609572351, "entry_point": 140729608900624, "filename": "\\Windows\\System32\\advapi32.dll", "id": "region_2056", "name": "advapi32.dll", "norm_filename": "c:\\windows\\system32\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 140729608896512, "timestamp": "00:00:42.340", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 749568, "start_va": 140729610928128, "type": "region", "version": 1 }, "end_va": 140729611677695, "entry_point": 140729610932512, "filename": "\\Windows\\System32\\oleaut32.dll", "id": "region_2057", "name": "oleaut32.dll", "norm_filename": "c:\\windows\\system32\\oleaut32.dll", "region_type": "memory_mapped_file", "start_va": 140729610928128, "timestamp": "00:00:42.340", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 684032, "start_va": 140729612173312, "type": "region", "version": 1 }, "end_va": 140729612857343, "entry_point": 140729612183596, "filename": "\\Windows\\System32\\msvcrt.dll", "id": "region_2058", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\system32\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 140729612173312, "timestamp": "00:00:42.341", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1331200, "start_va": 140729612894208, "type": "region", "version": 1 }, "end_va": 140729614225407, "entry_point": 140729612967000, "filename": "\\Windows\\System32\\gdi32.dll", "id": "region_2059", "name": "gdi32.dll", "norm_filename": "c:\\windows\\system32\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 140729612894208, "timestamp": "00:00:42.342", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 21032960, "start_va": 140729614270464, "type": "region", "version": 1 }, "end_va": 140729635303423, "entry_point": 140729614274816, "filename": "\\Windows\\System32\\shell32.dll", "id": "region_2060", "name": "shell32.dll", "norm_filename": "c:\\windows\\system32\\shell32.dll", "region_type": "memory_mapped_file", "start_va": 140729614270464, "timestamp": "00:00:42.343", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1929216, "start_va": 140729635831808, "type": "region", "version": 1 }, "end_va": 140729637761023, "entry_point": 140729635839840, "filename": "\\Windows\\System32\\combase.dll", "id": "region_2061", "name": "combase.dll", "norm_filename": "c:\\windows\\system32\\combase.dll", "region_type": "memory_mapped_file", "start_va": 140729635831808, "timestamp": "00:00:42.343", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 212992, "start_va": 140729638518784, "type": "region", "version": 1 }, "end_va": 140729638731775, "entry_point": 140729638522928, "filename": "\\Windows\\System32\\imm32.dll", "id": "region_2062", "name": "imm32.dll", "norm_filename": "c:\\windows\\system32\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 140729638518784, "timestamp": "00:00:42.343", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1531904, "start_va": 140729638780928, "type": "region", "version": 1 }, "end_va": 140729640312831, "entry_point": 140729638785204, "filename": "\\Windows\\System32\\ole32.dll", "id": "region_2063", "name": "ole32.dll", "norm_filename": "c:\\windows\\system32\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 140729638780928, "timestamp": "00:00:42.344", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1277952, "start_va": 140729640353792, "type": "region", "version": 1 }, "end_va": 140729641631743, "entry_point": 140729640357904, "filename": "\\Windows\\System32\\msctf.dll", "id": "region_2064", "name": "msctf.dll", "norm_filename": "c:\\windows\\system32\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 140729640353792, "timestamp": "00:00:42.344", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 360448, "start_va": 140729641664512, "type": "region", "version": 1 }, "end_va": 140729642024959, "entry_point": 140729641668764, "filename": "\\Windows\\System32\\ws2_32.dll", "id": "region_2065", "name": "ws2_32.dll", "norm_filename": "c:\\windows\\system32\\ws2_32.dll", "region_type": "memory_mapped_file", "start_va": 140729641664512, "timestamp": "00:00:42.345", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 630784, "start_va": 140729644023808, "type": "region", "version": 1 }, "end_va": 140729644654591, "entry_point": 140729644028324, "filename": "\\Windows\\System32\\comdlg32.dll", "id": "region_2066", "name": "comdlg32.dll", "norm_filename": "c:\\windows\\system32\\comdlg32.dll", "region_type": "memory_mapped_file", "start_va": 140729644023808, "timestamp": "00:00:42.345", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1269760, "start_va": 140729644679168, "type": "region", "version": 1 }, "end_va": 140729645948927, "entry_point": 140729644683600, "filename": "\\Windows\\System32\\rpcrt4.dll", "id": "region_2067", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\system32\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 140729644679168, "timestamp": "00:00:42.346", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 28672, "start_va": 140729647759360, "type": "region", "version": 1 }, "end_va": 140729647788031, "entry_point": 140729647763472, "filename": "\\Windows\\System32\\psapi.dll", "id": "region_2068", "name": "psapi.dll", "norm_filename": "c:\\windows\\system32\\psapi.dll", "region_type": "memory_mapped_file", "start_va": 140729647759360, "timestamp": "00:00:42.346", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 36864, "start_va": 140729647824896, "type": "region", "version": 1 }, "end_va": 140729647861759, "entry_point": 140729647830016, "filename": "\\Windows\\System32\\nsi.dll", "id": "region_2069", "name": "nsi.dll", "norm_filename": "c:\\windows\\system32\\nsi.dll", "region_type": "memory_mapped_file", "start_va": 140729647824896, "timestamp": "00:00:42.347", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 331776, "start_va": 140729647890432, "type": "region", "version": 1 }, "end_va": 140729648222207, "entry_point": 140729647895232, "filename": "\\Windows\\System32\\shlwapi.dll", "id": "region_2070", "name": "shlwapi.dll", "norm_filename": "c:\\windows\\system32\\shlwapi.dll", "region_type": "memory_mapped_file", "start_va": 140729647890432, "timestamp": "00:00:42.347", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 727641751552, "type": "region", "version": 1 }, "end_va": 727641759743, "entry_point": 0, "filename": null, "id": "region_2071", "name": "pagefile_0x000000a96ad40000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 727641751552, "timestamp": "00:00:42.385", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 727672946688, "type": "region", "version": 1 }, "end_va": 727673012223, "entry_point": 0, "filename": null, "id": "region_2072", "name": "private_0x000000a96cb00000", "norm_filename": null, "region_type": "private_memory", "start_va": 727672946688, "timestamp": "00:00:42.385", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 761856, "start_va": 727671439360, "type": "region", "version": 1 }, "end_va": 727672201215, "entry_point": 727671621480, "filename": "\\Windows\\System32\\rpcss.dll", "id": "region_2073", "name": "rpcss.dll", "norm_filename": "c:\\windows\\system32\\rpcss.dll", "region_type": "memory_mapped_file", "start_va": 727671439360, "timestamp": "00:00:42.392", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 140729583599616, "type": "region", "version": 1 }, "end_va": 140729583640575, "entry_point": 140729583605576, "filename": "\\Windows\\System32\\kernel.appcore.dll", "id": "region_2074", "name": "kernel.appcore.dll", "norm_filename": "c:\\windows\\system32\\kernel.appcore.dll", "region_type": "memory_mapped_file", "start_va": 140729583599616, "timestamp": "00:00:42.394", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 140729601490944, "type": "region", "version": 1 }, "end_va": 140729601531903, "entry_point": 140729601495056, "filename": "\\Windows\\System32\\cryptbase.dll", "id": "region_2075", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\system32\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 140729601490944, "timestamp": "00:00:42.395", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 385024, "start_va": 140729599590400, "type": "region", "version": 1 }, "end_va": 140729599975423, "entry_point": 140729599719072, "filename": "\\Windows\\System32\\bcryptprimitives.dll", "id": "region_2076", "name": "bcryptprimitives.dll", "norm_filename": "c:\\windows\\system32\\bcryptprimitives.dll", "region_type": "memory_mapped_file", "start_va": 140729599590400, "timestamp": "00:00:42.396", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 727641686016, "type": "region", "version": 1 }, "end_va": 727641690111, "entry_point": 0, "filename": null, "id": "region_2077", "name": "pagefile_0x000000a96ad30000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 727641686016, "timestamp": "00:00:42.409", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 983040, "start_va": 727671439360, "type": "region", "version": 1 }, "end_va": 727672422399, "entry_point": 0, "filename": null, "id": "region_2078", "name": "pagefile_0x000000a96c990000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 727671439360, "timestamp": "00:00:42.409", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 727641686016, "type": "region", "version": 1 }, "end_va": 727641702399, "entry_point": 0, "filename": null, "id": "region_2079", "name": "pagefile_0x000000a96ad30000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 727641686016, "timestamp": "00:00:42.409", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 28672, "start_va": 727641817088, "type": "region", "version": 1 }, "end_va": 727641845759, "entry_point": 0, "filename": null, "id": "region_2080", "name": "private_0x000000a96ad50000", "norm_filename": null, "region_type": "private_memory", "start_va": 727641817088, "timestamp": "00:00:42.410", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 727673012224, "type": "region", "version": 1 }, "end_va": 727674060799, "entry_point": 0, "filename": null, "id": "region_2081", "name": "private_0x000000a96cb10000", "norm_filename": null, "region_type": "private_memory", "start_va": 727673012224, "timestamp": "00:00:42.421", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1052672, "start_va": 727674060800, "type": "region", "version": 1 }, "end_va": 727675113471, "entry_point": 0, "filename": null, "id": "region_2082", "name": "pagefile_0x000000a96cc10000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 727674060800, "timestamp": "00:00:42.431", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 727646601216, "type": "region", "version": 1 }, "end_va": 727646605311, "entry_point": 0, "filename": null, "id": "region_2083", "name": "private_0x000000a96b1e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 727646601216, "timestamp": "00:00:42.475", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 135168, "start_va": 140729575276544, "type": "region", "version": 1 }, "end_va": 140729575411711, "entry_point": 140729575280896, "filename": "\\Windows\\System32\\dwmapi.dll", "id": "region_2084", "name": "dwmapi.dll", "norm_filename": "c:\\windows\\system32\\dwmapi.dll", "region_type": "memory_mapped_file", "start_va": 140729575276544, "timestamp": "00:00:42.476", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2969600, "start_va": 727674060800, "type": "region", "version": 1 }, "end_va": 727677030399, "entry_point": 727674060800, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_2085", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 727674060800, "timestamp": "00:00:42.478", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 727646666752, "type": "region", "version": 1 }, "end_va": 727646670847, "entry_point": 0, "filename": null, "id": "region_2086", "name": "pagefile_0x000000a96b1f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 727646666752, "timestamp": "00:00:42.486", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 727646732288, "type": "region", "version": 1 }, "end_va": 727646736383, "entry_point": 0, "filename": null, "id": "region_2087", "name": "private_0x000000a96b200000", "norm_filename": null, "region_type": "private_memory", "start_va": 727646732288, "timestamp": "00:00:43.523", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 5185536, "start_va": 727677075456, "type": "region", "version": 1 }, "end_va": 727682260991, "entry_point": 0, "filename": null, "id": "region_2088", "name": "pagefile_0x000000a96cef0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 727677075456, "timestamp": "00:00:43.531", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 15138816, "start_va": 727682318336, "type": "region", "version": 1 }, "end_va": 727697457151, "entry_point": 727682318336, "filename": "\\Windows\\Fonts\\StaticCache.dat", "id": "region_2089", "name": "staticcache.dat", "norm_filename": "c:\\windows\\fonts\\staticcache.dat", "region_type": "memory_mapped_file", "start_va": 727682318336, "timestamp": "00:00:43.532", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 86016, "start_va": 140729541525504, "type": "region", "version": 1 }, "end_va": 140729541611519, "entry_point": 140729541529664, "filename": "\\Windows\\System32\\netapi32.dll", "id": "region_2090", "name": "netapi32.dll", "norm_filename": "c:\\windows\\system32\\netapi32.dll", "region_type": "memory_mapped_file", "start_va": 140729541525504, "timestamp": "00:00:43.540", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 140729593954304, "type": "region", "version": 1 }, "end_va": 140729594003455, "entry_point": 140729593959516, "filename": "\\Windows\\System32\\netutils.dll", "id": "region_2091", "name": "netutils.dll", "norm_filename": "c:\\windows\\system32\\netutils.dll", "region_type": "memory_mapped_file", "start_va": 140729593954304, "timestamp": "00:00:43.541", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 151552, "start_va": 140729599000576, "type": "region", "version": 1 }, "end_va": 140729599152127, "entry_point": 140729599004788, "filename": "\\Windows\\System32\\srvcli.dll", "id": "region_2092", "name": "srvcli.dll", "norm_filename": "c:\\windows\\system32\\srvcli.dll", "region_type": "memory_mapped_file", "start_va": 140729599000576, "timestamp": "00:00:43.542", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 90112, "start_va": 140729541263360, "type": "region", "version": 1 }, "end_va": 140729541353471, "entry_point": 140729541267528, "filename": "\\Windows\\System32\\wkscli.dll", "id": "region_2093", "name": "wkscli.dll", "norm_filename": "c:\\windows\\system32\\wkscli.dll", "region_type": "memory_mapped_file", "start_va": 140729541263360, "timestamp": "00:00:43.543", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 727646797824, "type": "region", "version": 1 }, "end_va": 727646801919, "entry_point": 0, "filename": null, "id": "region_2110", "name": "pagefile_0x000000a96b210000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 727646797824, "timestamp": "00:00:43.629", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 2195456, "start_va": 727697457152, "type": "region", "version": 1 }, "end_va": 727699652607, "entry_point": 0, "filename": null, "id": "region_2111", "name": "pagefile_0x000000a96e260000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 727697457152, "timestamp": "00:00:43.629", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 48848896, "start_va": 727699685376, "type": "region", "version": 1 }, "end_va": 727748534271, "entry_point": 727699685376, "filename": "\\Windows\\System32\\imageres.dll", "id": "region_2112", "name": "imageres.dll", "norm_filename": "c:\\windows\\system32\\imageres.dll", "region_type": "memory_mapped_file", "start_va": 727699685376, "timestamp": "00:00:43.919", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 12288, "start_va": 727646797824, "type": "region", "version": 1 }, "end_va": 727646810111, "entry_point": 0, "filename": null, "id": "region_2113", "name": "pagefile_0x000000a96b210000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 727646797824, "timestamp": "00:00:44.346", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 727646863360, "type": "region", "version": 1 }, "end_va": 727646867455, "entry_point": 0, "filename": null, "id": "region_2114", "name": "pagefile_0x000000a96b220000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 727646863360, "timestamp": "00:00:44.346", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 278528, "start_va": 727672422400, "type": "region", "version": 1 }, "end_va": 727672700927, "entry_point": 0, "filename": null, "id": "region_2115", "name": "pagefile_0x000000a96ca80000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 727672422400, "timestamp": "00:00:44.346", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4169728, "start_va": 727748575232, "type": "region", "version": 1 }, "end_va": 727752744959, "entry_point": 0, "filename": null, "id": "region_2116", "name": "pagefile_0x000000a971320000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 727748575232, "timestamp": "00:00:44.346", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 122880, "start_va": 140729594019840, "type": "region", "version": 1 }, "end_va": 140729594142719, "entry_point": 140729594024392, "filename": "\\Windows\\System32\\cryptsp.dll", "id": "region_2117", "name": "cryptsp.dll", "norm_filename": "c:\\windows\\system32\\cryptsp.dll", "region_type": "memory_mapped_file", "start_va": 140729594019840, "timestamp": "00:00:44.358", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 217088, "start_va": 140729589760000, "type": "region", "version": 1 }, "end_va": 140729589977087, "entry_point": 140729589765080, "filename": "\\Windows\\System32\\rsaenh.dll", "id": "region_2118", "name": "rsaenh.dll", "norm_filename": "c:\\windows\\system32\\rsaenh.dll", "region_type": "memory_mapped_file", "start_va": 140729589760000, "timestamp": "00:00:44.360", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 155648, "start_va": 140729596313600, "type": "region", "version": 1 }, "end_va": 140729596469247, "entry_point": 140729596337000, "filename": "\\Windows\\System32\\bcrypt.dll", "id": "region_2119", "name": "bcrypt.dll", "norm_filename": "c:\\windows\\system32\\bcrypt.dll", "region_type": "memory_mapped_file", "start_va": 140729596313600, "timestamp": "00:00:44.362", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 151552, "start_va": 727646928896, "type": "region", "version": 1 }, "end_va": 727647080447, "entry_point": 0, "filename": null, "id": "region_2132", "name": "pagefile_0x000000a96b230000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 727646928896, "timestamp": "00:00:44.799", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "C:\\Users\\5JGHKO~1\\Desktop\\WANACR~1.EXE", "filename": "c:\\users\\5jghko~1\\desktop\\wanacr~1.exe", "id": "proc_26", "image_name": "wanacr~1.exe", "monitor_reason": "child_process", "monitored_id": 26, "origin_monitor_id": 25, "ref_parent_process": { "ref_id": "proc_25", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable" ], "ref_process_dump": null, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_2120", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:00:44.753", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 131072, "start_va": 965664636928, "type": "region", "version": 1 }, "end_va": 965664767999, "entry_point": 0, "filename": null, "id": "region_2121", "name": "private_0x000000e0d6190000", "norm_filename": null, "region_type": "private_memory", "start_va": 965664636928, "timestamp": "00:00:44.753", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 61440, "start_va": 965664768000, "type": "region", "version": 1 }, "end_va": 965664829439, "entry_point": 0, "filename": null, "id": "region_2122", "name": "pagefile_0x000000e0d61b0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 965664768000, "timestamp": "00:00:44.753", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4194304, "start_va": 965664833536, "type": "region", "version": 1 }, "end_va": 965669027839, "entry_point": 0, "filename": null, "id": "region_2123", "name": "private_0x000000e0d61c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 965664833536, "timestamp": "00:00:44.753", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 965669027840, "type": "region", "version": 1 }, "end_va": 965669044223, "entry_point": 0, "filename": null, "id": "region_2124", "name": "pagefile_0x000000e0d65c0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 965669027840, "timestamp": "00:00:44.753", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 965669093376, "type": "region", "version": 1 }, "end_va": 965669101567, "entry_point": 0, "filename": null, "id": "region_2125", "name": "pagefile_0x000000e0d65d0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 965669093376, "timestamp": "00:00:44.753", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 965669158912, "type": "region", "version": 1 }, "end_va": 965669167103, "entry_point": 0, "filename": null, "id": "region_2126", "name": "private_0x000000e0d65e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 965669158912, "timestamp": "00:00:44.753", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 140700274393088, "type": "region", "version": 1 }, "end_va": 140700274536447, "entry_point": 0, "filename": null, "id": "region_2127", "name": "pagefile_0x00007ff755e00000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 140700274393088, "timestamp": "00:00:44.753", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 140700274544640, "type": "region", "version": 1 }, "end_va": 140700274548735, "entry_point": 0, "filename": null, "id": "region_2128", "name": "private_0x00007ff755e25000", "norm_filename": null, "region_type": "private_memory", "start_va": 140700274544640, "timestamp": "00:00:44.753", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140700274581504, "type": "region", "version": 1 }, "end_va": 140700274589695, "entry_point": 0, "filename": null, "id": "region_2129", "name": "private_0x00007ff755e2e000", "norm_filename": null, "region_type": "private_memory", "start_va": 140700274581504, "timestamp": "00:00:44.753", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1085440, "start_va": 140700288352256, "type": "region", "version": 1 }, "end_va": 140700289437695, "entry_point": 140700288547356, "filename": "\\Users\\5JgHKoaOfdp\\Desktop\\wanacry6.malware.exe", "id": "region_2130", "name": "wanacry6.malware.exe", "norm_filename": "c:\\users\\5jghkoaofdp\\desktop\\wanacry6.malware.exe", "region_type": "memory_mapped_file", "start_va": 140700288352256, "timestamp": "00:00:44.753", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 140729648283648, "type": "region", "version": 1 }, "end_va": 140729650024447, "entry_point": 140729648283648, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_2131", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 140729648283648, "timestamp": "00:00:44.754", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4194304, "start_va": 965670993920, "type": "region", "version": 1 }, "end_va": 965675188223, "entry_point": 0, "filename": null, "id": "region_2133", "name": "private_0x000000e0d67a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 965670993920, "timestamp": "00:00:44.842", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1105920, "start_va": 140729603522560, "type": "region", "version": 1 }, "end_va": 140729604628479, "entry_point": 140729603531424, "filename": "\\Windows\\System32\\KernelBase.dll", "id": "region_2134", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\system32\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 140729603522560, "timestamp": "00:00:44.842", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1282048, "start_va": 140729609617408, "type": "region", "version": 1 }, "end_va": 140729610899455, "entry_point": 140729609637940, "filename": "\\Windows\\System32\\kernel32.dll", "id": "region_2135", "name": "kernel32.dll", "norm_filename": "c:\\windows\\system32\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 140729609617408, "timestamp": "00:00:44.842", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 965664636928, "type": "region", "version": 1 }, "end_va": 965664702463, "entry_point": 0, "filename": null, "id": "region_2136", "name": "pagefile_0x000000e0d6190000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 965664636928, "timestamp": "00:00:44.893", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 28672, "start_va": 965664702464, "type": "region", "version": 1 }, "end_va": 965664731135, "entry_point": 0, "filename": null, "id": "region_2137", "name": "private_0x000000e0d61a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 965664702464, "timestamp": "00:00:44.893", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 516096, "start_va": 965669224448, "type": "region", "version": 1 }, "end_va": 965669740543, "entry_point": 965669224448, "filename": "\\Windows\\System32\\locale.nls", "id": "region_2138", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 965669224448, "timestamp": "00:00:44.893", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 28672, "start_va": 965669748736, "type": "region", "version": 1 }, "end_va": 965669777407, "entry_point": 0, "filename": null, "id": "region_2139", "name": "private_0x000000e0d6670000", "norm_filename": null, "region_type": "private_memory", "start_va": 965669748736, "timestamp": "00:00:44.893", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 965669814272, "type": "region", "version": 1 }, "end_va": 965669818367, "entry_point": 0, "filename": null, "id": "region_2140", "name": "private_0x000000e0d6680000", "norm_filename": null, "region_type": "private_memory", "start_va": 965669814272, "timestamp": "00:00:44.893", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 965669879808, "type": "region", "version": 1 }, "end_va": 965669883903, "entry_point": 0, "filename": null, "id": "region_2141", "name": "private_0x000000e0d6690000", "norm_filename": null, "region_type": "private_memory", "start_va": 965669879808, "timestamp": "00:00:44.893", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 965676695552, "type": "region", "version": 1 }, "end_va": 965676761087, "entry_point": 0, "filename": null, "id": "region_2142", "name": "private_0x000000e0d6d10000", "norm_filename": null, "region_type": "private_memory", "start_va": 965676695552, "timestamp": "00:00:44.893", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 965676761088, "type": "region", "version": 1 }, "end_va": 965678366719, "entry_point": 0, "filename": null, "id": "region_2143", "name": "pagefile_0x000000e0d6d20000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 965676761088, "timestamp": "00:00:44.893", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 965678399488, "type": "region", "version": 1 }, "end_va": 965679976447, "entry_point": 0, "filename": null, "id": "region_2144", "name": "pagefile_0x000000e0d6eb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 965678399488, "timestamp": "00:00:44.893", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20971520, "start_va": 965680037888, "type": "region", "version": 1 }, "end_va": 965701009407, "entry_point": 0, "filename": null, "id": "region_2145", "name": "pagefile_0x000000e0d7040000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 965680037888, "timestamp": "00:00:44.894", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 140700273344512, "type": "region", "version": 1 }, "end_va": 140700274393087, "entry_point": 0, "filename": null, "id": "region_2146", "name": "pagefile_0x00007ff755d00000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 140700273344512, "timestamp": "00:00:44.894", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 140729467273216, "type": "region", "version": 1 }, "end_va": 140729467314175, "entry_point": 140729467277504, "filename": "\\Windows\\System32\\version.dll", "id": "region_2147", "name": "version.dll", "norm_filename": "c:\\windows\\system32\\version.dll", "region_type": "memory_mapped_file", "start_va": 140729467273216, "timestamp": "00:00:44.894", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 172032, "start_va": 140729480118272, "type": "region", "version": 1 }, "end_va": 140729480290303, "entry_point": 140729480161128, "filename": "\\Windows\\System32\\winmmbase.dll", "id": "region_2148", "name": "winmmbase.dll", "norm_filename": "c:\\windows\\system32\\winmmbase.dll", "region_type": "memory_mapped_file", "start_va": 140729480118272, "timestamp": "00:00:44.894", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 126976, "start_va": 140729480314880, "type": "region", "version": 1 }, "end_va": 140729480441855, "entry_point": 140729480324088, "filename": "\\Windows\\System32\\winmm.dll", "id": "region_2149", "name": "winmm.dll", "norm_filename": "c:\\windows\\system32\\winmm.dll", "region_type": "memory_mapped_file", "start_va": 140729480314880, "timestamp": "00:00:44.895", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 110592, "start_va": 140729514524672, "type": "region", "version": 1 }, "end_va": 140729514635263, "entry_point": 140729514528848, "filename": "\\Windows\\System32\\mpr.dll", "id": "region_2150", "name": "mpr.dll", "norm_filename": "c:\\windows\\system32\\mpr.dll", "region_type": "memory_mapped_file", "start_va": 140729514524672, "timestamp": "00:00:44.895", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2785280, "start_va": 140729514655744, "type": "region", "version": 1 }, "end_va": 140729517441023, "entry_point": 140729514712516, "filename": "\\Windows\\System32\\iertutil.dll", "id": "region_2151", "name": "iertutil.dll", "norm_filename": "c:\\windows\\system32\\iertutil.dll", "region_type": "memory_mapped_file", "start_va": 140729514655744, "timestamp": "00:00:44.896", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2359296, "start_va": 140729517473792, "type": "region", "version": 1 }, "end_va": 140729519833087, "entry_point": 140729517478896, "filename": "\\Windows\\System32\\wininet.dll", "id": "region_2152", "name": "wininet.dll", "norm_filename": "c:\\windows\\system32\\wininet.dll", "region_type": "memory_mapped_file", "start_va": 140729517473792, "timestamp": "00:00:44.897", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 140729531891712, "type": "region", "version": 1 }, "end_va": 140729531932671, "entry_point": 140729531896004, "filename": "\\Windows\\System32\\winnsi.dll", "id": "region_2153", "name": "winnsi.dll", "norm_filename": "c:\\windows\\system32\\winnsi.dll", "region_type": "memory_mapped_file", "start_va": 140729531891712, "timestamp": "00:00:44.897", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 36864, "start_va": 140729532350464, "type": "region", "version": 1 }, "end_va": 140729532387327, "entry_point": 140729532354688, "filename": "\\Windows\\System32\\wsock32.dll", "id": "region_2154", "name": "wsock32.dll", "norm_filename": "c:\\windows\\system32\\wsock32.dll", "region_type": "memory_mapped_file", "start_va": 140729532350464, "timestamp": "00:00:44.898", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 167936, "start_va": 140729534971904, "type": "region", "version": 1 }, "end_va": 140729535139839, "entry_point": 140729535002984, "filename": "\\Windows\\System32\\IPHLPAPI.DLL", "id": "region_2155", "name": "iphlpapi.dll", "norm_filename": "c:\\windows\\system32\\iphlpapi.dll", "region_type": "memory_mapped_file", "start_va": 140729534971904, "timestamp": "00:00:44.898", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2465792, "start_va": 140729570230272, "type": "region", "version": 1 }, "end_va": 140729572696063, "entry_point": 140729570248512, "filename": "\\Windows\\WinSxS\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_62475f7becb72503\\comctl32.dll", "id": "region_2156", "name": "comctl32.dll", "norm_filename": "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_62475f7becb72503\\comctl32.dll", "region_type": "memory_mapped_file", "start_va": 140729570230272, "timestamp": "00:00:44.899", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 659456, "start_va": 140729577242624, "type": "region", "version": 1 }, "end_va": 140729577902079, "entry_point": 140729577246880, "filename": "\\Windows\\System32\\SHCore.dll", "id": "region_2157", "name": "shcore.dll", "norm_filename": "c:\\windows\\system32\\shcore.dll", "region_type": "memory_mapped_file", "start_va": 140729577242624, "timestamp": "00:00:44.899", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1187840, "start_va": 140729581699072, "type": "region", "version": 1 }, "end_va": 140729582886911, "entry_point": 140729581745220, "filename": "\\Windows\\System32\\uxtheme.dll", "id": "region_2158", "name": "uxtheme.dll", "norm_filename": "c:\\windows\\system32\\uxtheme.dll", "region_type": "memory_mapped_file", "start_va": 140729581699072, "timestamp": "00:00:44.900", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 155648, "start_va": 140729583271936, "type": "region", "version": 1 }, "end_va": 140729583427583, "entry_point": 140729583277468, "filename": "\\Windows\\System32\\devobj.dll", "id": "region_2159", "name": "devobj.dll", "norm_filename": "c:\\windows\\system32\\devobj.dll", "region_type": "memory_mapped_file", "start_va": 140729583271936, "timestamp": "00:00:44.901", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 126976, "start_va": 140729590874112, "type": "region", "version": 1 }, "end_va": 140729591001087, "entry_point": 140729590878960, "filename": "\\Windows\\System32\\userenv.dll", "id": "region_2160", "name": "userenv.dll", "norm_filename": "c:\\windows\\system32\\userenv.dll", "region_type": "memory_mapped_file", "start_va": 140729590874112, "timestamp": "00:00:44.901", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 81920, "start_va": 140729601622016, "type": "region", "version": 1 }, "end_va": 140729601703935, "entry_point": 140729601637068, "filename": "\\Windows\\System32\\profapi.dll", "id": "region_2161", "name": "profapi.dll", "norm_filename": "c:\\windows\\system32\\profapi.dll", "region_type": "memory_mapped_file", "start_va": 140729601622016, "timestamp": "00:00:44.902", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 303104, "start_va": 140729606602752, "type": "region", "version": 1 }, "end_va": 140729606905855, "entry_point": 140729606607448, "filename": "\\Windows\\System32\\cfgmgr32.dll", "id": "region_2162", "name": "cfgmgr32.dll", "norm_filename": "c:\\windows\\system32\\cfgmgr32.dll", "region_type": "memory_mapped_file", "start_va": 140729606602752, "timestamp": "00:00:44.904", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1511424, "start_va": 140729606930432, "type": "region", "version": 1 }, "end_va": 140729608441855, "entry_point": 140729607084736, "filename": "\\Windows\\System32\\user32.dll", "id": "region_2163", "name": "user32.dll", "norm_filename": "c:\\windows\\system32\\user32.dll", "region_type": "memory_mapped_file", "start_va": 140729606930432, "timestamp": "00:00:44.904", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 356352, "start_va": 140729608503296, "type": "region", "version": 1 }, "end_va": 140729608859647, "entry_point": 140729608512768, "filename": "\\Windows\\System32\\sechost.dll", "id": "region_2164", "name": "sechost.dll", "norm_filename": "c:\\windows\\system32\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 140729608503296, "timestamp": "00:00:44.905", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 675840, "start_va": 140729608896512, "type": "region", "version": 1 }, "end_va": 140729609572351, "entry_point": 140729608900624, "filename": "\\Windows\\System32\\advapi32.dll", "id": "region_2165", "name": "advapi32.dll", "norm_filename": "c:\\windows\\system32\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 140729608896512, "timestamp": "00:00:44.905", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 749568, "start_va": 140729610928128, "type": "region", "version": 1 }, "end_va": 140729611677695, "entry_point": 140729610932512, "filename": "\\Windows\\System32\\oleaut32.dll", "id": "region_2166", "name": "oleaut32.dll", "norm_filename": "c:\\windows\\system32\\oleaut32.dll", "region_type": "memory_mapped_file", "start_va": 140729610928128, "timestamp": "00:00:44.906", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 684032, "start_va": 140729612173312, "type": "region", "version": 1 }, "end_va": 140729612857343, "entry_point": 140729612183596, "filename": "\\Windows\\System32\\msvcrt.dll", "id": "region_2167", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\system32\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 140729612173312, "timestamp": "00:00:44.907", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1331200, "start_va": 140729612894208, "type": "region", "version": 1 }, "end_va": 140729614225407, "entry_point": 140729612967000, "filename": "\\Windows\\System32\\gdi32.dll", "id": "region_2168", "name": "gdi32.dll", "norm_filename": "c:\\windows\\system32\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 140729612894208, "timestamp": "00:00:44.907", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 21032960, "start_va": 140729614270464, "type": "region", "version": 1 }, "end_va": 140729635303423, "entry_point": 140729614274816, "filename": "\\Windows\\System32\\shell32.dll", "id": "region_2169", "name": "shell32.dll", "norm_filename": "c:\\windows\\system32\\shell32.dll", "region_type": "memory_mapped_file", "start_va": 140729614270464, "timestamp": "00:00:44.908", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1929216, "start_va": 140729635831808, "type": "region", "version": 1 }, "end_va": 140729637761023, "entry_point": 140729635839840, "filename": "\\Windows\\System32\\combase.dll", "id": "region_2170", "name": "combase.dll", "norm_filename": "c:\\windows\\system32\\combase.dll", "region_type": "memory_mapped_file", "start_va": 140729635831808, "timestamp": "00:00:44.909", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 212992, "start_va": 140729638518784, "type": "region", "version": 1 }, "end_va": 140729638731775, "entry_point": 140729638522928, "filename": "\\Windows\\System32\\imm32.dll", "id": "region_2171", "name": "imm32.dll", "norm_filename": "c:\\windows\\system32\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 140729638518784, "timestamp": "00:00:44.909", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1531904, "start_va": 140729638780928, "type": "region", "version": 1 }, "end_va": 140729640312831, "entry_point": 140729638785204, "filename": "\\Windows\\System32\\ole32.dll", "id": "region_2172", "name": "ole32.dll", "norm_filename": "c:\\windows\\system32\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 140729638780928, "timestamp": "00:00:44.910", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1277952, "start_va": 140729640353792, "type": "region", "version": 1 }, "end_va": 140729641631743, "entry_point": 140729640357904, "filename": "\\Windows\\System32\\msctf.dll", "id": "region_2173", "name": "msctf.dll", "norm_filename": "c:\\windows\\system32\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 140729640353792, "timestamp": "00:00:44.910", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 360448, "start_va": 140729641664512, "type": "region", "version": 1 }, "end_va": 140729642024959, "entry_point": 140729641668764, "filename": "\\Windows\\System32\\ws2_32.dll", "id": "region_2174", "name": "ws2_32.dll", "norm_filename": "c:\\windows\\system32\\ws2_32.dll", "region_type": "memory_mapped_file", "start_va": 140729641664512, "timestamp": "00:00:44.911", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 630784, "start_va": 140729644023808, "type": "region", "version": 1 }, "end_va": 140729644654591, "entry_point": 140729644028324, "filename": "\\Windows\\System32\\comdlg32.dll", "id": "region_2175", "name": "comdlg32.dll", "norm_filename": "c:\\windows\\system32\\comdlg32.dll", "region_type": "memory_mapped_file", "start_va": 140729644023808, "timestamp": "00:00:44.911", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1269760, "start_va": 140729644679168, "type": "region", "version": 1 }, "end_va": 140729645948927, "entry_point": 140729644683600, "filename": "\\Windows\\System32\\rpcrt4.dll", "id": "region_2176", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\system32\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 140729644679168, "timestamp": "00:00:44.912", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 28672, "start_va": 140729647759360, "type": "region", "version": 1 }, "end_va": 140729647788031, "entry_point": 140729647763472, "filename": "\\Windows\\System32\\psapi.dll", "id": "region_2177", "name": "psapi.dll", "norm_filename": "c:\\windows\\system32\\psapi.dll", "region_type": "memory_mapped_file", "start_va": 140729647759360, "timestamp": "00:00:44.912", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 36864, "start_va": 140729647824896, "type": "region", "version": 1 }, "end_va": 140729647861759, "entry_point": 140729647830016, "filename": "\\Windows\\System32\\nsi.dll", "id": "region_2178", "name": "nsi.dll", "norm_filename": "c:\\windows\\system32\\nsi.dll", "region_type": "memory_mapped_file", "start_va": 140729647824896, "timestamp": "00:00:44.913", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 331776, "start_va": 140729647890432, "type": "region", "version": 1 }, "end_va": 140729648222207, "entry_point": 140729647895232, "filename": "\\Windows\\System32\\shlwapi.dll", "id": "region_2179", "name": "shlwapi.dll", "norm_filename": "c:\\windows\\system32\\shlwapi.dll", "region_type": "memory_mapped_file", "start_va": 140729647890432, "timestamp": "00:00:44.914", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 965670010880, "type": "region", "version": 1 }, "end_va": 965670019071, "entry_point": 0, "filename": null, "id": "region_2180", "name": "pagefile_0x000000e0d66b0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 965670010880, "timestamp": "00:00:44.933", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 965676367872, "type": "region", "version": 1 }, "end_va": 965676433407, "entry_point": 0, "filename": null, "id": "region_2181", "name": "private_0x000000e0d6cc0000", "norm_filename": null, "region_type": "private_memory", "start_va": 965676367872, "timestamp": "00:00:44.933", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 761856, "start_va": 965670076416, "type": "region", "version": 1 }, "end_va": 965670838271, "entry_point": 965670258536, "filename": "\\Windows\\System32\\rpcss.dll", "id": "region_2182", "name": "rpcss.dll", "norm_filename": "c:\\windows\\system32\\rpcss.dll", "region_type": "memory_mapped_file", "start_va": 965670076416, "timestamp": "00:00:44.941", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 140729583599616, "type": "region", "version": 1 }, "end_va": 140729583640575, "entry_point": 140729583605576, "filename": "\\Windows\\System32\\kernel.appcore.dll", "id": "region_2183", "name": "kernel.appcore.dll", "norm_filename": "c:\\windows\\system32\\kernel.appcore.dll", "region_type": "memory_mapped_file", "start_va": 140729583599616, "timestamp": "00:00:44.943", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 140729601490944, "type": "region", "version": 1 }, "end_va": 140729601531903, "entry_point": 140729601495056, "filename": "\\Windows\\System32\\cryptbase.dll", "id": "region_2184", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\system32\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 140729601490944, "timestamp": "00:00:44.944", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 385024, "start_va": 140729599590400, "type": "region", "version": 1 }, "end_va": 140729599975423, "entry_point": 140729599719072, "filename": "\\Windows\\System32\\bcryptprimitives.dll", "id": "region_2185", "name": "bcryptprimitives.dll", "norm_filename": "c:\\windows\\system32\\bcryptprimitives.dll", "region_type": "memory_mapped_file", "start_va": 140729599590400, "timestamp": "00:00:44.946", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 965669945344, "type": "region", "version": 1 }, "end_va": 965669949439, "entry_point": 0, "filename": null, "id": "region_2186", "name": "pagefile_0x000000e0d66a0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 965669945344, "timestamp": "00:00:44.964", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 983040, "start_va": 965675188224, "type": "region", "version": 1 }, "end_va": 965676171263, "entry_point": 0, "filename": null, "id": "region_2187", "name": "pagefile_0x000000e0d6ba0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 965675188224, "timestamp": "00:00:44.964", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 965669945344, "type": "region", "version": 1 }, "end_va": 965669961727, "entry_point": 0, "filename": null, "id": "region_2188", "name": "pagefile_0x000000e0d66a0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 965669945344, "timestamp": "00:00:44.964", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 28672, "start_va": 965670076416, "type": "region", "version": 1 }, "end_va": 965670105087, "entry_point": 0, "filename": null, "id": "region_2189", "name": "private_0x000000e0d66c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 965670076416, "timestamp": "00:00:44.965", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 965701009408, "type": "region", "version": 1 }, "end_va": 965702057983, "entry_point": 0, "filename": null, "id": "region_2190", "name": "private_0x000000e0d8440000", "norm_filename": null, "region_type": "private_memory", "start_va": 965701009408, "timestamp": "00:00:44.974", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1052672, "start_va": 965702057984, "type": "region", "version": 1 }, "end_va": 965703110655, "entry_point": 0, "filename": null, "id": "region_2191", "name": "pagefile_0x000000e0d8540000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 965702057984, "timestamp": "00:00:44.983", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 965670141952, "type": "region", "version": 1 }, "end_va": 965670146047, "entry_point": 0, "filename": null, "id": "region_2192", "name": "private_0x000000e0d66d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 965670141952, "timestamp": "00:00:45.027", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 135168, "start_va": 140729575276544, "type": "region", "version": 1 }, "end_va": 140729575411711, "entry_point": 140729575280896, "filename": "\\Windows\\System32\\dwmapi.dll", "id": "region_2193", "name": "dwmapi.dll", "norm_filename": "c:\\windows\\system32\\dwmapi.dll", "region_type": "memory_mapped_file", "start_va": 140729575276544, "timestamp": "00:00:45.028", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2969600, "start_va": 965702057984, "type": "region", "version": 1 }, "end_va": 965705027583, "entry_point": 965702057984, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_2194", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 965702057984, "timestamp": "00:00:45.030", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 965670207488, "type": "region", "version": 1 }, "end_va": 965670211583, "entry_point": 0, "filename": null, "id": "region_2195", "name": "pagefile_0x000000e0d66e0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 965670207488, "timestamp": "00:00:45.039", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 965670273024, "type": "region", "version": 1 }, "end_va": 965670277119, "entry_point": 0, "filename": null, "id": "region_2196", "name": "private_0x000000e0d66f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 965670273024, "timestamp": "00:00:46.079", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 5185536, "start_va": 965705072640, "type": "region", "version": 1 }, "end_va": 965710258175, "entry_point": 0, "filename": null, "id": "region_2197", "name": "pagefile_0x000000e0d8820000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 965705072640, "timestamp": "00:00:46.088", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 15138816, "start_va": 965710315520, "type": "region", "version": 1 }, "end_va": 965725454335, "entry_point": 965710315520, "filename": "\\Windows\\Fonts\\StaticCache.dat", "id": "region_2198", "name": "staticcache.dat", "norm_filename": "c:\\windows\\fonts\\staticcache.dat", "region_type": "memory_mapped_file", "start_va": 965710315520, "timestamp": "00:00:46.088", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 86016, "start_va": 140729541525504, "type": "region", "version": 1 }, "end_va": 140729541611519, "entry_point": 140729541529664, "filename": "\\Windows\\System32\\netapi32.dll", "id": "region_2199", "name": "netapi32.dll", "norm_filename": "c:\\windows\\system32\\netapi32.dll", "region_type": "memory_mapped_file", "start_va": 140729541525504, "timestamp": "00:00:46.096", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 140729593954304, "type": "region", "version": 1 }, "end_va": 140729594003455, "entry_point": 140729593959516, "filename": "\\Windows\\System32\\netutils.dll", "id": "region_2200", "name": "netutils.dll", "norm_filename": "c:\\windows\\system32\\netutils.dll", "region_type": "memory_mapped_file", "start_va": 140729593954304, "timestamp": "00:00:46.099", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 151552, "start_va": 140729599000576, "type": "region", "version": 1 }, "end_va": 140729599152127, "entry_point": 140729599004788, "filename": "\\Windows\\System32\\srvcli.dll", "id": "region_2201", "name": "srvcli.dll", "norm_filename": "c:\\windows\\system32\\srvcli.dll", "region_type": "memory_mapped_file", "start_va": 140729599000576, "timestamp": "00:00:46.100", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 90112, "start_va": 140729541263360, "type": "region", "version": 1 }, "end_va": 140729541353471, "entry_point": 140729541267528, "filename": "\\Windows\\System32\\wkscli.dll", "id": "region_2202", "name": "wkscli.dll", "norm_filename": "c:\\windows\\system32\\wkscli.dll", "region_type": "memory_mapped_file", "start_va": 140729541263360, "timestamp": "00:00:46.101", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 965670338560, "type": "region", "version": 1 }, "end_va": 965670342655, "entry_point": 0, "filename": null, "id": "region_2219", "name": "pagefile_0x000000e0d6700000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 965670338560, "timestamp": "00:00:46.175", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 2195456, "start_va": 965725454336, "type": "region", "version": 1 }, "end_va": 965727649791, "entry_point": 0, "filename": null, "id": "region_2220", "name": "pagefile_0x000000e0d9b90000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 965725454336, "timestamp": "00:00:46.175", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 48848896, "start_va": 965727682560, "type": "region", "version": 1 }, "end_va": 965776531455, "entry_point": 965727682560, "filename": "\\Windows\\System32\\imageres.dll", "id": "region_2221", "name": "imageres.dll", "norm_filename": "c:\\windows\\system32\\imageres.dll", "region_type": "memory_mapped_file", "start_va": 965727682560, "timestamp": "00:00:46.443", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 12288, "start_va": 965670338560, "type": "region", "version": 1 }, "end_va": 965670350847, "entry_point": 0, "filename": null, "id": "region_2222", "name": "pagefile_0x000000e0d6700000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 965670338560, "timestamp": "00:00:46.878", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 965670404096, "type": "region", "version": 1 }, "end_va": 965670408191, "entry_point": 0, "filename": null, "id": "region_2223", "name": "pagefile_0x000000e0d6710000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 965670404096, "timestamp": "00:00:46.878", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 278528, "start_va": 965670469632, "type": "region", "version": 1 }, "end_va": 965670748159, "entry_point": 0, "filename": null, "id": "region_2224", "name": "pagefile_0x000000e0d6720000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 965670469632, "timestamp": "00:00:46.878", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4169728, "start_va": 965776572416, "type": "region", "version": 1 }, "end_va": 965780742143, "entry_point": 0, "filename": null, "id": "region_2225", "name": "pagefile_0x000000e0dcc50000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 965776572416, "timestamp": "00:00:46.878", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 122880, "start_va": 140729594019840, "type": "region", "version": 1 }, "end_va": 140729594142719, "entry_point": 140729594024392, "filename": "\\Windows\\System32\\cryptsp.dll", "id": "region_2226", "name": "cryptsp.dll", "norm_filename": "c:\\windows\\system32\\cryptsp.dll", "region_type": "memory_mapped_file", "start_va": 140729594019840, "timestamp": "00:00:46.882", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 217088, "start_va": 140729589760000, "type": "region", "version": 1 }, "end_va": 140729589977087, "entry_point": 140729589765080, "filename": "\\Windows\\System32\\rsaenh.dll", "id": "region_2227", "name": "rsaenh.dll", "norm_filename": "c:\\windows\\system32\\rsaenh.dll", "region_type": "memory_mapped_file", "start_va": 140729589760000, "timestamp": "00:00:46.884", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 155648, "start_va": 140729596313600, "type": "region", "version": 1 }, "end_va": 140729596469247, "entry_point": 140729596337000, "filename": "\\Windows\\System32\\bcrypt.dll", "id": "region_2228", "name": "bcrypt.dll", "norm_filename": "c:\\windows\\system32\\bcrypt.dll", "region_type": "memory_mapped_file", "start_va": 140729596313600, "timestamp": "00:00:46.885", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 151552, "start_va": 965670797312, "type": "region", "version": 1 }, "end_va": 965670948863, "entry_point": 0, "filename": null, "id": "region_2241", "name": "pagefile_0x000000e0d6770000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 965670797312, "timestamp": "00:00:47.337", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "C:\\Users\\5JGHKO~1\\Desktop\\WANACR~1.EXE", "filename": "c:\\users\\5jghko~1\\desktop\\wanacr~1.exe", "id": "proc_27", "image_name": "wanacr~1.exe", "monitor_reason": "child_process", "monitored_id": 27, "origin_monitor_id": 26, "ref_parent_process": { "ref_id": "proc_26", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable" ], "ref_process_dump": null, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_2229", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:00:47.291", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 131072, "start_va": 72801910784, "type": "region", "version": 1 }, "end_va": 72802041855, "entry_point": 0, "filename": null, "id": "region_2230", "name": "private_0x00000010f3550000", "norm_filename": null, "region_type": "private_memory", "start_va": 72801910784, "timestamp": "00:00:47.291", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 61440, "start_va": 72802041856, "type": "region", "version": 1 }, "end_va": 72802103295, "entry_point": 0, "filename": null, "id": "region_2231", "name": "pagefile_0x00000010f3570000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 72802041856, "timestamp": "00:00:47.291", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4194304, "start_va": 72802107392, "type": "region", "version": 1 }, "end_va": 72806301695, "entry_point": 0, "filename": null, "id": "region_2232", "name": "private_0x00000010f3580000", "norm_filename": null, "region_type": "private_memory", "start_va": 72802107392, "timestamp": "00:00:47.292", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 72806301696, "type": "region", "version": 1 }, "end_va": 72806318079, "entry_point": 0, "filename": null, "id": "region_2233", "name": "pagefile_0x00000010f3980000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 72806301696, "timestamp": "00:00:47.292", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 72806367232, "type": "region", "version": 1 }, "end_va": 72806375423, "entry_point": 0, "filename": null, "id": "region_2234", "name": "pagefile_0x00000010f3990000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 72806367232, "timestamp": "00:00:47.292", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 72806432768, "type": "region", "version": 1 }, "end_va": 72806440959, "entry_point": 0, "filename": null, "id": "region_2235", "name": "private_0x00000010f39a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 72806432768, "timestamp": "00:00:47.292", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 140700282388480, "type": "region", "version": 1 }, "end_va": 140700282531839, "entry_point": 0, "filename": null, "id": "region_2236", "name": "pagefile_0x00007ff7565a0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 140700282388480, "timestamp": "00:00:47.292", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140700282568704, "type": "region", "version": 1 }, "end_va": 140700282576895, "entry_point": 0, "filename": null, "id": "region_2237", "name": "private_0x00007ff7565cc000", "norm_filename": null, "region_type": "private_memory", "start_va": 140700282568704, "timestamp": "00:00:47.292", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 140700282576896, "type": "region", "version": 1 }, "end_va": 140700282580991, "entry_point": 0, "filename": null, "id": "region_2238", "name": "private_0x00007ff7565ce000", "norm_filename": null, "region_type": "private_memory", "start_va": 140700282576896, "timestamp": "00:00:47.292", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1085440, "start_va": 140700288352256, "type": "region", "version": 1 }, "end_va": 140700289437695, "entry_point": 140700288547356, "filename": "\\Users\\5JgHKoaOfdp\\Desktop\\wanacry6.malware.exe", "id": "region_2239", "name": "wanacry6.malware.exe", "norm_filename": "c:\\users\\5jghkoaofdp\\desktop\\wanacry6.malware.exe", "region_type": "memory_mapped_file", "start_va": 140700288352256, "timestamp": "00:00:47.292", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 140729648283648, "type": "region", "version": 1 }, "end_va": 140729650024447, "entry_point": 140729648283648, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_2240", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 140729648283648, "timestamp": "00:00:47.293", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4194304, "start_va": 72807284736, "type": "region", "version": 1 }, "end_va": 72811479039, "entry_point": 0, "filename": null, "id": "region_2242", "name": "private_0x00000010f3a70000", "norm_filename": null, "region_type": "private_memory", "start_va": 72807284736, "timestamp": "00:00:47.379", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1105920, "start_va": 140729603522560, "type": "region", "version": 1 }, "end_va": 140729604628479, "entry_point": 140729603531424, "filename": "\\Windows\\System32\\KernelBase.dll", "id": "region_2243", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\system32\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 140729603522560, "timestamp": "00:00:47.379", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1282048, "start_va": 140729609617408, "type": "region", "version": 1 }, "end_va": 140729610899455, "entry_point": 140729609637940, "filename": "\\Windows\\System32\\kernel32.dll", "id": "region_2244", "name": "kernel32.dll", "norm_filename": "c:\\windows\\system32\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 140729609617408, "timestamp": "00:00:47.380", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 72801910784, "type": "region", "version": 1 }, "end_va": 72801976319, "entry_point": 0, "filename": null, "id": "region_2245", "name": "pagefile_0x00000010f3550000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 72801910784, "timestamp": "00:00:47.414", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 28672, "start_va": 72801976320, "type": "region", "version": 1 }, "end_va": 72802004991, "entry_point": 0, "filename": null, "id": "region_2246", "name": "private_0x00000010f3560000", "norm_filename": null, "region_type": "private_memory", "start_va": 72801976320, "timestamp": "00:00:47.414", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 516096, "start_va": 72806498304, "type": "region", "version": 1 }, "end_va": 72807014399, "entry_point": 72806498304, "filename": "\\Windows\\System32\\locale.nls", "id": "region_2247", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 72806498304, "timestamp": "00:00:47.415", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 28672, "start_va": 72807022592, "type": "region", "version": 1 }, "end_va": 72807051263, "entry_point": 0, "filename": null, "id": "region_2248", "name": "private_0x00000010f3a30000", "norm_filename": null, "region_type": "private_memory", "start_va": 72807022592, "timestamp": "00:00:47.415", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 72807088128, "type": "region", "version": 1 }, "end_va": 72807092223, "entry_point": 0, "filename": null, "id": "region_2249", "name": "private_0x00000010f3a40000", "norm_filename": null, "region_type": "private_memory", "start_va": 72807088128, "timestamp": "00:00:47.415", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 72807153664, "type": "region", "version": 1 }, "end_va": 72807157759, "entry_point": 0, "filename": null, "id": "region_2250", "name": "private_0x00000010f3a50000", "norm_filename": null, "region_type": "private_memory", "start_va": 72807153664, "timestamp": "00:00:47.415", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 72812134400, "type": "region", "version": 1 }, "end_va": 72812199935, "entry_point": 0, "filename": null, "id": "region_2251", "name": "private_0x00000010f3f10000", "norm_filename": null, "region_type": "private_memory", "start_va": 72812134400, "timestamp": "00:00:47.415", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 72812199936, "type": "region", "version": 1 }, "end_va": 72813805567, "entry_point": 0, "filename": null, "id": "region_2252", "name": "pagefile_0x00000010f3f20000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 72812199936, "timestamp": "00:00:47.415", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 72813838336, "type": "region", "version": 1 }, "end_va": 72815415295, "entry_point": 0, "filename": null, "id": "region_2253", "name": "pagefile_0x00000010f40b0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 72813838336, "timestamp": "00:00:47.415", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20971520, "start_va": 72815476736, "type": "region", "version": 1 }, "end_va": 72836448255, "entry_point": 0, "filename": null, "id": "region_2254", "name": "pagefile_0x00000010f4240000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 72815476736, "timestamp": "00:00:47.416", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 140700281339904, "type": "region", "version": 1 }, "end_va": 140700282388479, "entry_point": 0, "filename": null, "id": "region_2255", "name": "pagefile_0x00007ff7564a0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 140700281339904, "timestamp": "00:00:47.416", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 140729467273216, "type": "region", "version": 1 }, "end_va": 140729467314175, "entry_point": 140729467277504, "filename": "\\Windows\\System32\\version.dll", "id": "region_2256", "name": "version.dll", "norm_filename": "c:\\windows\\system32\\version.dll", "region_type": "memory_mapped_file", "start_va": 140729467273216, "timestamp": "00:00:47.416", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 172032, "start_va": 140729480118272, "type": "region", "version": 1 }, "end_va": 140729480290303, "entry_point": 140729480161128, "filename": "\\Windows\\System32\\winmmbase.dll", "id": "region_2257", "name": "winmmbase.dll", "norm_filename": "c:\\windows\\system32\\winmmbase.dll", "region_type": "memory_mapped_file", "start_va": 140729480118272, "timestamp": "00:00:47.416", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 126976, "start_va": 140729480314880, "type": "region", "version": 1 }, "end_va": 140729480441855, "entry_point": 140729480324088, "filename": "\\Windows\\System32\\winmm.dll", "id": "region_2258", "name": "winmm.dll", "norm_filename": "c:\\windows\\system32\\winmm.dll", "region_type": "memory_mapped_file", "start_va": 140729480314880, "timestamp": "00:00:47.417", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 110592, "start_va": 140729514524672, "type": "region", "version": 1 }, "end_va": 140729514635263, "entry_point": 140729514528848, "filename": "\\Windows\\System32\\mpr.dll", "id": "region_2259", "name": "mpr.dll", "norm_filename": "c:\\windows\\system32\\mpr.dll", "region_type": "memory_mapped_file", "start_va": 140729514524672, "timestamp": "00:00:47.417", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2785280, "start_va": 140729514655744, "type": "region", "version": 1 }, "end_va": 140729517441023, "entry_point": 140729514712516, "filename": "\\Windows\\System32\\iertutil.dll", "id": "region_2260", "name": "iertutil.dll", "norm_filename": "c:\\windows\\system32\\iertutil.dll", "region_type": "memory_mapped_file", "start_va": 140729514655744, "timestamp": "00:00:47.418", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2359296, "start_va": 140729517473792, "type": "region", "version": 1 }, "end_va": 140729519833087, "entry_point": 140729517478896, "filename": "\\Windows\\System32\\wininet.dll", "id": "region_2261", "name": "wininet.dll", "norm_filename": "c:\\windows\\system32\\wininet.dll", "region_type": "memory_mapped_file", "start_va": 140729517473792, "timestamp": "00:00:47.418", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 140729531891712, "type": "region", "version": 1 }, "end_va": 140729531932671, "entry_point": 140729531896004, "filename": "\\Windows\\System32\\winnsi.dll", "id": "region_2262", "name": "winnsi.dll", "norm_filename": "c:\\windows\\system32\\winnsi.dll", "region_type": "memory_mapped_file", "start_va": 140729531891712, "timestamp": "00:00:47.419", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 36864, "start_va": 140729532350464, "type": "region", "version": 1 }, "end_va": 140729532387327, "entry_point": 140729532354688, "filename": "\\Windows\\System32\\wsock32.dll", "id": "region_2263", "name": "wsock32.dll", "norm_filename": "c:\\windows\\system32\\wsock32.dll", "region_type": "memory_mapped_file", "start_va": 140729532350464, "timestamp": "00:00:47.419", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 167936, "start_va": 140729534971904, "type": "region", "version": 1 }, "end_va": 140729535139839, "entry_point": 140729535002984, "filename": "\\Windows\\System32\\IPHLPAPI.DLL", "id": "region_2264", "name": "iphlpapi.dll", "norm_filename": "c:\\windows\\system32\\iphlpapi.dll", "region_type": "memory_mapped_file", "start_va": 140729534971904, "timestamp": "00:00:47.420", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2465792, "start_va": 140729570230272, "type": "region", "version": 1 }, "end_va": 140729572696063, "entry_point": 140729570248512, "filename": "\\Windows\\WinSxS\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_62475f7becb72503\\comctl32.dll", "id": "region_2265", "name": "comctl32.dll", "norm_filename": "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_62475f7becb72503\\comctl32.dll", "region_type": "memory_mapped_file", "start_va": 140729570230272, "timestamp": "00:00:47.420", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 659456, "start_va": 140729577242624, "type": "region", "version": 1 }, "end_va": 140729577902079, "entry_point": 140729577246880, "filename": "\\Windows\\System32\\SHCore.dll", "id": "region_2266", "name": "shcore.dll", "norm_filename": "c:\\windows\\system32\\shcore.dll", "region_type": "memory_mapped_file", "start_va": 140729577242624, "timestamp": "00:00:47.421", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1187840, "start_va": 140729581699072, "type": "region", "version": 1 }, "end_va": 140729582886911, "entry_point": 140729581745220, "filename": "\\Windows\\System32\\uxtheme.dll", "id": "region_2267", "name": "uxtheme.dll", "norm_filename": "c:\\windows\\system32\\uxtheme.dll", "region_type": "memory_mapped_file", "start_va": 140729581699072, "timestamp": "00:00:47.421", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 155648, "start_va": 140729583271936, "type": "region", "version": 1 }, "end_va": 140729583427583, "entry_point": 140729583277468, "filename": "\\Windows\\System32\\devobj.dll", "id": "region_2268", "name": "devobj.dll", "norm_filename": "c:\\windows\\system32\\devobj.dll", "region_type": "memory_mapped_file", "start_va": 140729583271936, "timestamp": "00:00:47.422", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 126976, "start_va": 140729590874112, "type": "region", "version": 1 }, "end_va": 140729591001087, "entry_point": 140729590878960, "filename": "\\Windows\\System32\\userenv.dll", "id": "region_2269", "name": "userenv.dll", "norm_filename": "c:\\windows\\system32\\userenv.dll", "region_type": "memory_mapped_file", "start_va": 140729590874112, "timestamp": "00:00:47.422", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 81920, "start_va": 140729601622016, "type": "region", "version": 1 }, "end_va": 140729601703935, "entry_point": 140729601637068, "filename": "\\Windows\\System32\\profapi.dll", "id": "region_2270", "name": "profapi.dll", "norm_filename": "c:\\windows\\system32\\profapi.dll", "region_type": "memory_mapped_file", "start_va": 140729601622016, "timestamp": "00:00:47.423", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 303104, "start_va": 140729606602752, "type": "region", "version": 1 }, "end_va": 140729606905855, "entry_point": 140729606607448, "filename": "\\Windows\\System32\\cfgmgr32.dll", "id": "region_2271", "name": "cfgmgr32.dll", "norm_filename": "c:\\windows\\system32\\cfgmgr32.dll", "region_type": "memory_mapped_file", "start_va": 140729606602752, "timestamp": "00:00:47.425", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1511424, "start_va": 140729606930432, "type": "region", "version": 1 }, "end_va": 140729608441855, "entry_point": 140729607084736, "filename": "\\Windows\\System32\\user32.dll", "id": "region_2272", "name": "user32.dll", "norm_filename": "c:\\windows\\system32\\user32.dll", "region_type": "memory_mapped_file", "start_va": 140729606930432, "timestamp": "00:00:47.425", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 356352, "start_va": 140729608503296, "type": "region", "version": 1 }, "end_va": 140729608859647, "entry_point": 140729608512768, "filename": "\\Windows\\System32\\sechost.dll", "id": "region_2273", "name": "sechost.dll", "norm_filename": "c:\\windows\\system32\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 140729608503296, "timestamp": "00:00:47.426", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 675840, "start_va": 140729608896512, "type": "region", "version": 1 }, "end_va": 140729609572351, "entry_point": 140729608900624, "filename": "\\Windows\\System32\\advapi32.dll", "id": "region_2274", "name": "advapi32.dll", "norm_filename": "c:\\windows\\system32\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 140729608896512, "timestamp": "00:00:47.426", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 749568, "start_va": 140729610928128, "type": "region", "version": 1 }, "end_va": 140729611677695, "entry_point": 140729610932512, "filename": "\\Windows\\System32\\oleaut32.dll", "id": "region_2275", "name": "oleaut32.dll", "norm_filename": "c:\\windows\\system32\\oleaut32.dll", "region_type": "memory_mapped_file", "start_va": 140729610928128, "timestamp": "00:00:47.427", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 684032, "start_va": 140729612173312, "type": "region", "version": 1 }, "end_va": 140729612857343, "entry_point": 140729612183596, "filename": "\\Windows\\System32\\msvcrt.dll", "id": "region_2276", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\system32\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 140729612173312, "timestamp": "00:00:47.427", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1331200, "start_va": 140729612894208, "type": "region", "version": 1 }, "end_va": 140729614225407, "entry_point": 140729612967000, "filename": "\\Windows\\System32\\gdi32.dll", "id": "region_2277", "name": "gdi32.dll", "norm_filename": "c:\\windows\\system32\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 140729612894208, "timestamp": "00:00:47.428", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 21032960, "start_va": 140729614270464, "type": "region", "version": 1 }, "end_va": 140729635303423, "entry_point": 140729614274816, "filename": "\\Windows\\System32\\shell32.dll", "id": "region_2278", "name": "shell32.dll", "norm_filename": "c:\\windows\\system32\\shell32.dll", "region_type": "memory_mapped_file", "start_va": 140729614270464, "timestamp": "00:00:47.429", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1929216, "start_va": 140729635831808, "type": "region", "version": 1 }, "end_va": 140729637761023, "entry_point": 140729635839840, "filename": "\\Windows\\System32\\combase.dll", "id": "region_2279", "name": "combase.dll", "norm_filename": "c:\\windows\\system32\\combase.dll", "region_type": "memory_mapped_file", "start_va": 140729635831808, "timestamp": "00:00:47.429", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 212992, "start_va": 140729638518784, "type": "region", "version": 1 }, "end_va": 140729638731775, "entry_point": 140729638522928, "filename": "\\Windows\\System32\\imm32.dll", "id": "region_2280", "name": "imm32.dll", "norm_filename": "c:\\windows\\system32\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 140729638518784, "timestamp": "00:00:47.430", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1531904, "start_va": 140729638780928, "type": "region", "version": 1 }, "end_va": 140729640312831, "entry_point": 140729638785204, "filename": "\\Windows\\System32\\ole32.dll", "id": "region_2281", "name": "ole32.dll", "norm_filename": "c:\\windows\\system32\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 140729638780928, "timestamp": "00:00:47.430", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1277952, "start_va": 140729640353792, "type": "region", "version": 1 }, "end_va": 140729641631743, "entry_point": 140729640357904, "filename": "\\Windows\\System32\\msctf.dll", "id": "region_2282", "name": "msctf.dll", "norm_filename": "c:\\windows\\system32\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 140729640353792, "timestamp": "00:00:47.431", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 360448, "start_va": 140729641664512, "type": "region", "version": 1 }, "end_va": 140729642024959, "entry_point": 140729641668764, "filename": "\\Windows\\System32\\ws2_32.dll", "id": "region_2283", "name": "ws2_32.dll", "norm_filename": "c:\\windows\\system32\\ws2_32.dll", "region_type": "memory_mapped_file", "start_va": 140729641664512, "timestamp": "00:00:47.431", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 630784, "start_va": 140729644023808, "type": "region", "version": 1 }, "end_va": 140729644654591, "entry_point": 140729644028324, "filename": "\\Windows\\System32\\comdlg32.dll", "id": "region_2284", "name": "comdlg32.dll", "norm_filename": "c:\\windows\\system32\\comdlg32.dll", "region_type": "memory_mapped_file", "start_va": 140729644023808, "timestamp": "00:00:47.432", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1269760, "start_va": 140729644679168, "type": "region", "version": 1 }, "end_va": 140729645948927, "entry_point": 140729644683600, "filename": "\\Windows\\System32\\rpcrt4.dll", "id": "region_2285", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\system32\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 140729644679168, "timestamp": "00:00:47.432", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 28672, "start_va": 140729647759360, "type": "region", "version": 1 }, "end_va": 140729647788031, "entry_point": 140729647763472, "filename": "\\Windows\\System32\\psapi.dll", "id": "region_2286", "name": "psapi.dll", "norm_filename": "c:\\windows\\system32\\psapi.dll", "region_type": "memory_mapped_file", "start_va": 140729647759360, "timestamp": "00:00:47.432", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 36864, "start_va": 140729647824896, "type": "region", "version": 1 }, "end_va": 140729647861759, "entry_point": 140729647830016, "filename": "\\Windows\\System32\\nsi.dll", "id": "region_2287", "name": "nsi.dll", "norm_filename": "c:\\windows\\system32\\nsi.dll", "region_type": "memory_mapped_file", "start_va": 140729647824896, "timestamp": "00:00:47.433", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 331776, "start_va": 140729647890432, "type": "region", "version": 1 }, "end_va": 140729648222207, "entry_point": 140729647895232, "filename": "\\Windows\\System32\\shlwapi.dll", "id": "region_2288", "name": "shlwapi.dll", "norm_filename": "c:\\windows\\system32\\shlwapi.dll", "region_type": "memory_mapped_file", "start_va": 140729647890432, "timestamp": "00:00:47.433", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 72811479040, "type": "region", "version": 1 }, "end_va": 72811487231, "entry_point": 0, "filename": null, "id": "region_2289", "name": "pagefile_0x00000010f3e70000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 72811479040, "timestamp": "00:00:47.461", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 72837562368, "type": "region", "version": 1 }, "end_va": 72837627903, "entry_point": 0, "filename": null, "id": "region_2290", "name": "private_0x00000010f5750000", "norm_filename": null, "region_type": "private_memory", "start_va": 72837562368, "timestamp": "00:00:47.461", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 761856, "start_va": 72836448256, "type": "region", "version": 1 }, "end_va": 72837210111, "entry_point": 72836630376, "filename": "\\Windows\\System32\\rpcss.dll", "id": "region_2291", "name": "rpcss.dll", "norm_filename": "c:\\windows\\system32\\rpcss.dll", "region_type": "memory_mapped_file", "start_va": 72836448256, "timestamp": "00:00:47.468", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 140729583599616, "type": "region", "version": 1 }, "end_va": 140729583640575, "entry_point": 140729583605576, "filename": "\\Windows\\System32\\kernel.appcore.dll", "id": "region_2292", "name": "kernel.appcore.dll", "norm_filename": "c:\\windows\\system32\\kernel.appcore.dll", "region_type": "memory_mapped_file", "start_va": 140729583599616, "timestamp": "00:00:47.470", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 140729601490944, "type": "region", "version": 1 }, "end_va": 140729601531903, "entry_point": 140729601495056, "filename": "\\Windows\\System32\\cryptbase.dll", "id": "region_2293", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\system32\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 140729601490944, "timestamp": "00:00:47.471", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 385024, "start_va": 140729599590400, "type": "region", "version": 1 }, "end_va": 140729599975423, "entry_point": 140729599719072, "filename": "\\Windows\\System32\\bcryptprimitives.dll", "id": "region_2294", "name": "bcryptprimitives.dll", "norm_filename": "c:\\windows\\system32\\bcryptprimitives.dll", "region_type": "memory_mapped_file", "start_va": 140729599590400, "timestamp": "00:00:47.472", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 72807219200, "type": "region", "version": 1 }, "end_va": 72807223295, "entry_point": 0, "filename": null, "id": "region_2295", "name": "pagefile_0x00000010f3a60000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 72807219200, "timestamp": "00:00:47.485", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 983040, "start_va": 72836448256, "type": "region", "version": 1 }, "end_va": 72837431295, "entry_point": 0, "filename": null, "id": "region_2296", "name": "pagefile_0x00000010f5640000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 72836448256, "timestamp": "00:00:47.485", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 72807219200, "type": "region", "version": 1 }, "end_va": 72807235583, "entry_point": 0, "filename": null, "id": "region_2297", "name": "pagefile_0x00000010f3a60000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 72807219200, "timestamp": "00:00:47.485", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 28672, "start_va": 72811544576, "type": "region", "version": 1 }, "end_va": 72811573247, "entry_point": 0, "filename": null, "id": "region_2298", "name": "private_0x00000010f3e80000", "norm_filename": null, "region_type": "private_memory", "start_va": 72811544576, "timestamp": "00:00:47.486", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 72837627904, "type": "region", "version": 1 }, "end_va": 72838676479, "entry_point": 0, "filename": null, "id": "region_2299", "name": "private_0x00000010f5760000", "norm_filename": null, "region_type": "private_memory", "start_va": 72837627904, "timestamp": "00:00:47.495", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1052672, "start_va": 72838676480, "type": "region", "version": 1 }, "end_va": 72839729151, "entry_point": 0, "filename": null, "id": "region_2300", "name": "pagefile_0x00000010f5860000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 72838676480, "timestamp": "00:00:47.506", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 72811610112, "type": "region", "version": 1 }, "end_va": 72811614207, "entry_point": 0, "filename": null, "id": "region_2301", "name": "private_0x00000010f3e90000", "norm_filename": null, "region_type": "private_memory", "start_va": 72811610112, "timestamp": "00:00:47.551", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 135168, "start_va": 140729575276544, "type": "region", "version": 1 }, "end_va": 140729575411711, "entry_point": 140729575280896, "filename": "\\Windows\\System32\\dwmapi.dll", "id": "region_2302", "name": "dwmapi.dll", "norm_filename": "c:\\windows\\system32\\dwmapi.dll", "region_type": "memory_mapped_file", "start_va": 140729575276544, "timestamp": "00:00:47.551", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2969600, "start_va": 72838676480, "type": "region", "version": 1 }, "end_va": 72841646079, "entry_point": 72838676480, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_2303", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 72838676480, "timestamp": "00:00:47.554", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 72811675648, "type": "region", "version": 1 }, "end_va": 72811679743, "entry_point": 0, "filename": null, "id": "region_2304", "name": "pagefile_0x00000010f3ea0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 72811675648, "timestamp": "00:00:47.562", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 72811741184, "type": "region", "version": 1 }, "end_va": 72811745279, "entry_point": 0, "filename": null, "id": "region_2305", "name": "private_0x00000010f3eb0000", "norm_filename": null, "region_type": "private_memory", "start_va": 72811741184, "timestamp": "00:00:48.605", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 5185536, "start_va": 72841691136, "type": "region", "version": 1 }, "end_va": 72846876671, "entry_point": 0, "filename": null, "id": "region_2306", "name": "pagefile_0x00000010f5b40000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 72841691136, "timestamp": "00:00:48.613", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 15138816, "start_va": 72846934016, "type": "region", "version": 1 }, "end_va": 72862072831, "entry_point": 72846934016, "filename": "\\Windows\\Fonts\\StaticCache.dat", "id": "region_2307", "name": "staticcache.dat", "norm_filename": "c:\\windows\\fonts\\staticcache.dat", "region_type": "memory_mapped_file", "start_va": 72846934016, "timestamp": "00:00:48.614", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 86016, "start_va": 140729541525504, "type": "region", "version": 1 }, "end_va": 140729541611519, "entry_point": 140729541529664, "filename": "\\Windows\\System32\\netapi32.dll", "id": "region_2308", "name": "netapi32.dll", "norm_filename": "c:\\windows\\system32\\netapi32.dll", "region_type": "memory_mapped_file", "start_va": 140729541525504, "timestamp": "00:00:48.624", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 140729593954304, "type": "region", "version": 1 }, "end_va": 140729594003455, "entry_point": 140729593959516, "filename": "\\Windows\\System32\\netutils.dll", "id": "region_2309", "name": "netutils.dll", "norm_filename": "c:\\windows\\system32\\netutils.dll", "region_type": "memory_mapped_file", "start_va": 140729593954304, "timestamp": "00:00:48.625", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 151552, "start_va": 140729599000576, "type": "region", "version": 1 }, "end_va": 140729599152127, "entry_point": 140729599004788, "filename": "\\Windows\\System32\\srvcli.dll", "id": "region_2310", "name": "srvcli.dll", "norm_filename": "c:\\windows\\system32\\srvcli.dll", "region_type": "memory_mapped_file", "start_va": 140729599000576, "timestamp": "00:00:48.626", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 90112, "start_va": 140729541263360, "type": "region", "version": 1 }, "end_va": 140729541353471, "entry_point": 140729541267528, "filename": "\\Windows\\System32\\wkscli.dll", "id": "region_2311", "name": "wkscli.dll", "norm_filename": "c:\\windows\\system32\\wkscli.dll", "region_type": "memory_mapped_file", "start_va": 140729541263360, "timestamp": "00:00:48.627", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 72811806720, "type": "region", "version": 1 }, "end_va": 72811810815, "entry_point": 0, "filename": null, "id": "region_2328", "name": "pagefile_0x00000010f3ec0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 72811806720, "timestamp": "00:00:48.702", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 2195456, "start_va": 72862072832, "type": "region", "version": 1 }, "end_va": 72864268287, "entry_point": 0, "filename": null, "id": "region_2329", "name": "pagefile_0x00000010f6eb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 72862072832, "timestamp": "00:00:48.703", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 48848896, "start_va": 72864301056, "type": "region", "version": 1 }, "end_va": 72913149951, "entry_point": 72864301056, "filename": "\\Windows\\System32\\imageres.dll", "id": "region_2330", "name": "imageres.dll", "norm_filename": "c:\\windows\\system32\\imageres.dll", "region_type": "memory_mapped_file", "start_va": 72864301056, "timestamp": "00:00:48.999", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 12288, "start_va": 72811806720, "type": "region", "version": 1 }, "end_va": 72811819007, "entry_point": 0, "filename": null, "id": "region_2331", "name": "pagefile_0x00000010f3ec0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 72811806720, "timestamp": "00:00:49.391", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 72811872256, "type": "region", "version": 1 }, "end_va": 72811876351, "entry_point": 0, "filename": null, "id": "region_2332", "name": "pagefile_0x00000010f3ed0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 72811872256, "timestamp": "00:00:49.391", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4169728, "start_va": 72913190912, "type": "region", "version": 1 }, "end_va": 72917360639, "entry_point": 0, "filename": null, "id": "region_2333", "name": "pagefile_0x00000010f9f70000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 72913190912, "timestamp": "00:00:49.392", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 278528, "start_va": 72917385216, "type": "region", "version": 1 }, "end_va": 72917663743, "entry_point": 0, "filename": null, "id": "region_2334", "name": "pagefile_0x00000010fa370000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 72917385216, "timestamp": "00:00:49.392", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 122880, "start_va": 140729594019840, "type": "region", "version": 1 }, "end_va": 140729594142719, "entry_point": 140729594024392, "filename": "\\Windows\\System32\\cryptsp.dll", "id": "region_2335", "name": "cryptsp.dll", "norm_filename": "c:\\windows\\system32\\cryptsp.dll", "region_type": "memory_mapped_file", "start_va": 140729594019840, "timestamp": "00:00:49.403", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 217088, "start_va": 140729589760000, "type": "region", "version": 1 }, "end_va": 140729589977087, "entry_point": 140729589765080, "filename": "\\Windows\\System32\\rsaenh.dll", "id": "region_2336", "name": "rsaenh.dll", "norm_filename": "c:\\windows\\system32\\rsaenh.dll", "region_type": "memory_mapped_file", "start_va": 140729589760000, "timestamp": "00:00:49.405", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 155648, "start_va": 140729596313600, "type": "region", "version": 1 }, "end_va": 140729596469247, "entry_point": 140729596337000, "filename": "\\Windows\\System32\\bcrypt.dll", "id": "region_2337", "name": "bcrypt.dll", "norm_filename": "c:\\windows\\system32\\bcrypt.dll", "region_type": "memory_mapped_file", "start_va": 140729596313600, "timestamp": "00:00:49.406", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 151552, "start_va": 72811937792, "type": "region", "version": 1 }, "end_va": 72812089343, "entry_point": 0, "filename": null, "id": "region_2350", "name": "pagefile_0x00000010f3ee0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 72811937792, "timestamp": "00:00:49.842", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "C:\\Users\\5JGHKO~1\\Desktop\\WANACR~1.EXE", "filename": "c:\\users\\5jghko~1\\desktop\\wanacr~1.exe", "id": "proc_28", "image_name": "wanacr~1.exe", "monitor_reason": "child_process", "monitored_id": 28, "origin_monitor_id": 27, "ref_parent_process": { "ref_id": "proc_27", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable" ], "ref_process_dump": null, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_2338", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:00:49.795", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 131072, "start_va": 924202565632, "type": "region", "version": 1 }, "end_va": 924202696703, "entry_point": 0, "filename": null, "id": "region_2339", "name": "private_0x000000d72ec40000", "norm_filename": null, "region_type": "private_memory", "start_va": 924202565632, "timestamp": "00:00:49.795", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 61440, "start_va": 924202696704, "type": "region", "version": 1 }, "end_va": 924202758143, "entry_point": 0, "filename": null, "id": "region_2340", "name": "pagefile_0x000000d72ec60000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 924202696704, "timestamp": "00:00:49.795", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4194304, "start_va": 924202762240, "type": "region", "version": 1 }, "end_va": 924206956543, "entry_point": 0, "filename": null, "id": "region_2341", "name": "private_0x000000d72ec70000", "norm_filename": null, "region_type": "private_memory", "start_va": 924202762240, "timestamp": "00:00:49.795", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 924206956544, "type": "region", "version": 1 }, "end_va": 924206972927, "entry_point": 0, "filename": null, "id": "region_2342", "name": "pagefile_0x000000d72f070000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 924206956544, "timestamp": "00:00:49.795", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 924207022080, "type": "region", "version": 1 }, "end_va": 924207030271, "entry_point": 0, "filename": null, "id": "region_2343", "name": "pagefile_0x000000d72f080000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 924207022080, "timestamp": "00:00:49.795", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 924207087616, "type": "region", "version": 1 }, "end_va": 924207095807, "entry_point": 0, "filename": null, "id": "region_2344", "name": "private_0x000000d72f090000", "norm_filename": null, "region_type": "private_memory", "start_va": 924207087616, "timestamp": "00:00:49.795", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 140700286976000, "type": "region", "version": 1 }, "end_va": 140700287119359, "entry_point": 0, "filename": null, "id": "region_2345", "name": "pagefile_0x00007ff756a00000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 140700286976000, "timestamp": "00:00:49.795", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 140700287123456, "type": "region", "version": 1 }, "end_va": 140700287127551, "entry_point": 0, "filename": null, "id": "region_2346", "name": "private_0x00007ff756a24000", "norm_filename": null, "region_type": "private_memory", "start_va": 140700287123456, "timestamp": "00:00:49.795", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140700287164416, "type": "region", "version": 1 }, "end_va": 140700287172607, "entry_point": 0, "filename": null, "id": "region_2347", "name": "private_0x00007ff756a2e000", "norm_filename": null, "region_type": "private_memory", "start_va": 140700287164416, "timestamp": "00:00:49.795", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1085440, "start_va": 140700288352256, "type": "region", "version": 1 }, "end_va": 140700289437695, "entry_point": 140700288547356, "filename": "\\Users\\5JgHKoaOfdp\\Desktop\\wanacry6.malware.exe", "id": "region_2348", "name": "wanacry6.malware.exe", "norm_filename": "c:\\users\\5jghkoaofdp\\desktop\\wanacry6.malware.exe", "region_type": "memory_mapped_file", "start_va": 140700288352256, "timestamp": "00:00:49.795", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 140729648283648, "type": "region", "version": 1 }, "end_va": 140729650024447, "entry_point": 140729648283648, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_2349", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 140729648283648, "timestamp": "00:00:49.797", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4194304, "start_va": 924208463872, "type": "region", "version": 1 }, "end_va": 924212658175, "entry_point": 0, "filename": null, "id": "region_2351", "name": "private_0x000000d72f1e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 924208463872, "timestamp": "00:00:49.885", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1105920, "start_va": 140729603522560, "type": "region", "version": 1 }, "end_va": 140729604628479, "entry_point": 140729603531424, "filename": "\\Windows\\System32\\KernelBase.dll", "id": "region_2352", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\system32\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 140729603522560, "timestamp": "00:00:49.886", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1282048, "start_va": 140729609617408, "type": "region", "version": 1 }, "end_va": 140729610899455, "entry_point": 140729609637940, "filename": "\\Windows\\System32\\kernel32.dll", "id": "region_2353", "name": "kernel32.dll", "norm_filename": "c:\\windows\\system32\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 140729609617408, "timestamp": "00:00:49.886", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 924202565632, "type": "region", "version": 1 }, "end_va": 924202631167, "entry_point": 0, "filename": null, "id": "region_2354", "name": "pagefile_0x000000d72ec40000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 924202565632, "timestamp": "00:00:49.937", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 28672, "start_va": 924202631168, "type": "region", "version": 1 }, "end_va": 924202659839, "entry_point": 0, "filename": null, "id": "region_2355", "name": "private_0x000000d72ec50000", "norm_filename": null, "region_type": "private_memory", "start_va": 924202631168, "timestamp": "00:00:49.937", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 516096, "start_va": 924207153152, "type": "region", "version": 1 }, "end_va": 924207669247, "entry_point": 924207153152, "filename": "\\Windows\\System32\\locale.nls", "id": "region_2356", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 924207153152, "timestamp": "00:00:49.937", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 28672, "start_va": 924207677440, "type": "region", "version": 1 }, "end_va": 924207706111, "entry_point": 0, "filename": null, "id": "region_2357", "name": "private_0x000000d72f120000", "norm_filename": null, "region_type": "private_memory", "start_va": 924207677440, "timestamp": "00:00:49.938", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 924207742976, "type": "region", "version": 1 }, "end_va": 924207747071, "entry_point": 0, "filename": null, "id": "region_2358", "name": "private_0x000000d72f130000", "norm_filename": null, "region_type": "private_memory", "start_va": 924207742976, "timestamp": "00:00:49.938", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 924207808512, "type": "region", "version": 1 }, "end_va": 924207812607, "entry_point": 0, "filename": null, "id": "region_2359", "name": "private_0x000000d72f140000", "norm_filename": null, "region_type": "private_memory", "start_va": 924207808512, "timestamp": "00:00:49.938", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 924213641216, "type": "region", "version": 1 }, "end_va": 924213706751, "entry_point": 0, "filename": null, "id": "region_2360", "name": "private_0x000000d72f6d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 924213641216, "timestamp": "00:00:49.938", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 924213706752, "type": "region", "version": 1 }, "end_va": 924215312383, "entry_point": 0, "filename": null, "id": "region_2361", "name": "pagefile_0x000000d72f6e0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 924213706752, "timestamp": "00:00:49.938", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 924215345152, "type": "region", "version": 1 }, "end_va": 924216922111, "entry_point": 0, "filename": null, "id": "region_2362", "name": "pagefile_0x000000d72f870000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 924215345152, "timestamp": "00:00:49.938", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20971520, "start_va": 924216983552, "type": "region", "version": 1 }, "end_va": 924237955071, "entry_point": 0, "filename": null, "id": "region_2363", "name": "pagefile_0x000000d72fa00000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 924216983552, "timestamp": "00:00:49.939", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 140700285927424, "type": "region", "version": 1 }, "end_va": 140700286975999, "entry_point": 0, "filename": null, "id": "region_2364", "name": "pagefile_0x00007ff756900000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 140700285927424, "timestamp": "00:00:49.939", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 140729467273216, "type": "region", "version": 1 }, "end_va": 140729467314175, "entry_point": 140729467277504, "filename": "\\Windows\\System32\\version.dll", "id": "region_2365", "name": "version.dll", "norm_filename": "c:\\windows\\system32\\version.dll", "region_type": "memory_mapped_file", "start_va": 140729467273216, "timestamp": "00:00:49.939", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 172032, "start_va": 140729480118272, "type": "region", "version": 1 }, "end_va": 140729480290303, "entry_point": 140729480161128, "filename": "\\Windows\\System32\\winmmbase.dll", "id": "region_2366", "name": "winmmbase.dll", "norm_filename": "c:\\windows\\system32\\winmmbase.dll", "region_type": "memory_mapped_file", "start_va": 140729480118272, "timestamp": "00:00:49.940", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 126976, "start_va": 140729480314880, "type": "region", "version": 1 }, "end_va": 140729480441855, "entry_point": 140729480324088, "filename": "\\Windows\\System32\\winmm.dll", "id": "region_2367", "name": "winmm.dll", "norm_filename": "c:\\windows\\system32\\winmm.dll", "region_type": "memory_mapped_file", "start_va": 140729480314880, "timestamp": "00:00:49.940", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 110592, "start_va": 140729514524672, "type": "region", "version": 1 }, "end_va": 140729514635263, "entry_point": 140729514528848, "filename": "\\Windows\\System32\\mpr.dll", "id": "region_2368", "name": "mpr.dll", "norm_filename": "c:\\windows\\system32\\mpr.dll", "region_type": "memory_mapped_file", "start_va": 140729514524672, "timestamp": "00:00:49.941", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2785280, "start_va": 140729514655744, "type": "region", "version": 1 }, "end_va": 140729517441023, "entry_point": 140729514712516, "filename": "\\Windows\\System32\\iertutil.dll", "id": "region_2369", "name": "iertutil.dll", "norm_filename": "c:\\windows\\system32\\iertutil.dll", "region_type": "memory_mapped_file", "start_va": 140729514655744, "timestamp": "00:00:49.941", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2359296, "start_va": 140729517473792, "type": "region", "version": 1 }, "end_va": 140729519833087, "entry_point": 140729517478896, "filename": "\\Windows\\System32\\wininet.dll", "id": "region_2370", "name": "wininet.dll", "norm_filename": "c:\\windows\\system32\\wininet.dll", "region_type": "memory_mapped_file", "start_va": 140729517473792, "timestamp": "00:00:49.942", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 140729531891712, "type": "region", "version": 1 }, "end_va": 140729531932671, "entry_point": 140729531896004, "filename": "\\Windows\\System32\\winnsi.dll", "id": "region_2371", "name": "winnsi.dll", "norm_filename": "c:\\windows\\system32\\winnsi.dll", "region_type": "memory_mapped_file", "start_va": 140729531891712, "timestamp": "00:00:49.942", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 36864, "start_va": 140729532350464, "type": "region", "version": 1 }, "end_va": 140729532387327, "entry_point": 140729532354688, "filename": "\\Windows\\System32\\wsock32.dll", "id": "region_2372", "name": "wsock32.dll", "norm_filename": "c:\\windows\\system32\\wsock32.dll", "region_type": "memory_mapped_file", "start_va": 140729532350464, "timestamp": "00:00:49.942", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 167936, "start_va": 140729534971904, "type": "region", "version": 1 }, "end_va": 140729535139839, "entry_point": 140729535002984, "filename": "\\Windows\\System32\\IPHLPAPI.DLL", "id": "region_2373", "name": "iphlpapi.dll", "norm_filename": "c:\\windows\\system32\\iphlpapi.dll", "region_type": "memory_mapped_file", "start_va": 140729534971904, "timestamp": "00:00:49.943", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2465792, "start_va": 140729570230272, "type": "region", "version": 1 }, "end_va": 140729572696063, "entry_point": 140729570248512, "filename": "\\Windows\\WinSxS\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_62475f7becb72503\\comctl32.dll", "id": "region_2374", "name": "comctl32.dll", "norm_filename": "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_62475f7becb72503\\comctl32.dll", "region_type": "memory_mapped_file", "start_va": 140729570230272, "timestamp": "00:00:49.943", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 659456, "start_va": 140729577242624, "type": "region", "version": 1 }, "end_va": 140729577902079, "entry_point": 140729577246880, "filename": "\\Windows\\System32\\SHCore.dll", "id": "region_2375", "name": "shcore.dll", "norm_filename": "c:\\windows\\system32\\shcore.dll", "region_type": "memory_mapped_file", "start_va": 140729577242624, "timestamp": "00:00:49.944", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1187840, "start_va": 140729581699072, "type": "region", "version": 1 }, "end_va": 140729582886911, "entry_point": 140729581745220, "filename": "\\Windows\\System32\\uxtheme.dll", "id": "region_2376", "name": "uxtheme.dll", "norm_filename": "c:\\windows\\system32\\uxtheme.dll", "region_type": "memory_mapped_file", "start_va": 140729581699072, "timestamp": "00:00:49.945", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 155648, "start_va": 140729583271936, "type": "region", "version": 1 }, "end_va": 140729583427583, "entry_point": 140729583277468, "filename": "\\Windows\\System32\\devobj.dll", "id": "region_2377", "name": "devobj.dll", "norm_filename": "c:\\windows\\system32\\devobj.dll", "region_type": "memory_mapped_file", "start_va": 140729583271936, "timestamp": "00:00:49.945", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 126976, "start_va": 140729590874112, "type": "region", "version": 1 }, "end_va": 140729591001087, "entry_point": 140729590878960, "filename": "\\Windows\\System32\\userenv.dll", "id": "region_2378", "name": "userenv.dll", "norm_filename": "c:\\windows\\system32\\userenv.dll", "region_type": "memory_mapped_file", "start_va": 140729590874112, "timestamp": "00:00:49.946", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 81920, "start_va": 140729601622016, "type": "region", "version": 1 }, "end_va": 140729601703935, "entry_point": 140729601637068, "filename": "\\Windows\\System32\\profapi.dll", "id": "region_2379", "name": "profapi.dll", "norm_filename": "c:\\windows\\system32\\profapi.dll", "region_type": "memory_mapped_file", "start_va": 140729601622016, "timestamp": "00:00:49.946", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 303104, "start_va": 140729606602752, "type": "region", "version": 1 }, "end_va": 140729606905855, "entry_point": 140729606607448, "filename": "\\Windows\\System32\\cfgmgr32.dll", "id": "region_2380", "name": "cfgmgr32.dll", "norm_filename": "c:\\windows\\system32\\cfgmgr32.dll", "region_type": "memory_mapped_file", "start_va": 140729606602752, "timestamp": "00:00:49.948", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1511424, "start_va": 140729606930432, "type": "region", "version": 1 }, "end_va": 140729608441855, "entry_point": 140729607084736, "filename": "\\Windows\\System32\\user32.dll", "id": "region_2381", "name": "user32.dll", "norm_filename": "c:\\windows\\system32\\user32.dll", "region_type": "memory_mapped_file", "start_va": 140729606930432, "timestamp": "00:00:49.949", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 356352, "start_va": 140729608503296, "type": "region", "version": 1 }, "end_va": 140729608859647, "entry_point": 140729608512768, "filename": "\\Windows\\System32\\sechost.dll", "id": "region_2382", "name": "sechost.dll", "norm_filename": "c:\\windows\\system32\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 140729608503296, "timestamp": "00:00:49.949", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 675840, "start_va": 140729608896512, "type": "region", "version": 1 }, "end_va": 140729609572351, "entry_point": 140729608900624, "filename": "\\Windows\\System32\\advapi32.dll", "id": "region_2383", "name": "advapi32.dll", "norm_filename": "c:\\windows\\system32\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 140729608896512, "timestamp": "00:00:49.950", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 749568, "start_va": 140729610928128, "type": "region", "version": 1 }, "end_va": 140729611677695, "entry_point": 140729610932512, "filename": "\\Windows\\System32\\oleaut32.dll", "id": "region_2384", "name": "oleaut32.dll", "norm_filename": "c:\\windows\\system32\\oleaut32.dll", "region_type": "memory_mapped_file", "start_va": 140729610928128, "timestamp": "00:00:49.950", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 684032, "start_va": 140729612173312, "type": "region", "version": 1 }, "end_va": 140729612857343, "entry_point": 140729612183596, "filename": "\\Windows\\System32\\msvcrt.dll", "id": "region_2385", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\system32\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 140729612173312, "timestamp": "00:00:49.951", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1331200, "start_va": 140729612894208, "type": "region", "version": 1 }, "end_va": 140729614225407, "entry_point": 140729612967000, "filename": "\\Windows\\System32\\gdi32.dll", "id": "region_2386", "name": "gdi32.dll", "norm_filename": "c:\\windows\\system32\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 140729612894208, "timestamp": "00:00:49.951", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 21032960, "start_va": 140729614270464, "type": "region", "version": 1 }, "end_va": 140729635303423, "entry_point": 140729614274816, "filename": "\\Windows\\System32\\shell32.dll", "id": "region_2387", "name": "shell32.dll", "norm_filename": "c:\\windows\\system32\\shell32.dll", "region_type": "memory_mapped_file", "start_va": 140729614270464, "timestamp": "00:00:49.952", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1929216, "start_va": 140729635831808, "type": "region", "version": 1 }, "end_va": 140729637761023, "entry_point": 140729635839840, "filename": "\\Windows\\System32\\combase.dll", "id": "region_2388", "name": "combase.dll", "norm_filename": "c:\\windows\\system32\\combase.dll", "region_type": "memory_mapped_file", "start_va": 140729635831808, "timestamp": "00:00:49.953", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 212992, "start_va": 140729638518784, "type": "region", "version": 1 }, "end_va": 140729638731775, "entry_point": 140729638522928, "filename": "\\Windows\\System32\\imm32.dll", "id": "region_2389", "name": "imm32.dll", "norm_filename": "c:\\windows\\system32\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 140729638518784, "timestamp": "00:00:49.953", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1531904, "start_va": 140729638780928, "type": "region", "version": 1 }, "end_va": 140729640312831, "entry_point": 140729638785204, "filename": "\\Windows\\System32\\ole32.dll", "id": "region_2390", "name": "ole32.dll", "norm_filename": "c:\\windows\\system32\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 140729638780928, "timestamp": "00:00:49.953", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1277952, "start_va": 140729640353792, "type": "region", "version": 1 }, "end_va": 140729641631743, "entry_point": 140729640357904, "filename": "\\Windows\\System32\\msctf.dll", "id": "region_2391", "name": "msctf.dll", "norm_filename": "c:\\windows\\system32\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 140729640353792, "timestamp": "00:00:49.954", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 360448, "start_va": 140729641664512, "type": "region", "version": 1 }, "end_va": 140729642024959, "entry_point": 140729641668764, "filename": "\\Windows\\System32\\ws2_32.dll", "id": "region_2392", "name": "ws2_32.dll", "norm_filename": "c:\\windows\\system32\\ws2_32.dll", "region_type": "memory_mapped_file", "start_va": 140729641664512, "timestamp": "00:00:49.954", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 630784, "start_va": 140729644023808, "type": "region", "version": 1 }, "end_va": 140729644654591, "entry_point": 140729644028324, "filename": "\\Windows\\System32\\comdlg32.dll", "id": "region_2393", "name": "comdlg32.dll", "norm_filename": "c:\\windows\\system32\\comdlg32.dll", "region_type": "memory_mapped_file", "start_va": 140729644023808, "timestamp": "00:00:49.955", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1269760, "start_va": 140729644679168, "type": "region", "version": 1 }, "end_va": 140729645948927, "entry_point": 140729644683600, "filename": "\\Windows\\System32\\rpcrt4.dll", "id": "region_2394", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\system32\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 140729644679168, "timestamp": "00:00:49.956", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 28672, "start_va": 140729647759360, "type": "region", "version": 1 }, "end_va": 140729647788031, "entry_point": 140729647763472, "filename": "\\Windows\\System32\\psapi.dll", "id": "region_2395", "name": "psapi.dll", "norm_filename": "c:\\windows\\system32\\psapi.dll", "region_type": "memory_mapped_file", "start_va": 140729647759360, "timestamp": "00:00:49.956", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 36864, "start_va": 140729647824896, "type": "region", "version": 1 }, "end_va": 140729647861759, "entry_point": 140729647830016, "filename": "\\Windows\\System32\\nsi.dll", "id": "region_2396", "name": "nsi.dll", "norm_filename": "c:\\windows\\system32\\nsi.dll", "region_type": "memory_mapped_file", "start_va": 140729647824896, "timestamp": "00:00:49.957", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 331776, "start_va": 140729647890432, "type": "region", "version": 1 }, "end_va": 140729648222207, "entry_point": 140729647895232, "filename": "\\Windows\\System32\\shlwapi.dll", "id": "region_2397", "name": "shlwapi.dll", "norm_filename": "c:\\windows\\system32\\shlwapi.dll", "region_type": "memory_mapped_file", "start_va": 140729647890432, "timestamp": "00:00:49.957", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 924207939584, "type": "region", "version": 1 }, "end_va": 924207947775, "entry_point": 0, "filename": null, "id": "region_2398", "name": "pagefile_0x000000d72f160000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 924207939584, "timestamp": "00:00:49.976", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 924208201728, "type": "region", "version": 1 }, "end_va": 924208267263, "entry_point": 0, "filename": null, "id": "region_2399", "name": "private_0x000000d72f1a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 924208201728, "timestamp": "00:00:49.976", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 761856, "start_va": 924212658176, "type": "region", "version": 1 }, "end_va": 924213420031, "entry_point": 924212840296, "filename": "\\Windows\\System32\\rpcss.dll", "id": "region_2400", "name": "rpcss.dll", "norm_filename": "c:\\windows\\system32\\rpcss.dll", "region_type": "memory_mapped_file", "start_va": 924212658176, "timestamp": "00:00:49.983", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 140729583599616, "type": "region", "version": 1 }, "end_va": 140729583640575, "entry_point": 140729583605576, "filename": "\\Windows\\System32\\kernel.appcore.dll", "id": "region_2401", "name": "kernel.appcore.dll", "norm_filename": "c:\\windows\\system32\\kernel.appcore.dll", "region_type": "memory_mapped_file", "start_va": 140729583599616, "timestamp": "00:00:49.984", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 140729601490944, "type": "region", "version": 1 }, "end_va": 140729601531903, "entry_point": 140729601495056, "filename": "\\Windows\\System32\\cryptbase.dll", "id": "region_2402", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\system32\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 140729601490944, "timestamp": "00:00:49.986", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 385024, "start_va": 140729599590400, "type": "region", "version": 1 }, "end_va": 140729599975423, "entry_point": 140729599719072, "filename": "\\Windows\\System32\\bcryptprimitives.dll", "id": "region_2403", "name": "bcryptprimitives.dll", "norm_filename": "c:\\windows\\system32\\bcryptprimitives.dll", "region_type": "memory_mapped_file", "start_va": 140729599590400, "timestamp": "00:00:49.987", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 924207874048, "type": "region", "version": 1 }, "end_va": 924207878143, "entry_point": 0, "filename": null, "id": "region_2404", "name": "pagefile_0x000000d72f150000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 924207874048, "timestamp": "00:00:50.004", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 983040, "start_va": 924212658176, "type": "region", "version": 1 }, "end_va": 924213641215, "entry_point": 0, "filename": null, "id": "region_2405", "name": "pagefile_0x000000d72f5e0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 924212658176, "timestamp": "00:00:50.004", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 924207874048, "type": "region", "version": 1 }, "end_va": 924207890431, "entry_point": 0, "filename": null, "id": "region_2406", "name": "pagefile_0x000000d72f150000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 924207874048, "timestamp": "00:00:50.004", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 28672, "start_va": 924208005120, "type": "region", "version": 1 }, "end_va": 924208033791, "entry_point": 0, "filename": null, "id": "region_2407", "name": "private_0x000000d72f170000", "norm_filename": null, "region_type": "private_memory", "start_va": 924208005120, "timestamp": "00:00:50.005", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 924237955072, "type": "region", "version": 1 }, "end_va": 924239003647, "entry_point": 0, "filename": null, "id": "region_2408", "name": "private_0x000000d730e00000", "norm_filename": null, "region_type": "private_memory", "start_va": 924237955072, "timestamp": "00:00:50.014", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1052672, "start_va": 924239003648, "type": "region", "version": 1 }, "end_va": 924240056319, "entry_point": 0, "filename": null, "id": "region_2409", "name": "pagefile_0x000000d730f00000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 924239003648, "timestamp": "00:00:50.023", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 924208070656, "type": "region", "version": 1 }, "end_va": 924208074751, "entry_point": 0, "filename": null, "id": "region_2410", "name": "private_0x000000d72f180000", "norm_filename": null, "region_type": "private_memory", "start_va": 924208070656, "timestamp": "00:00:50.068", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 135168, "start_va": 140729575276544, "type": "region", "version": 1 }, "end_va": 140729575411711, "entry_point": 140729575280896, "filename": "\\Windows\\System32\\dwmapi.dll", "id": "region_2411", "name": "dwmapi.dll", "norm_filename": "c:\\windows\\system32\\dwmapi.dll", "region_type": "memory_mapped_file", "start_va": 140729575276544, "timestamp": "00:00:50.069", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2969600, "start_va": 924239003648, "type": "region", "version": 1 }, "end_va": 924241973247, "entry_point": 924239003648, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_2412", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 924239003648, "timestamp": "00:00:50.072", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 924208136192, "type": "region", "version": 1 }, "end_va": 924208140287, "entry_point": 0, "filename": null, "id": "region_2413", "name": "pagefile_0x000000d72f190000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 924208136192, "timestamp": "00:00:50.082", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 924208267264, "type": "region", "version": 1 }, "end_va": 924208271359, "entry_point": 0, "filename": null, "id": "region_2414", "name": "private_0x000000d72f1b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 924208267264, "timestamp": "00:00:51.124", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 5185536, "start_va": 924242018304, "type": "region", "version": 1 }, "end_va": 924247203839, "entry_point": 0, "filename": null, "id": "region_2415", "name": "pagefile_0x000000d7311e0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 924242018304, "timestamp": "00:00:51.133", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 15138816, "start_va": 924247261184, "type": "region", "version": 1 }, "end_va": 924262399999, "entry_point": 924247261184, "filename": "\\Windows\\Fonts\\StaticCache.dat", "id": "region_2416", "name": "staticcache.dat", "norm_filename": "c:\\windows\\fonts\\staticcache.dat", "region_type": "memory_mapped_file", "start_va": 924247261184, "timestamp": "00:00:51.133", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 86016, "start_va": 140729541525504, "type": "region", "version": 1 }, "end_va": 140729541611519, "entry_point": 140729541529664, "filename": "\\Windows\\System32\\netapi32.dll", "id": "region_2417", "name": "netapi32.dll", "norm_filename": "c:\\windows\\system32\\netapi32.dll", "region_type": "memory_mapped_file", "start_va": 140729541525504, "timestamp": "00:00:51.142", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 140729593954304, "type": "region", "version": 1 }, "end_va": 140729594003455, "entry_point": 140729593959516, "filename": "\\Windows\\System32\\netutils.dll", "id": "region_2418", "name": "netutils.dll", "norm_filename": "c:\\windows\\system32\\netutils.dll", "region_type": "memory_mapped_file", "start_va": 140729593954304, "timestamp": "00:00:51.143", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 151552, "start_va": 140729599000576, "type": "region", "version": 1 }, "end_va": 140729599152127, "entry_point": 140729599004788, "filename": "\\Windows\\System32\\srvcli.dll", "id": "region_2419", "name": "srvcli.dll", "norm_filename": "c:\\windows\\system32\\srvcli.dll", "region_type": "memory_mapped_file", "start_va": 140729599000576, "timestamp": "00:00:51.144", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 90112, "start_va": 140729541263360, "type": "region", "version": 1 }, "end_va": 140729541353471, "entry_point": 140729541267528, "filename": "\\Windows\\System32\\wkscli.dll", "id": "region_2420", "name": "wkscli.dll", "norm_filename": "c:\\windows\\system32\\wkscli.dll", "region_type": "memory_mapped_file", "start_va": 140729541263360, "timestamp": "00:00:51.145", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 924208332800, "type": "region", "version": 1 }, "end_va": 924208336895, "entry_point": 0, "filename": null, "id": "region_2437", "name": "pagefile_0x000000d72f1c0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 924208332800, "timestamp": "00:00:51.230", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 2195456, "start_va": 924262400000, "type": "region", "version": 1 }, "end_va": 924264595455, "entry_point": 0, "filename": null, "id": "region_2438", "name": "pagefile_0x000000d732550000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 924262400000, "timestamp": "00:00:51.230", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 48848896, "start_va": 924264628224, "type": "region", "version": 1 }, "end_va": 924313477119, "entry_point": 924264628224, "filename": "\\Windows\\System32\\imageres.dll", "id": "region_2439", "name": "imageres.dll", "norm_filename": "c:\\windows\\system32\\imageres.dll", "region_type": "memory_mapped_file", "start_va": 924264628224, "timestamp": "00:00:51.490", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 12288, "start_va": 924208332800, "type": "region", "version": 1 }, "end_va": 924208345087, "entry_point": 0, "filename": null, "id": "region_2440", "name": "pagefile_0x000000d72f1c0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 924208332800, "timestamp": "00:00:51.887", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 924208398336, "type": "region", "version": 1 }, "end_va": 924208402431, "entry_point": 0, "filename": null, "id": "region_2441", "name": "pagefile_0x000000d72f1d0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 924208398336, "timestamp": "00:00:51.887", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4169728, "start_va": 924313518080, "type": "region", "version": 1 }, "end_va": 924317687807, "entry_point": 0, "filename": null, "id": "region_2442", "name": "pagefile_0x000000d735610000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 924313518080, "timestamp": "00:00:51.887", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 278528, "start_va": 924317712384, "type": "region", "version": 1 }, "end_va": 924317990911, "entry_point": 0, "filename": null, "id": "region_2443", "name": "pagefile_0x000000d735a10000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 924317712384, "timestamp": "00:00:51.887", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 122880, "start_va": 140729594019840, "type": "region", "version": 1 }, "end_va": 140729594142719, "entry_point": 140729594024392, "filename": "\\Windows\\System32\\cryptsp.dll", "id": "region_2444", "name": "cryptsp.dll", "norm_filename": "c:\\windows\\system32\\cryptsp.dll", "region_type": "memory_mapped_file", "start_va": 140729594019840, "timestamp": "00:00:51.894", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 217088, "start_va": 140729589760000, "type": "region", "version": 1 }, "end_va": 140729589977087, "entry_point": 140729589765080, "filename": "\\Windows\\System32\\rsaenh.dll", "id": "region_2445", "name": "rsaenh.dll", "norm_filename": "c:\\windows\\system32\\rsaenh.dll", "region_type": "memory_mapped_file", "start_va": 140729589760000, "timestamp": "00:00:51.896", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 155648, "start_va": 140729596313600, "type": "region", "version": 1 }, "end_va": 140729596469247, "entry_point": 140729596337000, "filename": "\\Windows\\System32\\bcrypt.dll", "id": "region_2446", "name": "bcrypt.dll", "norm_filename": "c:\\windows\\system32\\bcrypt.dll", "region_type": "memory_mapped_file", "start_va": 140729596313600, "timestamp": "00:00:51.897", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 151552, "start_va": 924318040064, "type": "region", "version": 1 }, "end_va": 924318191615, "entry_point": 0, "filename": null, "id": "region_2459", "name": "pagefile_0x000000d735a60000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 924318040064, "timestamp": "00:00:52.369", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "C:\\Users\\5JGHKO~1\\Desktop\\WANACR~1.EXE", "filename": "c:\\users\\5jghko~1\\desktop\\wanacr~1.exe", "id": "proc_29", "image_name": "wanacr~1.exe", "monitor_reason": "child_process", "monitored_id": 29, "origin_monitor_id": 28, "ref_parent_process": { "ref_id": "proc_28", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable" ], "ref_process_dump": null, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_2447", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:00:52.309", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 131072, "start_va": 217686802432, "type": "region", "version": 1 }, "end_va": 217686933503, "entry_point": 0, "filename": null, "id": "region_2448", "name": "private_0x00000032af250000", "norm_filename": null, "region_type": "private_memory", "start_va": 217686802432, "timestamp": "00:00:52.309", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 61440, "start_va": 217686933504, "type": "region", "version": 1 }, "end_va": 217686994943, "entry_point": 0, "filename": null, "id": "region_2449", "name": "pagefile_0x00000032af270000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 217686933504, "timestamp": "00:00:52.309", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4194304, "start_va": 217686999040, "type": "region", "version": 1 }, "end_va": 217691193343, "entry_point": 0, "filename": null, "id": "region_2450", "name": "private_0x00000032af280000", "norm_filename": null, "region_type": "private_memory", "start_va": 217686999040, "timestamp": "00:00:52.310", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 217691193344, "type": "region", "version": 1 }, "end_va": 217691209727, "entry_point": 0, "filename": null, "id": "region_2451", "name": "pagefile_0x00000032af680000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 217691193344, "timestamp": "00:00:52.310", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 217691258880, "type": "region", "version": 1 }, "end_va": 217691267071, "entry_point": 0, "filename": null, "id": "region_2452", "name": "pagefile_0x00000032af690000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 217691258880, "timestamp": "00:00:52.310", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 217691324416, "type": "region", "version": 1 }, "end_va": 217691332607, "entry_point": 0, "filename": null, "id": "region_2453", "name": "private_0x00000032af6a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 217691324416, "timestamp": "00:00:52.310", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 140700286386176, "type": "region", "version": 1 }, "end_va": 140700286529535, "entry_point": 0, "filename": null, "id": "region_2454", "name": "pagefile_0x00007ff756970000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 140700286386176, "timestamp": "00:00:52.310", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 140700286562304, "type": "region", "version": 1 }, "end_va": 140700286566399, "entry_point": 0, "filename": null, "id": "region_2455", "name": "private_0x00007ff75699b000", "norm_filename": null, "region_type": "private_memory", "start_va": 140700286562304, "timestamp": "00:00:52.310", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140700286574592, "type": "region", "version": 1 }, "end_va": 140700286582783, "entry_point": 0, "filename": null, "id": "region_2456", "name": "private_0x00007ff75699e000", "norm_filename": null, "region_type": "private_memory", "start_va": 140700286574592, "timestamp": "00:00:52.310", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1085440, "start_va": 140700288352256, "type": "region", "version": 1 }, "end_va": 140700289437695, "entry_point": 140700288547356, "filename": "\\Users\\5JgHKoaOfdp\\Desktop\\wanacry6.malware.exe", "id": "region_2457", "name": "wanacry6.malware.exe", "norm_filename": "c:\\users\\5jghkoaofdp\\desktop\\wanacry6.malware.exe", "region_type": "memory_mapped_file", "start_va": 140700288352256, "timestamp": "00:00:52.310", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 140729648283648, "type": "region", "version": 1 }, "end_va": 140729650024447, "entry_point": 140729648283648, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_2458", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 140729648283648, "timestamp": "00:00:52.311", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4194304, "start_va": 217691455488, "type": "region", "version": 1 }, "end_va": 217695649791, "entry_point": 0, "filename": null, "id": "region_2460", "name": "private_0x00000032af6c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 217691455488, "timestamp": "00:00:52.402", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1105920, "start_va": 140729603522560, "type": "region", "version": 1 }, "end_va": 140729604628479, "entry_point": 140729603531424, "filename": "\\Windows\\System32\\KernelBase.dll", "id": "region_2461", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\system32\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 140729603522560, "timestamp": "00:00:52.402", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1282048, "start_va": 140729609617408, "type": "region", "version": 1 }, "end_va": 140729610899455, "entry_point": 140729609637940, "filename": "\\Windows\\System32\\kernel32.dll", "id": "region_2462", "name": "kernel32.dll", "norm_filename": "c:\\windows\\system32\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 140729609617408, "timestamp": "00:00:52.403", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 217686802432, "type": "region", "version": 1 }, "end_va": 217686867967, "entry_point": 0, "filename": null, "id": "region_2463", "name": "pagefile_0x00000032af250000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 217686802432, "timestamp": "00:00:52.452", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 28672, "start_va": 217686867968, "type": "region", "version": 1 }, "end_va": 217686896639, "entry_point": 0, "filename": null, "id": "region_2464", "name": "private_0x00000032af260000", "norm_filename": null, "region_type": "private_memory", "start_va": 217686867968, "timestamp": "00:00:52.452", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 28672, "start_va": 217691389952, "type": "region", "version": 1 }, "end_va": 217691418623, "entry_point": 0, "filename": null, "id": "region_2465", "name": "private_0x00000032af6b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 217691389952, "timestamp": "00:00:52.452", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 516096, "start_va": 217695649792, "type": "region", "version": 1 }, "end_va": 217696165887, "entry_point": 217695649792, "filename": "\\Windows\\System32\\locale.nls", "id": "region_2466", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 217695649792, "timestamp": "00:00:52.452", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 217696174080, "type": "region", "version": 1 }, "end_va": 217696178175, "entry_point": 0, "filename": null, "id": "region_2467", "name": "private_0x00000032afb40000", "norm_filename": null, "region_type": "private_memory", "start_va": 217696174080, "timestamp": "00:00:52.452", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 217696239616, "type": "region", "version": 1 }, "end_va": 217696243711, "entry_point": 0, "filename": null, "id": "region_2468", "name": "private_0x00000032afb50000", "norm_filename": null, "region_type": "private_memory", "start_va": 217696239616, "timestamp": "00:00:52.452", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 217696305152, "type": "region", "version": 1 }, "end_va": 217696370687, "entry_point": 0, "filename": null, "id": "region_2469", "name": "private_0x00000032afb60000", "norm_filename": null, "region_type": "private_memory", "start_va": 217696305152, "timestamp": "00:00:52.452", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 217696370688, "type": "region", "version": 1 }, "end_va": 217697976319, "entry_point": 0, "filename": null, "id": "region_2470", "name": "pagefile_0x00000032afb70000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 217696370688, "timestamp": "00:00:52.452", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 217698009088, "type": "region", "version": 1 }, "end_va": 217699586047, "entry_point": 0, "filename": null, "id": "region_2471", "name": "pagefile_0x00000032afd00000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 217698009088, "timestamp": "00:00:52.452", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20971520, "start_va": 217699647488, "type": "region", "version": 1 }, "end_va": 217720619007, "entry_point": 0, "filename": null, "id": "region_2472", "name": "pagefile_0x00000032afe90000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 217699647488, "timestamp": "00:00:52.453", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 140700285337600, "type": "region", "version": 1 }, "end_va": 140700286386175, "entry_point": 0, "filename": null, "id": "region_2473", "name": "pagefile_0x00007ff756870000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 140700285337600, "timestamp": "00:00:52.453", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 140729467273216, "type": "region", "version": 1 }, "end_va": 140729467314175, "entry_point": 140729467277504, "filename": "\\Windows\\System32\\version.dll", "id": "region_2474", "name": "version.dll", "norm_filename": "c:\\windows\\system32\\version.dll", "region_type": "memory_mapped_file", "start_va": 140729467273216, "timestamp": "00:00:52.453", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 172032, "start_va": 140729480118272, "type": "region", "version": 1 }, "end_va": 140729480290303, "entry_point": 140729480161128, "filename": "\\Windows\\System32\\winmmbase.dll", "id": "region_2475", "name": "winmmbase.dll", "norm_filename": "c:\\windows\\system32\\winmmbase.dll", "region_type": "memory_mapped_file", "start_va": 140729480118272, "timestamp": "00:00:52.453", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 126976, "start_va": 140729480314880, "type": "region", "version": 1 }, "end_va": 140729480441855, "entry_point": 140729480324088, "filename": "\\Windows\\System32\\winmm.dll", "id": "region_2476", "name": "winmm.dll", "norm_filename": "c:\\windows\\system32\\winmm.dll", "region_type": "memory_mapped_file", "start_va": 140729480314880, "timestamp": "00:00:52.454", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 110592, "start_va": 140729514524672, "type": "region", "version": 1 }, "end_va": 140729514635263, "entry_point": 140729514528848, "filename": "\\Windows\\System32\\mpr.dll", "id": "region_2477", "name": "mpr.dll", "norm_filename": "c:\\windows\\system32\\mpr.dll", "region_type": "memory_mapped_file", "start_va": 140729514524672, "timestamp": "00:00:52.454", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2785280, "start_va": 140729514655744, "type": "region", "version": 1 }, "end_va": 140729517441023, "entry_point": 140729514712516, "filename": "\\Windows\\System32\\iertutil.dll", "id": "region_2478", "name": "iertutil.dll", "norm_filename": "c:\\windows\\system32\\iertutil.dll", "region_type": "memory_mapped_file", "start_va": 140729514655744, "timestamp": "00:00:52.455", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2359296, "start_va": 140729517473792, "type": "region", "version": 1 }, "end_va": 140729519833087, "entry_point": 140729517478896, "filename": "\\Windows\\System32\\wininet.dll", "id": "region_2479", "name": "wininet.dll", "norm_filename": "c:\\windows\\system32\\wininet.dll", "region_type": "memory_mapped_file", "start_va": 140729517473792, "timestamp": "00:00:52.455", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 140729531891712, "type": "region", "version": 1 }, "end_va": 140729531932671, "entry_point": 140729531896004, "filename": "\\Windows\\System32\\winnsi.dll", "id": "region_2480", "name": "winnsi.dll", "norm_filename": "c:\\windows\\system32\\winnsi.dll", "region_type": "memory_mapped_file", "start_va": 140729531891712, "timestamp": "00:00:52.456", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 36864, "start_va": 140729532350464, "type": "region", "version": 1 }, "end_va": 140729532387327, "entry_point": 140729532354688, "filename": "\\Windows\\System32\\wsock32.dll", "id": "region_2481", "name": "wsock32.dll", "norm_filename": "c:\\windows\\system32\\wsock32.dll", "region_type": "memory_mapped_file", "start_va": 140729532350464, "timestamp": "00:00:52.456", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 167936, "start_va": 140729534971904, "type": "region", "version": 1 }, "end_va": 140729535139839, "entry_point": 140729535002984, "filename": "\\Windows\\System32\\IPHLPAPI.DLL", "id": "region_2482", "name": "iphlpapi.dll", "norm_filename": "c:\\windows\\system32\\iphlpapi.dll", "region_type": "memory_mapped_file", "start_va": 140729534971904, "timestamp": "00:00:52.457", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2465792, "start_va": 140729570230272, "type": "region", "version": 1 }, "end_va": 140729572696063, "entry_point": 140729570248512, "filename": "\\Windows\\WinSxS\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_62475f7becb72503\\comctl32.dll", "id": "region_2483", "name": "comctl32.dll", "norm_filename": "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_62475f7becb72503\\comctl32.dll", "region_type": "memory_mapped_file", "start_va": 140729570230272, "timestamp": "00:00:52.457", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 659456, "start_va": 140729577242624, "type": "region", "version": 1 }, "end_va": 140729577902079, "entry_point": 140729577246880, "filename": "\\Windows\\System32\\SHCore.dll", "id": "region_2484", "name": "shcore.dll", "norm_filename": "c:\\windows\\system32\\shcore.dll", "region_type": "memory_mapped_file", "start_va": 140729577242624, "timestamp": "00:00:52.458", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1187840, "start_va": 140729581699072, "type": "region", "version": 1 }, "end_va": 140729582886911, "entry_point": 140729581745220, "filename": "\\Windows\\System32\\uxtheme.dll", "id": "region_2485", "name": "uxtheme.dll", "norm_filename": "c:\\windows\\system32\\uxtheme.dll", "region_type": "memory_mapped_file", "start_va": 140729581699072, "timestamp": "00:00:52.458", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 155648, "start_va": 140729583271936, "type": "region", "version": 1 }, "end_va": 140729583427583, "entry_point": 140729583277468, "filename": "\\Windows\\System32\\devobj.dll", "id": "region_2486", "name": "devobj.dll", "norm_filename": "c:\\windows\\system32\\devobj.dll", "region_type": "memory_mapped_file", "start_va": 140729583271936, "timestamp": "00:00:52.459", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 126976, "start_va": 140729590874112, "type": "region", "version": 1 }, "end_va": 140729591001087, "entry_point": 140729590878960, "filename": "\\Windows\\System32\\userenv.dll", "id": "region_2487", "name": "userenv.dll", "norm_filename": "c:\\windows\\system32\\userenv.dll", "region_type": "memory_mapped_file", "start_va": 140729590874112, "timestamp": "00:00:52.459", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 81920, "start_va": 140729601622016, "type": "region", "version": 1 }, "end_va": 140729601703935, "entry_point": 140729601637068, "filename": "\\Windows\\System32\\profapi.dll", "id": "region_2488", "name": "profapi.dll", "norm_filename": "c:\\windows\\system32\\profapi.dll", "region_type": "memory_mapped_file", "start_va": 140729601622016, "timestamp": "00:00:52.460", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 303104, "start_va": 140729606602752, "type": "region", "version": 1 }, "end_va": 140729606905855, "entry_point": 140729606607448, "filename": "\\Windows\\System32\\cfgmgr32.dll", "id": "region_2489", "name": "cfgmgr32.dll", "norm_filename": "c:\\windows\\system32\\cfgmgr32.dll", "region_type": "memory_mapped_file", "start_va": 140729606602752, "timestamp": "00:00:52.462", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1511424, "start_va": 140729606930432, "type": "region", "version": 1 }, "end_va": 140729608441855, "entry_point": 140729607084736, "filename": "\\Windows\\System32\\user32.dll", "id": "region_2490", "name": "user32.dll", "norm_filename": "c:\\windows\\system32\\user32.dll", "region_type": "memory_mapped_file", "start_va": 140729606930432, "timestamp": "00:00:52.462", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 356352, "start_va": 140729608503296, "type": "region", "version": 1 }, "end_va": 140729608859647, "entry_point": 140729608512768, "filename": "\\Windows\\System32\\sechost.dll", "id": "region_2491", "name": "sechost.dll", "norm_filename": "c:\\windows\\system32\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 140729608503296, "timestamp": "00:00:52.463", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 675840, "start_va": 140729608896512, "type": "region", "version": 1 }, "end_va": 140729609572351, "entry_point": 140729608900624, "filename": "\\Windows\\System32\\advapi32.dll", "id": "region_2492", "name": "advapi32.dll", "norm_filename": "c:\\windows\\system32\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 140729608896512, "timestamp": "00:00:52.463", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 749568, "start_va": 140729610928128, "type": "region", "version": 1 }, "end_va": 140729611677695, "entry_point": 140729610932512, "filename": "\\Windows\\System32\\oleaut32.dll", "id": "region_2493", "name": "oleaut32.dll", "norm_filename": "c:\\windows\\system32\\oleaut32.dll", "region_type": "memory_mapped_file", "start_va": 140729610928128, "timestamp": "00:00:52.464", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 684032, "start_va": 140729612173312, "type": "region", "version": 1 }, "end_va": 140729612857343, "entry_point": 140729612183596, "filename": "\\Windows\\System32\\msvcrt.dll", "id": "region_2494", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\system32\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 140729612173312, "timestamp": "00:00:52.464", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1331200, "start_va": 140729612894208, "type": "region", "version": 1 }, "end_va": 140729614225407, "entry_point": 140729612967000, "filename": "\\Windows\\System32\\gdi32.dll", "id": "region_2495", "name": "gdi32.dll", "norm_filename": "c:\\windows\\system32\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 140729612894208, "timestamp": "00:00:52.465", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 21032960, "start_va": 140729614270464, "type": "region", "version": 1 }, "end_va": 140729635303423, "entry_point": 140729614274816, "filename": "\\Windows\\System32\\shell32.dll", "id": "region_2496", "name": "shell32.dll", "norm_filename": "c:\\windows\\system32\\shell32.dll", "region_type": "memory_mapped_file", "start_va": 140729614270464, "timestamp": "00:00:52.466", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1929216, "start_va": 140729635831808, "type": "region", "version": 1 }, "end_va": 140729637761023, "entry_point": 140729635839840, "filename": "\\Windows\\System32\\combase.dll", "id": "region_2497", "name": "combase.dll", "norm_filename": "c:\\windows\\system32\\combase.dll", "region_type": "memory_mapped_file", "start_va": 140729635831808, "timestamp": "00:00:52.466", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 212992, "start_va": 140729638518784, "type": "region", "version": 1 }, "end_va": 140729638731775, "entry_point": 140729638522928, "filename": "\\Windows\\System32\\imm32.dll", "id": "region_2498", "name": "imm32.dll", "norm_filename": "c:\\windows\\system32\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 140729638518784, "timestamp": "00:00:52.466", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1531904, "start_va": 140729638780928, "type": "region", "version": 1 }, "end_va": 140729640312831, "entry_point": 140729638785204, "filename": "\\Windows\\System32\\ole32.dll", "id": "region_2499", "name": "ole32.dll", "norm_filename": "c:\\windows\\system32\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 140729638780928, "timestamp": "00:00:52.467", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1277952, "start_va": 140729640353792, "type": "region", "version": 1 }, "end_va": 140729641631743, "entry_point": 140729640357904, "filename": "\\Windows\\System32\\msctf.dll", "id": "region_2500", "name": "msctf.dll", "norm_filename": "c:\\windows\\system32\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 140729640353792, "timestamp": "00:00:52.467", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 360448, "start_va": 140729641664512, "type": "region", "version": 1 }, "end_va": 140729642024959, "entry_point": 140729641668764, "filename": "\\Windows\\System32\\ws2_32.dll", "id": "region_2501", "name": "ws2_32.dll", "norm_filename": "c:\\windows\\system32\\ws2_32.dll", "region_type": "memory_mapped_file", "start_va": 140729641664512, "timestamp": "00:00:52.468", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 630784, "start_va": 140729644023808, "type": "region", "version": 1 }, "end_va": 140729644654591, "entry_point": 140729644028324, "filename": "\\Windows\\System32\\comdlg32.dll", "id": "region_2502", "name": "comdlg32.dll", "norm_filename": "c:\\windows\\system32\\comdlg32.dll", "region_type": "memory_mapped_file", "start_va": 140729644023808, "timestamp": "00:00:52.468", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1269760, "start_va": 140729644679168, "type": "region", "version": 1 }, "end_va": 140729645948927, "entry_point": 140729644683600, "filename": "\\Windows\\System32\\rpcrt4.dll", "id": "region_2503", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\system32\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 140729644679168, "timestamp": "00:00:52.469", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 28672, "start_va": 140729647759360, "type": "region", "version": 1 }, "end_va": 140729647788031, "entry_point": 140729647763472, "filename": "\\Windows\\System32\\psapi.dll", "id": "region_2504", "name": "psapi.dll", "norm_filename": "c:\\windows\\system32\\psapi.dll", "region_type": "memory_mapped_file", "start_va": 140729647759360, "timestamp": "00:00:52.469", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 36864, "start_va": 140729647824896, "type": "region", "version": 1 }, "end_va": 140729647861759, "entry_point": 140729647830016, "filename": "\\Windows\\System32\\nsi.dll", "id": "region_2505", "name": "nsi.dll", "norm_filename": "c:\\windows\\system32\\nsi.dll", "region_type": "memory_mapped_file", "start_va": 140729647824896, "timestamp": "00:00:52.469", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 331776, "start_va": 140729647890432, "type": "region", "version": 1 }, "end_va": 140729648222207, "entry_point": 140729647895232, "filename": "\\Windows\\System32\\shlwapi.dll", "id": "region_2506", "name": "shlwapi.dll", "norm_filename": "c:\\windows\\system32\\shlwapi.dll", "region_type": "memory_mapped_file", "start_va": 140729647890432, "timestamp": "00:00:52.470", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 217720684544, "type": "region", "version": 1 }, "end_va": 217720692735, "entry_point": 0, "filename": null, "id": "region_2507", "name": "pagefile_0x00000032b12a0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 217720684544, "timestamp": "00:00:52.495", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 217721274368, "type": "region", "version": 1 }, "end_va": 217721339903, "entry_point": 0, "filename": null, "id": "region_2508", "name": "private_0x00000032b1330000", "norm_filename": null, "region_type": "private_memory", "start_va": 217721274368, "timestamp": "00:00:52.495", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 761856, "start_va": 217721339904, "type": "region", "version": 1 }, "end_va": 217722101759, "entry_point": 217721522024, "filename": "\\Windows\\System32\\rpcss.dll", "id": "region_2509", "name": "rpcss.dll", "norm_filename": "c:\\windows\\system32\\rpcss.dll", "region_type": "memory_mapped_file", "start_va": 217721339904, "timestamp": "00:00:52.503", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 140729583599616, "type": "region", "version": 1 }, "end_va": 140729583640575, "entry_point": 140729583605576, "filename": "\\Windows\\System32\\kernel.appcore.dll", "id": "region_2510", "name": "kernel.appcore.dll", "norm_filename": "c:\\windows\\system32\\kernel.appcore.dll", "region_type": "memory_mapped_file", "start_va": 140729583599616, "timestamp": "00:00:52.504", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 140729601490944, "type": "region", "version": 1 }, "end_va": 140729601531903, "entry_point": 140729601495056, "filename": "\\Windows\\System32\\cryptbase.dll", "id": "region_2511", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\system32\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 140729601490944, "timestamp": "00:00:52.505", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 385024, "start_va": 140729599590400, "type": "region", "version": 1 }, "end_va": 140729599975423, "entry_point": 140729599719072, "filename": "\\Windows\\System32\\bcryptprimitives.dll", "id": "region_2512", "name": "bcryptprimitives.dll", "norm_filename": "c:\\windows\\system32\\bcryptprimitives.dll", "region_type": "memory_mapped_file", "start_va": 140729599590400, "timestamp": "00:00:52.506", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 217720619008, "type": "region", "version": 1 }, "end_va": 217720623103, "entry_point": 0, "filename": null, "id": "region_2513", "name": "pagefile_0x00000032b1290000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 217720619008, "timestamp": "00:00:52.522", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 983040, "start_va": 217721339904, "type": "region", "version": 1 }, "end_va": 217722322943, "entry_point": 0, "filename": null, "id": "region_2514", "name": "pagefile_0x00000032b1340000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 217721339904, "timestamp": "00:00:52.522", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 217720619008, "type": "region", "version": 1 }, "end_va": 217720635391, "entry_point": 0, "filename": null, "id": "region_2515", "name": "pagefile_0x00000032b1290000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 217720619008, "timestamp": "00:00:52.522", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 28672, "start_va": 217720750080, "type": "region", "version": 1 }, "end_va": 217720778751, "entry_point": 0, "filename": null, "id": "region_2516", "name": "private_0x00000032b12b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 217720750080, "timestamp": "00:00:52.523", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 217722322944, "type": "region", "version": 1 }, "end_va": 217723371519, "entry_point": 0, "filename": null, "id": "region_2517", "name": "private_0x00000032b1430000", "norm_filename": null, "region_type": "private_memory", "start_va": 217722322944, "timestamp": "00:00:52.535", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1052672, "start_va": 217723371520, "type": "region", "version": 1 }, "end_va": 217724424191, "entry_point": 0, "filename": null, "id": "region_2518", "name": "pagefile_0x00000032b1530000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 217723371520, "timestamp": "00:00:52.544", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 217720815616, "type": "region", "version": 1 }, "end_va": 217720819711, "entry_point": 0, "filename": null, "id": "region_2519", "name": "private_0x00000032b12c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 217720815616, "timestamp": "00:00:52.590", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 135168, "start_va": 140729575276544, "type": "region", "version": 1 }, "end_va": 140729575411711, "entry_point": 140729575280896, "filename": "\\Windows\\System32\\dwmapi.dll", "id": "region_2520", "name": "dwmapi.dll", "norm_filename": "c:\\windows\\system32\\dwmapi.dll", "region_type": "memory_mapped_file", "start_va": 140729575276544, "timestamp": "00:00:52.590", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2969600, "start_va": 217723371520, "type": "region", "version": 1 }, "end_va": 217726341119, "entry_point": 217723371520, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_2521", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 217723371520, "timestamp": "00:00:52.593", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 217720881152, "type": "region", "version": 1 }, "end_va": 217720885247, "entry_point": 0, "filename": null, "id": "region_2522", "name": "pagefile_0x00000032b12d0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 217720881152, "timestamp": "00:00:52.602", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4194304, "start_va": 217726386176, "type": "region", "version": 1 }, "end_va": 217730580479, "entry_point": 0, "filename": null, "id": "region_2523", "name": "private_0x00000032b1810000", "norm_filename": null, "region_type": "private_memory", "start_va": 217726386176, "timestamp": "00:00:53.718", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140700286566400, "type": "region", "version": 1 }, "end_va": 140700286574591, "entry_point": 0, "filename": null, "id": "region_2524", "name": "private_0x00007ff75699c000", "norm_filename": null, "region_type": "private_memory", "start_va": 140700286566400, "timestamp": "00:00:53.718", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 217720946688, "type": "region", "version": 1 }, "end_va": 217720950783, "entry_point": 0, "filename": null, "id": "region_2525", "name": "private_0x00000032b12e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 217720946688, "timestamp": "00:00:53.743", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 5185536, "start_va": 217730580480, "type": "region", "version": 1 }, "end_va": 217735766015, "entry_point": 0, "filename": null, "id": "region_2526", "name": "pagefile_0x00000032b1c10000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 217730580480, "timestamp": "00:00:53.757", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 15138816, "start_va": 217735823360, "type": "region", "version": 1 }, "end_va": 217750962175, "entry_point": 217735823360, "filename": "\\Windows\\Fonts\\StaticCache.dat", "id": "region_2527", "name": "staticcache.dat", "norm_filename": "c:\\windows\\fonts\\staticcache.dat", "region_type": "memory_mapped_file", "start_va": 217735823360, "timestamp": "00:00:53.757", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 86016, "start_va": 140729541525504, "type": "region", "version": 1 }, "end_va": 140729541611519, "entry_point": 140729541529664, "filename": "\\Windows\\System32\\netapi32.dll", "id": "region_2528", "name": "netapi32.dll", "norm_filename": "c:\\windows\\system32\\netapi32.dll", "region_type": "memory_mapped_file", "start_va": 140729541525504, "timestamp": "00:00:53.778", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 140729593954304, "type": "region", "version": 1 }, "end_va": 140729594003455, "entry_point": 140729593959516, "filename": "\\Windows\\System32\\netutils.dll", "id": "region_2529", "name": "netutils.dll", "norm_filename": "c:\\windows\\system32\\netutils.dll", "region_type": "memory_mapped_file", "start_va": 140729593954304, "timestamp": "00:00:53.780", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 151552, "start_va": 140729599000576, "type": "region", "version": 1 }, "end_va": 140729599152127, "entry_point": 140729599004788, "filename": "\\Windows\\System32\\srvcli.dll", "id": "region_2530", "name": "srvcli.dll", "norm_filename": "c:\\windows\\system32\\srvcli.dll", "region_type": "memory_mapped_file", "start_va": 140729599000576, "timestamp": "00:00:53.784", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 90112, "start_va": 140729541263360, "type": "region", "version": 1 }, "end_va": 140729541353471, "entry_point": 140729541267528, "filename": "\\Windows\\System32\\wkscli.dll", "id": "region_2531", "name": "wkscli.dll", "norm_filename": "c:\\windows\\system32\\wkscli.dll", "region_type": "memory_mapped_file", "start_va": 140729541263360, "timestamp": "00:00:53.788", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 217721012224, "type": "region", "version": 1 }, "end_va": 217721016319, "entry_point": 0, "filename": null, "id": "region_2548", "name": "pagefile_0x00000032b12f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 217721012224, "timestamp": "00:00:53.900", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 2195456, "start_va": 217750962176, "type": "region", "version": 1 }, "end_va": 217753157631, "entry_point": 0, "filename": null, "id": "region_2549", "name": "pagefile_0x00000032b2f80000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 217750962176, "timestamp": "00:00:53.900", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "", "filename": "System", "id": "proc_30", "image_name": "System", "monitor_reason": "kernel_analysis", "monitored_id": 30, "origin_monitor_id": 0, "ref_parent_process": null, "regions": [ { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable" ], "ref_process_dump": null, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_2614", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:01:03.004", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 143360, "start_va": 600421826560, "type": "region", "version": 1 }, "end_va": 600421969919, "entry_point": 0, "filename": null, "id": "region_2615", "name": "pagefile_0x0000008bcbee0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 600421826560, "timestamp": "00:01:03.004", "type": "region", "version": 1 } ], "terminate_reason": "timeout", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "\\SystemRoot\\System32\\smss.exe", "filename": "c:\\windows\\system32\\smss.exe", "id": "proc_31", "image_name": "smss.exe", "monitor_reason": "child_process", "monitored_id": 31, "origin_monitor_id": 30, "ref_parent_process": { "ref_id": "proc_30", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable" ], "ref_process_dump": null, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_2645", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:01:04.002", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 131072, "start_va": 710047301632, "type": "region", "version": 1 }, "end_va": 710047432703, "entry_point": 0, "filename": null, "id": "region_2646", "name": "private_0x000000a5521e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 710047301632, "timestamp": "00:01:04.002", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 61440, "start_va": 710047432704, "type": "region", "version": 1 }, "end_va": 710047494143, "entry_point": 0, "filename": null, "id": "region_2647", "name": "pagefile_0x000000a552200000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 710047432704, "timestamp": "00:01:04.002", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 710047498240, "type": "region", "version": 1 }, "end_va": 710048022527, "entry_point": 0, "filename": null, "id": "region_2648", "name": "private_0x000000a552210000", "norm_filename": null, "region_type": "private_memory", "start_va": 710047498240, "timestamp": "00:01:04.002", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 140702059003904, "type": "region", "version": 1 }, "end_va": 140702059147263, "entry_point": 0, "filename": null, "id": "region_2649", "name": "pagefile_0x00007ff7c03f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 140702059003904, "timestamp": "00:01:04.002", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140702059188224, "type": "region", "version": 1 }, "end_va": 140702059196415, "entry_point": 0, "filename": null, "id": "region_2650", "name": "private_0x00007ff7c041d000", "norm_filename": null, "region_type": "private_memory", "start_va": 140702059188224, "timestamp": "00:01:04.002", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 140702059196416, "type": "region", "version": 1 }, "end_va": 140702059200511, "entry_point": 0, "filename": null, "id": "region_2651", "name": "private_0x00007ff7c041f000", "norm_filename": null, "region_type": "private_memory", "start_va": 140702059196416, "timestamp": "00:01:04.002", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 151552, "start_va": 140702074994688, "type": "region", "version": 1 }, "end_va": 140702075146239, "entry_point": 140702074994688, "filename": "\\Windows\\System32\\smss.exe", "id": "region_2652", "name": "smss.exe", "norm_filename": "c:\\windows\\system32\\smss.exe", "region_type": "memory_mapped_file", "start_va": 140702074994688, "timestamp": "00:01:04.002", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 140725133115392, "type": "region", "version": 1 }, "end_va": 140725134856191, "entry_point": 140725133115392, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_2653", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 140725133115392, "timestamp": "00:01:04.010", "type": "region", "version": 1 } ], "terminate_reason": "timeout", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "\\??\\C:\\Windows\\system32\\autochk.exe *", "filename": "c:\\windows\\system32\\autochk.exe", "id": "proc_32", "image_name": "autochk.exe", "monitor_reason": "child_process", "monitored_id": 32, "origin_monitor_id": 31, "ref_parent_process": { "ref_id": "proc_31", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable" ], "ref_process_dump": null, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_2669", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:01:04.531", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 131072, "start_va": 920055250944, "type": "region", "version": 1 }, "end_va": 920055382015, "entry_point": 0, "filename": null, "id": "region_2670", "name": "private_0x000000d637910000", "norm_filename": null, "region_type": "private_memory", "start_va": 920055250944, "timestamp": "00:01:04.531", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 61440, "start_va": 920055382016, "type": "region", "version": 1 }, "end_va": 920055443455, "entry_point": 0, "filename": null, "id": "region_2671", "name": "pagefile_0x000000d637930000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 920055382016, "timestamp": "00:01:04.531", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 920055447552, "type": "region", "version": 1 }, "end_va": 920055971839, "entry_point": 0, "filename": null, "id": "region_2672", "name": "private_0x000000d637940000", "norm_filename": null, "region_type": "private_memory", "start_va": 920055447552, "timestamp": "00:01:04.531", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 140700017754112, "type": "region", "version": 1 }, "end_va": 140700017897471, "entry_point": 0, "filename": null, "id": "region_2673", "name": "pagefile_0x00007ff746940000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 140700017754112, "timestamp": "00:01:04.531", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140700017938432, "type": "region", "version": 1 }, "end_va": 140700017946623, "entry_point": 0, "filename": null, "id": "region_2674", "name": "private_0x00007ff74696d000", "norm_filename": null, "region_type": "private_memory", "start_va": 140700017938432, "timestamp": "00:01:04.531", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 140700017946624, "type": "region", "version": 1 }, "end_va": 140700017950719, "entry_point": 0, "filename": null, "id": "region_2675", "name": "private_0x00007ff74696f000", "norm_filename": null, "region_type": "private_memory", "start_va": 140700017946624, "timestamp": "00:01:04.531", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 909312, "start_va": 140700025749504, "type": "region", "version": 1 }, "end_va": 140700026658815, "entry_point": 140700025749504, "filename": "\\Windows\\System32\\autochk.exe", "id": "region_2676", "name": "autochk.exe", "norm_filename": "c:\\windows\\system32\\autochk.exe", "region_type": "memory_mapped_file", "start_va": 140700025749504, "timestamp": "00:01:04.531", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 140725133115392, "type": "region", "version": 1 }, "end_va": 140725134856191, "entry_point": 140725133115392, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_2677", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 140725133115392, "timestamp": "00:01:04.541", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "\\SystemRoot\\System32\\smss.exe 00000000 00000050 ", "filename": "c:\\windows\\system32\\smss.exe", "id": "proc_33", "image_name": "smss.exe", "monitor_reason": "child_process", "monitored_id": 33, "origin_monitor_id": 31, "ref_parent_process": { "ref_id": "proc_31", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable" ], "ref_process_dump": null, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_2694", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:01:07.468", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 131072, "start_va": 567154311168, "type": "region", "version": 1 }, "end_va": 567154442239, "entry_point": 0, "filename": null, "id": "region_2695", "name": "private_0x000000840d080000", "norm_filename": null, "region_type": "private_memory", "start_va": 567154311168, "timestamp": "00:01:07.468", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 61440, "start_va": 567154442240, "type": "region", "version": 1 }, "end_va": 567154503679, "entry_point": 0, "filename": null, "id": "region_2696", "name": "pagefile_0x000000840d0a0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 567154442240, "timestamp": "00:01:07.468", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 567154507776, "type": "region", "version": 1 }, "end_va": 567155032063, "entry_point": 0, "filename": null, "id": "region_2697", "name": "private_0x000000840d0b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 567154507776, "timestamp": "00:01:07.468", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 140702068310016, "type": "region", "version": 1 }, "end_va": 140702068453375, "entry_point": 0, "filename": null, "id": "region_2698", "name": "pagefile_0x00007ff7c0cd0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 140702068310016, "timestamp": "00:01:07.468", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140702068490240, "type": "region", "version": 1 }, "end_va": 140702068498431, "entry_point": 0, "filename": null, "id": "region_2699", "name": "private_0x00007ff7c0cfc000", "norm_filename": null, "region_type": "private_memory", "start_va": 140702068490240, "timestamp": "00:01:07.468", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 140702068498432, "type": "region", "version": 1 }, "end_va": 140702068502527, "entry_point": 0, "filename": null, "id": "region_2700", "name": "private_0x00007ff7c0cfe000", "norm_filename": null, "region_type": "private_memory", "start_va": 140702068498432, "timestamp": "00:01:07.468", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 151552, "start_va": 140702074994688, "type": "region", "version": 1 }, "end_va": 140702075146239, "entry_point": 140702075025560, "filename": "\\Windows\\System32\\smss.exe", "id": "region_2701", "name": "smss.exe", "norm_filename": "c:\\windows\\system32\\smss.exe", "region_type": "memory_mapped_file", "start_va": 140702074994688, "timestamp": "00:01:07.468", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 140725133115392, "type": "region", "version": 1 }, "end_va": 140725134856191, "entry_point": 140725133115392, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_2702", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 140725133115392, "timestamp": "00:01:07.468", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "%SystemRoot%\\system32\\csrss.exe ObjectDirectory=\\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16", "filename": "c:\\windows\\system32\\csrss.exe", "id": "proc_34", "image_name": "csrss.exe", "monitor_reason": "child_process", "monitored_id": 34, "origin_monitor_id": 33, "ref_parent_process": { "ref_id": "proc_33", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable" ], "ref_process_dump": null, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_2704", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:01:07.930", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 131072, "start_va": 444853518336, "type": "region", "version": 1 }, "end_va": 444853649407, "entry_point": 0, "filename": null, "id": "region_2705", "name": "private_0x0000006793560000", "norm_filename": null, "region_type": "private_memory", "start_va": 444853518336, "timestamp": "00:01:07.930", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 61440, "start_va": 444853649408, "type": "region", "version": 1 }, "end_va": 444853710847, "entry_point": 0, "filename": null, "id": "region_2706", "name": "pagefile_0x0000006793580000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 444853649408, "timestamp": "00:01:07.930", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 444853714944, "type": "region", "version": 1 }, "end_va": 444853977087, "entry_point": 0, "filename": null, "id": "region_2707", "name": "private_0x0000006793590000", "norm_filename": null, "region_type": "private_memory", "start_va": 444853714944, "timestamp": "00:01:07.930", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 140698412711936, "type": "region", "version": 1 }, "end_va": 140698412855295, "entry_point": 0, "filename": null, "id": "region_2708", "name": "pagefile_0x00007ff6e6e90000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 140698412711936, "timestamp": "00:01:07.930", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140698412896256, "type": "region", "version": 1 }, "end_va": 140698412904447, "entry_point": 0, "filename": null, "id": "region_2709", "name": "private_0x00007ff6e6ebd000", "norm_filename": null, "region_type": "private_memory", "start_va": 140698412896256, "timestamp": "00:01:07.930", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 140698412904448, "type": "region", "version": 1 }, "end_va": 140698412908543, "entry_point": 0, "filename": null, "id": "region_2710", "name": "private_0x00007ff6e6ebf000", "norm_filename": null, "region_type": "private_memory", "start_va": 140698412904448, "timestamp": "00:01:07.930", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 28672, "start_va": 140698424770560, "type": "region", "version": 1 }, "end_va": 140698424799231, "entry_point": 140698424770560, "filename": "\\Windows\\System32\\csrss.exe", "id": "region_2711", "name": "csrss.exe", "norm_filename": "c:\\windows\\system32\\csrss.exe", "region_type": "memory_mapped_file", "start_va": 140698424770560, "timestamp": "00:01:07.930", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 140725133115392, "type": "region", "version": 1 }, "end_va": 140725134856191, "entry_point": 140725133115392, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_2712", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 140725133115392, "timestamp": "00:01:07.938", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 444854566912, "type": "region", "version": 1 }, "end_va": 444855615487, "entry_point": 0, "filename": null, "id": "region_2713", "name": "private_0x0000006793660000", "norm_filename": null, "region_type": "private_memory", "start_va": 444854566912, "timestamp": "00:01:07.951", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 90112, "start_va": 140725087043584, "type": "region", "version": 1 }, "end_va": 140725087133695, "entry_point": 140725087043584, "filename": "\\Windows\\System32\\csrsrv.dll", "id": "region_2714", "name": "csrsrv.dll", "norm_filename": "c:\\windows\\system32\\csrsrv.dll", "region_type": "memory_mapped_file", "start_va": 140725087043584, "timestamp": "00:01:07.951", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 140698411663360, "type": "region", "version": 1 }, "end_va": 140698412711935, "entry_point": 0, "filename": null, "id": "region_2715", "name": "pagefile_0x00007ff6e6d90000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 140698411663360, "timestamp": "00:01:07.964", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 77824, "start_va": 140725086912512, "type": "region", "version": 1 }, "end_va": 140725086990335, "entry_point": 140725086912512, "filename": "\\Windows\\System32\\basesrv.dll", "id": "region_2716", "name": "basesrv.dll", "norm_filename": "c:\\windows\\system32\\basesrv.dll", "region_type": "memory_mapped_file", "start_va": 140725086912512, "timestamp": "00:01:07.964", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 204800, "start_va": 140725086650368, "type": "region", "version": 1 }, "end_va": 140725086855167, "entry_point": 140725086650368, "filename": "\\Windows\\System32\\winsrv.dll", "id": "region_2717", "name": "winsrv.dll", "norm_filename": "c:\\windows\\system32\\winsrv.dll", "region_type": "memory_mapped_file", "start_va": 140725086650368, "timestamp": "00:01:07.984", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1105920, "start_va": 140725090648064, "type": "region", "version": 1 }, "end_va": 140725091753983, "entry_point": 140725090648064, "filename": "\\Windows\\System32\\KernelBase.dll", "id": "region_2718", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\system32\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 140725090648064, "timestamp": "00:01:07.993", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1511424, "start_va": 140725093466112, "type": "region", "version": 1 }, "end_va": 140725094977535, "entry_point": 140725093466112, "filename": "\\Windows\\System32\\user32.dll", "id": "region_2719", "name": "user32.dll", "norm_filename": "c:\\windows\\system32\\user32.dll", "region_type": "memory_mapped_file", "start_va": 140725093466112, "timestamp": "00:01:08.079", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1282048, "start_va": 140725124988928, "type": "region", "version": 1 }, "end_va": 140725126270975, "entry_point": 140725124988928, "filename": "\\Windows\\System32\\kernel32.dll", "id": "region_2720", "name": "kernel32.dll", "norm_filename": "c:\\windows\\system32\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 140725124988928, "timestamp": "00:01:08.140", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1331200, "start_va": 140725129773056, "type": "region", "version": 1 }, "end_va": 140725131104255, "entry_point": 140725129773056, "filename": "\\Windows\\System32\\gdi32.dll", "id": "region_2721", "name": "gdi32.dll", "norm_filename": "c:\\windows\\system32\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 140725129773056, "timestamp": "00:01:08.503", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 28672, "start_va": 444853518336, "type": "region", "version": 1 }, "end_va": 444853547007, "entry_point": 0, "filename": null, "id": "region_2725", "name": "private_0x0000006793560000", "norm_filename": null, "region_type": "private_memory", "start_va": 444853518336, "timestamp": "00:01:08.910", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 12288, "start_va": 444853583872, "type": "region", "version": 1 }, "end_va": 444853596159, "entry_point": 0, "filename": null, "id": "region_2726", "name": "pagefile_0x0000006793570000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 444853583872, "timestamp": "00:01:08.910", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 516096, "start_va": 444853977088, "type": "region", "version": 1 }, "end_va": 444854493183, "entry_point": 444853977088, "filename": "\\Windows\\System32\\locale.nls", "id": "region_2727", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 444853977088, "timestamp": "00:01:08.910", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 444854501376, "type": "region", "version": 1 }, "end_va": 444854505471, "entry_point": 0, "filename": null, "id": "region_2728", "name": "pagefile_0x0000006793650000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 444854501376, "timestamp": "00:01:08.910", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 444855615488, "type": "region", "version": 1 }, "end_va": 444857192447, "entry_point": 0, "filename": null, "id": "region_2729", "name": "pagefile_0x0000006793760000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 444855615488, "timestamp": "00:01:08.911", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4169728, "start_va": 444857253888, "type": "region", "version": 1 }, "end_va": 444861423615, "entry_point": 0, "filename": null, "id": "region_2730", "name": "pagefile_0x00000067938f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 444857253888, "timestamp": "00:01:08.911", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 444861448192, "type": "region", "version": 1 }, "end_va": 444861452287, "entry_point": 0, "filename": null, "id": "region_2731", "name": "private_0x0000006793cf0000", "norm_filename": null, "region_type": "private_memory", "start_va": 444861448192, "timestamp": "00:01:08.911", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 444861513728, "type": "region", "version": 1 }, "end_va": 444861521919, "entry_point": 444861513728, "filename": "\\Windows\\Fonts\\vgasys.fon", "id": "region_2732", "name": "vgasys.fon", "norm_filename": "c:\\windows\\fonts\\vgasys.fon", "region_type": "memory_mapped_file", "start_va": 444861513728, "timestamp": "00:01:08.911", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 444861579264, "type": "region", "version": 1 }, "end_va": 444861841407, "entry_point": 0, "filename": null, "id": "region_2733", "name": "private_0x0000006793d10000", "norm_filename": null, "region_type": "private_memory", "start_va": 444861579264, "timestamp": "00:01:08.911", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 444861841408, "type": "region", "version": 1 }, "end_va": 444862103551, "entry_point": 0, "filename": null, "id": "region_2734", "name": "private_0x0000006793d50000", "norm_filename": null, "region_type": "private_memory", "start_va": 444861841408, "timestamp": "00:01:08.911", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140698412879872, "type": "region", "version": 1 }, "end_va": 140698412888063, "entry_point": 0, "filename": null, "id": "region_2735", "name": "private_0x00007ff6e6eb9000", "norm_filename": null, "region_type": "private_memory", "start_va": 140698412879872, "timestamp": "00:01:08.911", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140698412888064, "type": "region", "version": 1 }, "end_va": 140698412896255, "entry_point": 0, "filename": null, "id": "region_2736", "name": "private_0x00007ff6e6ebb000", "norm_filename": null, "region_type": "private_memory", "start_va": 140698412888064, "timestamp": "00:01:08.911", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 53248, "start_va": 140725086584832, "type": "region", "version": 1 }, "end_va": 140725086638079, "entry_point": 140725086584832, "filename": "\\Windows\\System32\\sxssrv.dll", "id": "region_2737", "name": "sxssrv.dll", "norm_filename": "c:\\windows\\system32\\sxssrv.dll", "region_type": "memory_mapped_file", "start_va": 140725086584832, "timestamp": "00:01:08.911", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 444853714944, "type": "region", "version": 1 }, "end_va": 444853780479, "entry_point": 0, "filename": null, "id": "region_2888", "name": "pagefile_0x0000006793590000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 444853714944, "timestamp": "00:01:09.757", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 28672, "start_va": 444853780480, "type": "region", "version": 1 }, "end_va": 444853809151, "entry_point": 444853780480, "filename": "\\Windows\\Fonts\\marlett.ttf", "id": "region_2889", "name": "marlett.ttf", "norm_filename": "c:\\windows\\fonts\\marlett.ttf", "region_type": "memory_mapped_file", "start_va": 444853780480, "timestamp": "00:01:09.757", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 98304, "start_va": 444853846016, "type": "region", "version": 1 }, "end_va": 444853944319, "entry_point": 0, "filename": null, "id": "region_2890", "name": "pagefile_0x00000067935b0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 444853846016, "timestamp": "00:01:09.758", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 444862103552, "type": "region", "version": 1 }, "end_va": 444862365695, "entry_point": 0, "filename": null, "id": "region_2891", "name": "private_0x0000006793d90000", "norm_filename": null, "region_type": "private_memory", "start_va": 444862103552, "timestamp": "00:01:09.758", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 444862365696, "type": "region", "version": 1 }, "end_va": 444862627839, "entry_point": 0, "filename": null, "id": "region_2892", "name": "private_0x0000006793dd0000", "norm_filename": null, "region_type": "private_memory", "start_va": 444862365696, "timestamp": "00:01:09.758", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 444862627840, "type": "region", "version": 1 }, "end_va": 444864233471, "entry_point": 0, "filename": null, "id": "region_2893", "name": "pagefile_0x0000006793e10000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 444862627840, "timestamp": "00:01:09.758", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 444864266240, "type": "region", "version": 1 }, "end_va": 444864270335, "entry_point": 0, "filename": null, "id": "region_2894", "name": "private_0x0000006793fa0000", "norm_filename": null, "region_type": "private_memory", "start_va": 444864266240, "timestamp": "00:01:09.758", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 444864331776, "type": "region", "version": 1 }, "end_va": 444864593919, "entry_point": 0, "filename": null, "id": "region_2895", "name": "private_0x0000006793fb0000", "norm_filename": null, "region_type": "private_memory", "start_va": 444864331776, "timestamp": "00:01:09.758", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 444864593920, "type": "region", "version": 1 }, "end_va": 444864856063, "entry_point": 0, "filename": null, "id": "region_2896", "name": "private_0x0000006793ff0000", "norm_filename": null, "region_type": "private_memory", "start_va": 444864593920, "timestamp": "00:01:09.758", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 444864856064, "type": "region", "version": 1 }, "end_va": 444865118207, "entry_point": 0, "filename": null, "id": "region_2897", "name": "private_0x0000006794030000", "norm_filename": null, "region_type": "private_memory", "start_va": 444864856064, "timestamp": "00:01:09.758", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 843776, "start_va": 444865118208, "type": "region", "version": 1 }, "end_va": 444865961983, "entry_point": 444865118208, "filename": "\\Windows\\Fonts\\segoeui.ttf", "id": "region_2898", "name": "segoeui.ttf", "norm_filename": "c:\\windows\\fonts\\segoeui.ttf", "region_type": "memory_mapped_file", "start_va": 444865118208, "timestamp": "00:01:09.758", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 196608, "start_va": 444865970176, "type": "region", "version": 1 }, "end_va": 444866166783, "entry_point": 0, "filename": null, "id": "region_2899", "name": "pagefile_0x0000006794140000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 444865970176, "timestamp": "00:01:09.758", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20971520, "start_va": 444866166784, "type": "region", "version": 1 }, "end_va": 444887138303, "entry_point": 0, "filename": null, "id": "region_2900", "name": "pagefile_0x0000006794170000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 444866166784, "timestamp": "00:01:09.759", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140698411655168, "type": "region", "version": 1 }, "end_va": 140698411663359, "entry_point": 0, "filename": null, "id": "region_2901", "name": "private_0x00007ff6e6d8e000", "norm_filename": null, "region_type": "private_memory", "start_va": 140698411655168, "timestamp": "00:01:09.759", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140698412855296, "type": "region", "version": 1 }, "end_va": 140698412863487, "entry_point": 0, "filename": null, "id": "region_2902", "name": "private_0x00007ff6e6eb3000", "norm_filename": null, "region_type": "private_memory", "start_va": 140698412855296, "timestamp": "00:01:09.759", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140698412863488, "type": "region", "version": 1 }, "end_va": 140698412871679, "entry_point": 0, "filename": null, "id": "region_2903", "name": "private_0x00007ff6e6eb5000", "norm_filename": null, "region_type": "private_memory", "start_va": 140698412863488, "timestamp": "00:01:09.759", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140698412871680, "type": "region", "version": 1 }, "end_va": 140698412879871, "entry_point": 0, "filename": null, "id": "region_2904", "name": "private_0x00007ff6e6eb7000", "norm_filename": null, "region_type": "private_memory", "start_va": 140698412871680, "timestamp": "00:01:09.759", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 618496, "start_va": 140725085405184, "type": "region", "version": 1 }, "end_va": 140725086023679, "entry_point": 140725085405184, "filename": "\\Windows\\System32\\sxs.dll", "id": "region_2905", "name": "sxs.dll", "norm_filename": "c:\\windows\\system32\\sxs.dll", "region_type": "memory_mapped_file", "start_va": 140725085405184, "timestamp": "00:01:09.759", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 444887138304, "type": "region", "version": 1 }, "end_va": 444887142399, "entry_point": 0, "filename": null, "id": "region_2906", "name": "private_0x0000006795570000", "norm_filename": null, "region_type": "private_memory", "start_va": 444887138304, "timestamp": "00:01:09.780", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 444887203840, "type": "region", "version": 1 }, "end_va": 444887207935, "entry_point": 0, "filename": null, "id": "region_2907", "name": "private_0x0000006795580000", "norm_filename": null, "region_type": "private_memory", "start_va": 444887203840, "timestamp": "00:01:09.780", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1269760, "start_va": 140725127806976, "type": "region", "version": 1 }, "end_va": 140725129076735, "entry_point": 140725127811408, "filename": "\\Windows\\System32\\rpcrt4.dll", "id": "region_2908", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\system32\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 140725127806976, "timestamp": "00:01:09.799", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 140725085208576, "type": "region", "version": 1 }, "end_va": 140725085249535, "entry_point": 140725085208576, "filename": "\\Windows\\System32\\cryptbase.dll", "id": "region_2909", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\system32\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 140725085208576, "timestamp": "00:01:09.803", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 385024, "start_va": 140725084815360, "type": "region", "version": 1 }, "end_va": 140725085200383, "entry_point": 140725084815360, "filename": "\\Windows\\System32\\bcryptprimitives.dll", "id": "region_2910", "name": "bcryptprimitives.dll", "norm_filename": "c:\\windows\\system32\\bcryptprimitives.dll", "region_type": "memory_mapped_file", "start_va": 140725084815360, "timestamp": "00:01:09.814", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 16384, "start_va": 444887269376, "type": "region", "version": 1 }, "end_va": 444887285759, "entry_point": 0, "filename": null, "id": "region_2920", "name": "pagefile_0x0000006795590000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 444887269376, "timestamp": "00:01:09.847", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 444887269376, "type": "region", "version": 1 }, "end_va": 444887273471, "entry_point": 0, "filename": null, "id": "region_2922", "name": "pagefile_0x0000006795590000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 444887269376, "timestamp": "00:01:09.849", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 444887269376, "type": "region", "version": 1 }, "end_va": 444887334911, "entry_point": 0, "filename": null, "id": "region_3265", "name": "pagefile_0x0000006795590000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 444887269376, "timestamp": "00:01:11.408", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 444887334912, "type": "region", "version": 1 }, "end_va": 444887400447, "entry_point": 0, "filename": null, "id": "region_3266", "name": "pagefile_0x00000067955a0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 444887334912, "timestamp": "00:01:11.408", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 444887400448, "type": "region", "version": 1 }, "end_va": 444887662591, "entry_point": 0, "filename": null, "id": "region_3267", "name": "private_0x00000067955b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 444887400448, "timestamp": "00:01:11.408", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140698411646976, "type": "region", "version": 1 }, "end_va": 140698411655167, "entry_point": 0, "filename": null, "id": "region_3268", "name": "private_0x00007ff6e6d8c000", "norm_filename": null, "region_type": "private_memory", "start_va": 140698411646976, "timestamp": "00:01:11.408", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 444887662592, "type": "region", "version": 1 }, "end_va": 444887666687, "entry_point": 0, "filename": null, "id": "region_3269", "name": "pagefile_0x00000067955f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 444887662592, "timestamp": "00:01:11.409", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 444887662592, "type": "region", "version": 1 }, "end_va": 444887728127, "entry_point": 0, "filename": null, "id": "region_3421", "name": "pagefile_0x00000067955f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 444887662592, "timestamp": "00:01:12.389", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 444887728128, "type": "region", "version": 1 }, "end_va": 444887793663, "entry_point": 0, "filename": null, "id": "region_3422", "name": "pagefile_0x0000006795600000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 444887728128, "timestamp": "00:01:12.389", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 444887793664, "type": "region", "version": 1 }, "end_va": 444887797759, "entry_point": 0, "filename": null, "id": "region_3423", "name": "pagefile_0x0000006795610000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 444887793664, "timestamp": "00:01:12.389", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 444887793664, "type": "region", "version": 1 }, "end_va": 444887859199, "entry_point": 0, "filename": null, "id": "region_4402", "name": "pagefile_0x0000006795610000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 444887793664, "timestamp": "00:01:19.758", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 444887859200, "type": "region", "version": 1 }, "end_va": 444888121343, "entry_point": 0, "filename": null, "id": "region_4403", "name": "private_0x0000006795620000", "norm_filename": null, "region_type": "private_memory", "start_va": 444887859200, "timestamp": "00:01:19.758", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 786432, "start_va": 444888121344, "type": "region", "version": 1 }, "end_va": 444888907775, "entry_point": 0, "filename": null, "id": "region_4404", "name": "pagefile_0x0000006795660000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 444888121344, "timestamp": "00:01:19.758", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 444888907776, "type": "region", "version": 1 }, "end_va": 444888973311, "entry_point": 0, "filename": null, "id": "region_4405", "name": "pagefile_0x0000006795720000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 444888907776, "timestamp": "00:01:19.758", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 786432, "start_va": 444888973312, "type": "region", "version": 1 }, "end_va": 444889759743, "entry_point": 0, "filename": null, "id": "region_4406", "name": "pagefile_0x0000006795730000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 444888973312, "timestamp": "00:01:19.758", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 444889759744, "type": "region", "version": 1 }, "end_va": 444889825279, "entry_point": 0, "filename": null, "id": "region_4407", "name": "pagefile_0x00000067957f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 444889759744, "timestamp": "00:01:19.758", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 444889825280, "type": "region", "version": 1 }, "end_va": 444889890815, "entry_point": 0, "filename": null, "id": "region_4408", "name": "pagefile_0x0000006795800000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 444889825280, "timestamp": "00:01:19.758", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 444889890816, "type": "region", "version": 1 }, "end_va": 444889956351, "entry_point": 0, "filename": null, "id": "region_4409", "name": "pagefile_0x0000006795810000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 444889890816, "timestamp": "00:01:19.758", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 786432, "start_va": 444889956352, "type": "region", "version": 1 }, "end_va": 444890742783, "entry_point": 0, "filename": null, "id": "region_4410", "name": "pagefile_0x0000006795820000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 444889956352, "timestamp": "00:01:19.758", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140698411638784, "type": "region", "version": 1 }, "end_va": 140698411646975, "entry_point": 0, "filename": null, "id": "region_4411", "name": "private_0x00007ff6e6d8a000", "norm_filename": null, "region_type": "private_memory", "start_va": 140698411638784, "timestamp": "00:01:19.758", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 444890742784, "type": "region", "version": 1 }, "end_va": 444890755071, "entry_point": 0, "filename": null, "id": "region_4412", "name": "pagefile_0x00000067958e0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 444890742784, "timestamp": "00:01:19.764", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 444890742784, "type": "region", "version": 1 }, "end_va": 444890808319, "entry_point": 0, "filename": null, "id": "region_4646", "name": "pagefile_0x00000067958e0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 444890742784, "timestamp": "00:01:20.910", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 444890808320, "type": "region", "version": 1 }, "end_va": 444890812415, "entry_point": 0, "filename": null, "id": "region_4647", "name": "pagefile_0x00000067958f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 444890808320, "timestamp": "00:01:20.910", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 444890808320, "type": "region", "version": 1 }, "end_va": 444890873855, "entry_point": 0, "filename": null, "id": "region_4755", "name": "pagefile_0x00000067958f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 444890808320, "timestamp": "00:01:21.144", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 444890873856, "type": "region", "version": 1 }, "end_va": 444890877951, "entry_point": 0, "filename": null, "id": "region_4756", "name": "pagefile_0x0000006795900000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 444890873856, "timestamp": "00:01:21.144", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 444890873856, "type": "region", "version": 1 }, "end_va": 444890939391, "entry_point": 0, "filename": null, "id": "region_5001", "name": "pagefile_0x0000006795900000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 444890873856, "timestamp": "00:01:21.777", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 444890939392, "type": "region", "version": 1 }, "end_va": 444890947583, "entry_point": 0, "filename": null, "id": "region_5002", "name": "pagefile_0x0000006795910000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 444890939392, "timestamp": "00:01:21.777", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 16384, "start_va": 444890742784, "type": "region", "version": 1 }, "end_va": 444890759167, "entry_point": 0, "filename": null, "id": "region_5796", "name": "pagefile_0x00000067958e0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 444890742784, "timestamp": "00:01:26.226", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 444890742784, "type": "region", "version": 1 }, "end_va": 444890746879, "entry_point": 0, "filename": null, "id": "region_5821", "name": "pagefile_0x00000067958e0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 444890742784, "timestamp": "00:01:26.376", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 444890939392, "type": "region", "version": 1 }, "end_va": 444891004927, "entry_point": 0, "filename": null, "id": "region_6862", "name": "pagefile_0x0000006795910000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 444890939392, "timestamp": "00:01:36.037", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 444891004928, "type": "region", "version": 1 }, "end_va": 444891070463, "entry_point": 0, "filename": null, "id": "region_6863", "name": "pagefile_0x0000006795920000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 444891004928, "timestamp": "00:01:36.037", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 444891070464, "type": "region", "version": 1 }, "end_va": 444891135999, "entry_point": 0, "filename": null, "id": "region_6864", "name": "pagefile_0x0000006795930000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 444891070464, "timestamp": "00:01:36.037", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 444891136000, "type": "region", "version": 1 }, "end_va": 444891144191, "entry_point": 0, "filename": null, "id": "region_6865", "name": "pagefile_0x0000006795940000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 444891136000, "timestamp": "00:01:36.038", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 444891136000, "type": "region", "version": 1 }, "end_va": 444891148287, "entry_point": 0, "filename": null, "id": "region_7430", "name": "pagefile_0x0000006795940000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 444891136000, "timestamp": "00:01:40.508", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 444891004928, "type": "region", "version": 1 }, "end_va": 444891009023, "entry_point": 0, "filename": null, "id": "region_7998", "name": "pagefile_0x0000006795920000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 444891004928, "timestamp": "00:01:53.315", "type": "region", "version": 1 } ], "terminate_reason": "timeout", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "\\SystemRoot\\System32\\smss.exe 00000001 00000050 ", "filename": "c:\\windows\\system32\\smss.exe", "id": "proc_35", "image_name": "smss.exe", "monitor_reason": "child_process", "monitored_id": 35, "origin_monitor_id": 31, "ref_parent_process": { "ref_id": "proc_31", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable" ], "ref_process_dump": null, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_2738", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:01:08.937", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 131072, "start_va": 886208004096, "type": "region", "version": 1 }, "end_va": 886208135167, "entry_point": 0, "filename": null, "id": "region_2739", "name": "private_0x000000ce561d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 886208004096, "timestamp": "00:01:08.937", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 61440, "start_va": 886208135168, "type": "region", "version": 1 }, "end_va": 886208196607, "entry_point": 0, "filename": null, "id": "region_2740", "name": "pagefile_0x000000ce561f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 886208135168, "timestamp": "00:01:08.937", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 886208200704, "type": "region", "version": 1 }, "end_va": 886208724991, "entry_point": 0, "filename": null, "id": "region_2741", "name": "private_0x000000ce56200000", "norm_filename": null, "region_type": "private_memory", "start_va": 886208200704, "timestamp": "00:01:08.937", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 140702062411776, "type": "region", "version": 1 }, "end_va": 140702062555135, "entry_point": 0, "filename": null, "id": "region_2742", "name": "pagefile_0x00007ff7c0730000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 140702062411776, "timestamp": "00:01:08.937", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140702062596096, "type": "region", "version": 1 }, "end_va": 140702062604287, "entry_point": 0, "filename": null, "id": "region_2743", "name": "private_0x00007ff7c075d000", "norm_filename": null, "region_type": "private_memory", "start_va": 140702062596096, "timestamp": "00:01:08.937", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 140702062604288, "type": "region", "version": 1 }, "end_va": 140702062608383, "entry_point": 0, "filename": null, "id": "region_2744", "name": "private_0x00007ff7c075f000", "norm_filename": null, "region_type": "private_memory", "start_va": 140702062604288, "timestamp": "00:01:08.937", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 151552, "start_va": 140702074994688, "type": "region", "version": 1 }, "end_va": 140702075146239, "entry_point": 140702075025560, "filename": "\\Windows\\System32\\smss.exe", "id": "region_2745", "name": "smss.exe", "norm_filename": "c:\\windows\\system32\\smss.exe", "region_type": "memory_mapped_file", "start_va": 140702074994688, "timestamp": "00:01:08.937", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 140725133115392, "type": "region", "version": 1 }, "end_va": 140725134856191, "entry_point": 140725133115392, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_2746", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 140725133115392, "timestamp": "00:01:08.938", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "wininit.exe", "filename": "c:\\windows\\system32\\wininit.exe", "id": "proc_36", "image_name": "wininit.exe", "monitor_reason": "child_process", "monitored_id": 36, "origin_monitor_id": 33, "ref_parent_process": { "ref_id": "proc_33", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable" ], "ref_process_dump": null, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_2747", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:01:08.954", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 131072, "start_va": 330201169920, "type": "region", "version": 1 }, "end_va": 330201300991, "entry_point": 0, "filename": null, "id": "region_2748", "name": "private_0x0000004ce1860000", "norm_filename": null, "region_type": "private_memory", "start_va": 330201169920, "timestamp": "00:01:08.954", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 61440, "start_va": 330201300992, "type": "region", "version": 1 }, "end_va": 330201362431, "entry_point": 0, "filename": null, "id": "region_2749", "name": "pagefile_0x0000004ce1880000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 330201300992, "timestamp": "00:01:08.954", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 330201366528, "type": "region", "version": 1 }, "end_va": 330201890815, "entry_point": 0, "filename": null, "id": "region_2750", "name": "private_0x0000004ce1890000", "norm_filename": null, "region_type": "private_memory", "start_va": 330201366528, "timestamp": "00:01:08.954", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 140701823533056, "type": "region", "version": 1 }, "end_va": 140701823676415, "entry_point": 0, "filename": null, "id": "region_2751", "name": "pagefile_0x00007ff7b2360000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 140701823533056, "timestamp": "00:01:08.954", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 140701823713280, "type": "region", "version": 1 }, "end_va": 140701823717375, "entry_point": 0, "filename": null, "id": "region_2752", "name": "private_0x00007ff7b238c000", "norm_filename": null, "region_type": "private_memory", "start_va": 140701823713280, "timestamp": "00:01:08.954", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140701823721472, "type": "region", "version": 1 }, "end_va": 140701823729663, "entry_point": 0, "filename": null, "id": "region_2753", "name": "private_0x00007ff7b238e000", "norm_filename": null, "region_type": "private_memory", "start_va": 140701823721472, "timestamp": "00:01:08.954", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 155648, "start_va": 140701827268608, "type": "region", "version": 1 }, "end_va": 140701827424255, "entry_point": 140701827268608, "filename": "\\Windows\\System32\\wininit.exe", "id": "region_2754", "name": "wininit.exe", "norm_filename": "c:\\windows\\system32\\wininit.exe", "region_type": "memory_mapped_file", "start_va": 140701827268608, "timestamp": "00:01:08.954", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 140725133115392, "type": "region", "version": 1 }, "end_va": 140725134856191, "entry_point": 140725133115392, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_2755", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 140725133115392, "timestamp": "00:01:08.962", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1376256, "start_va": 330201890816, "type": "region", "version": 1 }, "end_va": 330203267071, "entry_point": 0, "filename": null, "id": "region_2807", "name": "private_0x0000004ce1910000", "norm_filename": null, "region_type": "private_memory", "start_va": 330201890816, "timestamp": "00:01:09.196", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1282048, "start_va": 140725124988928, "type": "region", "version": 1 }, "end_va": 140725126270975, "entry_point": 140725125009460, "filename": "\\Windows\\System32\\kernel32.dll", "id": "region_2808", "name": "kernel32.dll", "norm_filename": "c:\\windows\\system32\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 140725124988928, "timestamp": "00:01:09.203", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1105920, "start_va": 140725090648064, "type": "region", "version": 1 }, "end_va": 140725091753983, "entry_point": 140725090656928, "filename": "\\Windows\\System32\\KernelBase.dll", "id": "region_2809", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\system32\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 140725090648064, "timestamp": "00:01:09.205", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 330201169920, "type": "region", "version": 1 }, "end_va": 330201235455, "entry_point": 0, "filename": null, "id": "region_2810", "name": "pagefile_0x0000004ce1860000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 330201169920, "timestamp": "00:01:09.209", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 140701822484480, "type": "region", "version": 1 }, "end_va": 140701823533055, "entry_point": 0, "filename": null, "id": "region_2811", "name": "pagefile_0x00007ff7b2260000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 140701822484480, "timestamp": "00:01:09.209", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 516096, "start_va": 330203267072, "type": "region", "version": 1 }, "end_va": 330203783167, "entry_point": 330203267072, "filename": "\\Windows\\System32\\locale.nls", "id": "region_2812", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 330203267072, "timestamp": "00:01:09.211", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 684032, "start_va": 140725098577920, "type": "region", "version": 1 }, "end_va": 140725099261951, "entry_point": 140725098577920, "filename": "\\Windows\\System32\\msvcrt.dll", "id": "region_2813", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\system32\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 140725098577920, "timestamp": "00:01:09.212", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1269760, "start_va": 140725127806976, "type": "region", "version": 1 }, "end_va": 140725129076735, "entry_point": 140725127806976, "filename": "\\Windows\\System32\\rpcrt4.dll", "id": "region_2814", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\system32\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 140725127806976, "timestamp": "00:01:09.223", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 356352, "start_va": 140725098184704, "type": "region", "version": 1 }, "end_va": 140725098541055, "entry_point": 140725098184704, "filename": "\\Windows\\System32\\sechost.dll", "id": "region_2815", "name": "sechost.dll", "norm_filename": "c:\\windows\\system32\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 140725098184704, "timestamp": "00:01:09.230", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 81920, "start_va": 140725086453760, "type": "region", "version": 1 }, "end_va": 140725086535679, "entry_point": 140725086453760, "filename": "\\Windows\\System32\\profapi.dll", "id": "region_2825", "name": "profapi.dll", "norm_filename": "c:\\windows\\system32\\profapi.dll", "region_type": "memory_mapped_file", "start_va": 140725086453760, "timestamp": "00:01:09.311", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1703936, "start_va": 330203791360, "type": "region", "version": 1 }, "end_va": 330205495295, "entry_point": 0, "filename": null, "id": "region_2829", "name": "private_0x0000004ce1ae0000", "norm_filename": null, "region_type": "private_memory", "start_va": 330203791360, "timestamp": "00:01:09.338", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 28672, "start_va": 330201235456, "type": "region", "version": 1 }, "end_va": 330201264127, "entry_point": 0, "filename": null, "id": "region_2831", "name": "private_0x0000004ce1870000", "norm_filename": null, "region_type": "private_memory", "start_va": 330201235456, "timestamp": "00:01:09.340", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 655360, "start_va": 330203791360, "type": "region", "version": 1 }, "end_va": 330204446719, "entry_point": 0, "filename": null, "id": "region_2833", "name": "private_0x0000004ce1ae0000", "norm_filename": null, "region_type": "private_memory", "start_va": 330203791360, "timestamp": "00:01:09.348", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 330205429760, "type": "region", "version": 1 }, "end_va": 330205495295, "entry_point": 0, "filename": null, "id": "region_2834", "name": "private_0x0000004ce1c70000", "norm_filename": null, "region_type": "private_memory", "start_va": 330205429760, "timestamp": "00:01:09.348", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 28672, "start_va": 330201890816, "type": "region", "version": 1 }, "end_va": 330201919487, "entry_point": 0, "filename": null, "id": "region_2835", "name": "private_0x0000004ce1910000", "norm_filename": null, "region_type": "private_memory", "start_va": 330201890816, "timestamp": "00:01:09.349", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 330202218496, "type": "region", "version": 1 }, "end_va": 330203267071, "entry_point": 0, "filename": null, "id": "region_2836", "name": "private_0x0000004ce1960000", "norm_filename": null, "region_type": "private_memory", "start_va": 330202218496, "timestamp": "00:01:09.349", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 140725086060544, "type": "region", "version": 1 }, "end_va": 140725086101503, "entry_point": 140725086060544, "filename": "\\Windows\\System32\\wininitext.dll", "id": "region_2837", "name": "wininitext.dll", "norm_filename": "c:\\windows\\system32\\wininitext.dll", "region_type": "memory_mapped_file", "start_va": 140725086060544, "timestamp": "00:01:09.356", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1511424, "start_va": 140725093466112, "type": "region", "version": 1 }, "end_va": 140725094977535, "entry_point": 140725093620416, "filename": "\\Windows\\System32\\user32.dll", "id": "region_2838", "name": "user32.dll", "norm_filename": "c:\\windows\\system32\\user32.dll", "region_type": "memory_mapped_file", "start_va": 140725093466112, "timestamp": "00:01:09.366", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1331200, "start_va": 140725129773056, "type": "region", "version": 1 }, "end_va": 140725131104255, "entry_point": 140725129845848, "filename": "\\Windows\\System32\\gdi32.dll", "id": "region_2839", "name": "gdi32.dll", "norm_filename": "c:\\windows\\system32\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 140725129773056, "timestamp": "00:01:09.367", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 330205495296, "type": "region", "version": 1 }, "end_va": 330207100927, "entry_point": 0, "filename": null, "id": "region_2840", "name": "pagefile_0x0000004ce1c80000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 330205495296, "timestamp": "00:01:09.371", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 330207133696, "type": "region", "version": 1 }, "end_va": 330208710655, "entry_point": 0, "filename": null, "id": "region_2841", "name": "pagefile_0x0000004ce1e10000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 330207133696, "timestamp": "00:01:09.371", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 12288, "start_va": 330201956352, "type": "region", "version": 1 }, "end_va": 330201968639, "entry_point": 0, "filename": null, "id": "region_2842", "name": "pagefile_0x0000004ce1920000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 330201956352, "timestamp": "00:01:09.376", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 330202021888, "type": "region", "version": 1 }, "end_va": 330202025983, "entry_point": 0, "filename": null, "id": "region_2843", "name": "pagefile_0x0000004ce1930000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 330202021888, "timestamp": "00:01:09.376", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 330202087424, "type": "region", "version": 1 }, "end_va": 330202091519, "entry_point": 0, "filename": null, "id": "region_2844", "name": "private_0x0000004ce1940000", "norm_filename": null, "region_type": "private_memory", "start_va": 330202087424, "timestamp": "00:01:09.376", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 330202152960, "type": "region", "version": 1 }, "end_va": 330202157055, "entry_point": 0, "filename": null, "id": "region_2845", "name": "private_0x0000004ce1950000", "norm_filename": null, "region_type": "private_memory", "start_va": 330202152960, "timestamp": "00:01:09.376", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 330203791360, "type": "region", "version": 1 }, "end_va": 330204315647, "entry_point": 0, "filename": null, "id": "region_2846", "name": "private_0x0000004ce1ae0000", "norm_filename": null, "region_type": "private_memory", "start_va": 330203791360, "timestamp": "00:01:09.376", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 330204381184, "type": "region", "version": 1 }, "end_va": 330204446719, "entry_point": 0, "filename": null, "id": "region_2847", "name": "private_0x0000004ce1b70000", "norm_filename": null, "region_type": "private_memory", "start_va": 330204381184, "timestamp": "00:01:09.376", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4169728, "start_va": 330208772096, "type": "region", "version": 1 }, "end_va": 330212941823, "entry_point": 0, "filename": null, "id": "region_2848", "name": "pagefile_0x0000004ce1fa0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 330208772096, "timestamp": "00:01:09.376", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140701823705088, "type": "region", "version": 1 }, "end_va": 140701823713279, "entry_point": 0, "filename": null, "id": "region_2849", "name": "private_0x00007ff7b238a000", "norm_filename": null, "region_type": "private_memory", "start_va": 140701823705088, "timestamp": "00:01:09.376", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 330204446720, "type": "region", "version": 1 }, "end_va": 330204971007, "entry_point": 0, "filename": null, "id": "region_2850", "name": "private_0x0000004ce1b80000", "norm_filename": null, "region_type": "private_memory", "start_va": 330204446720, "timestamp": "00:01:09.380", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140701823696896, "type": "region", "version": 1 }, "end_va": 140701823705087, "entry_point": 0, "filename": null, "id": "region_2851", "name": "private_0x00007ff7b2388000", "norm_filename": null, "region_type": "private_memory", "start_va": 140701823696896, "timestamp": "00:01:09.380", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 16384, "start_va": 140725085995008, "type": "region", "version": 1 }, "end_va": 140725086011391, "entry_point": 140725085995008, "filename": "\\Windows\\System32\\KBDUS.DLL", "id": "region_2852", "name": "kbdus.dll", "norm_filename": "c:\\windows\\system32\\kbdus.dll", "region_type": "memory_mapped_file", "start_va": 140725085995008, "timestamp": "00:01:09.380", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 330204315648, "type": "region", "version": 1 }, "end_va": 330204319743, "entry_point": 0, "filename": null, "id": "region_2853", "name": "private_0x0000004ce1b60000", "norm_filename": null, "region_type": "private_memory", "start_va": 330204315648, "timestamp": "00:01:09.388", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 9596928, "start_va": 330212966400, "type": "region", "version": 1 }, "end_va": 330222563327, "entry_point": 330212966400, "filename": "\\Windows\\Fonts\\malgun.ttf", "id": "region_2854", "name": "malgun.ttf", "norm_filename": "c:\\windows\\fonts\\malgun.ttf", "region_type": "memory_mapped_file", "start_va": 330212966400, "timestamp": "00:01:09.404", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 21635072, "start_va": 330212966400, "type": "region", "version": 1 }, "end_va": 330234601471, "entry_point": 330212966400, "filename": "\\Windows\\Fonts\\msyh.ttc", "id": "region_2855", "name": "msyh.ttc", "norm_filename": "c:\\windows\\fonts\\msyh.ttc", "region_type": "memory_mapped_file", "start_va": 330212966400, "timestamp": "00:01:09.420", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16265216, "start_va": 330212966400, "type": "region", "version": 1 }, "end_va": 330229231615, "entry_point": 330212966400, "filename": "\\Windows\\Fonts\\batang.ttc", "id": "region_2856", "name": "batang.ttc", "norm_filename": "c:\\windows\\fonts\\batang.ttc", "region_type": "memory_mapped_file", "start_va": 330212966400, "timestamp": "00:01:09.425", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8921088, "start_va": 330212966400, "type": "region", "version": 1 }, "end_va": 330221887487, "entry_point": 330212966400, "filename": "\\Windows\\Fonts\\malgunbd.ttf", "id": "region_2857", "name": "malgunbd.ttf", "norm_filename": "c:\\windows\\fonts\\malgunbd.ttf", "region_type": "memory_mapped_file", "start_va": 330212966400, "timestamp": "00:01:09.434", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 835584, "start_va": 330212966400, "type": "region", "version": 1 }, "end_va": 330213801983, "entry_point": 330212966400, "filename": "\\Windows\\Fonts\\segoeuib.ttf", "id": "region_2858", "name": "segoeuib.ttf", "norm_filename": "c:\\windows\\fonts\\segoeuib.ttf", "region_type": "memory_mapped_file", "start_va": 330212966400, "timestamp": "00:01:09.438", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 10084352, "start_va": 330212966400, "type": "region", "version": 1 }, "end_va": 330223050751, "entry_point": 330212966400, "filename": "\\Windows\\Fonts\\msmincho.ttc", "id": "region_2859", "name": "msmincho.ttc", "norm_filename": "c:\\windows\\fonts\\msmincho.ttc", "region_type": "memory_mapped_file", "start_va": 330212966400, "timestamp": "00:01:09.445", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 843776, "start_va": 330212966400, "type": "region", "version": 1 }, "end_va": 330213810175, "entry_point": 330212966400, "filename": "\\Windows\\Fonts\\segoeui.ttf", "id": "region_2860", "name": "segoeui.ttf", "norm_filename": "c:\\windows\\fonts\\segoeui.ttf", "region_type": "memory_mapped_file", "start_va": 330212966400, "timestamp": "00:01:09.450", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 749568, "start_va": 330212966400, "type": "region", "version": 1 }, "end_va": 330213715967, "entry_point": 330212966400, "filename": "\\Windows\\Fonts\\tahoma.ttf", "id": "region_2861", "name": "tahoma.ttf", "norm_filename": "c:\\windows\\fonts\\tahoma.ttf", "region_type": "memory_mapped_file", "start_va": 330212966400, "timestamp": "00:01:09.459", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 18259968, "start_va": 330212966400, "type": "region", "version": 1 }, "end_va": 330231226367, "entry_point": 330212966400, "filename": "\\Windows\\Fonts\\simsun.ttc", "id": "region_2862", "name": "simsun.ttc", "norm_filename": "c:\\windows\\fonts\\simsun.ttc", "region_type": "memory_mapped_file", "start_va": 330212966400, "timestamp": "00:01:09.461", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 9744384, "start_va": 330212966400, "type": "region", "version": 1 }, "end_va": 330222710783, "entry_point": 330212966400, "filename": "\\Windows\\Fonts\\meiryob.ttc", "id": "region_2863", "name": "meiryob.ttc", "norm_filename": "c:\\windows\\fonts\\meiryob.ttc", "region_type": "memory_mapped_file", "start_va": 330212966400, "timestamp": "00:01:09.463", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 9211904, "start_va": 330212966400, "type": "region", "version": 1 }, "end_va": 330222178303, "entry_point": 330212966400, "filename": "\\Windows\\Fonts\\msgothic.ttc", "id": "region_2864", "name": "msgothic.ttc", "norm_filename": "c:\\windows\\fonts\\msgothic.ttc", "region_type": "memory_mapped_file", "start_va": 330212966400, "timestamp": "00:01:09.472", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 13524992, "start_va": 330212966400, "type": "region", "version": 1 }, "end_va": 330226491391, "entry_point": 330212966400, "filename": "\\Windows\\Fonts\\gulim.ttc", "id": "region_2865", "name": "gulim.ttc", "norm_filename": "c:\\windows\\fonts\\gulim.ttc", "region_type": "memory_mapped_file", "start_va": 330212966400, "timestamp": "00:01:09.474", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 14438400, "start_va": 330212966400, "type": "region", "version": 1 }, "end_va": 330227404799, "entry_point": 330212966400, "filename": "\\Windows\\Fonts\\msjhbd.ttc", "id": "region_2866", "name": "msjhbd.ttc", "norm_filename": "c:\\windows\\fonts\\msjhbd.ttc", "region_type": "memory_mapped_file", "start_va": 330212966400, "timestamp": "00:01:09.483", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 14462976, "start_va": 330212966400, "type": "region", "version": 1 }, "end_va": 330227429375, "entry_point": 330212966400, "filename": "\\Windows\\Fonts\\msyhbd.ttc", "id": "region_2867", "name": "msyhbd.ttc", "norm_filename": "c:\\windows\\fonts\\msyhbd.ttc", "region_type": "memory_mapped_file", "start_va": 330212966400, "timestamp": "00:01:09.486", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 667648, "start_va": 330212966400, "type": "region", "version": 1 }, "end_va": 330213634047, "entry_point": 330212966400, "filename": "\\Windows\\Fonts\\micross.ttf", "id": "region_2868", "name": "micross.ttf", "norm_filename": "c:\\windows\\fonts\\micross.ttf", "region_type": "memory_mapped_file", "start_va": 330212966400, "timestamp": "00:01:09.489", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 27508736, "start_va": 330212966400, "type": "region", "version": 1 }, "end_va": 330240475135, "entry_point": 330212966400, "filename": "\\Windows\\Fonts\\mingliu.ttc", "id": "region_2869", "name": "mingliu.ttc", "norm_filename": "c:\\windows\\fonts\\mingliu.ttc", "region_type": "memory_mapped_file", "start_va": 330212966400, "timestamp": "00:01:09.493", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 21483520, "start_va": 330212966400, "type": "region", "version": 1 }, "end_va": 330234449919, "entry_point": 330212966400, "filename": "\\Windows\\Fonts\\msjh.ttc", "id": "region_2870", "name": "msjh.ttc", "norm_filename": "c:\\windows\\fonts\\msjh.ttc", "region_type": "memory_mapped_file", "start_va": 330212966400, "timestamp": "00:01:09.497", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 9527296, "start_va": 330212966400, "type": "region", "version": 1 }, "end_va": 330222493695, "entry_point": 330212966400, "filename": "\\Windows\\Fonts\\meiryo.ttc", "id": "region_2871", "name": "meiryo.ttc", "norm_filename": "c:\\windows\\fonts\\meiryo.ttc", "region_type": "memory_mapped_file", "start_va": 330212966400, "timestamp": "00:01:09.500", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20480, "start_va": 330204971008, "type": "region", "version": 1 }, "end_va": 330204991487, "entry_point": 330204971008, "filename": "\\Windows\\System32\\en-US\\user32.dll.mui", "id": "region_2872", "name": "user32.dll.mui", "norm_filename": "c:\\windows\\system32\\en-us\\user32.dll.mui", "region_type": "memory_mapped_file", "start_va": 330204971008, "timestamp": "00:01:09.620", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 196608, "start_va": 330205036544, "type": "region", "version": 1 }, "end_va": 330205233151, "entry_point": 0, "filename": null, "id": "region_2873", "name": "pagefile_0x0000004ce1c10000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 330205036544, "timestamp": "00:01:09.646", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20480, "start_va": 330204315648, "type": "region", "version": 1 }, "end_va": 330204336127, "entry_point": 330204315648, "filename": "\\Windows\\System32\\en-US\\user32.dll.mui", "id": "region_2877", "name": "user32.dll.mui", "norm_filename": "c:\\windows\\system32\\en-us\\user32.dll.mui", "region_type": "memory_mapped_file", "start_va": 330204315648, "timestamp": "00:01:09.661", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 32768, "start_va": 330204971008, "type": "region", "version": 1 }, "end_va": 330205003775, "entry_point": 330204971008, "filename": "\\Windows\\Cursors\\aero_arrow.cur", "id": "region_2878", "name": "aero_arrow.cur", "norm_filename": "c:\\windows\\cursors\\aero_arrow.cur", "region_type": "memory_mapped_file", "start_va": 330204971008, "timestamp": "00:01:09.665", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 557056, "start_va": 330208772096, "type": "region", "version": 1 }, "end_va": 330209329151, "entry_point": 330208772096, "filename": "\\Windows\\Cursors\\aero_busy.ani", "id": "region_2879", "name": "aero_busy.ani", "norm_filename": "c:\\windows\\cursors\\aero_busy.ani", "region_type": "memory_mapped_file", "start_va": 330208772096, "timestamp": "00:01:09.667", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 32768, "start_va": 330204971008, "type": "region", "version": 1 }, "end_va": 330205003775, "entry_point": 330204971008, "filename": "\\Windows\\Cursors\\aero_up.cur", "id": "region_2880", "name": "aero_up.cur", "norm_filename": "c:\\windows\\cursors\\aero_up.cur", "region_type": "memory_mapped_file", "start_va": 330204971008, "timestamp": "00:01:09.680", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 557056, "start_va": 330208772096, "type": "region", "version": 1 }, "end_va": 330209329151, "entry_point": 330208772096, "filename": "\\Windows\\Cursors\\aero_working.ani", "id": "region_2881", "name": "aero_working.ani", "norm_filename": "c:\\windows\\cursors\\aero_working.ani", "region_type": "memory_mapped_file", "start_va": 330208772096, "timestamp": "00:01:09.690", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 32768, "start_va": 330204971008, "type": "region", "version": 1 }, "end_va": 330205003775, "entry_point": 330204971008, "filename": "\\Windows\\Cursors\\aero_helpsel.cur", "id": "region_2882", "name": "aero_helpsel.cur", "norm_filename": "c:\\windows\\cursors\\aero_helpsel.cur", "region_type": "memory_mapped_file", "start_va": 330204971008, "timestamp": "00:01:09.702", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 140725085995008, "type": "region", "version": 1 }, "end_va": 140725086027775, "entry_point": 140725085995008, "filename": "\\Windows\\System32\\WlS0WndH.dll", "id": "region_2883", "name": "wls0wndh.dll", "norm_filename": "c:\\windows\\system32\\wls0wndh.dll", "region_type": "memory_mapped_file", "start_va": 140725085995008, "timestamp": "00:01:09.712", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20971520, "start_va": 330208772096, "type": "region", "version": 1 }, "end_va": 330229743615, "entry_point": 0, "filename": null, "id": "region_2884", "name": "pagefile_0x0000004ce1fa0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 330208772096, "timestamp": "00:01:09.724", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 330229743616, "type": "region", "version": 1 }, "end_va": 330230267903, "entry_point": 0, "filename": null, "id": "region_2885", "name": "private_0x0000004ce33a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 330229743616, "timestamp": "00:01:09.729", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2969600, "start_va": 330230267904, "type": "region", "version": 1 }, "end_va": 330233237503, "entry_point": 330230267904, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_2886", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 330230267904, "timestamp": "00:01:09.729", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140701823688704, "type": "region", "version": 1 }, "end_va": 140701823696895, "entry_point": 0, "filename": null, "id": "region_2887", "name": "private_0x00007ff7b2386000", "norm_filename": null, "region_type": "private_memory", "start_va": 140701823688704, "timestamp": "00:01:09.729", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 360448, "start_va": 140725127020544, "type": "region", "version": 1 }, "end_va": 140725127380991, "entry_point": 140725127024796, "filename": "\\Windows\\System32\\ws2_32.dll", "id": "region_3390", "name": "ws2_32.dll", "norm_filename": "c:\\windows\\system32\\ws2_32.dll", "region_type": "memory_mapped_file", "start_va": 140725127020544, "timestamp": "00:01:12.082", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 36864, "start_va": 140725103886336, "type": "region", "version": 1 }, "end_va": 140725103923199, "entry_point": 140725103891456, "filename": "\\Windows\\System32\\nsi.dll", "id": "region_3391", "name": "nsi.dll", "norm_filename": "c:\\windows\\system32\\nsi.dll", "region_type": "memory_mapped_file", "start_va": 140725103886336, "timestamp": "00:01:12.083", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 360448, "start_va": 140725079375872, "type": "region", "version": 1 }, "end_va": 140725079736319, "entry_point": 140725079379984, "filename": "\\Windows\\System32\\mswsock.dll", "id": "region_3392", "name": "mswsock.dll", "norm_filename": "c:\\windows\\system32\\mswsock.dll", "region_type": "memory_mapped_file", "start_va": 140725079375872, "timestamp": "00:01:12.087", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 176128, "start_va": 140725084618752, "type": "region", "version": 1 }, "end_va": 140725084794879, "entry_point": 140725084624016, "filename": "\\Windows\\System32\\sspicli.dll", "id": "region_3402", "name": "sspicli.dll", "norm_filename": "c:\\windows\\system32\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 140725084618752, "timestamp": "00:01:12.111", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 330204971008, "type": "region", "version": 1 }, "end_va": 330204975103, "entry_point": 0, "filename": null, "id": "region_3403", "name": "private_0x0000004ce1c00000", "norm_filename": null, "region_type": "private_memory", "start_va": 330204971008, "timestamp": "00:01:12.113", "type": "region", "version": 1 } ], "terminate_reason": "timeout", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "%SystemRoot%\\system32\\csrss.exe ObjectDirectory=\\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16", "filename": "c:\\windows\\system32\\csrss.exe", "id": "proc_37", "image_name": "csrss.exe", "monitor_reason": "child_process", "monitored_id": 37, "origin_monitor_id": 35, "ref_parent_process": { "ref_id": "proc_35", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable" ], "ref_process_dump": null, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_2756", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:01:08.963", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 131072, "start_va": 996127211520, "type": "region", "version": 1 }, "end_va": 996127342591, "entry_point": 0, "filename": null, "id": "region_2757", "name": "private_0x000000e7edcf0000", "norm_filename": null, "region_type": "private_memory", "start_va": 996127211520, "timestamp": "00:01:08.964", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 61440, "start_va": 996127342592, "type": "region", "version": 1 }, "end_va": 996127404031, "entry_point": 0, "filename": null, "id": "region_2758", "name": "pagefile_0x000000e7edd10000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 996127342592, "timestamp": "00:01:08.964", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 996127408128, "type": "region", "version": 1 }, "end_va": 996127670271, "entry_point": 0, "filename": null, "id": "region_2759", "name": "private_0x000000e7edd20000", "norm_filename": null, "region_type": "private_memory", "start_va": 996127408128, "timestamp": "00:01:08.964", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 140698417364992, "type": "region", "version": 1 }, "end_va": 140698417508351, "entry_point": 0, "filename": null, "id": "region_2760", "name": "pagefile_0x00007ff6e7300000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 140698417364992, "timestamp": "00:01:08.964", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140698417549312, "type": "region", "version": 1 }, "end_va": 140698417557503, "entry_point": 0, "filename": null, "id": "region_2761", "name": "private_0x00007ff6e732d000", "norm_filename": null, "region_type": "private_memory", "start_va": 140698417549312, "timestamp": "00:01:08.964", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 140698417557504, "type": "region", "version": 1 }, "end_va": 140698417561599, "entry_point": 0, "filename": null, "id": "region_2762", "name": "private_0x00007ff6e732f000", "norm_filename": null, "region_type": "private_memory", "start_va": 140698417557504, "timestamp": "00:01:08.964", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 28672, "start_va": 140698424770560, "type": "region", "version": 1 }, "end_va": 140698424799231, "entry_point": 140698424775008, "filename": "\\Windows\\System32\\csrss.exe", "id": "region_2763", "name": "csrss.exe", "norm_filename": "c:\\windows\\system32\\csrss.exe", "region_type": "memory_mapped_file", "start_va": 140698424770560, "timestamp": "00:01:08.964", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 140725133115392, "type": "region", "version": 1 }, "end_va": 140725134856191, "entry_point": 140725133115392, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_2764", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 140725133115392, "timestamp": "00:01:08.964", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 28672, "start_va": 996127211520, "type": "region", "version": 1 }, "end_va": 996127240191, "entry_point": 0, "filename": null, "id": "region_2772", "name": "private_0x000000e7edcf0000", "norm_filename": null, "region_type": "private_memory", "start_va": 996127211520, "timestamp": "00:01:09.143", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 12288, "start_va": 996127277056, "type": "region", "version": 1 }, "end_va": 996127289343, "entry_point": 0, "filename": null, "id": "region_2773", "name": "pagefile_0x000000e7edd00000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 996127277056, "timestamp": "00:01:09.143", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 516096, "start_va": 996127670272, "type": "region", "version": 1 }, "end_va": 996128186367, "entry_point": 996127670272, "filename": "\\Windows\\System32\\locale.nls", "id": "region_2774", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 996127670272, "timestamp": "00:01:09.143", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 996128194560, "type": "region", "version": 1 }, "end_va": 996128198655, "entry_point": 0, "filename": null, "id": "region_2775", "name": "pagefile_0x000000e7edde0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 996128194560, "timestamp": "00:01:09.143", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 996128260096, "type": "region", "version": 1 }, "end_va": 996128264191, "entry_point": 0, "filename": null, "id": "region_2776", "name": "private_0x000000e7eddf0000", "norm_filename": null, "region_type": "private_memory", "start_va": 996128260096, "timestamp": "00:01:09.143", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 996128325632, "type": "region", "version": 1 }, "end_va": 996128329727, "entry_point": 0, "filename": null, "id": "region_2777", "name": "private_0x000000e7ede00000", "norm_filename": null, "region_type": "private_memory", "start_va": 996128325632, "timestamp": "00:01:09.143", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 996128391168, "type": "region", "version": 1 }, "end_va": 996128395263, "entry_point": 0, "filename": null, "id": "region_2778", "name": "private_0x000000e7ede10000", "norm_filename": null, "region_type": "private_memory", "start_va": 996128391168, "timestamp": "00:01:09.143", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 996128456704, "type": "region", "version": 1 }, "end_va": 996128460799, "entry_point": 0, "filename": null, "id": "region_2779", "name": "private_0x000000e7ede20000", "norm_filename": null, "region_type": "private_memory", "start_va": 996128456704, "timestamp": "00:01:09.143", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 996128522240, "type": "region", "version": 1 }, "end_va": 996128530431, "entry_point": 996128522240, "filename": "\\Windows\\Fonts\\vgasys.fon", "id": "region_2780", "name": "vgasys.fon", "norm_filename": "c:\\windows\\fonts\\vgasys.fon", "region_type": "memory_mapped_file", "start_va": 996128522240, "timestamp": "00:01:09.143", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 996128915456, "type": "region", "version": 1 }, "end_va": 996129964031, "entry_point": 0, "filename": null, "id": "region_2781", "name": "private_0x000000e7ede90000", "norm_filename": null, "region_type": "private_memory", "start_va": 996128915456, "timestamp": "00:01:09.144", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 996129964032, "type": "region", "version": 1 }, "end_va": 996131540991, "entry_point": 0, "filename": null, "id": "region_2782", "name": "pagefile_0x000000e7edf90000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 996129964032, "timestamp": "00:01:09.144", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4169728, "start_va": 996131602432, "type": "region", "version": 1 }, "end_va": 996135772159, "entry_point": 0, "filename": null, "id": "region_2783", "name": "pagefile_0x000000e7ee120000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 996131602432, "timestamp": "00:01:09.144", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 5185536, "start_va": 996135796736, "type": "region", "version": 1 }, "end_va": 996140982271, "entry_point": 0, "filename": null, "id": "region_2784", "name": "pagefile_0x000000e7ee520000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 996135796736, "timestamp": "00:01:09.144", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 140698416316416, "type": "region", "version": 1 }, "end_va": 140698417364991, "entry_point": 0, "filename": null, "id": "region_2785", "name": "pagefile_0x00007ff6e7200000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 140698416316416, "timestamp": "00:01:09.144", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 204800, "start_va": 140725086650368, "type": "region", "version": 1 }, "end_va": 140725086855167, "entry_point": 140725086666228, "filename": "\\Windows\\System32\\winsrv.dll", "id": "region_2786", "name": "winsrv.dll", "norm_filename": "c:\\windows\\system32\\winsrv.dll", "region_type": "memory_mapped_file", "start_va": 140725086650368, "timestamp": "00:01:09.144", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 77824, "start_va": 140725086912512, "type": "region", "version": 1 }, "end_va": 140725086990335, "entry_point": 140725086936728, "filename": "\\Windows\\System32\\basesrv.dll", "id": "region_2787", "name": "basesrv.dll", "norm_filename": "c:\\windows\\system32\\basesrv.dll", "region_type": "memory_mapped_file", "start_va": 140725086912512, "timestamp": "00:01:09.145", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 90112, "start_va": 140725087043584, "type": "region", "version": 1 }, "end_va": 140725087133695, "entry_point": 140725087073336, "filename": "\\Windows\\System32\\csrsrv.dll", "id": "region_2788", "name": "csrsrv.dll", "norm_filename": "c:\\windows\\system32\\csrsrv.dll", "region_type": "memory_mapped_file", "start_va": 140725087043584, "timestamp": "00:01:09.145", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1105920, "start_va": 140725090648064, "type": "region", "version": 1 }, "end_va": 140725091753983, "entry_point": 140725090656928, "filename": "\\Windows\\System32\\KernelBase.dll", "id": "region_2789", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\system32\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 140725090648064, "timestamp": "00:01:09.145", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1511424, "start_va": 140725093466112, "type": "region", "version": 1 }, "end_va": 140725094977535, "entry_point": 140725093620416, "filename": "\\Windows\\System32\\user32.dll", "id": "region_2790", "name": "user32.dll", "norm_filename": "c:\\windows\\system32\\user32.dll", "region_type": "memory_mapped_file", "start_va": 140725093466112, "timestamp": "00:01:09.146", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1282048, "start_va": 140725124988928, "type": "region", "version": 1 }, "end_va": 140725126270975, "entry_point": 140725125009460, "filename": "\\Windows\\System32\\kernel32.dll", "id": "region_2791", "name": "kernel32.dll", "norm_filename": "c:\\windows\\system32\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 140725124988928, "timestamp": "00:01:09.146", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1331200, "start_va": 140725129773056, "type": "region", "version": 1 }, "end_va": 140725131104255, "entry_point": 140725129845848, "filename": "\\Windows\\System32\\gdi32.dll", "id": "region_2792", "name": "gdi32.dll", "norm_filename": "c:\\windows\\system32\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 140725129773056, "timestamp": "00:01:09.147", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 996128587776, "type": "region", "version": 1 }, "end_va": 996128849919, "entry_point": 0, "filename": null, "id": "region_2793", "name": "private_0x000000e7ede40000", "norm_filename": null, "region_type": "private_memory", "start_va": 996128587776, "timestamp": "00:01:09.149", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140698417541120, "type": "region", "version": 1 }, "end_va": 140698417549311, "entry_point": 0, "filename": null, "id": "region_2794", "name": "private_0x00007ff6e732b000", "norm_filename": null, "region_type": "private_memory", "start_va": 140698417541120, "timestamp": "00:01:09.149", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 996141039616, "type": "region", "version": 1 }, "end_va": 996141301759, "entry_point": 0, "filename": null, "id": "region_2795", "name": "private_0x000000e7eea20000", "norm_filename": null, "region_type": "private_memory", "start_va": 996141039616, "timestamp": "00:01:09.153", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140698417532928, "type": "region", "version": 1 }, "end_va": 140698417541119, "entry_point": 0, "filename": null, "id": "region_2796", "name": "private_0x00007ff6e7329000", "norm_filename": null, "region_type": "private_memory", "start_va": 140698417532928, "timestamp": "00:01:09.153", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 53248, "start_va": 140725086584832, "type": "region", "version": 1 }, "end_va": 140725086638079, "entry_point": 140725086605048, "filename": "\\Windows\\System32\\sxssrv.dll", "id": "region_2797", "name": "sxssrv.dll", "norm_filename": "c:\\windows\\system32\\sxssrv.dll", "region_type": "memory_mapped_file", "start_va": 140725086584832, "timestamp": "00:01:09.154", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 996127408128, "type": "region", "version": 1 }, "end_va": 996127473663, "entry_point": 0, "filename": null, "id": "region_3045", "name": "pagefile_0x000000e7edd20000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 996127408128, "timestamp": "00:01:10.426", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 28672, "start_va": 996127473664, "type": "region", "version": 1 }, "end_va": 996127502335, "entry_point": 996127473664, "filename": "\\Windows\\Fonts\\marlett.ttf", "id": "region_3046", "name": "marlett.ttf", "norm_filename": "c:\\windows\\fonts\\marlett.ttf", "region_type": "memory_mapped_file", "start_va": 996127473664, "timestamp": "00:01:10.426", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 98304, "start_va": 996127539200, "type": "region", "version": 1 }, "end_va": 996127637503, "entry_point": 0, "filename": null, "id": "region_3047", "name": "pagefile_0x000000e7edd40000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 996127539200, "timestamp": "00:01:10.427", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 996128849920, "type": "region", "version": 1 }, "end_va": 996128854015, "entry_point": 0, "filename": null, "id": "region_3048", "name": "private_0x000000e7ede80000", "norm_filename": null, "region_type": "private_memory", "start_va": 996128849920, "timestamp": "00:01:10.427", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 996141301760, "type": "region", "version": 1 }, "end_va": 996141563903, "entry_point": 0, "filename": null, "id": "region_3049", "name": "private_0x000000e7eea60000", "norm_filename": null, "region_type": "private_memory", "start_va": 996141301760, "timestamp": "00:01:10.427", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 996141563904, "type": "region", "version": 1 }, "end_va": 996141826047, "entry_point": 0, "filename": null, "id": "region_3050", "name": "private_0x000000e7eeaa0000", "norm_filename": null, "region_type": "private_memory", "start_va": 996141563904, "timestamp": "00:01:10.427", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 996141826048, "type": "region", "version": 1 }, "end_va": 996143431679, "entry_point": 0, "filename": null, "id": "region_3051", "name": "pagefile_0x000000e7eeae0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 996141826048, "timestamp": "00:01:10.427", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 996143464448, "type": "region", "version": 1 }, "end_va": 996143726591, "entry_point": 0, "filename": null, "id": "region_3052", "name": "private_0x000000e7eec70000", "norm_filename": null, "region_type": "private_memory", "start_va": 996143464448, "timestamp": "00:01:10.427", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 996143726592, "type": "region", "version": 1 }, "end_va": 996143988735, "entry_point": 0, "filename": null, "id": "region_3053", "name": "private_0x000000e7eecb0000", "norm_filename": null, "region_type": "private_memory", "start_va": 996143726592, "timestamp": "00:01:10.427", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 996143988736, "type": "region", "version": 1 }, "end_va": 996144250879, "entry_point": 0, "filename": null, "id": "region_3054", "name": "private_0x000000e7eecf0000", "norm_filename": null, "region_type": "private_memory", "start_va": 996143988736, "timestamp": "00:01:10.427", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 843776, "start_va": 996144250880, "type": "region", "version": 1 }, "end_va": 996145094655, "entry_point": 996144250880, "filename": "\\Windows\\Fonts\\segoeui.ttf", "id": "region_3055", "name": "segoeui.ttf", "norm_filename": "c:\\windows\\fonts\\segoeui.ttf", "region_type": "memory_mapped_file", "start_va": 996144250880, "timestamp": "00:01:10.427", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 196608, "start_va": 996145102848, "type": "region", "version": 1 }, "end_va": 996145299455, "entry_point": 0, "filename": null, "id": "region_3056", "name": "pagefile_0x000000e7eee00000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 996145102848, "timestamp": "00:01:10.427", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20971520, "start_va": 996145299456, "type": "region", "version": 1 }, "end_va": 996166270975, "entry_point": 0, "filename": null, "id": "region_3057", "name": "pagefile_0x000000e7eee30000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 996145299456, "timestamp": "00:01:10.428", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140698416308224, "type": "region", "version": 1 }, "end_va": 140698416316415, "entry_point": 0, "filename": null, "id": "region_3058", "name": "private_0x00007ff6e71fe000", "norm_filename": null, "region_type": "private_memory", "start_va": 140698416308224, "timestamp": "00:01:10.428", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140698417508352, "type": "region", "version": 1 }, "end_va": 140698417516543, "entry_point": 0, "filename": null, "id": "region_3059", "name": "private_0x00007ff6e7323000", "norm_filename": null, "region_type": "private_memory", "start_va": 140698417508352, "timestamp": "00:01:10.428", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140698417516544, "type": "region", "version": 1 }, "end_va": 140698417524735, "entry_point": 0, "filename": null, "id": "region_3060", "name": "private_0x00007ff6e7325000", "norm_filename": null, "region_type": "private_memory", "start_va": 140698417516544, "timestamp": "00:01:10.428", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140698417524736, "type": "region", "version": 1 }, "end_va": 140698417532927, "entry_point": 0, "filename": null, "id": "region_3061", "name": "private_0x00007ff6e7327000", "norm_filename": null, "region_type": "private_memory", "start_va": 140698417524736, "timestamp": "00:01:10.428", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 996166270976, "type": "region", "version": 1 }, "end_va": 996166533119, "entry_point": 0, "filename": null, "id": "region_3150", "name": "private_0x000000e7f0230000", "norm_filename": null, "region_type": "private_memory", "start_va": 996166270976, "timestamp": "00:01:10.857", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140698416300032, "type": "region", "version": 1 }, "end_va": 140698416308223, "entry_point": 0, "filename": null, "id": "region_3151", "name": "private_0x00007ff6e71fc000", "norm_filename": null, "region_type": "private_memory", "start_va": 140698416300032, "timestamp": "00:01:10.857", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 996166533120, "type": "region", "version": 1 }, "end_va": 996166795263, "entry_point": 0, "filename": null, "id": "region_3472", "name": "private_0x000000e7f0270000", "norm_filename": null, "region_type": "private_memory", "start_va": 996166533120, "timestamp": "00:01:12.681", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140698416291840, "type": "region", "version": 1 }, "end_va": 140698416300031, "entry_point": 0, "filename": null, "id": "region_3473", "name": "private_0x00007ff6e71fa000", "norm_filename": null, "region_type": "private_memory", "start_va": 140698416291840, "timestamp": "00:01:12.681", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 618496, "start_va": 140725085405184, "type": "region", "version": 1 }, "end_va": 140725086023679, "entry_point": 140725085411516, "filename": "\\Windows\\System32\\sxs.dll", "id": "region_3474", "name": "sxs.dll", "norm_filename": "c:\\windows\\system32\\sxs.dll", "region_type": "memory_mapped_file", "start_va": 140725085405184, "timestamp": "00:01:12.681", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 996166795264, "type": "region", "version": 1 }, "end_va": 996166799359, "entry_point": 0, "filename": null, "id": "region_3475", "name": "private_0x000000e7f02b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 996166795264, "timestamp": "00:01:12.686", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 996166860800, "type": "region", "version": 1 }, "end_va": 996166864895, "entry_point": 0, "filename": null, "id": "region_3476", "name": "private_0x000000e7f02c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 996166860800, "timestamp": "00:01:12.686", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1269760, "start_va": 140725127806976, "type": "region", "version": 1 }, "end_va": 140725129076735, "entry_point": 140725127811408, "filename": "\\Windows\\System32\\rpcrt4.dll", "id": "region_3477", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\system32\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 140725127806976, "timestamp": "00:01:12.699", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 140725085208576, "type": "region", "version": 1 }, "end_va": 140725085249535, "entry_point": 140725085212688, "filename": "\\Windows\\System32\\cryptbase.dll", "id": "region_3478", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\system32\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 140725085208576, "timestamp": "00:01:12.702", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 385024, "start_va": 140725084815360, "type": "region", "version": 1 }, "end_va": 140725085200383, "entry_point": 140725084944032, "filename": "\\Windows\\System32\\bcryptprimitives.dll", "id": "region_3479", "name": "bcryptprimitives.dll", "norm_filename": "c:\\windows\\system32\\bcryptprimitives.dll", "region_type": "memory_mapped_file", "start_va": 140725084815360, "timestamp": "00:01:12.703", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 16384, "start_va": 996166926336, "type": "region", "version": 1 }, "end_va": 996166942719, "entry_point": 0, "filename": null, "id": "region_3480", "name": "pagefile_0x000000e7f02d0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 996166926336, "timestamp": "00:01:12.711", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 996166926336, "type": "region", "version": 1 }, "end_va": 996167188479, "entry_point": 0, "filename": null, "id": "region_3481", "name": "private_0x000000e7f02d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 996166926336, "timestamp": "00:01:12.714", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140698416283648, "type": "region", "version": 1 }, "end_va": 140698416291839, "entry_point": 0, "filename": null, "id": "region_3482", "name": "private_0x00007ff6e71f8000", "norm_filename": null, "region_type": "private_memory", "start_va": 140698416283648, "timestamp": "00:01:12.714", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 16384, "start_va": 996167188480, "type": "region", "version": 1 }, "end_va": 996167204863, "entry_point": 0, "filename": null, "id": "region_3483", "name": "pagefile_0x000000e7f0310000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 996167188480, "timestamp": "00:01:12.733", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 996167188480, "type": "region", "version": 1 }, "end_va": 996167200767, "entry_point": 0, "filename": null, "id": "region_3504", "name": "pagefile_0x000000e7f0310000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 996167188480, "timestamp": "00:01:12.756", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 996167188480, "type": "region", "version": 1 }, "end_va": 996167254015, "entry_point": 0, "filename": null, "id": "region_3564", "name": "pagefile_0x000000e7f0310000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 996167188480, "timestamp": "00:01:12.938", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 996167254016, "type": "region", "version": 1 }, "end_va": 996167319551, "entry_point": 0, "filename": null, "id": "region_3565", "name": "pagefile_0x000000e7f0320000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 996167254016, "timestamp": "00:01:12.938", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 996167319552, "type": "region", "version": 1 }, "end_va": 996167331839, "entry_point": 0, "filename": null, "id": "region_3566", "name": "pagefile_0x000000e7f0330000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 996167319552, "timestamp": "00:01:12.943", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 996167319552, "type": "region", "version": 1 }, "end_va": 996167327743, "entry_point": 0, "filename": null, "id": "region_3574", "name": "pagefile_0x000000e7f0330000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 996167319552, "timestamp": "00:01:13.080", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 996167319552, "type": "region", "version": 1 }, "end_va": 996167323647, "entry_point": 996167319552, "filename": "\\Windows\\WindowsShell.Manifest", "id": "region_3578", "name": "windowsshell.manifest", "norm_filename": "c:\\windows\\windowsshell.manifest", "region_type": "memory_mapped_file", "start_va": 996167319552, "timestamp": "00:01:13.134", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 996167385088, "type": "region", "version": 1 }, "end_va": 996167393279, "entry_point": 0, "filename": null, "id": "region_3579", "name": "pagefile_0x000000e7f0340000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 996167385088, "timestamp": "00:01:13.146", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 996135796736, "type": "region", "version": 1 }, "end_va": 996135800831, "entry_point": 0, "filename": null, "id": "region_4172", "name": "pagefile_0x000000e7ee520000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 996135796736, "timestamp": "00:01:17.551", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 996135796736, "type": "region", "version": 1 }, "end_va": 996135809023, "entry_point": 0, "filename": null, "id": "region_4220", "name": "pagefile_0x000000e7ee520000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 996135796736, "timestamp": "00:01:17.820", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 16384, "start_va": 996135796736, "type": "region", "version": 1 }, "end_va": 996135813119, "entry_point": 0, "filename": null, "id": "region_4655", "name": "pagefile_0x000000e7ee520000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 996135796736, "timestamp": "00:01:20.944", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 996135796736, "type": "region", "version": 1 }, "end_va": 996135862271, "entry_point": 0, "filename": null, "id": "region_4819", "name": "pagefile_0x000000e7ee520000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 996135796736, "timestamp": "00:01:21.371", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 996135862272, "type": "region", "version": 1 }, "end_va": 996135874559, "entry_point": 0, "filename": null, "id": "region_4820", "name": "pagefile_0x000000e7ee530000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 996135862272, "timestamp": "00:01:21.371", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 996135862272, "type": "region", "version": 1 }, "end_va": 996135927807, "entry_point": 0, "filename": null, "id": "region_5074", "name": "pagefile_0x000000e7ee530000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 996135862272, "timestamp": "00:01:22.073", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 996135927808, "type": "region", "version": 1 }, "end_va": 996135993343, "entry_point": 0, "filename": null, "id": "region_5075", "name": "pagefile_0x000000e7ee540000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 996135927808, "timestamp": "00:01:22.073", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 996135993344, "type": "region", "version": 1 }, "end_va": 996136058879, "entry_point": 0, "filename": null, "id": "region_5076", "name": "pagefile_0x000000e7ee550000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 996135993344, "timestamp": "00:01:22.073", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 996136058880, "type": "region", "version": 1 }, "end_va": 996136071167, "entry_point": 0, "filename": null, "id": "region_5077", "name": "pagefile_0x000000e7ee560000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 996136058880, "timestamp": "00:01:22.073", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 996136058880, "type": "region", "version": 1 }, "end_va": 996136062975, "entry_point": 0, "filename": null, "id": "region_5180", "name": "pagefile_0x000000e7ee560000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 996136058880, "timestamp": "00:01:22.760", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 233472, "start_va": 996136124416, "type": "region", "version": 1 }, "end_va": 996136357887, "entry_point": 0, "filename": null, "id": "region_5181", "name": "pagefile_0x000000e7ee570000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 996136124416, "timestamp": "00:01:22.760", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 996136386560, "type": "region", "version": 1 }, "end_va": 996136398847, "entry_point": 0, "filename": null, "id": "region_5182", "name": "pagefile_0x000000e7ee5b0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 996136386560, "timestamp": "00:01:22.760", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 5185536, "start_va": 996167319552, "type": "region", "version": 1 }, "end_va": 996172505087, "entry_point": 0, "filename": null, "id": "region_5356", "name": "pagefile_0x000000e7f0330000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 996167319552, "timestamp": "00:01:24.199", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 996136386560, "type": "region", "version": 1 }, "end_va": 996136394751, "entry_point": 0, "filename": null, "id": "region_5476", "name": "pagefile_0x000000e7ee5b0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 996136386560, "timestamp": "00:01:24.961", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 996136386560, "type": "region", "version": 1 }, "end_va": 996136452095, "entry_point": 0, "filename": null, "id": "region_5838", "name": "pagefile_0x000000e7ee5b0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 996136386560, "timestamp": "00:01:26.471", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 996136452096, "type": "region", "version": 1 }, "end_va": 996136517631, "entry_point": 0, "filename": null, "id": "region_5839", "name": "pagefile_0x000000e7ee5c0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 996136452096, "timestamp": "00:01:26.471", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 996136517632, "type": "region", "version": 1 }, "end_va": 996136529919, "entry_point": 0, "filename": null, "id": "region_5840", "name": "pagefile_0x000000e7ee5d0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 996136517632, "timestamp": "00:01:26.478", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 996136517632, "type": "region", "version": 1 }, "end_va": 996136525823, "entry_point": 0, "filename": null, "id": "region_6147", "name": "pagefile_0x000000e7ee5d0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 996136517632, "timestamp": "00:01:31.565", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 996136583168, "type": "region", "version": 1 }, "end_va": 996136648703, "entry_point": 0, "filename": null, "id": "region_6148", "name": "pagefile_0x000000e7ee5e0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 996136583168, "timestamp": "00:01:31.565", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 996136648704, "type": "region", "version": 1 }, "end_va": 996136714239, "entry_point": 0, "filename": null, "id": "region_6149", "name": "pagefile_0x000000e7ee5f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 996136648704, "timestamp": "00:01:31.565", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 996136714240, "type": "region", "version": 1 }, "end_va": 996136718335, "entry_point": 0, "filename": null, "id": "region_6150", "name": "pagefile_0x000000e7ee600000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 996136714240, "timestamp": "00:01:31.565", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 996136517632, "type": "region", "version": 1 }, "end_va": 996136583167, "entry_point": 0, "filename": null, "id": "region_7025", "name": "pagefile_0x000000e7ee5d0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 996136517632, "timestamp": "00:01:37.357", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 996136779776, "type": "region", "version": 1 }, "end_va": 996136792063, "entry_point": 0, "filename": null, "id": "region_7026", "name": "pagefile_0x000000e7ee610000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 996136779776, "timestamp": "00:01:37.357", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 996135993344, "type": "region", "version": 1 }, "end_va": 996136005631, "entry_point": 0, "filename": null, "id": "region_7104", "name": "pagefile_0x000000e7ee550000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 996135993344, "timestamp": "00:01:37.923", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 996136779776, "type": "region", "version": 1 }, "end_va": 996136845311, "entry_point": 0, "filename": null, "id": "region_7105", "name": "pagefile_0x000000e7ee610000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 996136779776, "timestamp": "00:01:37.923", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 996135993344, "type": "region", "version": 1 }, "end_va": 996136001535, "entry_point": 0, "filename": null, "id": "region_7404", "name": "pagefile_0x000000e7ee550000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 996135993344, "timestamp": "00:01:40.314", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 996136648704, "type": "region", "version": 1 }, "end_va": 996136660991, "entry_point": 0, "filename": null, "id": "region_7742", "name": "pagefile_0x000000e7ee5f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 996136648704, "timestamp": "00:01:43.061", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 996136648704, "type": "region", "version": 1 }, "end_va": 996136656895, "entry_point": 0, "filename": null, "id": "region_7773", "name": "pagefile_0x000000e7ee5f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 996136648704, "timestamp": "00:01:43.425", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 667648, "start_va": 996136779776, "type": "region", "version": 1 }, "end_va": 996137447423, "entry_point": 996136779776, "filename": "\\Windows\\Fonts\\micross.ttf", "id": "region_8063", "name": "micross.ttf", "norm_filename": "c:\\windows\\fonts\\micross.ttf", "region_type": "memory_mapped_file", "start_va": 996136779776, "timestamp": "00:01:53.958", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 856064, "start_va": 996137500672, "type": "region", "version": 1 }, "end_va": 996138356735, "entry_point": 996137500672, "filename": "\\Windows\\Fonts\\arialbd.ttf", "id": "region_8064", "name": "arialbd.ttf", "norm_filename": "c:\\windows\\fonts\\arialbd.ttf", "region_type": "memory_mapped_file", "start_va": 996137500672, "timestamp": "00:01:54.049", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 851968, "start_va": 996138418176, "type": "region", "version": 1 }, "end_va": 996139270143, "entry_point": 996138418176, "filename": "\\Windows\\Fonts\\calibrib.ttf", "id": "region_8065", "name": "calibrib.ttf", "norm_filename": "c:\\windows\\fonts\\calibrib.ttf", "region_type": "memory_mapped_file", "start_va": 996138418176, "timestamp": "00:01:54.070", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 151552, "start_va": 996139597824, "type": "region", "version": 1 }, "end_va": 996139749375, "entry_point": 0, "filename": null, "id": "region_8066", "name": "pagefile_0x000000e7ee8c0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 996139597824, "timestamp": "00:01:54.070", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 2195456, "start_va": 996172562432, "type": "region", "version": 1 }, "end_va": 996174757887, "entry_point": 0, "filename": null, "id": "region_8067", "name": "pagefile_0x000000e7f0830000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 996172562432, "timestamp": "00:01:54.071", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 151552, "start_va": 996136452096, "type": "region", "version": 1 }, "end_va": 996136603647, "entry_point": 0, "filename": null, "id": "region_10846", "name": "pagefile_0x000000e7ee5c0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 996136452096, "timestamp": "00:03:29.912", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 996139270144, "type": "region", "version": 1 }, "end_va": 996139532287, "entry_point": 0, "filename": null, "id": "region_10847", "name": "private_0x000000e7ee870000", "norm_filename": null, "region_type": "private_memory", "start_va": 996139270144, "timestamp": "00:03:29.912", "type": "region", "version": 1 } ], "terminate_reason": "timeout", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "winlogon.exe", "filename": "c:\\windows\\system32\\winlogon.exe", "id": "proc_38", "image_name": "winlogon.exe", "monitor_reason": "child_process", "monitored_id": 38, "origin_monitor_id": 35, "ref_parent_process": { "ref_id": "proc_35", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable" ], "ref_process_dump": null, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_2798", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:01:09.183", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 131072, "start_va": 921227165696, "type": "region", "version": 1 }, "end_va": 921227296767, "entry_point": 0, "filename": null, "id": "region_2799", "name": "private_0x000000d67d6b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 921227165696, "timestamp": "00:01:09.183", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 61440, "start_va": 921227296768, "type": "region", "version": 1 }, "end_va": 921227358207, "entry_point": 0, "filename": null, "id": "region_2800", "name": "pagefile_0x000000d67d6d0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 921227296768, "timestamp": "00:01:09.183", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 921227362304, "type": "region", "version": 1 }, "end_va": 921227886591, "entry_point": 0, "filename": null, "id": "region_2801", "name": "private_0x000000d67d6e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 921227362304, "timestamp": "00:01:09.183", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 140701213655040, "type": "region", "version": 1 }, "end_va": 140701213798399, "entry_point": 0, "filename": null, "id": "region_2802", "name": "pagefile_0x00007ff78ddc0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 140701213655040, "timestamp": "00:01:09.183", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 140701213798400, "type": "region", "version": 1 }, "end_va": 140701213802495, "entry_point": 0, "filename": null, "id": "region_2803", "name": "private_0x00007ff78dde3000", "norm_filename": null, "region_type": "private_memory", "start_va": 140701213798400, "timestamp": "00:01:09.183", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140701213843456, "type": "region", "version": 1 }, "end_va": 140701213851647, "entry_point": 0, "filename": null, "id": "region_2804", "name": "private_0x00007ff78ddee000", "norm_filename": null, "region_type": "private_memory", "start_va": 140701213843456, "timestamp": "00:01:09.183", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 589824, "start_va": 140701217587200, "type": "region", "version": 1 }, "end_va": 140701218177023, "entry_point": 140701217587200, "filename": "\\Windows\\System32\\winlogon.exe", "id": "region_2805", "name": "winlogon.exe", "norm_filename": "c:\\windows\\system32\\winlogon.exe", "region_type": "memory_mapped_file", "start_va": 140701217587200, "timestamp": "00:01:09.183", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 140725133115392, "type": "region", "version": 1 }, "end_va": 140725134856191, "entry_point": 140725133115392, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_2806", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 140725133115392, "timestamp": "00:01:09.190", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 921229721600, "type": "region", "version": 1 }, "end_va": 921230770175, "entry_point": 0, "filename": null, "id": "region_2816", "name": "private_0x000000d67d920000", "norm_filename": null, "region_type": "private_memory", "start_va": 921229721600, "timestamp": "00:01:09.247", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1105920, "start_va": 140725090648064, "type": "region", "version": 1 }, "end_va": 140725091753983, "entry_point": 140725090656928, "filename": "\\Windows\\System32\\KernelBase.dll", "id": "region_2817", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\system32\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 140725090648064, "timestamp": "00:01:09.247", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1282048, "start_va": 140725124988928, "type": "region", "version": 1 }, "end_va": 140725126270975, "entry_point": 140725125009460, "filename": "\\Windows\\System32\\kernel32.dll", "id": "region_2818", "name": "kernel32.dll", "norm_filename": "c:\\windows\\system32\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 140725124988928, "timestamp": "00:01:09.247", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 921227165696, "type": "region", "version": 1 }, "end_va": 921227231231, "entry_point": 0, "filename": null, "id": "region_2819", "name": "pagefile_0x000000d67d6b0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 921227165696, "timestamp": "00:01:09.249", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 140701212606464, "type": "region", "version": 1 }, "end_va": 140701213655039, "entry_point": 0, "filename": null, "id": "region_2820", "name": "pagefile_0x00007ff78dcc0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 140701212606464, "timestamp": "00:01:09.249", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 516096, "start_va": 921227886592, "type": "region", "version": 1 }, "end_va": 921228402687, "entry_point": 921227886592, "filename": "\\Windows\\System32\\locale.nls", "id": "region_2821", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 921227886592, "timestamp": "00:01:09.251", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 684032, "start_va": 140725098577920, "type": "region", "version": 1 }, "end_va": 140725099261951, "entry_point": 140725098588204, "filename": "\\Windows\\System32\\msvcrt.dll", "id": "region_2822", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\system32\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 140725098577920, "timestamp": "00:01:09.251", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 675840, "start_va": 140725126299648, "type": "region", "version": 1 }, "end_va": 140725126975487, "entry_point": 140725126299648, "filename": "\\Windows\\System32\\advapi32.dll", "id": "region_2823", "name": "advapi32.dll", "norm_filename": "c:\\windows\\system32\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 140725126299648, "timestamp": "00:01:09.253", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 356352, "start_va": 140725098184704, "type": "region", "version": 1 }, "end_va": 140725098541055, "entry_point": 140725098194176, "filename": "\\Windows\\System32\\sechost.dll", "id": "region_2824", "name": "sechost.dll", "norm_filename": "c:\\windows\\system32\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 140725098184704, "timestamp": "00:01:09.308", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 282624, "start_va": 140725086126080, "type": "region", "version": 1 }, "end_va": 140725086408703, "entry_point": 140725086126080, "filename": "\\Windows\\System32\\powrprof.dll", "id": "region_2826", "name": "powrprof.dll", "norm_filename": "c:\\windows\\system32\\powrprof.dll", "region_type": "memory_mapped_file", "start_va": 140725086126080, "timestamp": "00:01:09.318", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1269760, "start_va": 140725127806976, "type": "region", "version": 1 }, "end_va": 140725129076735, "entry_point": 140725127811408, "filename": "\\Windows\\System32\\rpcrt4.dll", "id": "region_2827", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\system32\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 140725127806976, "timestamp": "00:01:09.323", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 28672, "start_va": 921227231232, "type": "region", "version": 1 }, "end_va": 921227259903, "entry_point": 0, "filename": null, "id": "region_2828", "name": "private_0x000000d67d6c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 921227231232, "timestamp": "00:01:09.324", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1703936, "start_va": 921230770176, "type": "region", "version": 1 }, "end_va": 921232474111, "entry_point": 0, "filename": null, "id": "region_2830", "name": "private_0x000000d67da20000", "norm_filename": null, "region_type": "private_memory", "start_va": 921230770176, "timestamp": "00:01:09.339", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 28672, "start_va": 921228410880, "type": "region", "version": 1 }, "end_va": 921228439551, "entry_point": 0, "filename": null, "id": "region_2832", "name": "private_0x000000d67d7e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 921228410880, "timestamp": "00:01:09.341", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 98304, "start_va": 140725085274112, "type": "region", "version": 1 }, "end_va": 140725085372415, "entry_point": 140725085274112, "filename": "\\Windows\\System32\\winlogonext.dll", "id": "region_2944", "name": "winlogonext.dll", "norm_filename": "c:\\windows\\system32\\winlogonext.dll", "region_type": "memory_mapped_file", "start_va": 140725085274112, "timestamp": "00:01:09.891", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1511424, "start_va": 140725093466112, "type": "region", "version": 1 }, "end_va": 140725094977535, "entry_point": 140725093620416, "filename": "\\Windows\\System32\\user32.dll", "id": "region_2969", "name": "user32.dll", "norm_filename": "c:\\windows\\system32\\user32.dll", "region_type": "memory_mapped_file", "start_va": 140725093466112, "timestamp": "00:01:09.992", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1331200, "start_va": 140725129773056, "type": "region", "version": 1 }, "end_va": 140725131104255, "entry_point": 140725129845848, "filename": "\\Windows\\System32\\gdi32.dll", "id": "region_2980", "name": "gdi32.dll", "norm_filename": "c:\\windows\\system32\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 140725129773056, "timestamp": "00:01:10.035", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 212992, "start_va": 921228476416, "type": "region", "version": 1 }, "end_va": 921228689407, "entry_point": 921228476416, "filename": "\\Windows\\System32\\imm32.dll", "id": "region_2992", "name": "imm32.dll", "norm_filename": "c:\\windows\\system32\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 921228476416, "timestamp": "00:01:10.085", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 921230770176, "type": "region", "version": 1 }, "end_va": 921232375807, "entry_point": 0, "filename": null, "id": "region_2993", "name": "pagefile_0x000000d67da20000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 921230770176, "timestamp": "00:01:10.090", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 921232408576, "type": "region", "version": 1 }, "end_va": 921232474111, "entry_point": 0, "filename": null, "id": "region_2994", "name": "private_0x000000d67dbb0000", "norm_filename": null, "region_type": "private_memory", "start_va": 921232408576, "timestamp": "00:01:10.090", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 212992, "start_va": 140725095563264, "type": "region", "version": 1 }, "end_va": 140725095776255, "entry_point": 140725095567408, "filename": "\\Windows\\System32\\imm32.dll", "id": "region_2995", "name": "imm32.dll", "norm_filename": "c:\\windows\\system32\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 140725095563264, "timestamp": "00:01:10.091", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1277952, "start_va": 140725091762176, "type": "region", "version": 1 }, "end_va": 140725093040127, "entry_point": 140725091762176, "filename": "\\Windows\\System32\\msctf.dll", "id": "region_2996", "name": "msctf.dll", "norm_filename": "c:\\windows\\system32\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 140725091762176, "timestamp": "00:01:10.093", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 921232474112, "type": "region", "version": 1 }, "end_va": 921234051071, "entry_point": 0, "filename": null, "id": "region_2997", "name": "pagefile_0x000000d67dbc0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 921232474112, "timestamp": "00:01:10.101", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 12288, "start_va": 921228476416, "type": "region", "version": 1 }, "end_va": 921228488703, "entry_point": 0, "filename": null, "id": "region_2998", "name": "pagefile_0x000000d67d7f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 921228476416, "timestamp": "00:01:10.107", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 921228541952, "type": "region", "version": 1 }, "end_va": 921228546047, "entry_point": 0, "filename": null, "id": "region_2999", "name": "pagefile_0x000000d67d800000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 921228541952, "timestamp": "00:01:10.107", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 921228607488, "type": "region", "version": 1 }, "end_va": 921228611583, "entry_point": 0, "filename": null, "id": "region_3000", "name": "private_0x000000d67d810000", "norm_filename": null, "region_type": "private_memory", "start_va": 921228607488, "timestamp": "00:01:10.107", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 921228673024, "type": "region", "version": 1 }, "end_va": 921228677119, "entry_point": 0, "filename": null, "id": "region_3001", "name": "private_0x000000d67d820000", "norm_filename": null, "region_type": "private_memory", "start_va": 921228673024, "timestamp": "00:01:10.108", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4169728, "start_va": 921234112512, "type": "region", "version": 1 }, "end_va": 921238282239, "entry_point": 0, "filename": null, "id": "region_3002", "name": "pagefile_0x000000d67dd50000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 921234112512, "timestamp": "00:01:10.108", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 81920, "start_va": 140725086453760, "type": "region", "version": 1 }, "end_va": 140725086535679, "entry_point": 140725086468812, "filename": "\\Windows\\System32\\profapi.dll", "id": "region_3003", "name": "profapi.dll", "norm_filename": "c:\\windows\\system32\\profapi.dll", "region_type": "memory_mapped_file", "start_va": 140725086453760, "timestamp": "00:01:10.108", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 921228738560, "type": "region", "version": 1 }, "end_va": 921229262847, "entry_point": 0, "filename": null, "id": "region_3004", "name": "private_0x000000d67d830000", "norm_filename": null, "region_type": "private_memory", "start_va": 921228738560, "timestamp": "00:01:10.114", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140701213835264, "type": "region", "version": 1 }, "end_va": 140701213843455, "entry_point": 0, "filename": null, "id": "region_3005", "name": "private_0x00007ff78ddec000", "norm_filename": null, "region_type": "private_memory", "start_va": 140701213835264, "timestamp": "00:01:10.114", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 921238306816, "type": "region", "version": 1 }, "end_va": 921238831103, "entry_point": 0, "filename": null, "id": "region_3007", "name": "private_0x000000d67e150000", "norm_filename": null, "region_type": "private_memory", "start_va": 921238306816, "timestamp": "00:01:10.122", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140701213827072, "type": "region", "version": 1 }, "end_va": 140701213835263, "entry_point": 0, "filename": null, "id": "region_3008", "name": "private_0x00007ff78ddea000", "norm_filename": null, "region_type": "private_memory", "start_va": 140701213827072, "timestamp": "00:01:10.122", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 16384, "start_va": 140725081538560, "type": "region", "version": 1 }, "end_va": 140725081554943, "entry_point": 140725081538560, "filename": "\\Windows\\System32\\KBDUS.DLL", "id": "region_3009", "name": "kbdus.dll", "norm_filename": "c:\\windows\\system32\\kbdus.dll", "region_type": "memory_mapped_file", "start_va": 140725081538560, "timestamp": "00:01:10.122", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 921229262848, "type": "region", "version": 1 }, "end_va": 921229266943, "entry_point": 0, "filename": null, "id": "region_3010", "name": "private_0x000000d67d8b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 921229262848, "timestamp": "00:01:10.123", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 9596928, "start_va": 921238831104, "type": "region", "version": 1 }, "end_va": 921248428031, "entry_point": 921238831104, "filename": "\\Windows\\Fonts\\malgun.ttf", "id": "region_3011", "name": "malgun.ttf", "norm_filename": "c:\\windows\\fonts\\malgun.ttf", "region_type": "memory_mapped_file", "start_va": 921238831104, "timestamp": "00:01:10.128", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 21635072, "start_va": 921238831104, "type": "region", "version": 1 }, "end_va": 921260466175, "entry_point": 921238831104, "filename": "\\Windows\\Fonts\\msyh.ttc", "id": "region_3012", "name": "msyh.ttc", "norm_filename": "c:\\windows\\fonts\\msyh.ttc", "region_type": "memory_mapped_file", "start_va": 921238831104, "timestamp": "00:01:10.136", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16265216, "start_va": 921238831104, "type": "region", "version": 1 }, "end_va": 921255096319, "entry_point": 921238831104, "filename": "\\Windows\\Fonts\\batang.ttc", "id": "region_3013", "name": "batang.ttc", "norm_filename": "c:\\windows\\fonts\\batang.ttc", "region_type": "memory_mapped_file", "start_va": 921238831104, "timestamp": "00:01:10.139", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8921088, "start_va": 921238831104, "type": "region", "version": 1 }, "end_va": 921247752191, "entry_point": 921238831104, "filename": "\\Windows\\Fonts\\malgunbd.ttf", "id": "region_3014", "name": "malgunbd.ttf", "norm_filename": "c:\\windows\\fonts\\malgunbd.ttf", "region_type": "memory_mapped_file", "start_va": 921238831104, "timestamp": "00:01:10.144", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 835584, "start_va": 921238831104, "type": "region", "version": 1 }, "end_va": 921239666687, "entry_point": 921238831104, "filename": "\\Windows\\Fonts\\segoeuib.ttf", "id": "region_3015", "name": "segoeuib.ttf", "norm_filename": "c:\\windows\\fonts\\segoeuib.ttf", "region_type": "memory_mapped_file", "start_va": 921238831104, "timestamp": "00:01:10.146", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 10084352, "start_va": 921238831104, "type": "region", "version": 1 }, "end_va": 921248915455, "entry_point": 921238831104, "filename": "\\Windows\\Fonts\\msmincho.ttc", "id": "region_3016", "name": "msmincho.ttc", "norm_filename": "c:\\windows\\fonts\\msmincho.ttc", "region_type": "memory_mapped_file", "start_va": 921238831104, "timestamp": "00:01:10.150", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 843776, "start_va": 921238831104, "type": "region", "version": 1 }, "end_va": 921239674879, "entry_point": 921238831104, "filename": "\\Windows\\Fonts\\segoeui.ttf", "id": "region_3017", "name": "segoeui.ttf", "norm_filename": "c:\\windows\\fonts\\segoeui.ttf", "region_type": "memory_mapped_file", "start_va": 921238831104, "timestamp": "00:01:10.154", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 749568, "start_va": 921238831104, "type": "region", "version": 1 }, "end_va": 921239580671, "entry_point": 921238831104, "filename": "\\Windows\\Fonts\\tahoma.ttf", "id": "region_3018", "name": "tahoma.ttf", "norm_filename": "c:\\windows\\fonts\\tahoma.ttf", "region_type": "memory_mapped_file", "start_va": 921238831104, "timestamp": "00:01:10.161", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 18259968, "start_va": 921238831104, "type": "region", "version": 1 }, "end_va": 921257091071, "entry_point": 921238831104, "filename": "\\Windows\\Fonts\\simsun.ttc", "id": "region_3019", "name": "simsun.ttc", "norm_filename": "c:\\windows\\fonts\\simsun.ttc", "region_type": "memory_mapped_file", "start_va": 921238831104, "timestamp": "00:01:10.162", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 9744384, "start_va": 921238831104, "type": "region", "version": 1 }, "end_va": 921248575487, "entry_point": 921238831104, "filename": "\\Windows\\Fonts\\meiryob.ttc", "id": "region_3020", "name": "meiryob.ttc", "norm_filename": "c:\\windows\\fonts\\meiryob.ttc", "region_type": "memory_mapped_file", "start_va": 921238831104, "timestamp": "00:01:10.164", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 9211904, "start_va": 921238831104, "type": "region", "version": 1 }, "end_va": 921248043007, "entry_point": 921238831104, "filename": "\\Windows\\Fonts\\msgothic.ttc", "id": "region_3021", "name": "msgothic.ttc", "norm_filename": "c:\\windows\\fonts\\msgothic.ttc", "region_type": "memory_mapped_file", "start_va": 921238831104, "timestamp": "00:01:10.170", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 13524992, "start_va": 921238831104, "type": "region", "version": 1 }, "end_va": 921252356095, "entry_point": 921238831104, "filename": "\\Windows\\Fonts\\gulim.ttc", "id": "region_3022", "name": "gulim.ttc", "norm_filename": "c:\\windows\\fonts\\gulim.ttc", "region_type": "memory_mapped_file", "start_va": 921238831104, "timestamp": "00:01:10.171", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 14438400, "start_va": 921238831104, "type": "region", "version": 1 }, "end_va": 921253269503, "entry_point": 921238831104, "filename": "\\Windows\\Fonts\\msjhbd.ttc", "id": "region_3023", "name": "msjhbd.ttc", "norm_filename": "c:\\windows\\fonts\\msjhbd.ttc", "region_type": "memory_mapped_file", "start_va": 921238831104, "timestamp": "00:01:10.178", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 14462976, "start_va": 921238831104, "type": "region", "version": 1 }, "end_va": 921253294079, "entry_point": 921238831104, "filename": "\\Windows\\Fonts\\msyhbd.ttc", "id": "region_3024", "name": "msyhbd.ttc", "norm_filename": "c:\\windows\\fonts\\msyhbd.ttc", "region_type": "memory_mapped_file", "start_va": 921238831104, "timestamp": "00:01:10.181", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 667648, "start_va": 921238831104, "type": "region", "version": 1 }, "end_va": 921239498751, "entry_point": 921238831104, "filename": "\\Windows\\Fonts\\micross.ttf", "id": "region_3025", "name": "micross.ttf", "norm_filename": "c:\\windows\\fonts\\micross.ttf", "region_type": "memory_mapped_file", "start_va": 921238831104, "timestamp": "00:01:10.183", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 27508736, "start_va": 921238831104, "type": "region", "version": 1 }, "end_va": 921266339839, "entry_point": 921238831104, "filename": "\\Windows\\Fonts\\mingliu.ttc", "id": "region_3026", "name": "mingliu.ttc", "norm_filename": "c:\\windows\\fonts\\mingliu.ttc", "region_type": "memory_mapped_file", "start_va": 921238831104, "timestamp": "00:01:10.185", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 21483520, "start_va": 921238831104, "type": "region", "version": 1 }, "end_va": 921260314623, "entry_point": 921238831104, "filename": "\\Windows\\Fonts\\msjh.ttc", "id": "region_3027", "name": "msjh.ttc", "norm_filename": "c:\\windows\\fonts\\msjh.ttc", "region_type": "memory_mapped_file", "start_va": 921238831104, "timestamp": "00:01:10.188", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 9527296, "start_va": 921238831104, "type": "region", "version": 1 }, "end_va": 921248358399, "entry_point": 921238831104, "filename": "\\Windows\\Fonts\\meiryo.ttc", "id": "region_3028", "name": "meiryo.ttc", "norm_filename": "c:\\windows\\fonts\\meiryo.ttc", "region_type": "memory_mapped_file", "start_va": 921238831104, "timestamp": "00:01:10.191", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20480, "start_va": 921229328384, "type": "region", "version": 1 }, "end_va": 921229348863, "entry_point": 921229328384, "filename": "\\Windows\\System32\\en-US\\user32.dll.mui", "id": "region_3029", "name": "user32.dll.mui", "norm_filename": "c:\\windows\\system32\\en-us\\user32.dll.mui", "region_type": "memory_mapped_file", "start_va": 921229328384, "timestamp": "00:01:10.258", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 196608, "start_va": 921229393920, "type": "region", "version": 1 }, "end_va": 921229590527, "entry_point": 0, "filename": null, "id": "region_3062", "name": "pagefile_0x000000d67d8d0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 921229393920, "timestamp": "00:01:10.430", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 16384, "start_va": 140725079310336, "type": "region", "version": 1 }, "end_va": 140725079326719, "entry_point": 140725079310336, "filename": "\\Windows\\System32\\KBDUS.DLL", "id": "region_3063", "name": "kbdus.dll", "norm_filename": "c:\\windows\\system32\\kbdus.dll", "region_type": "memory_mapped_file", "start_va": 140725079310336, "timestamp": "00:01:10.430", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20480, "start_va": 921229262848, "type": "region", "version": 1 }, "end_va": 921229283327, "entry_point": 921229262848, "filename": "\\Windows\\System32\\en-US\\user32.dll.mui", "id": "region_3066", "name": "user32.dll.mui", "norm_filename": "c:\\windows\\system32\\en-us\\user32.dll.mui", "region_type": "memory_mapped_file", "start_va": 921229262848, "timestamp": "00:01:10.440", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 32768, "start_va": 921229328384, "type": "region", "version": 1 }, "end_va": 921229361151, "entry_point": 921229328384, "filename": "\\Windows\\Cursors\\aero_arrow.cur", "id": "region_3067", "name": "aero_arrow.cur", "norm_filename": "c:\\windows\\cursors\\aero_arrow.cur", "region_type": "memory_mapped_file", "start_va": 921229328384, "timestamp": "00:01:10.441", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 557056, "start_va": 921234112512, "type": "region", "version": 1 }, "end_va": 921234669567, "entry_point": 921234112512, "filename": "\\Windows\\Cursors\\aero_busy.ani", "id": "region_3068", "name": "aero_busy.ani", "norm_filename": "c:\\windows\\cursors\\aero_busy.ani", "region_type": "memory_mapped_file", "start_va": 921234112512, "timestamp": "00:01:10.443", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 32768, "start_va": 921229328384, "type": "region", "version": 1 }, "end_va": 921229361151, "entry_point": 921229328384, "filename": "\\Windows\\Cursors\\aero_up.cur", "id": "region_3069", "name": "aero_up.cur", "norm_filename": "c:\\windows\\cursors\\aero_up.cur", "region_type": "memory_mapped_file", "start_va": 921229328384, "timestamp": "00:01:10.451", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 557056, "start_va": 921234112512, "type": "region", "version": 1 }, "end_va": 921234669567, "entry_point": 921234112512, "filename": "\\Windows\\Cursors\\aero_working.ani", "id": "region_3070", "name": "aero_working.ani", "norm_filename": "c:\\windows\\cursors\\aero_working.ani", "region_type": "memory_mapped_file", "start_va": 921234112512, "timestamp": "00:01:10.457", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 32768, "start_va": 921229328384, "type": "region", "version": 1 }, "end_va": 921229361151, "entry_point": 921229328384, "filename": "\\Windows\\Cursors\\aero_helpsel.cur", "id": "region_3071", "name": "aero_helpsel.cur", "norm_filename": "c:\\windows\\cursors\\aero_helpsel.cur", "region_type": "memory_mapped_file", "start_va": 921229328384, "timestamp": "00:01:10.464", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 921229328384, "type": "region", "version": 1 }, "end_va": 921229332479, "entry_point": 0, "filename": null, "id": "region_3072", "name": "private_0x000000d67d8c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 921229328384, "timestamp": "00:01:10.472", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 356352, "start_va": 140725078982656, "type": "region", "version": 1 }, "end_va": 140725079339007, "entry_point": 140725078982656, "filename": "\\Windows\\System32\\winsta.dll", "id": "region_3073", "name": "winsta.dll", "norm_filename": "c:\\windows\\system32\\winsta.dll", "region_type": "memory_mapped_file", "start_va": 140725078982656, "timestamp": "00:01:10.476", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 90112, "start_va": 140725068300288, "type": "region", "version": 1 }, "end_va": 140725068390399, "entry_point": 140725068300288, "filename": "\\Windows\\System32\\UXInit.dll", "id": "region_3435", "name": "uxinit.dll", "norm_filename": "c:\\windows\\system32\\uxinit.dll", "region_type": "memory_mapped_file", "start_va": 140725068300288, "timestamp": "00:01:12.453", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 921229328384, "type": "region", "version": 1 }, "end_va": 921229332479, "entry_point": 0, "filename": null, "id": "region_3436", "name": "pagefile_0x000000d67d8c0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 921229328384, "timestamp": "00:01:12.467", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1187840, "start_va": 140725066858496, "type": "region", "version": 1 }, "end_va": 140725068046335, "entry_point": 140725066858496, "filename": "\\Windows\\System32\\uxtheme.dll", "id": "region_3438", "name": "uxtheme.dll", "norm_filename": "c:\\windows\\system32\\uxtheme.dll", "region_type": "memory_mapped_file", "start_va": 140725066858496, "timestamp": "00:01:12.504", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1929216, "start_va": 140725131149312, "type": "region", "version": 1 }, "end_va": 140725133078527, "entry_point": 140725131157344, "filename": "\\Windows\\System32\\combase.dll", "id": "region_3439", "name": "combase.dll", "norm_filename": "c:\\windows\\system32\\combase.dll", "region_type": "memory_mapped_file", "start_va": 140725131149312, "timestamp": "00:01:12.511", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1638400, "start_va": 921234112512, "type": "region", "version": 1 }, "end_va": 921235750911, "entry_point": 0, "filename": null, "id": "region_3440", "name": "private_0x000000d67dd50000", "norm_filename": null, "region_type": "private_memory", "start_va": 921234112512, "timestamp": "00:01:12.516", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1929216, "start_va": 140725088026624, "type": "region", "version": 1 }, "end_va": 140725089955839, "entry_point": 140725088030884, "filename": "\\Windows\\System32\\crypt32.dll", "id": "region_3441", "name": "crypt32.dll", "norm_filename": "c:\\windows\\system32\\crypt32.dll", "region_type": "memory_mapped_file", "start_va": 140725088026624, "timestamp": "00:01:12.523", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 73728, "start_va": 140725087174656, "type": "region", "version": 1 }, "end_va": 140725087248383, "entry_point": 140725087178996, "filename": "\\Windows\\System32\\msasn1.dll", "id": "region_3442", "name": "msasn1.dll", "norm_filename": "c:\\windows\\system32\\msasn1.dll", "region_type": "memory_mapped_file", "start_va": 140725087174656, "timestamp": "00:01:12.524", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 36864, "start_va": 140725066792960, "type": "region", "version": 1 }, "end_va": 140725066829823, "entry_point": 140725066792960, "filename": "\\Windows\\System32\\dpapi.dll", "id": "region_3443", "name": "dpapi.dll", "norm_filename": "c:\\windows\\system32\\dpapi.dll", "region_type": "memory_mapped_file", "start_va": 140725066792960, "timestamp": "00:01:12.528", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 140725085208576, "type": "region", "version": 1 }, "end_va": 140725085249535, "entry_point": 140725085212688, "filename": "\\Windows\\System32\\cryptbase.dll", "id": "region_3444", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\system32\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 140725085208576, "timestamp": "00:01:12.534", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 385024, "start_va": 140725084815360, "type": "region", "version": 1 }, "end_va": 140725085200383, "entry_point": 140725084944032, "filename": "\\Windows\\System32\\bcryptprimitives.dll", "id": "region_3445", "name": "bcryptprimitives.dll", "norm_filename": "c:\\windows\\system32\\bcryptprimitives.dll", "region_type": "memory_mapped_file", "start_va": 140725084815360, "timestamp": "00:01:12.536", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 245760, "start_va": 921234112512, "type": "region", "version": 1 }, "end_va": 921234358271, "entry_point": 0, "filename": null, "id": "region_3448", "name": "pagefile_0x000000d67dd50000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 921234112512, "timestamp": "00:01:12.562", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 245760, "start_va": 921234374656, "type": "region", "version": 1 }, "end_va": 921234620415, "entry_point": 0, "filename": null, "id": "region_3449", "name": "pagefile_0x000000d67dd90000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 921234374656, "timestamp": "00:01:12.562", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 921235685376, "type": "region", "version": 1 }, "end_va": 921235750911, "entry_point": 0, "filename": null, "id": "region_3450", "name": "private_0x000000d67ded0000", "norm_filename": null, "region_type": "private_memory", "start_va": 921235685376, "timestamp": "00:01:12.562", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1478656, "start_va": 921234112512, "type": "region", "version": 1 }, "end_va": 921235591167, "entry_point": 0, "filename": null, "id": "region_3451", "name": "private_0x000000d67dd50000", "norm_filename": null, "region_type": "private_memory", "start_va": 921234112512, "timestamp": "00:01:12.569", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 2650112, "start_va": 921238831104, "type": "region", "version": 1 }, "end_va": 921241481215, "entry_point": 0, "filename": null, "id": "region_3452", "name": "pagefile_0x000000d67e1d0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 921238831104, "timestamp": "00:01:12.571", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 983040, "start_va": 921235750912, "type": "region", "version": 1 }, "end_va": 921236733951, "entry_point": 0, "filename": null, "id": "region_3453", "name": "pagefile_0x000000d67dee0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 921235750912, "timestamp": "00:01:12.594", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 16384, "start_va": 921229328384, "type": "region", "version": 1 }, "end_va": 921229344767, "entry_point": 0, "filename": null, "id": "region_3454", "name": "pagefile_0x000000d67d8c0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 921229328384, "timestamp": "00:01:12.594", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2650112, "start_va": 921241518080, "type": "region", "version": 1 }, "end_va": 921244168191, "entry_point": 0, "filename": null, "id": "region_3455", "name": "pagefile_0x000000d67e460000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 921241518080, "timestamp": "00:01:12.603", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 983040, "start_va": 921234112512, "type": "region", "version": 1 }, "end_va": 921235095551, "entry_point": 0, "filename": null, "id": "region_3456", "name": "pagefile_0x000000d67dd50000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 921234112512, "timestamp": "00:01:12.612", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20971520, "start_va": 921241518080, "type": "region", "version": 1 }, "end_va": 921262489599, "entry_point": 0, "filename": null, "id": "region_3458", "name": "pagefile_0x000000d67e460000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 921241518080, "timestamp": "00:01:12.613", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 98304, "start_va": 921229590528, "type": "region", "version": 1 }, "end_va": 921229688831, "entry_point": 0, "filename": null, "id": "region_3459", "name": "pagefile_0x000000d67d900000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 921229590528, "timestamp": "00:01:12.615", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 921235095552, "type": "region", "version": 1 }, "end_va": 921235099647, "entry_point": 0, "filename": null, "id": "region_3460", "name": "pagefile_0x000000d67de40000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 921235095552, "timestamp": "00:01:12.615", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2969600, "start_va": 921262489600, "type": "region", "version": 1 }, "end_va": 921265459199, "entry_point": 921262489600, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_3461", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 921262489600, "timestamp": "00:01:12.616", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 921234112512, "type": "region", "version": 1 }, "end_va": 921234636799, "entry_point": 0, "filename": null, "id": "region_3463", "name": "private_0x000000d67dd50000", "norm_filename": null, "region_type": "private_memory", "start_va": 921234112512, "timestamp": "00:01:12.626", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 921234636800, "type": "region", "version": 1 }, "end_va": 921235161087, "entry_point": 0, "filename": null, "id": "region_3464", "name": "private_0x000000d67ddd0000", "norm_filename": null, "region_type": "private_memory", "start_va": 921234636800, "timestamp": "00:01:12.626", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140701213810688, "type": "region", "version": 1 }, "end_va": 140701213818879, "entry_point": 0, "filename": null, "id": "region_3465", "name": "private_0x00007ff78dde6000", "norm_filename": null, "region_type": "private_memory", "start_va": 140701213810688, "timestamp": "00:01:12.626", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140701213818880, "type": "region", "version": 1 }, "end_va": 140701213827071, "entry_point": 0, "filename": null, "id": "region_3466", "name": "private_0x00007ff78dde8000", "norm_filename": null, "region_type": "private_memory", "start_va": 140701213818880, "timestamp": "00:01:12.626", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 176128, "start_va": 140725084618752, "type": "region", "version": 1 }, "end_va": 140725084794879, "entry_point": 140725084624016, "filename": "\\Windows\\System32\\sspicli.dll", "id": "region_3467", "name": "sspicli.dll", "norm_filename": "c:\\windows\\system32\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 140725084618752, "timestamp": "00:01:12.629", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 569344, "start_va": 140725066203136, "type": "region", "version": 1 }, "end_va": 140725066772479, "entry_point": 140725066203136, "filename": "\\Windows\\System32\\apphelp.dll", "id": "region_3468", "name": "apphelp.dll", "norm_filename": "c:\\windows\\system32\\apphelp.dll", "region_type": "memory_mapped_file", "start_va": 140725066203136, "timestamp": "00:01:12.647", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 921229328384, "type": "region", "version": 1 }, "end_va": 921229336575, "entry_point": 0, "filename": null, "id": "region_3469", "name": "private_0x000000d67d8c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 921229328384, "timestamp": "00:01:12.656", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 131072, "start_va": 140703001149440, "type": "region", "version": 1 }, "end_va": 140703001280511, "entry_point": 140703001149440, "filename": "\\Windows\\System32\\dwm.exe", "id": "region_3470", "name": "dwm.exe", "norm_filename": "c:\\windows\\system32\\dwm.exe", "region_type": "memory_mapped_file", "start_va": 140703001149440, "timestamp": "00:01:12.657", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 409600, "start_va": 921235161088, "type": "region", "version": 1 }, "end_va": 921235570687, "entry_point": 921235161088, "filename": "\\Windows\\apppatch\\apppatch64\\sysmain.sdb", "id": "region_3471", "name": "sysmain.sdb", "norm_filename": "c:\\windows\\apppatch\\apppatch64\\sysmain.sdb", "region_type": "memory_mapped_file", "start_va": 921235161088, "timestamp": "00:01:12.672", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 921235161088, "type": "region", "version": 1 }, "end_va": 921235165183, "entry_point": 0, "filename": null, "id": "region_3507", "name": "private_0x000000d67de50000", "norm_filename": null, "region_type": "private_memory", "start_va": 921235161088, "timestamp": "00:01:12.760", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 921234112512, "type": "region", "version": 1 }, "end_va": 921234116607, "entry_point": 0, "filename": null, "id": "region_4082", "name": "private_0x000000d67dd50000", "norm_filename": null, "region_type": "private_memory", "start_va": 921234112512, "timestamp": "00:01:17.007", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 921235161088, "type": "region", "version": 1 }, "end_va": 921235685375, "entry_point": 0, "filename": null, "id": "region_4083", "name": "private_0x000000d67de50000", "norm_filename": null, "region_type": "private_memory", "start_va": 921235161088, "timestamp": "00:01:17.007", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140701213802496, "type": "region", "version": 1 }, "end_va": 140701213810687, "entry_point": 0, "filename": null, "id": "region_4084", "name": "private_0x00007ff78dde4000", "norm_filename": null, "region_type": "private_memory", "start_va": 140701213802496, "timestamp": "00:01:17.007", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4169728, "start_va": 921265504256, "type": "region", "version": 1 }, "end_va": 921269673983, "entry_point": 0, "filename": null, "id": "region_4088", "name": "pagefile_0x000000d67fb40000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 921265504256, "timestamp": "00:01:17.011", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 921234112512, "type": "region", "version": 1 }, "end_va": 921234116607, "entry_point": 0, "filename": null, "id": "region_4101", "name": "pagefile_0x000000d67dd50000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 921234112512, "timestamp": "00:01:17.055", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 921235750912, "type": "region", "version": 1 }, "end_va": 921236799487, "entry_point": 0, "filename": null, "id": "region_4248", "name": "private_0x000000d67dee0000", "norm_filename": null, "region_type": "private_memory", "start_va": 921235750912, "timestamp": "00:01:17.887", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 921234178048, "type": "region", "version": 1 }, "end_va": 921234182143, "entry_point": 0, "filename": null, "id": "region_4264", "name": "private_0x000000d67dd60000", "norm_filename": null, "region_type": "private_memory", "start_va": 921234178048, "timestamp": "00:01:17.940", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 921234243584, "type": "region", "version": 1 }, "end_va": 921234247679, "entry_point": 0, "filename": null, "id": "region_4282", "name": "private_0x000000d67dd70000", "norm_filename": null, "region_type": "private_memory", "start_va": 921234243584, "timestamp": "00:01:18.022", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 921236799488, "type": "region", "version": 1 }, "end_va": 921237323775, "entry_point": 0, "filename": null, "id": "region_4283", "name": "private_0x000000d67dfe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 921236799488, "timestamp": "00:01:18.023", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 196608, "start_va": 140725028847616, "type": "region", "version": 1 }, "end_va": 140725029044223, "entry_point": 140725028871328, "filename": "\\Windows\\System32\\ntmarta.dll", "id": "region_4307", "name": "ntmarta.dll", "norm_filename": "c:\\windows\\system32\\ntmarta.dll", "region_type": "memory_mapped_file", "start_va": 140725028847616, "timestamp": "00:01:18.228", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 16384, "start_va": 140725000011776, "type": "region", "version": 1 }, "end_va": 140725000028159, "entry_point": 140725000011776, "filename": "\\Windows\\System32\\KBDUS.DLL", "id": "region_4590", "name": "kbdus.dll", "norm_filename": "c:\\windows\\system32\\kbdus.dll", "region_type": "memory_mapped_file", "start_va": 140725000011776, "timestamp": "00:01:20.509", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 32768, "start_va": 921234112512, "type": "region", "version": 1 }, "end_va": 921234145279, "entry_point": 921234112512, "filename": "\\Windows\\Cursors\\aero_arrow.cur", "id": "region_4596", "name": "aero_arrow.cur", "norm_filename": "c:\\windows\\cursors\\aero_arrow.cur", "region_type": "memory_mapped_file", "start_va": 921234112512, "timestamp": "00:01:20.537", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 557056, "start_va": 921236799488, "type": "region", "version": 1 }, "end_va": 921237356543, "entry_point": 921236799488, "filename": "\\Windows\\Cursors\\aero_busy.ani", "id": "region_4597", "name": "aero_busy.ani", "norm_filename": "c:\\windows\\cursors\\aero_busy.ani", "region_type": "memory_mapped_file", "start_va": 921236799488, "timestamp": "00:01:20.539", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 32768, "start_va": 921234112512, "type": "region", "version": 1 }, "end_va": 921234145279, "entry_point": 921234112512, "filename": "\\Windows\\Cursors\\aero_up.cur", "id": "region_4598", "name": "aero_up.cur", "norm_filename": "c:\\windows\\cursors\\aero_up.cur", "region_type": "memory_mapped_file", "start_va": 921234112512, "timestamp": "00:01:20.549", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 557056, "start_va": 921236799488, "type": "region", "version": 1 }, "end_va": 921237356543, "entry_point": 921236799488, "filename": "\\Windows\\Cursors\\aero_working.ani", "id": "region_4599", "name": "aero_working.ani", "norm_filename": "c:\\windows\\cursors\\aero_working.ani", "region_type": "memory_mapped_file", "start_va": 921236799488, "timestamp": "00:01:20.554", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 32768, "start_va": 921234112512, "type": "region", "version": 1 }, "end_va": 921234145279, "entry_point": 921234112512, "filename": "\\Windows\\Cursors\\aero_helpsel.cur", "id": "region_4600", "name": "aero_helpsel.cur", "norm_filename": "c:\\windows\\cursors\\aero_helpsel.cur", "region_type": "memory_mapped_file", "start_va": 921234112512, "timestamp": "00:01:20.561", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 983040, "start_va": 921236799488, "type": "region", "version": 1 }, "end_va": 921237782527, "entry_point": 0, "filename": null, "id": "region_4603", "name": "pagefile_0x000000d67dfe0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 921236799488, "timestamp": "00:01:20.602", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 921234112512, "type": "region", "version": 1 }, "end_va": 921234128895, "entry_point": 0, "filename": null, "id": "region_4604", "name": "pagefile_0x000000d67dd50000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 921234112512, "timestamp": "00:01:20.602", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 921234243584, "type": "region", "version": 1 }, "end_va": 921234247679, "entry_point": 0, "filename": null, "id": "region_4608", "name": "pagefile_0x000000d67dd70000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 921234243584, "timestamp": "00:01:20.604", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 983040, "start_va": 921265504256, "type": "region", "version": 1 }, "end_va": 921266487295, "entry_point": 0, "filename": null, "id": "region_4609", "name": "pagefile_0x000000d67fb40000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 921265504256, "timestamp": "00:01:20.604", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 921234243584, "type": "region", "version": 1 }, "end_va": 921234259967, "entry_point": 0, "filename": null, "id": "region_4610", "name": "pagefile_0x000000d67dd70000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 921234243584, "timestamp": "00:01:20.604", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 110592, "start_va": 140724999946240, "type": "region", "version": 1 }, "end_va": 140725000056831, "entry_point": 140724999946240, "filename": "\\Windows\\System32\\mpr.dll", "id": "region_4623", "name": "mpr.dll", "norm_filename": "c:\\windows\\system32\\mpr.dll", "region_type": "memory_mapped_file", "start_va": 140724999946240, "timestamp": "00:01:20.634", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 919123001344, "type": "region", "version": 1 }, "end_va": 919123005439, "entry_point": 0, "filename": null, "id": "region_7885", "name": "private_0x000000d600000000", "norm_filename": null, "region_type": "private_memory", "start_va": 919123001344, "timestamp": "00:01:50.959", "type": "region", "version": 1 } ], "terminate_reason": "timeout", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "C:\\Windows\\system32\\services.exe", "filename": "c:\\windows\\system32\\services.exe", "id": "proc_39", "image_name": "services.exe", "monitor_reason": "child_process", "monitored_id": 39, "origin_monitor_id": 36, "ref_parent_process": { "ref_id": "proc_36", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable" ], "ref_process_dump": null, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_2911", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:01:09.819", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 131072, "start_va": 327755366400, "type": "region", "version": 1 }, "end_va": 327755497471, "entry_point": 0, "filename": null, "id": "region_2912", "name": "private_0x0000004c4fbe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 327755366400, "timestamp": "00:01:09.819", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 61440, "start_va": 327755497472, "type": "region", "version": 1 }, "end_va": 327755558911, "entry_point": 0, "filename": null, "id": "region_2913", "name": "pagefile_0x0000004c4fc00000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 327755497472, "timestamp": "00:01:09.819", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 327755563008, "type": "region", "version": 1 }, "end_va": 327756087295, "entry_point": 0, "filename": null, "id": "region_2914", "name": "private_0x0000004c4fc10000", "norm_filename": null, "region_type": "private_memory", "start_va": 327755563008, "timestamp": "00:01:09.819", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 140700249423872, "type": "region", "version": 1 }, "end_va": 140700249567231, "entry_point": 0, "filename": null, "id": "region_2915", "name": "pagefile_0x00007ff754630000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 140700249423872, "timestamp": "00:01:09.819", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 140700249579520, "type": "region", "version": 1 }, "end_va": 140700249583615, "entry_point": 0, "filename": null, "id": "region_2916", "name": "private_0x00007ff754656000", "norm_filename": null, "region_type": "private_memory", "start_va": 140700249579520, "timestamp": "00:01:09.819", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140700249612288, "type": "region", "version": 1 }, "end_va": 140700249620479, "entry_point": 0, "filename": null, "id": "region_2917", "name": "private_0x00007ff75465e000", "norm_filename": null, "region_type": "private_memory", "start_va": 140700249612288, "timestamp": "00:01:09.819", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 413696, "start_va": 140700261089280, "type": "region", "version": 1 }, "end_va": 140700261502975, "entry_point": 140700261089280, "filename": "\\Windows\\System32\\services.exe", "id": "region_2918", "name": "services.exe", "norm_filename": "c:\\windows\\system32\\services.exe", "region_type": "memory_mapped_file", "start_va": 140700261089280, "timestamp": "00:01:09.819", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 140725133115392, "type": "region", "version": 1 }, "end_va": 140725134856191, "entry_point": 140725133115392, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_2919", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 140725133115392, "timestamp": "00:01:09.827", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 327756087296, "type": "region", "version": 1 }, "end_va": 327756103679, "entry_point": 0, "filename": null, "id": "region_2921", "name": "pagefile_0x0000004c4fc90000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 327756087296, "timestamp": "00:01:09.848", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 327756152832, "type": "region", "version": 1 }, "end_va": 327756156927, "entry_point": 0, "filename": null, "id": "region_2923", "name": "pagefile_0x0000004c4fca0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 327756152832, "timestamp": "00:01:09.849", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 327756349440, "type": "region", "version": 1 }, "end_va": 327757398015, "entry_point": 0, "filename": null, "id": "region_2936", "name": "private_0x0000004c4fcd0000", "norm_filename": null, "region_type": "private_memory", "start_va": 327756349440, "timestamp": "00:01:09.876", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1105920, "start_va": 140725090648064, "type": "region", "version": 1 }, "end_va": 140725091753983, "entry_point": 140725090656928, "filename": "\\Windows\\System32\\KernelBase.dll", "id": "region_2937", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\system32\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 140725090648064, "timestamp": "00:01:09.876", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1282048, "start_va": 140725124988928, "type": "region", "version": 1 }, "end_va": 140725126270975, "entry_point": 140725125009460, "filename": "\\Windows\\System32\\kernel32.dll", "id": "region_2938", "name": "kernel32.dll", "norm_filename": "c:\\windows\\system32\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 140725124988928, "timestamp": "00:01:09.877", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 327755366400, "type": "region", "version": 1 }, "end_va": 327755431935, "entry_point": 0, "filename": null, "id": "region_2939", "name": "pagefile_0x0000004c4fbe0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 327755366400, "timestamp": "00:01:09.878", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 140700248375296, "type": "region", "version": 1 }, "end_va": 140700249423871, "entry_point": 0, "filename": null, "id": "region_2940", "name": "pagefile_0x00007ff754530000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 140700248375296, "timestamp": "00:01:09.878", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 516096, "start_va": 327757398016, "type": "region", "version": 1 }, "end_va": 327757914111, "entry_point": 327757398016, "filename": "\\Windows\\System32\\locale.nls", "id": "region_2941", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 327757398016, "timestamp": "00:01:09.880", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1269760, "start_va": 140725127806976, "type": "region", "version": 1 }, "end_va": 140725129076735, "entry_point": 140725127811408, "filename": "\\Windows\\System32\\rpcrt4.dll", "id": "region_2942", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\system32\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 140725127806976, "timestamp": "00:01:09.881", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 176128, "start_va": 140725084618752, "type": "region", "version": 1 }, "end_va": 140725084794879, "entry_point": 140725084618752, "filename": "\\Windows\\System32\\sspicli.dll", "id": "region_2943", "name": "sspicli.dll", "norm_filename": "c:\\windows\\system32\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 140725084618752, "timestamp": "00:01:09.884", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 81920, "start_va": 140725086453760, "type": "region", "version": 1 }, "end_va": 140725086535679, "entry_point": 140725086468812, "filename": "\\Windows\\System32\\profapi.dll", "id": "region_2945", "name": "profapi.dll", "norm_filename": "c:\\windows\\system32\\profapi.dll", "region_type": "memory_mapped_file", "start_va": 140725086453760, "timestamp": "00:01:09.903", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 356352, "start_va": 140725098184704, "type": "region", "version": 1 }, "end_va": 140725098541055, "entry_point": 140725098194176, "filename": "\\Windows\\System32\\sechost.dll", "id": "region_2946", "name": "sechost.dll", "norm_filename": "c:\\windows\\system32\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 140725098184704, "timestamp": "00:01:09.906", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 140725085208576, "type": "region", "version": 1 }, "end_va": 140725085249535, "entry_point": 140725085212688, "filename": "\\Windows\\System32\\cryptbase.dll", "id": "region_2947", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\system32\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 140725085208576, "timestamp": "00:01:09.907", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 28672, "start_va": 327755431936, "type": "region", "version": 1 }, "end_va": 327755460607, "entry_point": 0, "filename": null, "id": "region_2948", "name": "private_0x0000004c4fbf0000", "norm_filename": null, "region_type": "private_memory", "start_va": 327755431936, "timestamp": "00:01:09.908", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 385024, "start_va": 140725084815360, "type": "region", "version": 1 }, "end_va": 140725085200383, "entry_point": 140725084944032, "filename": "\\Windows\\System32\\bcryptprimitives.dll", "id": "region_3006", "name": "bcryptprimitives.dll", "norm_filename": "c:\\windows\\system32\\bcryptprimitives.dll", "region_type": "memory_mapped_file", "start_va": 140725084815360, "timestamp": "00:01:10.116", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 65536, "start_va": 140725074264064, "type": "region", "version": 1 }, "end_va": 140725074329599, "entry_point": 140725074264064, "filename": "\\Windows\\System32\\scext.dll", "id": "region_3122", "name": "scext.dll", "norm_filename": "c:\\windows\\system32\\scext.dll", "region_type": "memory_mapped_file", "start_va": 140725074264064, "timestamp": "00:01:10.767", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 140725073870848, "type": "region", "version": 1 }, "end_va": 140725073903615, "entry_point": 140725073870848, "filename": "\\Windows\\System32\\dabapi.dll", "id": "region_3144", "name": "dabapi.dll", "norm_filename": "c:\\windows\\system32\\dabapi.dll", "region_type": "memory_mapped_file", "start_va": 140725073870848, "timestamp": "00:01:10.824", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 45056, "start_va": 140725073805312, "type": "region", "version": 1 }, "end_va": 140725073850367, "entry_point": 140725073805312, "filename": "\\Windows\\System32\\EventAggregation.dll", "id": "region_3145", "name": "eventaggregation.dll", "norm_filename": "c:\\windows\\system32\\eventaggregation.dll", "region_type": "memory_mapped_file", "start_va": 140725073805312, "timestamp": "00:01:10.832", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 151552, "start_va": 140725073608704, "type": "region", "version": 1 }, "end_va": 140725073760255, "entry_point": 140725073608704, "filename": "\\Windows\\System32\\srvcli.dll", "id": "region_3146", "name": "srvcli.dll", "norm_filename": "c:\\windows\\system32\\srvcli.dll", "region_type": "memory_mapped_file", "start_va": 140725073608704, "timestamp": "00:01:10.840", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 684032, "start_va": 140725098577920, "type": "region", "version": 1 }, "end_va": 140725099261951, "entry_point": 140725098588204, "filename": "\\Windows\\System32\\msvcrt.dll", "id": "region_3147", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\system32\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 140725098577920, "timestamp": "00:01:10.847", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1835008, "start_va": 327757922304, "type": "region", "version": 1 }, "end_va": 327759757311, "entry_point": 0, "filename": null, "id": "region_3148", "name": "private_0x0000004c4fe50000", "norm_filename": null, "region_type": "private_memory", "start_va": 327757922304, "timestamp": "00:01:10.850", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 28672, "start_va": 327756218368, "type": "region", "version": 1 }, "end_va": 327756247039, "entry_point": 0, "filename": null, "id": "region_3149", "name": "private_0x0000004c4fcb0000", "norm_filename": null, "region_type": "private_memory", "start_va": 327756218368, "timestamp": "00:01:10.851", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 118784, "start_va": 140725073477632, "type": "region", "version": 1 }, "end_va": 140725073596415, "entry_point": 140725073477632, "filename": "\\Windows\\System32\\SPInf.dll", "id": "region_3152", "name": "spinf.dll", "norm_filename": "c:\\windows\\system32\\spinf.dll", "region_type": "memory_mapped_file", "start_va": 140725073477632, "timestamp": "00:01:10.860", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20480, "start_va": 327756283904, "type": "region", "version": 1 }, "end_va": 327756304383, "entry_point": 327756283904, "filename": "\\Windows\\Inf\\1394.PNF", "id": "region_3153", "name": "1394.pnf", "norm_filename": "c:\\windows\\inf\\1394.pnf", "region_type": "memory_mapped_file", "start_va": 327756283904, "timestamp": "00:01:10.873", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2969600, "start_va": 327759757312, "type": "region", "version": 1 }, "end_va": 327762726911, "entry_point": 327759757312, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_3154", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 327759757312, "timestamp": "00:01:10.874", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 12288, "start_va": 327756283904, "type": "region", "version": 1 }, "end_va": 327756296191, "entry_point": 327756283904, "filename": "\\Windows\\Inf\\acpi.PNF", "id": "region_3155", "name": "acpi.pnf", "norm_filename": "c:\\windows\\inf\\acpi.pnf", "region_type": "memory_mapped_file", "start_va": 327756283904, "timestamp": "00:01:10.877", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 327756283904, "type": "region", "version": 1 }, "end_va": 327756292095, "entry_point": 327756283904, "filename": "\\Windows\\Inf\\acpipagr.PNF", "id": "region_3156", "name": "acpipagr.pnf", "norm_filename": "c:\\windows\\inf\\acpipagr.pnf", "region_type": "memory_mapped_file", "start_va": 327756283904, "timestamp": "00:01:10.879", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 327756283904, "type": "region", "version": 1 }, "end_va": 327756292095, "entry_point": 327756283904, "filename": "\\Windows\\Inf\\acpipmi.PNF", "id": "region_3157", "name": "acpipmi.pnf", "norm_filename": "c:\\windows\\inf\\acpipmi.pnf", "region_type": "memory_mapped_file", "start_va": 327756283904, "timestamp": "00:01:10.882", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 917504, "start_va": 327757922304, "type": "region", "version": 1 }, "end_va": 327758839807, "entry_point": 327757922304, "filename": "\\Windows\\Inf\\machine.PNF", "id": "region_3158", "name": "machine.pnf", "norm_filename": "c:\\windows\\inf\\machine.pnf", "region_type": "memory_mapped_file", "start_va": 327757922304, "timestamp": "00:01:10.890", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 327759691776, "type": "region", "version": 1 }, "end_va": 327759757311, "entry_point": 0, "filename": null, "id": "region_3159", "name": "private_0x0000004c50000000", "norm_filename": null, "region_type": "private_memory", "start_va": 327759691776, "timestamp": "00:01:10.891", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 28672, "start_va": 327756283904, "type": "region", "version": 1 }, "end_va": 327756312575, "entry_point": 327756283904, "filename": "\\Windows\\Inf\\cpu.PNF", "id": "region_3160", "name": "cpu.pnf", "norm_filename": "c:\\windows\\inf\\cpu.pnf", "region_type": "memory_mapped_file", "start_va": 327756283904, "timestamp": "00:01:10.897", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 61440, "start_va": 327756283904, "type": "region", "version": 1 }, "end_va": 327756345343, "entry_point": 327756283904, "filename": "\\Windows\\Inf\\arcsas.PNF", "id": "region_3161", "name": "arcsas.pnf", "norm_filename": "c:\\windows\\inf\\arcsas.pnf", "region_type": "memory_mapped_file", "start_va": 327756283904, "timestamp": "00:01:10.904", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 69632, "start_va": 327757922304, "type": "region", "version": 1 }, "end_va": 327757991935, "entry_point": 327757922304, "filename": "\\Windows\\Inf\\mshdc.PNF", "id": "region_3162", "name": "mshdc.pnf", "norm_filename": "c:\\windows\\inf\\mshdc.pnf", "region_type": "memory_mapped_file", "start_va": 327757922304, "timestamp": "00:01:10.909", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 327756283904, "type": "region", "version": 1 }, "end_va": 327756300287, "entry_point": 327756283904, "filename": "\\Windows\\Inf\\netbvbda.PNF", "id": "region_3163", "name": "netbvbda.pnf", "norm_filename": "c:\\windows\\inf\\netbvbda.pnf", "region_type": "memory_mapped_file", "start_va": 327756283904, "timestamp": "00:01:10.914", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 327756283904, "type": "region", "version": 1 }, "end_va": 327756292095, "entry_point": 327756283904, "filename": "\\Windows\\Inf\\bcmfn2.PNF", "id": "region_3164", "name": "bcmfn2.pnf", "norm_filename": "c:\\windows\\inf\\bcmfn2.pnf", "region_type": "memory_mapped_file", "start_va": 327756283904, "timestamp": "00:01:10.917", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 12288, "start_va": 327756283904, "type": "region", "version": 1 }, "end_va": 327756296191, "entry_point": 327756283904, "filename": "\\Windows\\Inf\\bthaudhid.PNF", "id": "region_3165", "name": "bthaudhid.pnf", "norm_filename": "c:\\windows\\inf\\bthaudhid.pnf", "region_type": "memory_mapped_file", "start_va": 327756283904, "timestamp": "00:01:10.924", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 327756283904, "type": "region", "version": 1 }, "end_va": 327756292095, "entry_point": 327756283904, "filename": "\\Windows\\Inf\\bthspp.PNF", "id": "region_3167", "name": "bthspp.pnf", "norm_filename": "c:\\windows\\inf\\bthspp.pnf", "region_type": "memory_mapped_file", "start_va": 327756283904, "timestamp": "00:01:10.929", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 327756283904, "type": "region", "version": 1 }, "end_va": 327756300287, "entry_point": 327756283904, "filename": "\\Windows\\Inf\\cdrom.PNF", "id": "region_3168", "name": "cdrom.pnf", "norm_filename": "c:\\windows\\inf\\cdrom.pnf", "region_type": "memory_mapped_file", "start_va": 327756283904, "timestamp": "00:01:10.932", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 24576, "start_va": 327756283904, "type": "region", "version": 1 }, "end_va": 327756308479, "entry_point": 327756283904, "filename": "\\Windows\\Inf\\circlass.PNF", "id": "region_3169", "name": "circlass.pnf", "norm_filename": "c:\\windows\\inf\\circlass.pnf", "region_type": "memory_mapped_file", "start_va": 327756283904, "timestamp": "00:01:10.935", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 12288, "start_va": 327756283904, "type": "region", "version": 1 }, "end_va": 327756296191, "entry_point": 327756283904, "filename": "\\Windows\\Inf\\cmbatt.PNF", "id": "region_3170", "name": "cmbatt.pnf", "norm_filename": "c:\\windows\\inf\\cmbatt.pnf", "region_type": "memory_mapped_file", "start_va": 327756283904, "timestamp": "00:01:10.937", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 327756283904, "type": "region", "version": 1 }, "end_va": 327756292095, "entry_point": 327756283904, "filename": "\\Windows\\Inf\\CompositeBus.PNF", "id": "region_3171", "name": "compositebus.pnf", "norm_filename": "c:\\windows\\inf\\compositebus.pnf", "region_type": "memory_mapped_file", "start_va": 327756283904, "timestamp": "00:01:10.939", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20480, "start_va": 327756283904, "type": "region", "version": 1 }, "end_va": 327756304383, "entry_point": 327756283904, "filename": "\\Windows\\Inf\\disk.PNF", "id": "region_3172", "name": "disk.pnf", "norm_filename": "c:\\windows\\inf\\disk.pnf", "region_type": "memory_mapped_file", "start_va": 327756283904, "timestamp": "00:01:10.948", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 24576, "start_va": 327756283904, "type": "region", "version": 1 }, "end_va": 327756308479, "entry_point": 327756283904, "filename": "\\Windows\\Inf\\wdmaudio.PNF", "id": "region_3173", "name": "wdmaudio.pnf", "norm_filename": "c:\\windows\\inf\\wdmaudio.pnf", "region_type": "memory_mapped_file", "start_va": 327756283904, "timestamp": "00:01:10.952", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 110592, "start_va": 327757922304, "type": "region", "version": 1 }, "end_va": 327758032895, "entry_point": 327757922304, "filename": "\\Windows\\Inf\\net1ic64.PNF", "id": "region_3174", "name": "net1ic64.pnf", "norm_filename": "c:\\windows\\inf\\net1ic64.pnf", "region_type": "memory_mapped_file", "start_va": 327757922304, "timestamp": "00:01:10.956", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 122880, "start_va": 327757922304, "type": "region", "version": 1 }, "end_va": 327758045183, "entry_point": 327757922304, "filename": "\\Windows\\Inf\\netevbda.PNF", "id": "region_3175", "name": "netevbda.pnf", "norm_filename": "c:\\windows\\inf\\netevbda.pnf", "region_type": "memory_mapped_file", "start_va": 327757922304, "timestamp": "00:01:10.960", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 327756283904, "type": "region", "version": 1 }, "end_va": 327756292095, "entry_point": 327756283904, "filename": "\\Windows\\Inf\\ehstortcgdrv.PNF", "id": "region_3176", "name": "ehstortcgdrv.pnf", "norm_filename": "c:\\windows\\inf\\ehstortcgdrv.pnf", "region_type": "memory_mapped_file", "start_va": 327756283904, "timestamp": "00:01:10.965", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 12288, "start_va": 327756283904, "type": "region", "version": 1 }, "end_va": 327756296191, "entry_point": 327756283904, "filename": "\\Windows\\Inf\\errdev.PNF", "id": "region_3177", "name": "errdev.pnf", "norm_filename": "c:\\windows\\inf\\errdev.pnf", "region_type": "memory_mapped_file", "start_va": 327756283904, "timestamp": "00:01:10.968", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 327756283904, "type": "region", "version": 1 }, "end_va": 327756292095, "entry_point": 327756283904, "filename": "\\Windows\\Inf\\fdc.PNF", "id": "region_3178", "name": "fdc.pnf", "norm_filename": "c:\\windows\\inf\\fdc.pnf", "region_type": "memory_mapped_file", "start_va": 327756283904, "timestamp": "00:01:10.972", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 12288, "start_va": 327756283904, "type": "region", "version": 1 }, "end_va": 327756296191, "entry_point": 327756283904, "filename": "\\Windows\\Inf\\flpydisk.PNF", "id": "region_3179", "name": "flpydisk.pnf", "norm_filename": "c:\\windows\\inf\\flpydisk.pnf", "region_type": "memory_mapped_file", "start_va": 327756283904, "timestamp": "00:01:10.977", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 327756283904, "type": "region", "version": 1 }, "end_va": 327756300287, "entry_point": 327756283904, "filename": "\\Windows\\Inf\\wgencounter.PNF", "id": "region_3182", "name": "wgencounter.pnf", "norm_filename": "c:\\windows\\inf\\wgencounter.pnf", "region_type": "memory_mapped_file", "start_va": 327756283904, "timestamp": "00:01:10.986", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 131072, "start_va": 327757922304, "type": "region", "version": 1 }, "end_va": 327758053375, "entry_point": 327757922304, "filename": "\\Windows\\Inf\\hdaudio.PNF", "id": "region_3183", "name": "hdaudio.pnf", "norm_filename": "c:\\windows\\inf\\hdaudio.pnf", "region_type": "memory_mapped_file", "start_va": 327757922304, "timestamp": "00:01:10.989", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 12288, "start_va": 327756283904, "type": "region", "version": 1 }, "end_va": 327756296191, "entry_point": 327756283904, "filename": "\\Windows\\Inf\\hdaudbus.PNF", "id": "region_3184", "name": "hdaudbus.pnf", "norm_filename": "c:\\windows\\inf\\hdaudbus.pnf", "region_type": "memory_mapped_file", "start_va": 327756283904, "timestamp": "00:01:10.993", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 327756283904, "type": "region", "version": 1 }, "end_va": 327756292095, "entry_point": 327756283904, "filename": "\\Windows\\Inf\\hidbatt.PNF", "id": "region_3185", "name": "hidbatt.pnf", "norm_filename": "c:\\windows\\inf\\hidbatt.pnf", "region_type": "memory_mapped_file", "start_va": 327756283904, "timestamp": "00:01:10.995", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 12288, "start_va": 327756283904, "type": "region", "version": 1 }, "end_va": 327756296191, "entry_point": 327756283904, "filename": "\\Windows\\Inf\\hidbth.PNF", "id": "region_3186", "name": "hidbth.pnf", "norm_filename": "c:\\windows\\inf\\hidbth.pnf", "region_type": "memory_mapped_file", "start_va": 327756283904, "timestamp": "00:01:10.996", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 36864, "start_va": 327756283904, "type": "region", "version": 1 }, "end_va": 327756320767, "entry_point": 327756283904, "filename": "\\Windows\\Inf\\hidir.PNF", "id": "region_3187", "name": "hidir.pnf", "norm_filename": "c:\\windows\\inf\\hidir.pnf", "region_type": "memory_mapped_file", "start_va": 327756283904, "timestamp": "00:01:11.000", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 147456, "start_va": 327757922304, "type": "region", "version": 1 }, "end_va": 327758069759, "entry_point": 327757922304, "filename": "\\Windows\\Inf\\input.PNF", "id": "region_3188", "name": "input.pnf", "norm_filename": "c:\\windows\\inf\\input.pnf", "region_type": "memory_mapped_file", "start_va": 327757922304, "timestamp": "00:01:11.003", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 122880, "start_va": 327757922304, "type": "region", "version": 1 }, "end_va": 327758045183, "entry_point": 327757922304, "filename": "\\Windows\\Inf\\keyboard.PNF", "id": "region_3189", "name": "keyboard.pnf", "norm_filename": "c:\\windows\\inf\\keyboard.pnf", "region_type": "memory_mapped_file", "start_va": 327757922304, "timestamp": "00:01:11.009", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 327756283904, "type": "region", "version": 1 }, "end_va": 327756292095, "entry_point": 327756283904, "filename": "\\Windows\\Inf\\ialpssi_gpio.PNF", "id": "region_3190", "name": "ialpssi_gpio.pnf", "norm_filename": "c:\\windows\\inf\\ialpssi_gpio.pnf", "region_type": "memory_mapped_file", "start_va": 327756283904, "timestamp": "00:01:11.012", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 12288, "start_va": 327756283904, "type": "region", "version": 1 }, "end_va": 327756296191, "entry_point": 327756283904, "filename": "\\Windows\\Inf\\ialpssi_i2c.PNF", "id": "region_3191", "name": "ialpssi_i2c.pnf", "norm_filename": "c:\\windows\\inf\\ialpssi_i2c.pnf", "region_type": "memory_mapped_file", "start_va": 327756283904, "timestamp": "00:01:11.014", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 327756283904, "type": "region", "version": 1 }, "end_va": 327756300287, "entry_point": 327756283904, "filename": "\\Windows\\Inf\\iastorv.PNF", "id": "region_3192", "name": "iastorv.pnf", "norm_filename": "c:\\windows\\inf\\iastorv.pnf", "region_type": "memory_mapped_file", "start_va": 327756283904, "timestamp": "00:01:11.017", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 12288, "start_va": 327756283904, "type": "region", "version": 1 }, "end_va": 327756296191, "entry_point": 327756283904, "filename": "\\Windows\\Inf\\intelpep.PNF", "id": "region_3193", "name": "intelpep.pnf", "norm_filename": "c:\\windows\\inf\\intelpep.pnf", "region_type": "memory_mapped_file", "start_va": 327756283904, "timestamp": "00:01:11.021", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 12288, "start_va": 327756283904, "type": "region", "version": 1 }, "end_va": 327756296191, "entry_point": 327756283904, "filename": "\\Windows\\Inf\\iscsi.PNF", "id": "region_3195", "name": "iscsi.pnf", "norm_filename": "c:\\windows\\inf\\iscsi.pnf", "region_type": "memory_mapped_file", "start_va": 327756283904, "timestamp": "00:01:11.026", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 12288, "start_va": 327756283904, "type": "region", "version": 1 }, "end_va": 327756296191, "entry_point": 327756283904, "filename": "\\Windows\\Inf\\kdnic.PNF", "id": "region_3197", "name": "kdnic.pnf", "norm_filename": "c:\\windows\\inf\\kdnic.pnf", "region_type": "memory_mapped_file", "start_va": 327756283904, "timestamp": "00:01:11.031", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1150976, "start_va": 327757922304, "type": "region", "version": 1 }, "end_va": 327759073279, "entry_point": 327757922304, "filename": "\\Windows\\Inf\\monitor.PNF", "id": "region_3198", "name": "monitor.pnf", "norm_filename": "c:\\windows\\inf\\monitor.pnf", "region_type": "memory_mapped_file", "start_va": 327757922304, "timestamp": "00:01:11.040", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 94208, "start_va": 327757922304, "type": "region", "version": 1 }, "end_va": 327758016511, "entry_point": 327757922304, "filename": "\\Windows\\Inf\\msmouse.PNF", "id": "region_3199", "name": "msmouse.pnf", "norm_filename": "c:\\windows\\inf\\msmouse.pnf", "region_type": "memory_mapped_file", "start_va": 327757922304, "timestamp": "00:01:11.051", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 12288, "start_va": 327756283904, "type": "region", "version": 1 }, "end_va": 327756296191, "entry_point": 327756283904, "filename": "\\Windows\\Inf\\msgpiowin32.PNF", "id": "region_3200", "name": "msgpiowin32.pnf", "norm_filename": "c:\\windows\\inf\\msgpiowin32.pnf", "region_type": "memory_mapped_file", "start_va": 327756283904, "timestamp": "00:01:11.059", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20480, "start_va": 327756283904, "type": "region", "version": 1 }, "end_va": 327756304383, "entry_point": 327756283904, "filename": "\\Windows\\Inf\\ksfilter.PNF", "id": "region_3201", "name": "ksfilter.pnf", "norm_filename": "c:\\windows\\inf\\ksfilter.pnf", "region_type": "memory_mapped_file", "start_va": 327756283904, "timestamp": "00:01:11.064", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 327756283904, "type": "region", "version": 1 }, "end_va": 327756292095, "entry_point": 327756283904, "filename": "\\Windows\\Inf\\mssmbios.PNF", "id": "region_3202", "name": "mssmbios.pnf", "norm_filename": "c:\\windows\\inf\\mssmbios.pnf", "region_type": "memory_mapped_file", "start_va": 327756283904, "timestamp": "00:01:11.069", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 327756283904, "type": "region", "version": 1 }, "end_va": 327756292095, "entry_point": 327756283904, "filename": "\\Windows\\Inf\\mtconfig.PNF", "id": "region_3204", "name": "mtconfig.pnf", "norm_filename": "c:\\windows\\inf\\mtconfig.pnf", "region_type": "memory_mapped_file", "start_va": 327756283904, "timestamp": "00:01:11.076", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 327756283904, "type": "region", "version": 1 }, "end_va": 327756292095, "entry_point": 327756283904, "filename": "\\Windows\\Inf\\ndisuio.PNF", "id": "region_3205", "name": "ndisuio.pnf", "norm_filename": "c:\\windows\\inf\\ndisuio.pnf", "region_type": "memory_mapped_file", "start_va": 327756283904, "timestamp": "00:01:11.083", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 36864, "start_va": 327756283904, "type": "region", "version": 1 }, "end_va": 327756320767, "entry_point": 327756283904, "filename": "\\Windows\\Inf\\msports.PNF", "id": "region_3207", "name": "msports.pnf", "norm_filename": "c:\\windows\\inf\\msports.pnf", "region_type": "memory_mapped_file", "start_va": 327756283904, "timestamp": "00:01:11.104", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 327756283904, "type": "region", "version": 1 }, "end_va": 327756292095, "entry_point": 327756283904, "filename": "\\Windows\\Inf\\rdpbus.PNF", "id": "region_3210", "name": "rdpbus.pnf", "norm_filename": "c:\\windows\\inf\\rdpbus.pnf", "region_type": "memory_mapped_file", "start_va": 327756283904, "timestamp": "00:01:11.131", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 327756283904, "type": "region", "version": 1 }, "end_va": 327756292095, "entry_point": 327756283904, "filename": "\\Windows\\Inf\\sbp2.PNF", "id": "region_3211", "name": "sbp2.pnf", "norm_filename": "c:\\windows\\inf\\sbp2.pnf", "region_type": "memory_mapped_file", "start_va": 327756283904, "timestamp": "00:01:11.137", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 12288, "start_va": 327756283904, "type": "region", "version": 1 }, "end_va": 327756296191, "entry_point": 327756283904, "filename": "\\Windows\\Inf\\sdstor.PNF", "id": "region_3212", "name": "sdstor.pnf", "norm_filename": "c:\\windows\\inf\\sdstor.pnf", "region_type": "memory_mapped_file", "start_va": 327756283904, "timestamp": "00:01:11.142", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 327756283904, "type": "region", "version": 1 }, "end_va": 327756292095, "entry_point": 327756283904, "filename": "\\Windows\\Inf\\spaceport.PNF", "id": "region_3216", "name": "spaceport.pnf", "norm_filename": "c:\\windows\\inf\\spaceport.pnf", "region_type": "memory_mapped_file", "start_va": 327756283904, "timestamp": "00:01:11.156", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 12288, "start_va": 327756283904, "type": "region", "version": 1 }, "end_va": 327756296191, "entry_point": 327756283904, "filename": "\\Windows\\Inf\\stornvme.PNF", "id": "region_3218", "name": "stornvme.pnf", "norm_filename": "c:\\windows\\inf\\stornvme.pnf", "region_type": "memory_mapped_file", "start_va": 327756283904, "timestamp": "00:01:11.166", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 327756283904, "type": "region", "version": 1 }, "end_va": 327756292095, "entry_point": 327756283904, "filename": "\\Windows\\Inf\\swenum.PNF", "id": "region_3219", "name": "swenum.pnf", "norm_filename": "c:\\windows\\inf\\swenum.pnf", "region_type": "memory_mapped_file", "start_va": 327756283904, "timestamp": "00:01:11.170", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20480, "start_va": 327756283904, "type": "region", "version": 1 }, "end_va": 327756304383, "entry_point": 327756283904, "filename": "\\Windows\\Inf\\netip6.PNF", "id": "region_3220", "name": "netip6.pnf", "norm_filename": "c:\\windows\\inf\\netip6.pnf", "region_type": "memory_mapped_file", "start_va": 327756283904, "timestamp": "00:01:11.180", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 327756283904, "type": "region", "version": 1 }, "end_va": 327756292095, "entry_point": 327756283904, "filename": "\\Windows\\Inf\\termmou.PNF", "id": "region_3221", "name": "termmou.pnf", "norm_filename": "c:\\windows\\inf\\termmou.pnf", "region_type": "memory_mapped_file", "start_va": 327756283904, "timestamp": "00:01:11.184", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 327756283904, "type": "region", "version": 1 }, "end_va": 327756300287, "entry_point": 327756283904, "filename": "\\Windows\\Inf\\tpm.PNF", "id": "region_3222", "name": "tpm.pnf", "norm_filename": "c:\\windows\\inf\\tpm.pnf", "region_type": "memory_mapped_file", "start_va": 327756283904, "timestamp": "00:01:11.189", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 12288, "start_va": 327756283904, "type": "region", "version": 1 }, "end_va": 327756296191, "entry_point": 327756283904, "filename": "\\Windows\\Inf\\tsgenericusbdriver.PNF", "id": "region_3223", "name": "tsgenericusbdriver.pnf", "norm_filename": "c:\\windows\\inf\\tsgenericusbdriver.pnf", "region_type": "memory_mapped_file", "start_va": 327756283904, "timestamp": "00:01:11.196", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 327756283904, "type": "region", "version": 1 }, "end_va": 327756300287, "entry_point": 327756283904, "filename": "\\Windows\\Inf\\nettun.PNF", "id": "region_3224", "name": "nettun.pnf", "norm_filename": "c:\\windows\\inf\\nettun.pnf", "region_type": "memory_mapped_file", "start_va": 327756283904, "timestamp": "00:01:11.202", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 12288, "start_va": 327756283904, "type": "region", "version": 1 }, "end_va": 327756296191, "entry_point": 327756283904, "filename": "\\Windows\\Inf\\uaspstor.PNF", "id": "region_3226", "name": "uaspstor.pnf", "norm_filename": "c:\\windows\\inf\\uaspstor.pnf", "region_type": "memory_mapped_file", "start_va": 327756283904, "timestamp": "00:01:11.210", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 12288, "start_va": 327756283904, "type": "region", "version": 1 }, "end_va": 327756296191, "entry_point": 327756283904, "filename": "\\Windows\\Inf\\umbus.PNF", "id": "region_3228", "name": "umbus.pnf", "norm_filename": "c:\\windows\\inf\\umbus.pnf", "region_type": "memory_mapped_file", "start_va": 327756283904, "timestamp": "00:01:11.222", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 327756283904, "type": "region", "version": 1 }, "end_va": 327756292095, "entry_point": 327756283904, "filename": "\\Windows\\Inf\\umpass.PNF", "id": "region_3229", "name": "umpass.pnf", "norm_filename": "c:\\windows\\inf\\umpass.pnf", "region_type": "memory_mapped_file", "start_va": 327756283904, "timestamp": "00:01:11.225", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 73728, "start_va": 327757922304, "type": "region", "version": 1 }, "end_va": 327757996031, "entry_point": 327757922304, "filename": "\\Windows\\Inf\\usb.PNF", "id": "region_3230", "name": "usb.pnf", "norm_filename": "c:\\windows\\inf\\usb.pnf", "region_type": "memory_mapped_file", "start_va": 327757922304, "timestamp": "00:01:11.228", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 61440, "start_va": 327756283904, "type": "region", "version": 1 }, "end_va": 327756345343, "entry_point": 327756283904, "filename": "\\Windows\\Inf\\usbcir.PNF", "id": "region_3231", "name": "usbcir.pnf", "norm_filename": "c:\\windows\\inf\\usbcir.pnf", "region_type": "memory_mapped_file", "start_va": 327756283904, "timestamp": "00:01:11.232", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 327757922304, "type": "region", "version": 1 }, "end_va": 327758065663, "entry_point": 327757922304, "filename": "\\Windows\\Inf\\usbport.PNF", "id": "region_3232", "name": "usbport.pnf", "norm_filename": "c:\\windows\\inf\\usbport.pnf", "region_type": "memory_mapped_file", "start_va": 327757922304, "timestamp": "00:01:11.235", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20480, "start_va": 327756283904, "type": "region", "version": 1 }, "end_va": 327756304383, "entry_point": 327756283904, "filename": "\\Windows\\Inf\\usbhub3.PNF", "id": "region_3233", "name": "usbhub3.pnf", "norm_filename": "c:\\windows\\inf\\usbhub3.pnf", "region_type": "memory_mapped_file", "start_va": 327756283904, "timestamp": "00:01:11.242", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 327756283904, "type": "region", "version": 1 }, "end_va": 327756292095, "entry_point": 327756283904, "filename": "\\Windows\\Inf\\usbprint.PNF", "id": "region_3235", "name": "usbprint.pnf", "norm_filename": "c:\\windows\\inf\\usbprint.pnf", "region_type": "memory_mapped_file", "start_va": 327756283904, "timestamp": "00:01:11.246", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 61440, "start_va": 327756283904, "type": "region", "version": 1 }, "end_va": 327756345343, "entry_point": 327756283904, "filename": "\\Windows\\Inf\\usbstor.PNF", "id": "region_3236", "name": "usbstor.pnf", "norm_filename": "c:\\windows\\inf\\usbstor.pnf", "region_type": "memory_mapped_file", "start_va": 327756283904, "timestamp": "00:01:11.249", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 12288, "start_va": 327756283904, "type": "region", "version": 1 }, "end_va": 327756296191, "entry_point": 327756283904, "filename": "\\Windows\\Inf\\usbxhci.PNF", "id": "region_3238", "name": "usbxhci.pnf", "norm_filename": "c:\\windows\\inf\\usbxhci.pnf", "region_type": "memory_mapped_file", "start_va": 327756283904, "timestamp": "00:01:11.253", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 327756283904, "type": "region", "version": 1 }, "end_va": 327756292095, "entry_point": 327756283904, "filename": "\\Windows\\Inf\\vdrvroot.PNF", "id": "region_3239", "name": "vdrvroot.pnf", "norm_filename": "c:\\windows\\inf\\vdrvroot.pnf", "region_type": "memory_mapped_file", "start_va": 327756283904, "timestamp": "00:01:11.256", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 12288, "start_va": 327756283904, "type": "region", "version": 1 }, "end_va": 327756296191, "entry_point": 327756283904, "filename": "\\Windows\\Inf\\volmgr.PNF", "id": "region_3240", "name": "volmgr.pnf", "norm_filename": "c:\\windows\\inf\\volmgr.pnf", "region_type": "memory_mapped_file", "start_va": 327756283904, "timestamp": "00:01:11.268", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 327756283904, "type": "region", "version": 1 }, "end_va": 327756292095, "entry_point": 327756283904, "filename": "\\Windows\\Inf\\volume.PNF", "id": "region_3241", "name": "volume.pnf", "norm_filename": "c:\\windows\\inf\\volume.pnf", "region_type": "memory_mapped_file", "start_va": 327756283904, "timestamp": "00:01:11.272", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 12288, "start_va": 327756283904, "type": "region", "version": 1 }, "end_va": 327756296191, "entry_point": 327756283904, "filename": "\\Windows\\Inf\\wvpcivsp.PNF", "id": "region_3242", "name": "wvpcivsp.pnf", "norm_filename": "c:\\windows\\inf\\wvpcivsp.pnf", "region_type": "memory_mapped_file", "start_va": 327756283904, "timestamp": "00:01:11.278", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 12288, "start_va": 327756283904, "type": "region", "version": 1 }, "end_va": 327756296191, "entry_point": 327756283904, "filename": "\\Windows\\Inf\\wmiacpi.PNF", "id": "region_3243", "name": "wmiacpi.pnf", "norm_filename": "c:\\windows\\inf\\wmiacpi.pnf", "region_type": "memory_mapped_file", "start_va": 327756283904, "timestamp": "00:01:11.302", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 327756283904, "type": "region", "version": 1 }, "end_va": 327756300287, "entry_point": 327756283904, "filename": "\\Windows\\Inf\\hidbthle.PNF", "id": "region_3244", "name": "hidbthle.pnf", "norm_filename": "c:\\windows\\inf\\hidbthle.pnf", "region_type": "memory_mapped_file", "start_va": 327756283904, "timestamp": "00:01:11.315", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 557056, "start_va": 140725072887808, "type": "region", "version": 1 }, "end_va": 140725073444863, "entry_point": 140725072887808, "filename": "\\Windows\\System32\\scesrv.dll", "id": "region_3245", "name": "scesrv.dll", "norm_filename": "c:\\windows\\system32\\scesrv.dll", "region_type": "memory_mapped_file", "start_va": 140725072887808, "timestamp": "00:01:11.331", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 327757922304, "type": "region", "version": 1 }, "end_va": 327758446591, "entry_point": 0, "filename": null, "id": "region_3246", "name": "private_0x0000004c4fe50000", "norm_filename": null, "region_type": "private_memory", "start_va": 327757922304, "timestamp": "00:01:11.347", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140700249604096, "type": "region", "version": 1 }, "end_va": 140700249612287, "entry_point": 0, "filename": null, "id": "region_3247", "name": "private_0x00007ff75465c000", "norm_filename": null, "region_type": "private_memory", "start_va": 140700249604096, "timestamp": "00:01:11.347", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 327758446592, "type": "region", "version": 1 }, "end_va": 327758970879, "entry_point": 0, "filename": null, "id": "region_3248", "name": "private_0x0000004c4fed0000", "norm_filename": null, "region_type": "private_memory", "start_va": 327758446592, "timestamp": "00:01:11.366", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140700249595904, "type": "region", "version": 1 }, "end_va": 140700249604095, "entry_point": 0, "filename": null, "id": "region_3249", "name": "private_0x00007ff75465a000", "norm_filename": null, "region_type": "private_memory", "start_va": 140700249595904, "timestamp": "00:01:11.366", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 294912, "start_va": 140725072560128, "type": "region", "version": 1 }, "end_va": 140725072855039, "entry_point": 140725072560128, "filename": "\\Windows\\System32\\authz.dll", "id": "region_3250", "name": "authz.dll", "norm_filename": "c:\\windows\\system32\\authz.dll", "region_type": "memory_mapped_file", "start_va": 140725072560128, "timestamp": "00:01:11.366", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 32768, "start_va": 327756283904, "type": "region", "version": 1 }, "end_va": 327756316671, "entry_point": 0, "filename": null, "id": "region_3254", "name": "pagefile_0x0000004c4fcc0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 327756283904, "timestamp": "00:01:11.396", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 12288, "start_va": 327758970880, "type": "region", "version": 1 }, "end_va": 327758983167, "entry_point": 0, "filename": null, "id": "region_3301", "name": "pagefile_0x0000004c4ff50000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 327758970880, "timestamp": "00:01:11.630", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 327759036416, "type": "region", "version": 1 }, "end_va": 327759040511, "entry_point": 0, "filename": null, "id": "region_3302", "name": "pagefile_0x0000004c4ff60000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 327759036416, "timestamp": "00:01:11.630", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 327759101952, "type": "region", "version": 1 }, "end_va": 327759626239, "entry_point": 0, "filename": null, "id": "region_3303", "name": "private_0x0000004c4ff70000", "norm_filename": null, "region_type": "private_memory", "start_va": 327759101952, "timestamp": "00:01:11.630", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4169728, "start_va": 327762771968, "type": "region", "version": 1 }, "end_va": 327766941695, "entry_point": 0, "filename": null, "id": "region_3304", "name": "pagefile_0x0000004c502f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 327762771968, "timestamp": "00:01:11.630", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140700249587712, "type": "region", "version": 1 }, "end_va": 140700249595903, "entry_point": 0, "filename": null, "id": "region_3305", "name": "private_0x00007ff754658000", "norm_filename": null, "region_type": "private_memory", "start_va": 140700249587712, "timestamp": "00:01:11.630", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 327766966272, "type": "region", "version": 1 }, "end_va": 327767490559, "entry_point": 0, "filename": null, "id": "region_3388", "name": "private_0x0000004c506f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 327766966272, "timestamp": "00:01:12.079", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140700249571328, "type": "region", "version": 1 }, "end_va": 140700249579519, "entry_point": 0, "filename": null, "id": "region_3389", "name": "private_0x00007ff754654000", "norm_filename": null, "region_type": "private_memory", "start_va": 140700249571328, "timestamp": "00:01:12.079", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 327767490560, "type": "region", "version": 1 }, "end_va": 327768014847, "entry_point": 0, "filename": null, "id": "region_3727", "name": "private_0x0000004c50770000", "norm_filename": null, "region_type": "private_memory", "start_va": 327767490560, "timestamp": "00:01:15.468", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140700248367104, "type": "region", "version": 1 }, "end_va": 140700248375295, "entry_point": 0, "filename": null, "id": "region_3728", "name": "private_0x00007ff75452e000", "norm_filename": null, "region_type": "private_memory", "start_va": 140700248367104, "timestamp": "00:01:15.468", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 327768014848, "type": "region", "version": 1 }, "end_va": 327768539135, "entry_point": 0, "filename": null, "id": "region_3838", "name": "private_0x0000004c507f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 327768014848, "timestamp": "00:01:16.286", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140700248358912, "type": "region", "version": 1 }, "end_va": 140700248367103, "entry_point": 0, "filename": null, "id": "region_3839", "name": "private_0x00007ff75452c000", "norm_filename": null, "region_type": "private_memory", "start_va": 140700248358912, "timestamp": "00:01:16.286", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 327768539136, "type": "region", "version": 1 }, "end_va": 327769063423, "entry_point": 0, "filename": null, "id": "region_4565", "name": "private_0x0000004c50870000", "norm_filename": null, "region_type": "private_memory", "start_va": 327768539136, "timestamp": "00:01:20.333", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 327769063424, "type": "region", "version": 1 }, "end_va": 327769587711, "entry_point": 0, "filename": null, "id": "region_4566", "name": "private_0x0000004c508f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 327769063424, "timestamp": "00:01:20.333", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140700248342528, "type": "region", "version": 1 }, "end_va": 140700248350719, "entry_point": 0, "filename": null, "id": "region_4567", "name": "private_0x00007ff754528000", "norm_filename": null, "region_type": "private_memory", "start_va": 140700248342528, "timestamp": "00:01:20.333", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140700248350720, "type": "region", "version": 1 }, "end_va": 140700248358911, "entry_point": 0, "filename": null, "id": "region_4568", "name": "private_0x00007ff75452a000", "norm_filename": null, "region_type": "private_memory", "start_va": 140700248350720, "timestamp": "00:01:20.333", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 569344, "start_va": 140725066203136, "type": "region", "version": 1 }, "end_va": 140725066772479, "entry_point": 140725066207268, "filename": "\\Windows\\System32\\apphelp.dll", "id": "region_5792", "name": "apphelp.dll", "norm_filename": "c:\\windows\\system32\\apphelp.dll", "region_type": "memory_mapped_file", "start_va": 140725066203136, "timestamp": "00:01:26.147", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 327759626240, "type": "region", "version": 1 }, "end_va": 327759634431, "entry_point": 0, "filename": null, "id": "region_5793", "name": "private_0x0000004c4fff0000", "norm_filename": null, "region_type": "private_memory", "start_va": 327759626240, "timestamp": "00:01:26.149", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 86016, "start_va": 20578304, "type": "region", "version": 1 }, "end_va": 20664319, "entry_point": 20578304, "filename": "\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\armsvc.exe", "id": "region_5794", "name": "armsvc.exe", "norm_filename": "c:\\program files (x86)\\common files\\adobe\\arm\\1.0\\armsvc.exe", "region_type": "memory_mapped_file", "start_va": 20578304, "timestamp": "00:01:26.149", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 3768320, "start_va": 327769587712, "type": "region", "version": 1 }, "end_va": 327773356031, "entry_point": 327769587712, "filename": "\\Windows\\apppatch\\sysmain.sdb", "id": "region_5795", "name": "sysmain.sdb", "norm_filename": "c:\\windows\\apppatch\\sysmain.sdb", "region_type": "memory_mapped_file", "start_va": 327769587712, "timestamp": "00:01:26.159", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 327769587712, "type": "region", "version": 1 }, "end_va": 327770111999, "entry_point": 0, "filename": null, "id": "region_6577", "name": "private_0x0000004c50970000", "norm_filename": null, "region_type": "private_memory", "start_va": 327769587712, "timestamp": "00:01:34.143", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 327770112000, "type": "region", "version": 1 }, "end_va": 327771160575, "entry_point": 0, "filename": null, "id": "region_6578", "name": "private_0x0000004c509f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 327770112000, "timestamp": "00:01:34.143", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140700248334336, "type": "region", "version": 1 }, "end_va": 140700248342527, "entry_point": 0, "filename": null, "id": "region_6579", "name": "private_0x00007ff754526000", "norm_filename": null, "region_type": "private_memory", "start_va": 140700248334336, "timestamp": "00:01:34.143", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 360448, "start_va": 140725127020544, "type": "region", "version": 1 }, "end_va": 140725127380991, "entry_point": 140725127024796, "filename": "\\Windows\\System32\\ws2_32.dll", "id": "region_6720", "name": "ws2_32.dll", "norm_filename": "c:\\windows\\system32\\ws2_32.dll", "region_type": "memory_mapped_file", "start_va": 140725127020544, "timestamp": "00:01:35.388", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 36864, "start_va": 140725103886336, "type": "region", "version": 1 }, "end_va": 140725103923199, "entry_point": 140725103891456, "filename": "\\Windows\\System32\\nsi.dll", "id": "region_6721", "name": "nsi.dll", "norm_filename": "c:\\windows\\system32\\nsi.dll", "region_type": "memory_mapped_file", "start_va": 140725103886336, "timestamp": "00:01:35.389", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 360448, "start_va": 140725079375872, "type": "region", "version": 1 }, "end_va": 140725079736319, "entry_point": 140725079379984, "filename": "\\Windows\\System32\\mswsock.dll", "id": "region_6722", "name": "mswsock.dll", "norm_filename": "c:\\windows\\system32\\mswsock.dll", "region_type": "memory_mapped_file", "start_va": 140725079375872, "timestamp": "00:01:35.392", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 327771160576, "type": "region", "version": 1 }, "end_va": 327771684863, "entry_point": 0, "filename": null, "id": "region_6768", "name": "private_0x0000004c50af0000", "norm_filename": null, "region_type": "private_memory", "start_va": 327771160576, "timestamp": "00:01:35.625", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 327771684864, "type": "region", "version": 1 }, "end_va": 327772209151, "entry_point": 0, "filename": null, "id": "region_6769", "name": "private_0x0000004c50b70000", "norm_filename": null, "region_type": "private_memory", "start_va": 327771684864, "timestamp": "00:01:35.625", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 327772209152, "type": "region", "version": 1 }, "end_va": 327772733439, "entry_point": 0, "filename": null, "id": "region_6770", "name": "private_0x0000004c50bf0000", "norm_filename": null, "region_type": "private_memory", "start_va": 327772209152, "timestamp": "00:01:35.625", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140700248309760, "type": "region", "version": 1 }, "end_va": 140700248317951, "entry_point": 0, "filename": null, "id": "region_6771", "name": "private_0x00007ff754520000", "norm_filename": null, "region_type": "private_memory", "start_va": 140700248309760, "timestamp": "00:01:35.625", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140700248317952, "type": "region", "version": 1 }, "end_va": 140700248326143, "entry_point": 0, "filename": null, "id": "region_6772", "name": "private_0x00007ff754522000", "norm_filename": null, "region_type": "private_memory", "start_va": 140700248317952, "timestamp": "00:01:35.625", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140700248326144, "type": "region", "version": 1 }, "end_va": 140700248334335, "entry_point": 0, "filename": null, "id": "region_6773", "name": "private_0x00007ff754524000", "norm_filename": null, "region_type": "private_memory", "start_va": 140700248326144, "timestamp": "00:01:35.625", "type": "region", "version": 1 } ], "terminate_reason": "timeout", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "C:\\Windows\\system32\\lsass.exe", "filename": "c:\\windows\\system32\\lsass.exe", "id": "proc_40", "image_name": "lsass.exe", "monitor_reason": "child_process", "monitored_id": 40, "origin_monitor_id": 36, "ref_parent_process": { "ref_id": "proc_36", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable" ], "ref_process_dump": null, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_2924", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:01:09.856", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 131072, "start_va": 1029036244992, "type": "region", "version": 1 }, "end_va": 1029036376063, "entry_point": 0, "filename": null, "id": "region_2925", "name": "private_0x000000ef97570000", "norm_filename": null, "region_type": "private_memory", "start_va": 1029036244992, "timestamp": "00:01:09.856", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 61440, "start_va": 1029036376064, "type": "region", "version": 1 }, "end_va": 1029036437503, "entry_point": 0, "filename": null, "id": "region_2926", "name": "pagefile_0x000000ef97590000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1029036376064, "timestamp": "00:01:09.856", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 1029036441600, "type": "region", "version": 1 }, "end_va": 1029036965887, "entry_point": 0, "filename": null, "id": "region_2927", "name": "private_0x000000ef975a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1029036441600, "timestamp": "00:01:09.856", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 1029036965888, "type": "region", "version": 1 }, "end_va": 1029036982271, "entry_point": 0, "filename": null, "id": "region_2928", "name": "pagefile_0x000000ef97620000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1029036965888, "timestamp": "00:01:09.856", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 140700080209920, "type": "region", "version": 1 }, "end_va": 140700080353279, "entry_point": 0, "filename": null, "id": "region_2929", "name": "pagefile_0x00007ff74a4d0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 140700080209920, "timestamp": "00:01:09.856", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 140700080390144, "type": "region", "version": 1 }, "end_va": 140700080394239, "entry_point": 0, "filename": null, "id": "region_2930", "name": "private_0x00007ff74a4fc000", "norm_filename": null, "region_type": "private_memory", "start_va": 140700080390144, "timestamp": "00:01:09.856", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140700080398336, "type": "region", "version": 1 }, "end_va": 140700080406527, "entry_point": 0, "filename": null, "id": "region_2931", "name": "private_0x00007ff74a4fe000", "norm_filename": null, "region_type": "private_memory", "start_va": 140700080398336, "timestamp": "00:01:09.856", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 57344, "start_va": 140700093054976, "type": "region", "version": 1 }, "end_va": 140700093112319, "entry_point": 140700093054976, "filename": "\\Windows\\System32\\lsass.exe", "id": "region_2932", "name": "lsass.exe", "norm_filename": "c:\\windows\\system32\\lsass.exe", "region_type": "memory_mapped_file", "start_va": 140700093054976, "timestamp": "00:01:09.856", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 140725133115392, "type": "region", "version": 1 }, "end_va": 140725134856191, "entry_point": 140725133115392, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_2933", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 140725133115392, "timestamp": "00:01:09.866", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 1029037031424, "type": "region", "version": 1 }, "end_va": 1029037035519, "entry_point": 0, "filename": null, "id": "region_2934", "name": "pagefile_0x000000ef97630000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1029037031424, "timestamp": "00:01:09.867", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 1029037096960, "type": "region", "version": 1 }, "end_va": 1029037105151, "entry_point": 0, "filename": null, "id": "region_2935", "name": "private_0x000000ef97640000", "norm_filename": null, "region_type": "private_memory", "start_va": 1029037096960, "timestamp": "00:01:09.867", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 1029038014464, "type": "region", "version": 1 }, "end_va": 1029039063039, "entry_point": 0, "filename": null, "id": "region_2949", "name": "private_0x000000ef97720000", "norm_filename": null, "region_type": "private_memory", "start_va": 1029038014464, "timestamp": "00:01:09.915", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1105920, "start_va": 140725090648064, "type": "region", "version": 1 }, "end_va": 140725091753983, "entry_point": 140725090656928, "filename": "\\Windows\\System32\\KernelBase.dll", "id": "region_2950", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\system32\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 140725090648064, "timestamp": "00:01:09.916", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1282048, "start_va": 140725124988928, "type": "region", "version": 1 }, "end_va": 140725126270975, "entry_point": 140725125009460, "filename": "\\Windows\\System32\\kernel32.dll", "id": "region_2951", "name": "kernel32.dll", "norm_filename": "c:\\windows\\system32\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 140725124988928, "timestamp": "00:01:09.917", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 1029036244992, "type": "region", "version": 1 }, "end_va": 1029036310527, "entry_point": 0, "filename": null, "id": "region_2952", "name": "pagefile_0x000000ef97570000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1029036244992, "timestamp": "00:01:09.918", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 140700079161344, "type": "region", "version": 1 }, "end_va": 140700080209919, "entry_point": 0, "filename": null, "id": "region_2953", "name": "pagefile_0x00007ff74a3d0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 140700079161344, "timestamp": "00:01:09.918", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 516096, "start_va": 1029037162496, "type": "region", "version": 1 }, "end_va": 1029037678591, "entry_point": 1029037162496, "filename": "\\Windows\\System32\\locale.nls", "id": "region_2954", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 1029037162496, "timestamp": "00:01:09.920", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1269760, "start_va": 140725127806976, "type": "region", "version": 1 }, "end_va": 140725129076735, "entry_point": 140725127811408, "filename": "\\Windows\\System32\\rpcrt4.dll", "id": "region_2955", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\system32\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 140725127806976, "timestamp": "00:01:09.921", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 45056, "start_va": 140725084553216, "type": "region", "version": 1 }, "end_va": 140725084598271, "entry_point": 140725084553216, "filename": "\\Windows\\System32\\sspisrv.dll", "id": "region_2956", "name": "sspisrv.dll", "norm_filename": "c:\\windows\\system32\\sspisrv.dll", "region_type": "memory_mapped_file", "start_va": 140725084553216, "timestamp": "00:01:09.923", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 1029036310528, "type": "region", "version": 1 }, "end_va": 1029036314623, "entry_point": 0, "filename": null, "id": "region_2957", "name": "pagefile_0x000000ef97580000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1029036310528, "timestamp": "00:01:09.950", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 1029039063040, "type": "region", "version": 1 }, "end_va": 1029039587327, "entry_point": 0, "filename": null, "id": "region_2958", "name": "private_0x000000ef97820000", "norm_filename": null, "region_type": "private_memory", "start_va": 1029039063040, "timestamp": "00:01:09.950", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140700080381952, "type": "region", "version": 1 }, "end_va": 140700080390143, "entry_point": 0, "filename": null, "id": "region_2959", "name": "private_0x00007ff74a4fa000", "norm_filename": null, "region_type": "private_memory", "start_va": 140700080381952, "timestamp": "00:01:09.950", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1429504, "start_va": 140725083111424, "type": "region", "version": 1 }, "end_va": 140725084540927, "entry_point": 140725083111424, "filename": "\\Windows\\System32\\lsasrv.dll", "id": "region_2960", "name": "lsasrv.dll", "norm_filename": "c:\\windows\\system32\\lsasrv.dll", "region_type": "memory_mapped_file", "start_va": 140725083111424, "timestamp": "00:01:09.950", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 684032, "start_va": 140725098577920, "type": "region", "version": 1 }, "end_va": 140725099261951, "entry_point": 140725098588204, "filename": "\\Windows\\System32\\msvcrt.dll", "id": "region_2961", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\system32\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 140725098577920, "timestamp": "00:01:09.968", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 176128, "start_va": 140725084618752, "type": "region", "version": 1 }, "end_va": 140725084794879, "entry_point": 140725084624016, "filename": "\\Windows\\System32\\sspicli.dll", "id": "region_2962", "name": "sspicli.dll", "norm_filename": "c:\\windows\\system32\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 140725084618752, "timestamp": "00:01:09.969", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 28672, "start_va": 1029037686784, "type": "region", "version": 1 }, "end_va": 1029037715455, "entry_point": 0, "filename": null, "id": "region_2963", "name": "private_0x000000ef976d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1029037686784, "timestamp": "00:01:09.970", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 356352, "start_va": 140725098184704, "type": "region", "version": 1 }, "end_va": 140725098541055, "entry_point": 140725098194176, "filename": "\\Windows\\System32\\sechost.dll", "id": "region_2964", "name": "sechost.dll", "norm_filename": "c:\\windows\\system32\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 140725098184704, "timestamp": "00:01:09.970", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 303104, "start_va": 140725090320384, "type": "region", "version": 1 }, "end_va": 140725090623487, "entry_point": 140725090320384, "filename": "\\Windows\\System32\\cfgmgr32.dll", "id": "region_2965", "name": "cfgmgr32.dll", "norm_filename": "c:\\windows\\system32\\cfgmgr32.dll", "region_type": "memory_mapped_file", "start_va": 140725090320384, "timestamp": "00:01:09.971", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 73728, "start_va": 140725087174656, "type": "region", "version": 1 }, "end_va": 140725087248383, "entry_point": 140725087174656, "filename": "\\Windows\\System32\\msasn1.dll", "id": "region_2966", "name": "msasn1.dll", "norm_filename": "c:\\windows\\system32\\msasn1.dll", "region_type": "memory_mapped_file", "start_va": 140725087174656, "timestamp": "00:01:09.978", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1179648, "start_va": 1029039587328, "type": "region", "version": 1 }, "end_va": 1029040766975, "entry_point": 0, "filename": null, "id": "region_2967", "name": "private_0x000000ef978a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1029039587328, "timestamp": "00:01:09.988", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 28672, "start_va": 1029037752320, "type": "region", "version": 1 }, "end_va": 1029037780991, "entry_point": 0, "filename": null, "id": "region_2968", "name": "private_0x000000ef976e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1029037752320, "timestamp": "00:01:09.989", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 847872, "start_va": 140725082259456, "type": "region", "version": 1 }, "end_va": 140725083107327, "entry_point": 140725082259456, "filename": "\\Windows\\System32\\samsrv.dll", "id": "region_2970", "name": "samsrv.dll", "norm_filename": "c:\\windows\\system32\\samsrv.dll", "region_type": "memory_mapped_file", "start_va": 140725082259456, "timestamp": "00:01:10.007", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 1029037817856, "type": "region", "version": 1 }, "end_va": 1029037883391, "entry_point": 0, "filename": null, "id": "region_2971", "name": "pagefile_0x000000ef976f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1029037817856, "timestamp": "00:01:10.024", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 1029039587328, "type": "region", "version": 1 }, "end_va": 1029040111615, "entry_point": 0, "filename": null, "id": "region_2972", "name": "private_0x000000ef978a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1029039587328, "timestamp": "00:01:10.024", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 1029040701440, "type": "region", "version": 1 }, "end_va": 1029040766975, "entry_point": 0, "filename": null, "id": "region_2973", "name": "private_0x000000ef979b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1029040701440, "timestamp": "00:01:10.024", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140700080373760, "type": "region", "version": 1 }, "end_va": 140700080381951, "entry_point": 0, "filename": null, "id": "region_2974", "name": "private_0x00007ff74a4f8000", "norm_filename": null, "region_type": "private_memory", "start_va": 140700080373760, "timestamp": "00:01:10.024", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1052672, "start_va": 1029040766976, "type": "region", "version": 1 }, "end_va": 1029041819647, "entry_point": 0, "filename": null, "id": "region_2975", "name": "private_0x000000ef979c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1029040766976, "timestamp": "00:01:10.025", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 1029037883392, "type": "region", "version": 1 }, "end_va": 1029037948927, "entry_point": 0, "filename": null, "id": "region_2981", "name": "pagefile_0x000000ef97700000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1029037883392, "timestamp": "00:01:10.039", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 155648, "start_va": 140725082062848, "type": "region", "version": 1 }, "end_va": 140725082218495, "entry_point": 140725082062848, "filename": "\\Windows\\System32\\bcrypt.dll", "id": "region_2982", "name": "bcrypt.dll", "norm_filename": "c:\\windows\\system32\\bcrypt.dll", "region_type": "memory_mapped_file", "start_va": 140725082062848, "timestamp": "00:01:10.041", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 147456, "start_va": 140725081866240, "type": "region", "version": 1 }, "end_va": 140725082013695, "entry_point": 140725081866240, "filename": "\\Windows\\System32\\ncrypt.dll", "id": "region_2983", "name": "ncrypt.dll", "norm_filename": "c:\\windows\\system32\\ncrypt.dll", "region_type": "memory_mapped_file", "start_va": 140725081866240, "timestamp": "00:01:10.052", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 237568, "start_va": 140725081604096, "type": "region", "version": 1 }, "end_va": 140725081841663, "entry_point": 140725081604096, "filename": "\\Windows\\System32\\ntasn1.dll", "id": "region_2984", "name": "ntasn1.dll", "norm_filename": "c:\\windows\\system32\\ntasn1.dll", "region_type": "memory_mapped_file", "start_va": 140725081604096, "timestamp": "00:01:10.063", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 1029040111616, "type": "region", "version": 1 }, "end_va": 1029040635903, "entry_point": 0, "filename": null, "id": "region_2985", "name": "private_0x000000ef97920000", "norm_filename": null, "region_type": "private_memory", "start_va": 1029040111616, "timestamp": "00:01:10.071", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140700080365568, "type": "region", "version": 1 }, "end_va": 140700080373759, "entry_point": 0, "filename": null, "id": "region_2986", "name": "private_0x00007ff74a4f6000", "norm_filename": null, "region_type": "private_memory", "start_va": 140700080365568, "timestamp": "00:01:10.071", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 1029040766976, "type": "region", "version": 1 }, "end_va": 1029041291263, "entry_point": 0, "filename": null, "id": "region_2987", "name": "private_0x000000ef979c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1029040766976, "timestamp": "00:01:10.072", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140700080357376, "type": "region", "version": 1 }, "end_va": 140700080365567, "entry_point": 0, "filename": null, "id": "region_2988", "name": "private_0x00007ff74a4f4000", "norm_filename": null, "region_type": "private_memory", "start_va": 140700080357376, "timestamp": "00:01:10.072", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 12288, "start_va": 1029037948928, "type": "region", "version": 1 }, "end_va": 1029037961215, "entry_point": 0, "filename": null, "id": "region_2989", "name": "pagefile_0x000000ef97710000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1029037948928, "timestamp": "00:01:10.080", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 1029040635904, "type": "region", "version": 1 }, "end_va": 1029040639999, "entry_point": 0, "filename": null, "id": "region_2990", "name": "pagefile_0x000000ef979a0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1029040635904, "timestamp": "00:01:10.080", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4169728, "start_va": 1029041291264, "type": "region", "version": 1 }, "end_va": 1029045460991, "entry_point": 0, "filename": null, "id": "region_2991", "name": "pagefile_0x000000ef97a40000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1029041291264, "timestamp": "00:01:10.080", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 8192, "start_va": 140725081538560, "type": "region", "version": 1 }, "end_va": 140725081546751, "entry_point": 140725081538560, "filename": "\\Windows\\System32\\msprivs.dll", "id": "region_3030", "name": "msprivs.dll", "norm_filename": "c:\\windows\\system32\\msprivs.dll", "region_type": "memory_mapped_file", "start_va": 140725081538560, "timestamp": "00:01:10.288", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 327680, "start_va": 140725081210880, "type": "region", "version": 1 }, "end_va": 140725081538559, "entry_point": 140725081210880, "filename": "\\Windows\\System32\\netjoin.dll", "id": "region_3031", "name": "netjoin.dll", "norm_filename": "c:\\windows\\system32\\netjoin.dll", "region_type": "memory_mapped_file", "start_va": 140725081210880, "timestamp": "00:01:10.305", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 155648, "start_va": 140725081014272, "type": "region", "version": 1 }, "end_va": 140725081169919, "entry_point": 140725081014272, "filename": "\\Windows\\System32\\negoexts.dll", "id": "region_3032", "name": "negoexts.dll", "norm_filename": "c:\\windows\\system32\\negoexts.dll", "region_type": "memory_mapped_file", "start_va": 140725081014272, "timestamp": "00:01:10.317", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 140725085208576, "type": "region", "version": 1 }, "end_va": 140725085249535, "entry_point": 140725085212688, "filename": "\\Windows\\System32\\cryptbase.dll", "id": "region_3033", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\system32\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 140725085208576, "timestamp": "00:01:10.334", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 98304, "start_va": 140725080883200, "type": "region", "version": 1 }, "end_va": 140725080981503, "entry_point": 140725080883200, "filename": "\\Windows\\System32\\cryptdll.dll", "id": "region_3034", "name": "cryptdll.dll", "norm_filename": "c:\\windows\\system32\\cryptdll.dll", "region_type": "memory_mapped_file", "start_va": 140725080883200, "timestamp": "00:01:10.337", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 385024, "start_va": 140725084815360, "type": "region", "version": 1 }, "end_va": 140725085200383, "entry_point": 140725084944032, "filename": "\\Windows\\System32\\bcryptprimitives.dll", "id": "region_3035", "name": "bcryptprimitives.dll", "norm_filename": "c:\\windows\\system32\\bcryptprimitives.dll", "region_type": "memory_mapped_file", "start_va": 140725084815360, "timestamp": "00:01:10.345", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 962560, "start_va": 140725079900160, "type": "region", "version": 1 }, "end_va": 140725080862719, "entry_point": 140725079900160, "filename": "\\Windows\\System32\\kerberos.dll", "id": "region_3036", "name": "kerberos.dll", "norm_filename": "c:\\windows\\system32\\kerberos.dll", "region_type": "memory_mapped_file", "start_va": 140725079900160, "timestamp": "00:01:10.363", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 1029045485568, "type": "region", "version": 1 }, "end_va": 1029045551103, "entry_point": 0, "filename": null, "id": "region_3037", "name": "pagefile_0x000000ef97e40000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1029045485568, "timestamp": "00:01:10.383", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 122880, "start_va": 140725079769088, "type": "region", "version": 1 }, "end_va": 140725079891967, "entry_point": 140725079769088, "filename": "\\Windows\\System32\\cryptsp.dll", "id": "region_3038", "name": "cryptsp.dll", "norm_filename": "c:\\windows\\system32\\cryptsp.dll", "region_type": "memory_mapped_file", "start_va": 140725079769088, "timestamp": "00:01:10.386", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 1029045551104, "type": "region", "version": 1 }, "end_va": 1029045555199, "entry_point": 0, "filename": null, "id": "region_3039", "name": "private_0x000000ef97e50000", "norm_filename": null, "region_type": "private_memory", "start_va": 1029045551104, "timestamp": "00:01:10.397", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 360448, "start_va": 140725127020544, "type": "region", "version": 1 }, "end_va": 140725127380991, "entry_point": 140725127020544, "filename": "\\Windows\\System32\\ws2_32.dll", "id": "region_3042", "name": "ws2_32.dll", "norm_filename": "c:\\windows\\system32\\ws2_32.dll", "region_type": "memory_mapped_file", "start_va": 140725127020544, "timestamp": "00:01:10.398", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 36864, "start_va": 140725103886336, "type": "region", "version": 1 }, "end_va": 140725103923199, "entry_point": 140725103886336, "filename": "\\Windows\\System32\\nsi.dll", "id": "region_3043", "name": "nsi.dll", "norm_filename": "c:\\windows\\system32\\nsi.dll", "region_type": "memory_mapped_file", "start_va": 140725103886336, "timestamp": "00:01:10.405", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 360448, "start_va": 140725079375872, "type": "region", "version": 1 }, "end_va": 140725079736319, "entry_point": 140725079375872, "filename": "\\Windows\\System32\\mswsock.dll", "id": "region_3044", "name": "mswsock.dll", "norm_filename": "c:\\windows\\system32\\mswsock.dll", "region_type": "memory_mapped_file", "start_va": 140725079375872, "timestamp": "00:01:10.419", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 1029045551104, "type": "region", "version": 1 }, "end_va": 1029045555199, "entry_point": 0, "filename": null, "id": "region_3074", "name": "pagefile_0x000000ef97e50000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1029045551104, "timestamp": "00:01:10.492", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1052672, "start_va": 1029045551104, "type": "region", "version": 1 }, "end_va": 1029046603775, "entry_point": 0, "filename": null, "id": "region_3075", "name": "private_0x000000ef97e50000", "norm_filename": null, "region_type": "private_memory", "start_va": 1029045551104, "timestamp": "00:01:10.492", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 425984, "start_va": 140725078523904, "type": "region", "version": 1 }, "end_va": 140725078949887, "entry_point": 140725078523904, "filename": "\\Windows\\System32\\msv1_0.dll", "id": "region_3078", "name": "msv1_0.dll", "norm_filename": "c:\\windows\\system32\\msv1_0.dll", "region_type": "memory_mapped_file", "start_va": 140725078523904, "timestamp": "00:01:10.500", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 1029045551104, "type": "region", "version": 1 }, "end_va": 1029045616639, "entry_point": 0, "filename": null, "id": "region_3079", "name": "pagefile_0x000000ef97e50000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1029045551104, "timestamp": "00:01:10.515", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 847872, "start_va": 140725077671936, "type": "region", "version": 1 }, "end_va": 140725078519807, "entry_point": 140725077671936, "filename": "\\Windows\\System32\\netlogon.dll", "id": "region_3081", "name": "netlogon.dll", "norm_filename": "c:\\windows\\system32\\netlogon.dll", "region_type": "memory_mapped_file", "start_va": 140725077671936, "timestamp": "00:01:10.528", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 667648, "start_va": 140725076951040, "type": "region", "version": 1 }, "end_va": 140725077618687, "entry_point": 140725076951040, "filename": "\\Windows\\System32\\dnsapi.dll", "id": "region_3082", "name": "dnsapi.dll", "norm_filename": "c:\\windows\\system32\\dnsapi.dll", "region_type": "memory_mapped_file", "start_va": 140725076951040, "timestamp": "00:01:10.552", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 249856, "start_va": 140725076688896, "type": "region", "version": 1 }, "end_va": 140725076938751, "entry_point": 140725076688896, "filename": "\\Windows\\System32\\logoncli.dll", "id": "region_3083", "name": "logoncli.dll", "norm_filename": "c:\\windows\\system32\\logoncli.dll", "region_type": "memory_mapped_file", "start_va": 140725076688896, "timestamp": "00:01:10.561", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 282624, "start_va": 140725086126080, "type": "region", "version": 1 }, "end_va": 140725086408703, "entry_point": 140725086130832, "filename": "\\Windows\\System32\\powrprof.dll", "id": "region_3084", "name": "powrprof.dll", "norm_filename": "c:\\windows\\system32\\powrprof.dll", "region_type": "memory_mapped_file", "start_va": 140725086126080, "timestamp": "00:01:10.566", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 126976, "start_va": 140725076557824, "type": "region", "version": 1 }, "end_va": 140725076684799, "entry_point": 140725076557824, "filename": "\\Windows\\System32\\userenv.dll", "id": "region_3085", "name": "userenv.dll", "norm_filename": "c:\\windows\\system32\\userenv.dll", "region_type": "memory_mapped_file", "start_va": 140725076557824, "timestamp": "00:01:10.575", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 675840, "start_va": 140725126299648, "type": "region", "version": 1 }, "end_va": 140725126975487, "entry_point": 140725126303760, "filename": "\\Windows\\System32\\advapi32.dll", "id": "region_3086", "name": "advapi32.dll", "norm_filename": "c:\\windows\\system32\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 140725126299648, "timestamp": "00:01:10.580", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 81920, "start_va": 140725086453760, "type": "region", "version": 1 }, "end_va": 140725086535679, "entry_point": 140725086468812, "filename": "\\Windows\\System32\\profapi.dll", "id": "region_3087", "name": "profapi.dll", "norm_filename": "c:\\windows\\system32\\profapi.dll", "region_type": "memory_mapped_file", "start_va": 140725086453760, "timestamp": "00:01:10.588", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 110592, "start_va": 140725076426752, "type": "region", "version": 1 }, "end_va": 140725076537343, "entry_point": 140725076426752, "filename": "\\Windows\\System32\\TSpkg.dll", "id": "region_3088", "name": "tspkg.dll", "norm_filename": "c:\\windows\\system32\\tspkg.dll", "region_type": "memory_mapped_file", "start_va": 140725076426752, "timestamp": "00:01:10.599", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 290816, "start_va": 140725076099072, "type": "region", "version": 1 }, "end_va": 140725076389887, "entry_point": 140725076099072, "filename": "\\Windows\\System32\\pku2u.dll", "id": "region_3090", "name": "pku2u.dll", "norm_filename": "c:\\windows\\system32\\pku2u.dll", "region_type": "memory_mapped_file", "start_va": 140725076099072, "timestamp": "00:01:10.613", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 376832, "start_va": 140725075705856, "type": "region", "version": 1 }, "end_va": 140725076082687, "entry_point": 140725075705856, "filename": "\\Windows\\System32\\livessp.dll", "id": "region_3091", "name": "livessp.dll", "norm_filename": "c:\\windows\\system32\\livessp.dll", "region_type": "memory_mapped_file", "start_va": 140725075705856, "timestamp": "00:01:10.629", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 217088, "start_va": 140725075443712, "type": "region", "version": 1 }, "end_va": 140725075660799, "entry_point": 140725075443712, "filename": "\\Windows\\System32\\rsaenh.dll", "id": "region_3093", "name": "rsaenh.dll", "norm_filename": "c:\\windows\\system32\\rsaenh.dll", "region_type": "memory_mapped_file", "start_va": 140725075443712, "timestamp": "00:01:10.645", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 237568, "start_va": 140725075181568, "type": "region", "version": 1 }, "end_va": 140725075419135, "entry_point": 140725075181568, "filename": "\\Windows\\System32\\wdigest.dll", "id": "region_3094", "name": "wdigest.dll", "norm_filename": "c:\\windows\\system32\\wdigest.dll", "region_type": "memory_mapped_file", "start_va": 140725075181568, "timestamp": "00:01:10.655", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 69632, "start_va": 1029045551104, "type": "region", "version": 1 }, "end_va": 1029045620735, "entry_point": 1029045551104, "filename": "\\Windows\\System32\\C_28591.NLS", "id": "region_3096", "name": "c_28591.nls", "norm_filename": "c:\\windows\\system32\\c_28591.nls", "region_type": "memory_mapped_file", "start_va": 1029045551104, "timestamp": "00:01:10.668", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2969600, "start_va": 1029045682176, "type": "region", "version": 1 }, "end_va": 1029048651775, "entry_point": 1029045682176, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_3097", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 1029045682176, "timestamp": "00:01:10.669", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 442368, "start_va": 140725074722816, "type": "region", "version": 1 }, "end_va": 140725075165183, "entry_point": 140725074722816, "filename": "\\Windows\\System32\\schannel.dll", "id": "region_3098", "name": "schannel.dll", "norm_filename": "c:\\windows\\system32\\schannel.dll", "region_type": "memory_mapped_file", "start_va": 140725074722816, "timestamp": "00:01:10.677", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1929216, "start_va": 140725088026624, "type": "region", "version": 1 }, "end_va": 140725089955839, "entry_point": 140725088026624, "filename": "\\Windows\\System32\\crypt32.dll", "id": "region_3099", "name": "crypt32.dll", "norm_filename": "c:\\windows\\system32\\crypt32.dll", "region_type": "memory_mapped_file", "start_va": 140725088026624, "timestamp": "00:01:10.683", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 1029048696832, "type": "region", "version": 1 }, "end_va": 1029048762367, "entry_point": 0, "filename": null, "id": "region_3100", "name": "pagefile_0x000000ef98150000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1029048696832, "timestamp": "00:01:10.695", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 1029048696832, "type": "region", "version": 1 }, "end_va": 1029048700927, "entry_point": 0, "filename": null, "id": "region_3101", "name": "private_0x000000ef98150000", "norm_filename": null, "region_type": "private_memory", "start_va": 1029048696832, "timestamp": "00:01:10.697", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 73728, "start_va": 140725074591744, "type": "region", "version": 1 }, "end_va": 140725074665471, "entry_point": 140725074591744, "filename": "\\Windows\\System32\\efslsaext.dll", "id": "region_3102", "name": "efslsaext.dll", "norm_filename": "c:\\windows\\system32\\efslsaext.dll", "region_type": "memory_mapped_file", "start_va": 140725074591744, "timestamp": "00:01:10.705", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 208896, "start_va": 140725074329600, "type": "region", "version": 1 }, "end_va": 140725074538495, "entry_point": 140725074329600, "filename": "\\Windows\\System32\\dpapisrv.dll", "id": "region_3103", "name": "dpapisrv.dll", "norm_filename": "c:\\windows\\system32\\dpapisrv.dll", "region_type": "memory_mapped_file", "start_va": 140725074329600, "timestamp": "00:01:10.717", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 1029048762368, "type": "region", "version": 1 }, "end_va": 1029049286655, "entry_point": 0, "filename": null, "id": "region_3104", "name": "private_0x000000ef98160000", "norm_filename": null, "region_type": "private_memory", "start_va": 1029048762368, "timestamp": "00:01:10.731", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140700079153152, "type": "region", "version": 1 }, "end_va": 140700079161343, "entry_point": 0, "filename": null, "id": "region_3105", "name": "private_0x00007ff74a3ce000", "norm_filename": null, "region_type": "private_memory", "start_va": 140700079153152, "timestamp": "00:01:10.731", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 1029049286656, "type": "region", "version": 1 }, "end_va": 1029049290751, "entry_point": 0, "filename": null, "id": "region_3106", "name": "private_0x000000ef981e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1029049286656, "timestamp": "00:01:10.732", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 1029049352192, "type": "region", "version": 1 }, "end_va": 1029049356287, "entry_point": 0, "filename": null, "id": "region_3107", "name": "private_0x000000ef981f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1029049352192, "timestamp": "00:01:10.732", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 1029049417728, "type": "region", "version": 1 }, "end_va": 1029049421823, "entry_point": 0, "filename": null, "id": "region_3108", "name": "private_0x000000ef98200000", "norm_filename": null, "region_type": "private_memory", "start_va": 1029049417728, "timestamp": "00:01:10.733", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 1029049483264, "type": "region", "version": 1 }, "end_va": 1029049487359, "entry_point": 0, "filename": null, "id": "region_3109", "name": "private_0x000000ef98210000", "norm_filename": null, "region_type": "private_memory", "start_va": 1029049483264, "timestamp": "00:01:10.733", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 1029049548800, "type": "region", "version": 1 }, "end_va": 1029049552895, "entry_point": 0, "filename": null, "id": "region_3110", "name": "private_0x000000ef98220000", "norm_filename": null, "region_type": "private_memory", "start_va": 1029049548800, "timestamp": "00:01:10.733", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 1029049614336, "type": "region", "version": 1 }, "end_va": 1029049618431, "entry_point": 0, "filename": null, "id": "region_3111", "name": "private_0x000000ef98230000", "norm_filename": null, "region_type": "private_memory", "start_va": 1029049614336, "timestamp": "00:01:10.734", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 1029049679872, "type": "region", "version": 1 }, "end_va": 1029049683967, "entry_point": 0, "filename": null, "id": "region_3112", "name": "private_0x000000ef98240000", "norm_filename": null, "region_type": "private_memory", "start_va": 1029049679872, "timestamp": "00:01:10.734", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 1029049745408, "type": "region", "version": 1 }, "end_va": 1029049749503, "entry_point": 0, "filename": null, "id": "region_3113", "name": "private_0x000000ef98250000", "norm_filename": null, "region_type": "private_memory", "start_va": 1029049745408, "timestamp": "00:01:10.734", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 140725074264064, "type": "region", "version": 1 }, "end_va": 140725074305023, "entry_point": 140725074264064, "filename": "\\Windows\\System32\\credssp.dll", "id": "region_3114", "name": "credssp.dll", "norm_filename": "c:\\windows\\system32\\credssp.dll", "region_type": "memory_mapped_file", "start_va": 140725074264064, "timestamp": "00:01:10.737", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 1029049810944, "type": "region", "version": 1 }, "end_va": 1029050335231, "entry_point": 0, "filename": null, "id": "region_3115", "name": "private_0x000000ef98260000", "norm_filename": null, "region_type": "private_memory", "start_va": 1029049810944, "timestamp": "00:01:10.749", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140700079144960, "type": "region", "version": 1 }, "end_va": 140700079153151, "entry_point": 0, "filename": null, "id": "region_3116", "name": "private_0x00007ff74a3cc000", "norm_filename": null, "region_type": "private_memory", "start_va": 140700079144960, "timestamp": "00:01:10.749", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 1029050335232, "type": "region", "version": 1 }, "end_va": 1029050859519, "entry_point": 0, "filename": null, "id": "region_3117", "name": "private_0x000000ef982e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1029050335232, "timestamp": "00:01:10.750", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140700079136768, "type": "region", "version": 1 }, "end_va": 140700079144959, "entry_point": 0, "filename": null, "id": "region_3118", "name": "private_0x00007ff74a3ca000", "norm_filename": null, "region_type": "private_memory", "start_va": 140700079136768, "timestamp": "00:01:10.750", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 1029050859520, "type": "region", "version": 1 }, "end_va": 1029051383807, "entry_point": 0, "filename": null, "id": "region_3119", "name": "private_0x000000ef98360000", "norm_filename": null, "region_type": "private_memory", "start_va": 1029050859520, "timestamp": "00:01:10.758", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140700079128576, "type": "region", "version": 1 }, "end_va": 140700079136767, "entry_point": 0, "filename": null, "id": "region_3120", "name": "private_0x00007ff74a3c8000", "norm_filename": null, "region_type": "private_memory", "start_va": 140700079128576, "timestamp": "00:01:10.758", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 1029050859520, "type": "region", "version": 1 }, "end_va": 1029050863615, "entry_point": 1029050859520, "filename": "\\Windows\\System32\\Microsoft\\Protect\\S-1-5-18\\User\\b2178b99-f9f6-47ad-b0eb-4e709bc8dfda", "id": "region_3121", "name": "b2178b99-f9f6-47ad-b0eb-4e709bc8dfda", "norm_filename": "c:\\windows\\system32\\microsoft\\protect\\s-1-5-18\\user\\b2178b99-f9f6-47ad-b0eb-4e709bc8dfda", "region_type": "memory_mapped_file", "start_va": 1029050859520, "timestamp": "00:01:10.762", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 1029050859520, "type": "region", "version": 1 }, "end_va": 1029050863615, "entry_point": 0, "filename": null, "id": "region_3123", "name": "private_0x000000ef98360000", "norm_filename": null, "region_type": "private_memory", "start_va": 1029050859520, "timestamp": "00:01:10.776", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 290816, "start_va": 140725073936384, "type": "region", "version": 1 }, "end_va": 140725074227199, "entry_point": 140725073936384, "filename": "\\Windows\\System32\\scecli.dll", "id": "region_3124", "name": "scecli.dll", "norm_filename": "c:\\windows\\system32\\scecli.dll", "region_type": "memory_mapped_file", "start_va": 140725073936384, "timestamp": "00:01:10.779", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 1029051383808, "type": "region", "version": 1 }, "end_va": 1029051387903, "entry_point": 0, "filename": null, "id": "region_3126", "name": "private_0x000000ef983e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1029051383808, "timestamp": "00:01:10.796", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 1029036441600, "type": "region", "version": 1 }, "end_va": 1029036445695, "entry_point": 0, "filename": null, "id": "region_3137", "name": "private_0x000000ef975a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1029036441600, "timestamp": "00:01:10.807", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 32768, "start_va": 1029036441600, "type": "region", "version": 1 }, "end_va": 1029036474367, "entry_point": 0, "filename": null, "id": "region_3251", "name": "pagefile_0x000000ef975a0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1029036441600, "timestamp": "00:01:11.375", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 140725072494592, "type": "region", "version": 1 }, "end_va": 140725072543743, "entry_point": 140725072494592, "filename": "\\Windows\\System32\\netutils.dll", "id": "region_3252", "name": "netutils.dll", "norm_filename": "c:\\windows\\system32\\netutils.dll", "region_type": "memory_mapped_file", "start_va": 140725072494592, "timestamp": "00:01:11.383", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 356352, "start_va": 140725078982656, "type": "region", "version": 1 }, "end_va": 140725079339007, "entry_point": 140725078989424, "filename": "\\Windows\\System32\\winsta.dll", "id": "region_3253", "name": "winsta.dll", "norm_filename": "c:\\windows\\system32\\winsta.dll", "region_type": "memory_mapped_file", "start_va": 140725078982656, "timestamp": "00:01:11.390", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 245760, "start_va": 1029036441600, "type": "region", "version": 1 }, "end_va": 1029036687359, "entry_point": 0, "filename": null, "id": "region_3446", "name": "pagefile_0x000000ef975a0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1029036441600, "timestamp": "00:01:12.545", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 1029036703744, "type": "region", "version": 1 }, "end_va": 1029036707839, "entry_point": 1029036703744, "filename": "\\Windows\\System32\\Microsoft\\Protect\\S-1-5-18\\9cd83a8a-5892-4874-ac04-38bb2aecdaea", "id": "region_3447", "name": "9cd83a8a-5892-4874-ac04-38bb2aecdaea", "norm_filename": "c:\\windows\\system32\\microsoft\\protect\\s-1-5-18\\9cd83a8a-5892-4874-ac04-38bb2aecdaea", "region_type": "memory_mapped_file", "start_va": 1029036703744, "timestamp": "00:01:12.545", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 167936, "start_va": 140725016985600, "type": "region", "version": 1 }, "end_va": 140725017153535, "entry_point": 140725016985600, "filename": "\\Windows\\System32\\IPHLPAPI.DLL", "id": "region_4258", "name": "iphlpapi.dll", "norm_filename": "c:\\windows\\system32\\iphlpapi.dll", "region_type": "memory_mapped_file", "start_va": 140725016985600, "timestamp": "00:01:17.911", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 140725016920064, "type": "region", "version": 1 }, "end_va": 140725016961023, "entry_point": 140725016920064, "filename": "\\Windows\\System32\\winnsi.dll", "id": "region_4259", "name": "winnsi.dll", "norm_filename": "c:\\windows\\system32\\winnsi.dll", "region_type": "memory_mapped_file", "start_va": 140725016920064, "timestamp": "00:01:17.924", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 1029036441600, "type": "region", "version": 1 }, "end_va": 1029036449791, "entry_point": 1029036441600, "filename": "\\Windows\\System32\\tzres.dll", "id": "region_4260", "name": "tzres.dll", "norm_filename": "c:\\windows\\system32\\tzres.dll", "region_type": "memory_mapped_file", "start_va": 1029036441600, "timestamp": "00:01:17.933", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 32768, "start_va": 1029036507136, "type": "region", "version": 1 }, "end_va": 1029036539903, "entry_point": 1029036507136, "filename": "\\Windows\\System32\\en-US\\tzres.dll.mui", "id": "region_4261", "name": "tzres.dll.mui", "norm_filename": "c:\\windows\\system32\\en-us\\tzres.dll.mui", "region_type": "memory_mapped_file", "start_va": 1029036507136, "timestamp": "00:01:17.933", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 90112, "start_va": 140725025636352, "type": "region", "version": 1 }, "end_va": 140725025726463, "entry_point": 140725025640520, "filename": "\\Windows\\System32\\wkscli.dll", "id": "region_4267", "name": "wkscli.dll", "norm_filename": "c:\\windows\\system32\\wkscli.dll", "region_type": "memory_mapped_file", "start_va": 140725025636352, "timestamp": "00:01:17.941", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 733184, "start_va": 140725016133632, "type": "region", "version": 1 }, "end_va": 140725016866815, "entry_point": 140725016133632, "filename": "\\Windows\\System32\\fveapi.dll", "id": "region_4278", "name": "fveapi.dll", "norm_filename": "c:\\windows\\system32\\fveapi.dll", "region_type": "memory_mapped_file", "start_va": 140725016133632, "timestamp": "00:01:17.988", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 106496, "start_va": 140725016002560, "type": "region", "version": 1 }, "end_va": 140725016109055, "entry_point": 140725016002560, "filename": "\\Windows\\System32\\bcd.dll", "id": "region_4279", "name": "bcd.dll", "norm_filename": "c:\\windows\\system32\\bcd.dll", "region_type": "memory_mapped_file", "start_va": 140725016002560, "timestamp": "00:01:17.996", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 45056, "start_va": 140725015937024, "type": "region", "version": 1 }, "end_va": 140725015982079, "entry_point": 140725015937024, "filename": "\\Windows\\System32\\fvecerts.dll", "id": "region_4280", "name": "fvecerts.dll", "norm_filename": "c:\\windows\\system32\\fvecerts.dll", "region_type": "memory_mapped_file", "start_va": 140725015937024, "timestamp": "00:01:18.006", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1929216, "start_va": 140725131149312, "type": "region", "version": 1 }, "end_va": 140725133078527, "entry_point": 140725131157344, "filename": "\\Windows\\System32\\combase.dll", "id": "region_4281", "name": "combase.dll", "norm_filename": "c:\\windows\\system32\\combase.dll", "region_type": "memory_mapped_file", "start_va": 140725131149312, "timestamp": "00:01:18.012", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 1029050335232, "type": "region", "version": 1 }, "end_va": 1029051383807, "entry_point": 0, "filename": null, "id": "region_4547", "name": "private_0x000000ef982e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1029050335232, "timestamp": "00:01:20.298", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 421888, "start_va": 140725029044224, "type": "region", "version": 1 }, "end_va": 140725029466111, "entry_point": 140725029048500, "filename": "\\Windows\\System32\\wevtapi.dll", "id": "region_4548", "name": "wevtapi.dll", "norm_filename": "c:\\windows\\system32\\wevtapi.dll", "region_type": "memory_mapped_file", "start_va": 140725029044224, "timestamp": "00:01:20.299", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 1029051383808, "type": "region", "version": 1 }, "end_va": 1029051908095, "entry_point": 0, "filename": null, "id": "region_6766", "name": "private_0x000000ef983e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1029051383808, "timestamp": "00:01:35.533", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 1029051908096, "type": "region", "version": 1 }, "end_va": 1029051912191, "entry_point": 1029051908096, "filename": "\\Users\\5JgHKoaOfdp\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3643094112-4209292109-138530109-1001\\903be937-d4bc-44a8-9134-f1f5a2d9c2c0", "id": "region_7622", "name": "903be937-d4bc-44a8-9134-f1f5a2d9c2c0", "norm_filename": "c:\\users\\5jghkoaofdp\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3643094112-4209292109-138530109-1001\\903be937-d4bc-44a8-9134-f1f5a2d9c2c0", "region_type": "memory_mapped_file", "start_va": 1029051908096, "timestamp": "00:01:41.672", "type": "region", "version": 1 } ], "terminate_reason": "timeout", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "C:\\Windows\\system32\\svchost.exe -k DcomLaunch", "filename": "c:\\windows\\system32\\svchost.exe", "id": "proc_41", "image_name": "svchost.exe", "monitor_reason": "child_process", "monitored_id": 41, "origin_monitor_id": 39, "ref_parent_process": { "ref_id": "proc_39", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable" ], "ref_process_dump": null, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_3255", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:01:11.403", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 131072, "start_va": 458365730816, "type": "region", "version": 1 }, "end_va": 458365861887, "entry_point": 0, "filename": null, "id": "region_3256", "name": "private_0x0000006ab8ba0000", "norm_filename": null, "region_type": "private_memory", "start_va": 458365730816, "timestamp": "00:01:11.403", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 61440, "start_va": 458365861888, "type": "region", "version": 1 }, "end_va": 458365923327, "entry_point": 0, "filename": null, "id": "region_3257", "name": "pagefile_0x0000006ab8bc0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 458365861888, "timestamp": "00:01:11.403", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 458365927424, "type": "region", "version": 1 }, "end_va": 458366451711, "entry_point": 0, "filename": null, "id": "region_3258", "name": "private_0x0000006ab8bd0000", "norm_filename": null, "region_type": "private_memory", "start_va": 458365927424, "timestamp": "00:01:11.403", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 458366451712, "type": "region", "version": 1 }, "end_va": 458366468095, "entry_point": 0, "filename": null, "id": "region_3259", "name": "pagefile_0x0000006ab8c50000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 458366451712, "timestamp": "00:01:11.403", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 140694934913024, "type": "region", "version": 1 }, "end_va": 140694935056383, "entry_point": 0, "filename": null, "id": "region_3260", "name": "pagefile_0x00007ff6179e0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 140694934913024, "timestamp": "00:01:11.403", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 140694935085056, "type": "region", "version": 1 }, "end_va": 140694935089151, "entry_point": 0, "filename": null, "id": "region_3261", "name": "private_0x00007ff617a0a000", "norm_filename": null, "region_type": "private_memory", "start_va": 140694935085056, "timestamp": "00:01:11.403", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140694935101440, "type": "region", "version": 1 }, "end_va": 140694935109631, "entry_point": 0, "filename": null, "id": "region_3262", "name": "private_0x00007ff617a0e000", "norm_filename": null, "region_type": "private_memory", "start_va": 140694935101440, "timestamp": "00:01:11.403", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 140694944612352, "type": "region", "version": 1 }, "end_va": 140694944661503, "entry_point": 140694944612352, "filename": "\\Windows\\System32\\svchost.exe", "id": "region_3263", "name": "svchost.exe", "norm_filename": "c:\\windows\\system32\\svchost.exe", "region_type": "memory_mapped_file", "start_va": 140694944612352, "timestamp": "00:01:11.403", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 140725133115392, "type": "region", "version": 1 }, "end_va": 140725134856191, "entry_point": 140725133115392, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_3264", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 140725133115392, "timestamp": "00:01:11.407", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 458366517248, "type": "region", "version": 1 }, "end_va": 458366521343, "entry_point": 0, "filename": null, "id": "region_3270", "name": "pagefile_0x0000006ab8c60000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 458366517248, "timestamp": "00:01:11.409", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 458366582784, "type": "region", "version": 1 }, "end_va": 458366590975, "entry_point": 0, "filename": null, "id": "region_3271", "name": "private_0x0000006ab8c70000", "norm_filename": null, "region_type": "private_memory", "start_va": 458366582784, "timestamp": "00:01:11.409", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 458367696896, "type": "region", "version": 1 }, "end_va": 458368745471, "entry_point": 0, "filename": null, "id": "region_3272", "name": "private_0x0000006ab8d80000", "norm_filename": null, "region_type": "private_memory", "start_va": 458367696896, "timestamp": "00:01:11.415", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1105920, "start_va": 140725090648064, "type": "region", "version": 1 }, "end_va": 140725091753983, "entry_point": 140725090656928, "filename": "\\Windows\\System32\\KernelBase.dll", "id": "region_3273", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\system32\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 140725090648064, "timestamp": "00:01:11.415", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1282048, "start_va": 140725124988928, "type": "region", "version": 1 }, "end_va": 140725126270975, "entry_point": 140725125009460, "filename": "\\Windows\\System32\\kernel32.dll", "id": "region_3274", "name": "kernel32.dll", "norm_filename": "c:\\windows\\system32\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 140725124988928, "timestamp": "00:01:11.416", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 458365730816, "type": "region", "version": 1 }, "end_va": 458365796351, "entry_point": 0, "filename": null, "id": "region_3275", "name": "pagefile_0x0000006ab8ba0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 458365730816, "timestamp": "00:01:11.418", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 140694933864448, "type": "region", "version": 1 }, "end_va": 140694934913023, "entry_point": 0, "filename": null, "id": "region_3276", "name": "pagefile_0x00007ff6178e0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 140694933864448, "timestamp": "00:01:11.418", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 516096, "start_va": 458366648320, "type": "region", "version": 1 }, "end_va": 458367164415, "entry_point": 458366648320, "filename": "\\Windows\\System32\\locale.nls", "id": "region_3277", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 458366648320, "timestamp": "00:01:11.421", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 356352, "start_va": 140725098184704, "type": "region", "version": 1 }, "end_va": 140725098541055, "entry_point": 140725098194176, "filename": "\\Windows\\System32\\sechost.dll", "id": "region_3278", "name": "sechost.dll", "norm_filename": "c:\\windows\\system32\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 140725098184704, "timestamp": "00:01:11.421", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1269760, "start_va": 140725127806976, "type": "region", "version": 1 }, "end_va": 140725129076735, "entry_point": 140725127811408, "filename": "\\Windows\\System32\\rpcrt4.dll", "id": "region_3279", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\system32\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 140725127806976, "timestamp": "00:01:11.422", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 28672, "start_va": 458365796352, "type": "region", "version": 1 }, "end_va": 458365825023, "entry_point": 0, "filename": null, "id": "region_3280", "name": "private_0x0000006ab8bb0000", "norm_filename": null, "region_type": "private_memory", "start_va": 458365796352, "timestamp": "00:01:11.429", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 458367172608, "type": "region", "version": 1 }, "end_va": 458367696895, "entry_point": 0, "filename": null, "id": "region_3281", "name": "private_0x0000006ab8d00000", "norm_filename": null, "region_type": "private_memory", "start_va": 458367172608, "timestamp": "00:01:11.431", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140694935093248, "type": "region", "version": 1 }, "end_va": 140694935101439, "entry_point": 0, "filename": null, "id": "region_3282", "name": "private_0x00007ff617a0c000", "norm_filename": null, "region_type": "private_memory", "start_va": 140694935093248, "timestamp": "00:01:11.431", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 458368745472, "type": "region", "version": 1 }, "end_va": 458369269759, "entry_point": 0, "filename": null, "id": "region_3283", "name": "private_0x0000006ab8e80000", "norm_filename": null, "region_type": "private_memory", "start_va": 458368745472, "timestamp": "00:01:11.432", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140694935076864, "type": "region", "version": 1 }, "end_va": 140694935085055, "entry_point": 0, "filename": null, "id": "region_3284", "name": "private_0x00007ff617a08000", "norm_filename": null, "region_type": "private_memory", "start_va": 140694935076864, "timestamp": "00:01:11.432", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2969600, "start_va": 458369269760, "type": "region", "version": 1 }, "end_va": 458372239359, "entry_point": 458369269760, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_3285", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 458369269760, "timestamp": "00:01:11.433", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 143360, "start_va": 140725072297984, "type": "region", "version": 1 }, "end_va": 140725072441343, "entry_point": 140725072297984, "filename": "\\Windows\\System32\\umpnpmgr.dll", "id": "region_3286", "name": "umpnpmgr.dll", "norm_filename": "c:\\windows\\system32\\umpnpmgr.dll", "region_type": "memory_mapped_file", "start_va": 140725072297984, "timestamp": "00:01:11.436", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 684032, "start_va": 140725098577920, "type": "region", "version": 1 }, "end_va": 140725099261951, "entry_point": 140725098588204, "filename": "\\Windows\\System32\\msvcrt.dll", "id": "region_3287", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\system32\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 140725098577920, "timestamp": "00:01:11.449", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1572864, "start_va": 458372284416, "type": "region", "version": 1 }, "end_va": 458373857279, "entry_point": 0, "filename": null, "id": "region_3288", "name": "private_0x0000006ab91e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 458372284416, "timestamp": "00:01:11.451", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 28672, "start_va": 458372284416, "type": "region", "version": 1 }, "end_va": 458372313087, "entry_point": 0, "filename": null, "id": "region_3289", "name": "private_0x0000006ab91e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 458372284416, "timestamp": "00:01:11.452", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 458373791744, "type": "region", "version": 1 }, "end_va": 458373857279, "entry_point": 0, "filename": null, "id": "region_3290", "name": "private_0x0000006ab9350000", "norm_filename": null, "region_type": "private_memory", "start_va": 458373791744, "timestamp": "00:01:11.452", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 458372349952, "type": "region", "version": 1 }, "end_va": 458372874239, "entry_point": 0, "filename": null, "id": "region_3291", "name": "private_0x0000006ab91f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 458372349952, "timestamp": "00:01:11.455", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140694935068672, "type": "region", "version": 1 }, "end_va": 140694935076863, "entry_point": 0, "filename": null, "id": "region_3292", "name": "private_0x00007ff617a06000", "norm_filename": null, "region_type": "private_memory", "start_va": 140694935068672, "timestamp": "00:01:11.455", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 90112, "start_va": 140725072166912, "type": "region", "version": 1 }, "end_va": 140725072257023, "entry_point": 140725072166912, "filename": "\\Windows\\System32\\umpo.dll", "id": "region_3293", "name": "umpo.dll", "norm_filename": "c:\\windows\\system32\\umpo.dll", "region_type": "memory_mapped_file", "start_va": 140725072166912, "timestamp": "00:01:11.457", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1376256, "start_va": 458373857280, "type": "region", "version": 1 }, "end_va": 458375233535, "entry_point": 0, "filename": null, "id": "region_3294", "name": "private_0x0000006ab9360000", "norm_filename": null, "region_type": "private_memory", "start_va": 458373857280, "timestamp": "00:01:11.469", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 61440, "start_va": 140725072101376, "type": "region", "version": 1 }, "end_va": 140725072162815, "entry_point": 140725072101376, "filename": "\\Windows\\System32\\umpoext.dll", "id": "region_3295", "name": "umpoext.dll", "norm_filename": "c:\\windows\\system32\\umpoext.dll", "region_type": "memory_mapped_file", "start_va": 140725072101376, "timestamp": "00:01:11.471", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 303104, "start_va": 140725090320384, "type": "region", "version": 1 }, "end_va": 140725090623487, "entry_point": 140725090325080, "filename": "\\Windows\\System32\\cfgmgr32.dll", "id": "region_3296", "name": "cfgmgr32.dll", "norm_filename": "c:\\windows\\system32\\cfgmgr32.dll", "region_type": "memory_mapped_file", "start_va": 140725090320384, "timestamp": "00:01:11.481", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 282624, "start_va": 140725086126080, "type": "region", "version": 1 }, "end_va": 140725086408703, "entry_point": 140725086130832, "filename": "\\Windows\\System32\\powrprof.dll", "id": "region_3297", "name": "powrprof.dll", "norm_filename": "c:\\windows\\system32\\powrprof.dll", "region_type": "memory_mapped_file", "start_va": 140725086126080, "timestamp": "00:01:11.482", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 57344, "start_va": 140725072035840, "type": "region", "version": 1 }, "end_va": 140725072093183, "entry_point": 140725072035840, "filename": "\\Windows\\System32\\pcwum.dll", "id": "region_3298", "name": "pcwum.dll", "norm_filename": "c:\\windows\\system32\\pcwum.dll", "region_type": "memory_mapped_file", "start_va": 140725072035840, "timestamp": "00:01:11.484", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 53248, "start_va": 140725071970304, "type": "region", "version": 1 }, "end_va": 140725072023551, "entry_point": 140725071970304, "filename": "\\Windows\\System32\\hid.dll", "id": "region_3299", "name": "hid.dll", "norm_filename": "c:\\windows\\system32\\hid.dll", "region_type": "memory_mapped_file", "start_va": 140725071970304, "timestamp": "00:01:11.490", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 143360, "start_va": 140725071773696, "type": "region", "version": 1 }, "end_va": 140725071917055, "entry_point": 140725071773696, "filename": "\\Windows\\System32\\gpapi.dll", "id": "region_3300", "name": "gpapi.dll", "norm_filename": "c:\\windows\\system32\\gpapi.dll", "region_type": "memory_mapped_file", "start_va": 140725071773696, "timestamp": "00:01:11.504", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 774144, "start_va": 140725070987264, "type": "region", "version": 1 }, "end_va": 140725071761407, "entry_point": 140725070987264, "filename": "\\Windows\\System32\\rpcss.dll", "id": "region_3308", "name": "rpcss.dll", "norm_filename": "c:\\windows\\system32\\rpcss.dll", "region_type": "memory_mapped_file", "start_va": 140725070987264, "timestamp": "00:01:11.671", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1929216, "start_va": 140725131149312, "type": "region", "version": 1 }, "end_va": 140725133078527, "entry_point": 140725131149312, "filename": "\\Windows\\System32\\combase.dll", "id": "region_3330", "name": "combase.dll", "norm_filename": "c:\\windows\\system32\\combase.dll", "region_type": "memory_mapped_file", "start_va": 140725131149312, "timestamp": "00:01:11.704", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 176128, "start_va": 140725084618752, "type": "region", "version": 1 }, "end_va": 140725084794879, "entry_point": 140725084624016, "filename": "\\Windows\\System32\\sspicli.dll", "id": "region_3349", "name": "sspicli.dll", "norm_filename": "c:\\windows\\system32\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 140725084618752, "timestamp": "00:01:12.022", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 458372349952, "type": "region", "version": 1 }, "end_va": 458372354047, "entry_point": 0, "filename": null, "id": "region_3350", "name": "private_0x0000006ab91f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 458372349952, "timestamp": "00:01:12.025", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 458372874240, "type": "region", "version": 1 }, "end_va": 458372878335, "entry_point": 0, "filename": null, "id": "region_3362", "name": "pagefile_0x0000006ab9270000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 458372874240, "timestamp": "00:01:12.029", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 458372939776, "type": "region", "version": 1 }, "end_va": 458373464063, "entry_point": 0, "filename": null, "id": "region_3370", "name": "private_0x0000006ab9280000", "norm_filename": null, "region_type": "private_memory", "start_va": 458372939776, "timestamp": "00:01:12.043", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140694935060480, "type": "region", "version": 1 }, "end_va": 140694935068671, "entry_point": 0, "filename": null, "id": "region_3371", "name": "private_0x00007ff617a04000", "norm_filename": null, "region_type": "private_memory", "start_va": 140694935060480, "timestamp": "00:01:12.043", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 458373857280, "type": "region", "version": 1 }, "end_va": 458374381567, "entry_point": 0, "filename": null, "id": "region_3372", "name": "private_0x0000006ab9360000", "norm_filename": null, "region_type": "private_memory", "start_va": 458373857280, "timestamp": "00:01:12.043", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 458375168000, "type": "region", "version": 1 }, "end_va": 458375233535, "entry_point": 0, "filename": null, "id": "region_3373", "name": "private_0x0000006ab94a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 458375168000, "timestamp": "00:01:12.043", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140694933856256, "type": "region", "version": 1 }, "end_va": 140694933864447, "entry_point": 0, "filename": null, "id": "region_3374", "name": "private_0x00007ff6178de000", "norm_filename": null, "region_type": "private_memory", "start_va": 140694933856256, "timestamp": "00:01:12.043", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 458374381568, "type": "region", "version": 1 }, "end_va": 458374905855, "entry_point": 0, "filename": null, "id": "region_3393", "name": "private_0x0000006ab93e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 458374381568, "timestamp": "00:01:12.089", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140694933848064, "type": "region", "version": 1 }, "end_va": 140694933856255, "entry_point": 0, "filename": null, "id": "region_3394", "name": "private_0x00007ff6178dc000", "norm_filename": null, "region_type": "private_memory", "start_va": 140694933848064, "timestamp": "00:01:12.089", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 458373464064, "type": "region", "version": 1 }, "end_va": 458373468159, "entry_point": 0, "filename": null, "id": "region_3395", "name": "pagefile_0x0000006ab9300000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 458373464064, "timestamp": "00:01:12.090", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 94208, "start_va": 458373529600, "type": "region", "version": 1 }, "end_va": 458373623807, "entry_point": 0, "filename": null, "id": "region_3396", "name": "pagefile_0x0000006ab9310000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 458373529600, "timestamp": "00:01:12.090", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 458375233536, "type": "region", "version": 1 }, "end_va": 458375757823, "entry_point": 0, "filename": null, "id": "region_3397", "name": "private_0x0000006ab94b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 458375233536, "timestamp": "00:01:12.093", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140694933839872, "type": "region", "version": 1 }, "end_va": 140694933848063, "entry_point": 0, "filename": null, "id": "region_3398", "name": "private_0x00007ff6178da000", "norm_filename": null, "region_type": "private_memory", "start_va": 140694933839872, "timestamp": "00:01:12.093", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 278528, "start_va": 140725070397440, "type": "region", "version": 1 }, "end_va": 140725070675967, "entry_point": 140725070397440, "filename": "\\Windows\\System32\\bisrv.dll", "id": "region_3399", "name": "bisrv.dll", "norm_filename": "c:\\windows\\system32\\bisrv.dll", "region_type": "memory_mapped_file", "start_va": 140725070397440, "timestamp": "00:01:12.096", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 749568, "start_va": 140725101002752, "type": "region", "version": 1 }, "end_va": 140725101752319, "entry_point": 140725101002752, "filename": "\\Windows\\System32\\oleaut32.dll", "id": "region_3415", "name": "oleaut32.dll", "norm_filename": "c:\\windows\\system32\\oleaut32.dll", "region_type": "memory_mapped_file", "start_va": 140725101002752, "timestamp": "00:01:12.144", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 147456, "start_va": 140725068627968, "type": "region", "version": 1 }, "end_va": 140725068775423, "entry_point": 140725068627968, "filename": "\\Windows\\System32\\psmsrv.dll", "id": "region_3418", "name": "psmsrv.dll", "norm_filename": "c:\\windows\\system32\\psmsrv.dll", "region_type": "memory_mapped_file", "start_va": 140725068627968, "timestamp": "00:01:12.157", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1536000, "start_va": 458375757824, "type": "region", "version": 1 }, "end_va": 458377293823, "entry_point": 458375757824, "filename": "\\Windows\\System32\\ole32.dll", "id": "region_3419", "name": "ole32.dll", "norm_filename": "c:\\windows\\system32\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 458375757824, "timestamp": "00:01:12.165", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 745472, "start_va": 140725069611008, "type": "region", "version": 1 }, "end_va": 140725070356479, "entry_point": 140725069611008, "filename": "\\Windows\\System32\\lsm.dll", "id": "region_3420", "name": "lsm.dll", "norm_filename": "c:\\windows\\system32\\lsm.dll", "region_type": "memory_mapped_file", "start_va": 140725069611008, "timestamp": "00:01:12.371", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 458373529600, "type": "region", "version": 1 }, "end_va": 458373533695, "entry_point": 0, "filename": null, "id": "region_3424", "name": "pagefile_0x0000006ab9310000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 458373529600, "timestamp": "00:01:12.390", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 45056, "start_va": 140725068562432, "type": "region", "version": 1 }, "end_va": 140725068607487, "entry_point": 140725068562432, "filename": "\\Windows\\System32\\sysntfy.dll", "id": "region_3425", "name": "sysntfy.dll", "norm_filename": "c:\\windows\\system32\\sysntfy.dll", "region_type": "memory_mapped_file", "start_va": 140725068562432, "timestamp": "00:01:12.392", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 36864, "start_va": 140725068496896, "type": "region", "version": 1 }, "end_va": 140725068533759, "entry_point": 140725068496896, "filename": "\\Windows\\System32\\wmsgapi.dll", "id": "region_3426", "name": "wmsgapi.dll", "norm_filename": "c:\\windows\\system32\\wmsgapi.dll", "region_type": "memory_mapped_file", "start_va": 140725068496896, "timestamp": "00:01:12.398", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 140725085208576, "type": "region", "version": 1 }, "end_va": 140725085249535, "entry_point": 140725085212688, "filename": "\\Windows\\System32\\cryptbase.dll", "id": "region_3427", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\system32\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 140725085208576, "timestamp": "00:01:12.414", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 385024, "start_va": 140725084815360, "type": "region", "version": 1 }, "end_va": 140725085200383, "entry_point": 140725084944032, "filename": "\\Windows\\System32\\bcryptprimitives.dll", "id": "region_3428", "name": "bcryptprimitives.dll", "norm_filename": "c:\\windows\\system32\\bcryptprimitives.dll", "region_type": "memory_mapped_file", "start_va": 140725084815360, "timestamp": "00:01:12.415", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 458375757824, "type": "region", "version": 1 }, "end_va": 458376806399, "entry_point": 0, "filename": null, "id": "region_3429", "name": "private_0x0000006ab9530000", "norm_filename": null, "region_type": "private_memory", "start_va": 458375757824, "timestamp": "00:01:12.417", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 786432, "start_va": 458376806400, "type": "region", "version": 1 }, "end_va": 458377592831, "entry_point": 0, "filename": null, "id": "region_3430", "name": "private_0x0000006ab9630000", "norm_filename": null, "region_type": "private_memory", "start_va": 458376806400, "timestamp": "00:01:12.420", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 458373595136, "type": "region", "version": 1 }, "end_va": 458373599231, "entry_point": 0, "filename": null, "id": "region_3431", "name": "private_0x0000006ab9320000", "norm_filename": null, "region_type": "private_memory", "start_va": 458373595136, "timestamp": "00:01:12.422", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 140725068431360, "type": "region", "version": 1 }, "end_va": 140725068472319, "entry_point": 140725068431360, "filename": "\\Windows\\System32\\kernel.appcore.dll", "id": "region_3432", "name": "kernel.appcore.dll", "norm_filename": "c:\\windows\\system32\\kernel.appcore.dll", "region_type": "memory_mapped_file", "start_va": 140725068431360, "timestamp": "00:01:12.430", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 126976, "start_va": 140725076557824, "type": "region", "version": 1 }, "end_va": 140725076684799, "entry_point": 140725076562672, "filename": "\\Windows\\System32\\userenv.dll", "id": "region_3433", "name": "userenv.dll", "norm_filename": "c:\\windows\\system32\\userenv.dll", "region_type": "memory_mapped_file", "start_va": 140725076557824, "timestamp": "00:01:12.445", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 81920, "start_va": 140725086453760, "type": "region", "version": 1 }, "end_va": 140725086535679, "entry_point": 140725086468812, "filename": "\\Windows\\System32\\profapi.dll", "id": "region_3434", "name": "profapi.dll", "norm_filename": "c:\\windows\\system32\\profapi.dll", "region_type": "memory_mapped_file", "start_va": 140725086453760, "timestamp": "00:01:12.446", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 155648, "start_va": 140725068103680, "type": "region", "version": 1 }, "end_va": 140725068259327, "entry_point": 140725068103680, "filename": "\\Windows\\System32\\devobj.dll", "id": "region_3437", "name": "devobj.dll", "norm_filename": "c:\\windows\\system32\\devobj.dll", "region_type": "memory_mapped_file", "start_va": 140725068103680, "timestamp": "00:01:12.470", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 294912, "start_va": 140725065875456, "type": "region", "version": 1 }, "end_va": 140725066170367, "entry_point": 140725065875456, "filename": "\\Windows\\System32\\SystemEventsBrokerServer.dll", "id": "region_3526", "name": "systemeventsbrokerserver.dll", "norm_filename": "c:\\windows\\system32\\systemeventsbrokerserver.dll", "region_type": "memory_mapped_file", "start_va": 140725065875456, "timestamp": "00:01:12.823", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 675840, "start_va": 140725126299648, "type": "region", "version": 1 }, "end_va": 140725126975487, "entry_point": 140725126303760, "filename": "\\Windows\\System32\\advapi32.dll", "id": "region_3664", "name": "advapi32.dll", "norm_filename": "c:\\windows\\system32\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 140725126299648, "timestamp": "00:01:15.309", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 45056, "start_va": 140725038874624, "type": "region", "version": 1 }, "end_va": 140725038919679, "entry_point": 140725038874624, "filename": "\\Windows\\System32\\bi.dll", "id": "region_3665", "name": "bi.dll", "norm_filename": "c:\\windows\\system32\\bi.dll", "region_type": "memory_mapped_file", "start_va": 140725038874624, "timestamp": "00:01:15.317", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 110592, "start_va": 140725038743552, "type": "region", "version": 1 }, "end_va": 140725038854143, "entry_point": 140725038743552, "filename": "\\Windows\\System32\\dab.dll", "id": "region_3669", "name": "dab.dll", "norm_filename": "c:\\windows\\system32\\dab.dll", "region_type": "memory_mapped_file", "start_va": 140725038743552, "timestamp": "00:01:15.335", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 458373660672, "type": "region", "version": 1 }, "end_va": 458373664767, "entry_point": 0, "filename": null, "id": "region_3721", "name": "private_0x0000006ab9330000", "norm_filename": null, "region_type": "private_memory", "start_va": 458373660672, "timestamp": "00:01:15.464", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 458376806400, "type": "region", "version": 1 }, "end_va": 458377330687, "entry_point": 0, "filename": null, "id": "region_3722", "name": "private_0x0000006ab9630000", "norm_filename": null, "region_type": "private_memory", "start_va": 458376806400, "timestamp": "00:01:15.464", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 458377527296, "type": "region", "version": 1 }, "end_va": 458377592831, "entry_point": 0, "filename": null, "id": "region_3723", "name": "private_0x0000006ab96e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 458377527296, "timestamp": "00:01:15.464", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140694933831680, "type": "region", "version": 1 }, "end_va": 140694933839871, "entry_point": 0, "filename": null, "id": "region_3724", "name": "private_0x00007ff6178d8000", "norm_filename": null, "region_type": "private_memory", "start_va": 140694933831680, "timestamp": "00:01:15.464", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 458377592832, "type": "region", "version": 1 }, "end_va": 458378117119, "entry_point": 0, "filename": null, "id": "region_3725", "name": "private_0x0000006ab96f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 458377592832, "timestamp": "00:01:15.466", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140694933823488, "type": "region", "version": 1 }, "end_va": 140694933831679, "entry_point": 0, "filename": null, "id": "region_3726", "name": "private_0x00007ff6178d6000", "norm_filename": null, "region_type": "private_memory", "start_va": 140694933823488, "timestamp": "00:01:15.466", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 458373660672, "type": "region", "version": 1 }, "end_va": 458373664767, "entry_point": 0, "filename": null, "id": "region_4010", "name": "pagefile_0x0000006ab9330000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 458373660672, "timestamp": "00:01:16.812", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 671744, "start_va": 140725095825408, "type": "region", "version": 1 }, "end_va": 140725096497151, "entry_point": 140725095829872, "filename": "\\Windows\\System32\\clbcatq.dll", "id": "region_4011", "name": "clbcatq.dll", "norm_filename": "c:\\windows\\system32\\clbcatq.dll", "region_type": "memory_mapped_file", "start_va": 140725095825408, "timestamp": "00:01:16.812", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 458373726208, "type": "region", "version": 1 }, "end_va": 458373730303, "entry_point": 0, "filename": null, "id": "region_4012", "name": "pagefile_0x0000006ab9340000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 458373726208, "timestamp": "00:01:16.814", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 69632, "start_va": 140725039071232, "type": "region", "version": 1 }, "end_va": 140725039140863, "entry_point": 140725039075456, "filename": "\\Windows\\System32\\wtsapi32.dll", "id": "region_4106", "name": "wtsapi32.dll", "norm_filename": "c:\\windows\\system32\\wtsapi32.dll", "region_type": "memory_mapped_file", "start_va": 140725039071232, "timestamp": "00:01:17.073", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 356352, "start_va": 140725078982656, "type": "region", "version": 1 }, "end_va": 140725079339007, "entry_point": 140725078989424, "filename": "\\Windows\\System32\\winsta.dll", "id": "region_4107", "name": "winsta.dll", "norm_filename": "c:\\windows\\system32\\winsta.dll", "region_type": "memory_mapped_file", "start_va": 140725078982656, "timestamp": "00:01:17.074", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 180224, "start_va": 140724999946240, "type": "region", "version": 1 }, "end_va": 140725000126463, "entry_point": 140724999946240, "filename": "\\Windows\\System32\\AppxAllUserStore.dll", "id": "region_4546", "name": "appxalluserstore.dll", "norm_filename": "c:\\windows\\system32\\appxalluserstore.dll", "region_type": "memory_mapped_file", "start_va": 140724999946240, "timestamp": "00:01:20.288", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 196608, "start_va": 140725028847616, "type": "region", "version": 1 }, "end_va": 140725029044223, "entry_point": 140725028871328, "filename": "\\Windows\\System32\\ntmarta.dll", "id": "region_4576", "name": "ntmarta.dll", "norm_filename": "c:\\windows\\system32\\ntmarta.dll", "region_type": "memory_mapped_file", "start_va": 140725028847616, "timestamp": "00:01:20.376", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 12288, "start_va": 458374905856, "type": "region", "version": 1 }, "end_va": 458374918143, "entry_point": 0, "filename": null, "id": "region_4579", "name": "pagefile_0x0000006ab9460000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 458374905856, "timestamp": "00:01:20.399", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 458374971392, "type": "region", "version": 1 }, "end_va": 458374975487, "entry_point": 0, "filename": null, "id": "region_4580", "name": "pagefile_0x0000006ab9470000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 458374971392, "timestamp": "00:01:20.399", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4169728, "start_va": 458378117120, "type": "region", "version": 1 }, "end_va": 458382286847, "entry_point": 0, "filename": null, "id": "region_4581", "name": "pagefile_0x0000006ab9770000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 458378117120, "timestamp": "00:01:20.399", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 458382311424, "type": "region", "version": 1 }, "end_va": 458382835711, "entry_point": 0, "filename": null, "id": "region_4768", "name": "private_0x0000006ab9b70000", "norm_filename": null, "region_type": "private_memory", "start_va": 458382311424, "timestamp": "00:01:21.204", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140694933815296, "type": "region", "version": 1 }, "end_va": 140694933823487, "entry_point": 0, "filename": null, "id": "region_4769", "name": "private_0x00007ff6178d4000", "norm_filename": null, "region_type": "private_memory", "start_va": 140694933815296, "timestamp": "00:01:21.204", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 458382835712, "type": "region", "version": 1 }, "end_va": 458383359999, "entry_point": 0, "filename": null, "id": "region_4843", "name": "private_0x0000006ab9bf0000", "norm_filename": null, "region_type": "private_memory", "start_va": 458382835712, "timestamp": "00:01:21.418", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140694933807104, "type": "region", "version": 1 }, "end_va": 140694933815295, "entry_point": 0, "filename": null, "id": "region_4844", "name": "private_0x00007ff6178d2000", "norm_filename": null, "region_type": "private_memory", "start_va": 140694933807104, "timestamp": "00:01:21.418", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 458383360000, "type": "region", "version": 1 }, "end_va": 458383884287, "entry_point": 0, "filename": null, "id": "region_4948", "name": "private_0x0000006ab9c70000", "norm_filename": null, "region_type": "private_memory", "start_va": 458383360000, "timestamp": "00:01:21.646", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140694933798912, "type": "region", "version": 1 }, "end_va": 140694933807103, "entry_point": 0, "filename": null, "id": "region_4949", "name": "private_0x00007ff6178d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 140694933798912, "timestamp": "00:01:21.646", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1511424, "start_va": 140725093466112, "type": "region", "version": 1 }, "end_va": 140725094977535, "entry_point": 140725093620416, "filename": "\\Windows\\System32\\user32.dll", "id": "region_5290", "name": "user32.dll", "norm_filename": "c:\\windows\\system32\\user32.dll", "region_type": "memory_mapped_file", "start_va": 140725093466112, "timestamp": "00:01:23.670", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1331200, "start_va": 140725129773056, "type": "region", "version": 1 }, "end_va": 140725131104255, "entry_point": 140725129845848, "filename": "\\Windows\\System32\\gdi32.dll", "id": "region_5291", "name": "gdi32.dll", "norm_filename": "c:\\windows\\system32\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 140725129773056, "timestamp": "00:01:23.671", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 458375036928, "type": "region", "version": 1 }, "end_va": 458375041023, "entry_point": 0, "filename": null, "id": "region_5292", "name": "private_0x0000006ab9480000", "norm_filename": null, "region_type": "private_memory", "start_va": 458375036928, "timestamp": "00:01:23.678", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 458375102464, "type": "region", "version": 1 }, "end_va": 458375106559, "entry_point": 0, "filename": null, "id": "region_5293", "name": "private_0x0000006ab9490000", "norm_filename": null, "region_type": "private_memory", "start_va": 458375102464, "timestamp": "00:01:23.678", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 458383884288, "type": "region", "version": 1 }, "end_va": 458385489919, "entry_point": 0, "filename": null, "id": "region_5294", "name": "pagefile_0x0000006ab9cf0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 458383884288, "timestamp": "00:01:23.678", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 458385522688, "type": "region", "version": 1 }, "end_va": 458387099647, "entry_point": 0, "filename": null, "id": "region_5295", "name": "pagefile_0x0000006ab9e80000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 458385522688, "timestamp": "00:01:23.678", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 786432, "start_va": 458387161088, "type": "region", "version": 1 }, "end_va": 458387947519, "entry_point": 0, "filename": null, "id": "region_5296", "name": "pagefile_0x0000006aba010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 458387161088, "timestamp": "00:01:23.678", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 458387947520, "type": "region", "version": 1 }, "end_va": 458388996095, "entry_point": 0, "filename": null, "id": "region_5297", "name": "private_0x0000006aba0d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 458387947520, "timestamp": "00:01:23.690", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 122880, "start_va": 140725079769088, "type": "region", "version": 1 }, "end_va": 140725079891967, "entry_point": 140725079773640, "filename": "\\Windows\\System32\\cryptsp.dll", "id": "region_5298", "name": "cryptsp.dll", "norm_filename": "c:\\windows\\system32\\cryptsp.dll", "region_type": "memory_mapped_file", "start_va": 140725079769088, "timestamp": "00:01:23.691", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 217088, "start_va": 140725075443712, "type": "region", "version": 1 }, "end_va": 140725075660799, "entry_point": 140725075448792, "filename": "\\Windows\\System32\\rsaenh.dll", "id": "region_5299", "name": "rsaenh.dll", "norm_filename": "c:\\windows\\system32\\rsaenh.dll", "region_type": "memory_mapped_file", "start_va": 140725075443712, "timestamp": "00:01:23.693", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 155648, "start_va": 140725082062848, "type": "region", "version": 1 }, "end_va": 140725082218495, "entry_point": 140725082086248, "filename": "\\Windows\\System32\\bcrypt.dll", "id": "region_5300", "name": "bcrypt.dll", "norm_filename": "c:\\windows\\system32\\bcrypt.dll", "region_type": "memory_mapped_file", "start_va": 140725082062848, "timestamp": "00:01:23.695", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 458377330688, "type": "region", "version": 1 }, "end_va": 458377334783, "entry_point": 0, "filename": null, "id": "region_5301", "name": "pagefile_0x0000006ab96b0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 458377330688, "timestamp": "00:01:23.710", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 458388996096, "type": "region", "version": 1 }, "end_va": 458389520383, "entry_point": 0, "filename": null, "id": "region_5302", "name": "private_0x0000006aba1d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 458388996096, "timestamp": "00:01:23.710", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140694933790720, "type": "region", "version": 1 }, "end_va": 140694933798911, "entry_point": 0, "filename": null, "id": "region_5303", "name": "private_0x00007ff6178ce000", "norm_filename": null, "region_type": "private_memory", "start_va": 140694933790720, "timestamp": "00:01:23.710", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2813952, "start_va": 140724980547584, "type": "region", "version": 1 }, "end_va": 140724983361535, "entry_point": 140724980555492, "filename": "\\Windows\\System32\\actxprxy.dll", "id": "region_5304", "name": "actxprxy.dll", "norm_filename": "c:\\windows\\system32\\actxprxy.dll", "region_type": "memory_mapped_file", "start_va": 140724980547584, "timestamp": "00:01:23.711", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 749568, "start_va": 140724997980160, "type": "region", "version": 1 }, "end_va": 140724998729727, "entry_point": 140724997984424, "filename": "\\Windows\\System32\\twinapi.dll", "id": "region_5306", "name": "twinapi.dll", "norm_filename": "c:\\windows\\system32\\twinapi.dll", "region_type": "memory_mapped_file", "start_va": 140724997980160, "timestamp": "00:01:23.759", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 659456, "start_va": 140725060108288, "type": "region", "version": 1 }, "end_va": 140725060767743, "entry_point": 140725060112544, "filename": "\\Windows\\System32\\SHCore.dll", "id": "region_5307", "name": "shcore.dll", "norm_filename": "c:\\windows\\system32\\shcore.dll", "region_type": "memory_mapped_file", "start_va": 140725060108288, "timestamp": "00:01:23.761", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 458389520384, "type": "region", "version": 1 }, "end_va": 458390044671, "entry_point": 0, "filename": null, "id": "region_5315", "name": "private_0x0000006aba250000", "norm_filename": null, "region_type": "private_memory", "start_va": 458389520384, "timestamp": "00:01:23.798", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140694933782528, "type": "region", "version": 1 }, "end_va": 140694933790719, "entry_point": 0, "filename": null, "id": "region_5316", "name": "private_0x00007ff6178cc000", "norm_filename": null, "region_type": "private_memory", "start_va": 140694933782528, "timestamp": "00:01:23.798", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 32768, "start_va": 458377396224, "type": "region", "version": 1 }, "end_va": 458377428991, "entry_point": 458377415788, "filename": "\\Windows\\System32\\ThumbnailExtractionHost.exe", "id": "region_5699", "name": "thumbnailextractionhost.exe", "norm_filename": "c:\\windows\\system32\\thumbnailextractionhost.exe", "region_type": "memory_mapped_file", "start_va": 458377396224, "timestamp": "00:01:25.949", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 458390044672, "type": "region", "version": 1 }, "end_va": 458391093247, "entry_point": 0, "filename": null, "id": "region_5701", "name": "private_0x0000006aba2d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 458390044672, "timestamp": "00:01:25.956", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 28672, "start_va": 458377396224, "type": "region", "version": 1 }, "end_va": 458377424895, "entry_point": 0, "filename": null, "id": "region_6587", "name": "private_0x0000006ab96c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 458377396224, "timestamp": "00:01:34.288", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 458377461760, "type": "region", "version": 1 }, "end_va": 458377465855, "entry_point": 0, "filename": null, "id": "region_6727", "name": "private_0x0000006ab96d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 458377461760, "timestamp": "00:01:35.419", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 458391093248, "type": "region", "version": 1 }, "end_va": 458391097343, "entry_point": 0, "filename": null, "id": "region_6729", "name": "private_0x0000006aba3d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 458391093248, "timestamp": "00:01:35.422", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 458391158784, "type": "region", "version": 1 }, "end_va": 458391162879, "entry_point": 0, "filename": null, "id": "region_6730", "name": "private_0x0000006aba3e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 458391158784, "timestamp": "00:01:35.422", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 458391224320, "type": "region", "version": 1 }, "end_va": 458391228415, "entry_point": 0, "filename": null, "id": "region_6731", "name": "private_0x0000006aba3f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 458391224320, "timestamp": "00:01:35.422", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 458391289856, "type": "region", "version": 1 }, "end_va": 458391293951, "entry_point": 0, "filename": null, "id": "region_6732", "name": "private_0x0000006aba400000", "norm_filename": null, "region_type": "private_memory", "start_va": 458391289856, "timestamp": "00:01:35.422", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 458391355392, "type": "region", "version": 1 }, "end_va": 458391359487, "entry_point": 0, "filename": null, "id": "region_6733", "name": "private_0x0000006aba410000", "norm_filename": null, "region_type": "private_memory", "start_va": 458391355392, "timestamp": "00:01:35.422", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 458391420928, "type": "region", "version": 1 }, "end_va": 458391425023, "entry_point": 0, "filename": null, "id": "region_6734", "name": "private_0x0000006aba420000", "norm_filename": null, "region_type": "private_memory", "start_va": 458391420928, "timestamp": "00:01:35.422", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 458391486464, "type": "region", "version": 1 }, "end_va": 458391490559, "entry_point": 0, "filename": null, "id": "region_6735", "name": "private_0x0000006aba430000", "norm_filename": null, "region_type": "private_memory", "start_va": 458391486464, "timestamp": "00:01:35.422", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 458391552000, "type": "region", "version": 1 }, "end_va": 458391556095, "entry_point": 0, "filename": null, "id": "region_6736", "name": "private_0x0000006aba440000", "norm_filename": null, "region_type": "private_memory", "start_va": 458391552000, "timestamp": "00:01:35.422", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 458391617536, "type": "region", "version": 1 }, "end_va": 458391621631, "entry_point": 0, "filename": null, "id": "region_6737", "name": "private_0x0000006aba450000", "norm_filename": null, "region_type": "private_memory", "start_va": 458391617536, "timestamp": "00:01:35.422", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 458391683072, "type": "region", "version": 1 }, "end_va": 458391687167, "entry_point": 0, "filename": null, "id": "region_6738", "name": "private_0x0000006aba460000", "norm_filename": null, "region_type": "private_memory", "start_va": 458391683072, "timestamp": "00:01:35.422", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 458391748608, "type": "region", "version": 1 }, "end_va": 458391752703, "entry_point": 0, "filename": null, "id": "region_6739", "name": "private_0x0000006aba470000", "norm_filename": null, "region_type": "private_memory", "start_va": 458391748608, "timestamp": "00:01:35.422", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 458391814144, "type": "region", "version": 1 }, "end_va": 458391818239, "entry_point": 0, "filename": null, "id": "region_6740", "name": "private_0x0000006aba480000", "norm_filename": null, "region_type": "private_memory", "start_va": 458391814144, "timestamp": "00:01:35.422", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 458391879680, "type": "region", "version": 1 }, "end_va": 458391883775, "entry_point": 0, "filename": null, "id": "region_6741", "name": "private_0x0000006aba490000", "norm_filename": null, "region_type": "private_memory", "start_va": 458391879680, "timestamp": "00:01:35.422", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 458391945216, "type": "region", "version": 1 }, "end_va": 458391949311, "entry_point": 0, "filename": null, "id": "region_6742", "name": "private_0x0000006aba4a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 458391945216, "timestamp": "00:01:35.422", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 458392010752, "type": "region", "version": 1 }, "end_va": 458392014847, "entry_point": 0, "filename": null, "id": "region_6743", "name": "private_0x0000006aba4b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 458392010752, "timestamp": "00:01:35.422", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 458392076288, "type": "region", "version": 1 }, "end_va": 458392080383, "entry_point": 0, "filename": null, "id": "region_6744", "name": "private_0x0000006aba4c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 458392076288, "timestamp": "00:01:35.422", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 458392141824, "type": "region", "version": 1 }, "end_va": 458392145919, "entry_point": 0, "filename": null, "id": "region_6745", "name": "private_0x0000006aba4d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 458392141824, "timestamp": "00:01:35.422", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 458392207360, "type": "region", "version": 1 }, "end_va": 458392211455, "entry_point": 0, "filename": null, "id": "region_6746", "name": "private_0x0000006aba4e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 458392207360, "timestamp": "00:01:35.422", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 458392272896, "type": "region", "version": 1 }, "end_va": 458392276991, "entry_point": 0, "filename": null, "id": "region_6747", "name": "private_0x0000006aba4f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 458392272896, "timestamp": "00:01:35.422", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 458392338432, "type": "region", "version": 1 }, "end_va": 458392342527, "entry_point": 0, "filename": null, "id": "region_6748", "name": "private_0x0000006aba500000", "norm_filename": null, "region_type": "private_memory", "start_va": 458392338432, "timestamp": "00:01:35.422", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 458392403968, "type": "region", "version": 1 }, "end_va": 458392408063, "entry_point": 0, "filename": null, "id": "region_6749", "name": "private_0x0000006aba510000", "norm_filename": null, "region_type": "private_memory", "start_va": 458392403968, "timestamp": "00:01:35.422", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 458392469504, "type": "region", "version": 1 }, "end_va": 458392473599, "entry_point": 0, "filename": null, "id": "region_6750", "name": "private_0x0000006aba520000", "norm_filename": null, "region_type": "private_memory", "start_va": 458392469504, "timestamp": "00:01:35.422", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 458392535040, "type": "region", "version": 1 }, "end_va": 458392539135, "entry_point": 0, "filename": null, "id": "region_6751", "name": "private_0x0000006aba530000", "norm_filename": null, "region_type": "private_memory", "start_va": 458392535040, "timestamp": "00:01:35.422", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 458392600576, "type": "region", "version": 1 }, "end_va": 458392604671, "entry_point": 0, "filename": null, "id": "region_6752", "name": "private_0x0000006aba540000", "norm_filename": null, "region_type": "private_memory", "start_va": 458392600576, "timestamp": "00:01:35.422", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 458392666112, "type": "region", "version": 1 }, "end_va": 458392670207, "entry_point": 0, "filename": null, "id": "region_6753", "name": "private_0x0000006aba550000", "norm_filename": null, "region_type": "private_memory", "start_va": 458392666112, "timestamp": "00:01:35.422", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 458392731648, "type": "region", "version": 1 }, "end_va": 458392735743, "entry_point": 0, "filename": null, "id": "region_6754", "name": "private_0x0000006aba560000", "norm_filename": null, "region_type": "private_memory", "start_va": 458392731648, "timestamp": "00:01:35.422", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 458392797184, "type": "region", "version": 1 }, "end_va": 458392801279, "entry_point": 0, "filename": null, "id": "region_6755", "name": "private_0x0000006aba570000", "norm_filename": null, "region_type": "private_memory", "start_va": 458392797184, "timestamp": "00:01:35.422", "type": "region", "version": 1 } ], "terminate_reason": "timeout", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "C:\\Windows\\system32\\svchost.exe -k RPCSS", "filename": "c:\\windows\\system32\\svchost.exe", "id": "proc_42", "image_name": "svchost.exe", "monitor_reason": "child_process", "monitored_id": 42, "origin_monitor_id": 39, "ref_parent_process": { "ref_id": "proc_39", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable" ], "ref_process_dump": null, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_3309", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:01:11.681", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 131072, "start_va": 344008556544, "type": "region", "version": 1 }, "end_va": 344008687615, "entry_point": 0, "filename": null, "id": "region_3310", "name": "private_0x0000005018820000", "norm_filename": null, "region_type": "private_memory", "start_va": 344008556544, "timestamp": "00:01:11.681", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 61440, "start_va": 344008687616, "type": "region", "version": 1 }, "end_va": 344008749055, "entry_point": 0, "filename": null, "id": "region_3311", "name": "pagefile_0x0000005018840000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 344008687616, "timestamp": "00:01:11.681", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 344008753152, "type": "region", "version": 1 }, "end_va": 344009277439, "entry_point": 0, "filename": null, "id": "region_3312", "name": "private_0x0000005018850000", "norm_filename": null, "region_type": "private_memory", "start_va": 344008753152, "timestamp": "00:01:11.681", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 344009277440, "type": "region", "version": 1 }, "end_va": 344009293823, "entry_point": 0, "filename": null, "id": "region_3313", "name": "pagefile_0x00000050188d0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 344009277440, "timestamp": "00:01:11.681", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 140694940614656, "type": "region", "version": 1 }, "end_va": 140694940758015, "entry_point": 0, "filename": null, "id": "region_3314", "name": "pagefile_0x00007ff617f50000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 140694940614656, "timestamp": "00:01:11.681", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 140694940762112, "type": "region", "version": 1 }, "end_va": 140694940766207, "entry_point": 0, "filename": null, "id": "region_3315", "name": "private_0x00007ff617f74000", "norm_filename": null, "region_type": "private_memory", "start_va": 140694940762112, "timestamp": "00:01:11.681", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140694940803072, "type": "region", "version": 1 }, "end_va": 140694940811263, "entry_point": 0, "filename": null, "id": "region_3316", "name": "private_0x00007ff617f7e000", "norm_filename": null, "region_type": "private_memory", "start_va": 140694940803072, "timestamp": "00:01:11.681", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 140694944612352, "type": "region", "version": 1 }, "end_va": 140694944661503, "entry_point": 140694944620940, "filename": "\\Windows\\System32\\svchost.exe", "id": "region_3317", "name": "svchost.exe", "norm_filename": "c:\\windows\\system32\\svchost.exe", "region_type": "memory_mapped_file", "start_va": 140694944612352, "timestamp": "00:01:11.681", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 140725133115392, "type": "region", "version": 1 }, "end_va": 140725134856191, "entry_point": 140725133115392, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_3318", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 140725133115392, "timestamp": "00:01:11.683", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 344009342976, "type": "region", "version": 1 }, "end_va": 344009347071, "entry_point": 0, "filename": null, "id": "region_3319", "name": "pagefile_0x00000050188e0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 344009342976, "timestamp": "00:01:11.683", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 344009408512, "type": "region", "version": 1 }, "end_va": 344009416703, "entry_point": 0, "filename": null, "id": "region_3320", "name": "private_0x00000050188f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 344009408512, "timestamp": "00:01:11.684", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 344010326016, "type": "region", "version": 1 }, "end_va": 344011374591, "entry_point": 0, "filename": null, "id": "region_3321", "name": "private_0x00000050189d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 344010326016, "timestamp": "00:01:11.690", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1105920, "start_va": 140725090648064, "type": "region", "version": 1 }, "end_va": 140725091753983, "entry_point": 140725090656928, "filename": "\\Windows\\System32\\KernelBase.dll", "id": "region_3322", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\system32\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 140725090648064, "timestamp": "00:01:11.690", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1282048, "start_va": 140725124988928, "type": "region", "version": 1 }, "end_va": 140725126270975, "entry_point": 140725125009460, "filename": "\\Windows\\System32\\kernel32.dll", "id": "region_3323", "name": "kernel32.dll", "norm_filename": "c:\\windows\\system32\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 140725124988928, "timestamp": "00:01:11.691", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 344008556544, "type": "region", "version": 1 }, "end_va": 344008622079, "entry_point": 0, "filename": null, "id": "region_3324", "name": "pagefile_0x0000005018820000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 344008556544, "timestamp": "00:01:11.692", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 140694939566080, "type": "region", "version": 1 }, "end_va": 140694940614655, "entry_point": 0, "filename": null, "id": "region_3325", "name": "pagefile_0x00007ff617e50000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 140694939566080, "timestamp": "00:01:11.692", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 516096, "start_va": 344009474048, "type": "region", "version": 1 }, "end_va": 344009990143, "entry_point": 344009474048, "filename": "\\Windows\\System32\\locale.nls", "id": "region_3326", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 344009474048, "timestamp": "00:01:11.694", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 356352, "start_va": 140725098184704, "type": "region", "version": 1 }, "end_va": 140725098541055, "entry_point": 140725098194176, "filename": "\\Windows\\System32\\sechost.dll", "id": "region_3327", "name": "sechost.dll", "norm_filename": "c:\\windows\\system32\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 140725098184704, "timestamp": "00:01:11.696", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1269760, "start_va": 140725127806976, "type": "region", "version": 1 }, "end_va": 140725129076735, "entry_point": 140725127811408, "filename": "\\Windows\\System32\\rpcrt4.dll", "id": "region_3328", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\system32\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 140725127806976, "timestamp": "00:01:11.697", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 28672, "start_va": 344008622080, "type": "region", "version": 1 }, "end_va": 344008650751, "entry_point": 0, "filename": null, "id": "region_3329", "name": "private_0x0000005018830000", "norm_filename": null, "region_type": "private_memory", "start_va": 344008622080, "timestamp": "00:01:11.704", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 344011374592, "type": "region", "version": 1 }, "end_va": 344011898879, "entry_point": 0, "filename": null, "id": "region_3331", "name": "private_0x0000005018ad0000", "norm_filename": null, "region_type": "private_memory", "start_va": 344011374592, "timestamp": "00:01:11.974", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 344011898880, "type": "region", "version": 1 }, "end_va": 344012423167, "entry_point": 0, "filename": null, "id": "region_3332", "name": "private_0x0000005018b50000", "norm_filename": null, "region_type": "private_memory", "start_va": 344011898880, "timestamp": "00:01:11.974", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2969600, "start_va": 344012423168, "type": "region", "version": 1 }, "end_va": 344015392767, "entry_point": 344012423168, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_3333", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 344012423168, "timestamp": "00:01:11.974", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140694940786688, "type": "region", "version": 1 }, "end_va": 140694940794879, "entry_point": 0, "filename": null, "id": "region_3334", "name": "private_0x00007ff617f7a000", "norm_filename": null, "region_type": "private_memory", "start_va": 140694940786688, "timestamp": "00:01:11.974", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140694940794880, "type": "region", "version": 1 }, "end_va": 140694940803071, "entry_point": 0, "filename": null, "id": "region_3335", "name": "private_0x00007ff617f7c000", "norm_filename": null, "region_type": "private_memory", "start_va": 140694940794880, "timestamp": "00:01:11.974", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 90112, "start_va": 140725070856192, "type": "region", "version": 1 }, "end_va": 140725070946303, "entry_point": 140725070856192, "filename": "\\Windows\\System32\\RpcEpMap.dll", "id": "region_3336", "name": "rpcepmap.dll", "norm_filename": "c:\\windows\\system32\\rpcepmap.dll", "region_type": "memory_mapped_file", "start_va": 140725070856192, "timestamp": "00:01:11.978", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 176128, "start_va": 140725084618752, "type": "region", "version": 1 }, "end_va": 140725084794879, "entry_point": 140725084624016, "filename": "\\Windows\\System32\\sspicli.dll", "id": "region_3337", "name": "sspicli.dll", "norm_filename": "c:\\windows\\system32\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 140725084618752, "timestamp": "00:01:11.994", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 344009998336, "type": "region", "version": 1 }, "end_va": 344010002431, "entry_point": 0, "filename": null, "id": "region_3338", "name": "private_0x0000005018980000", "norm_filename": null, "region_type": "private_memory", "start_va": 344009998336, "timestamp": "00:01:11.996", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 73728, "start_va": 140725070725120, "type": "region", "version": 1 }, "end_va": 140725070798847, "entry_point": 140725070725120, "filename": "\\Windows\\System32\\RpcRtRemote.dll", "id": "region_3348", "name": "rpcrtremote.dll", "norm_filename": "c:\\windows\\system32\\rpcrtremote.dll", "region_type": "memory_mapped_file", "start_va": 140725070725120, "timestamp": "00:01:12.003", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 774144, "start_va": 140725070987264, "type": "region", "version": 1 }, "end_va": 140725071761407, "entry_point": 140725071169384, "filename": "\\Windows\\System32\\rpcss.dll", "id": "region_3363", "name": "rpcss.dll", "norm_filename": "c:\\windows\\system32\\rpcss.dll", "region_type": "memory_mapped_file", "start_va": 140725070987264, "timestamp": "00:01:12.033", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 684032, "start_va": 140725098577920, "type": "region", "version": 1 }, "end_va": 140725099261951, "entry_point": 140725098588204, "filename": "\\Windows\\System32\\msvcrt.dll", "id": "region_3364", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\system32\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 140725098577920, "timestamp": "00:01:12.034", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 282624, "start_va": 140725086126080, "type": "region", "version": 1 }, "end_va": 140725086408703, "entry_point": 140725086130832, "filename": "\\Windows\\System32\\powrprof.dll", "id": "region_3365", "name": "powrprof.dll", "norm_filename": "c:\\windows\\system32\\powrprof.dll", "region_type": "memory_mapped_file", "start_va": 140725086126080, "timestamp": "00:01:12.035", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1929216, "start_va": 140725131149312, "type": "region", "version": 1 }, "end_va": 140725133078527, "entry_point": 140725131157344, "filename": "\\Windows\\System32\\combase.dll", "id": "region_3366", "name": "combase.dll", "norm_filename": "c:\\windows\\system32\\combase.dll", "region_type": "memory_mapped_file", "start_va": 140725131149312, "timestamp": "00:01:12.036", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 344009998336, "type": "region", "version": 1 }, "end_va": 344010260479, "entry_point": 0, "filename": null, "id": "region_3367", "name": "private_0x0000005018980000", "norm_filename": null, "region_type": "private_memory", "start_va": 344009998336, "timestamp": "00:01:12.039", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 28672, "start_va": 344009998336, "type": "region", "version": 1 }, "end_va": 344010027007, "entry_point": 0, "filename": null, "id": "region_3368", "name": "private_0x0000005018980000", "norm_filename": null, "region_type": "private_memory", "start_va": 344009998336, "timestamp": "00:01:12.040", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 344010194944, "type": "region", "version": 1 }, "end_va": 344010260479, "entry_point": 0, "filename": null, "id": "region_3369", "name": "private_0x00000050189b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 344010194944, "timestamp": "00:01:12.040", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 344015437824, "type": "region", "version": 1 }, "end_va": 344015962111, "entry_point": 0, "filename": null, "id": "region_3375", "name": "private_0x0000005018eb0000", "norm_filename": null, "region_type": "private_memory", "start_va": 344015437824, "timestamp": "00:01:12.046", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140694940778496, "type": "region", "version": 1 }, "end_va": 140694940786687, "entry_point": 0, "filename": null, "id": "region_3376", "name": "private_0x00007ff617f78000", "norm_filename": null, "region_type": "private_memory", "start_va": 140694940778496, "timestamp": "00:01:12.046", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 122880, "start_va": 140725079769088, "type": "region", "version": 1 }, "end_va": 140725079891967, "entry_point": 140725079773640, "filename": "\\Windows\\System32\\cryptsp.dll", "id": "region_3377", "name": "cryptsp.dll", "norm_filename": "c:\\windows\\system32\\cryptsp.dll", "region_type": "memory_mapped_file", "start_va": 140725079769088, "timestamp": "00:01:12.047", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 217088, "start_va": 140725075443712, "type": "region", "version": 1 }, "end_va": 140725075660799, "entry_point": 140725075448792, "filename": "\\Windows\\System32\\rsaenh.dll", "id": "region_3378", "name": "rsaenh.dll", "norm_filename": "c:\\windows\\system32\\rsaenh.dll", "region_type": "memory_mapped_file", "start_va": 140725075443712, "timestamp": "00:01:12.048", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 155648, "start_va": 140725082062848, "type": "region", "version": 1 }, "end_va": 140725082218495, "entry_point": 140725082086248, "filename": "\\Windows\\System32\\bcrypt.dll", "id": "region_3379", "name": "bcrypt.dll", "norm_filename": "c:\\windows\\system32\\bcrypt.dll", "region_type": "memory_mapped_file", "start_va": 140725082062848, "timestamp": "00:01:12.049", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 140725085208576, "type": "region", "version": 1 }, "end_va": 140725085249535, "entry_point": 140725085212688, "filename": "\\Windows\\System32\\cryptbase.dll", "id": "region_3380", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\system32\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 140725085208576, "timestamp": "00:01:12.052", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 385024, "start_va": 140725084815360, "type": "region", "version": 1 }, "end_va": 140725085200383, "entry_point": 140725084944032, "filename": "\\Windows\\System32\\bcryptprimitives.dll", "id": "region_3381", "name": "bcryptprimitives.dll", "norm_filename": "c:\\windows\\system32\\bcryptprimitives.dll", "region_type": "memory_mapped_file", "start_va": 140725084815360, "timestamp": "00:01:12.053", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 360448, "start_va": 140725127020544, "type": "region", "version": 1 }, "end_va": 140725127380991, "entry_point": 140725127024796, "filename": "\\Windows\\System32\\ws2_32.dll", "id": "region_3382", "name": "ws2_32.dll", "norm_filename": "c:\\windows\\system32\\ws2_32.dll", "region_type": "memory_mapped_file", "start_va": 140725127020544, "timestamp": "00:01:12.055", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 36864, "start_va": 140725103886336, "type": "region", "version": 1 }, "end_va": 140725103923199, "entry_point": 140725103891456, "filename": "\\Windows\\System32\\nsi.dll", "id": "region_3383", "name": "nsi.dll", "norm_filename": "c:\\windows\\system32\\nsi.dll", "region_type": "memory_mapped_file", "start_va": 140725103886336, "timestamp": "00:01:12.056", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 360448, "start_va": 140725079375872, "type": "region", "version": 1 }, "end_va": 140725079736319, "entry_point": 140725079379984, "filename": "\\Windows\\System32\\mswsock.dll", "id": "region_3384", "name": "mswsock.dll", "norm_filename": "c:\\windows\\system32\\mswsock.dll", "region_type": "memory_mapped_file", "start_va": 140725079375872, "timestamp": "00:01:12.060", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 12288, "start_va": 344010063872, "type": "region", "version": 1 }, "end_va": 344010076159, "entry_point": 0, "filename": null, "id": "region_3385", "name": "pagefile_0x0000005018990000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 344010063872, "timestamp": "00:01:12.074", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 344010129408, "type": "region", "version": 1 }, "end_va": 344010133503, "entry_point": 0, "filename": null, "id": "region_3386", "name": "pagefile_0x00000050189a0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 344010129408, "timestamp": "00:01:12.074", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4169728, "start_va": 344015962112, "type": "region", "version": 1 }, "end_va": 344020131839, "entry_point": 0, "filename": null, "id": "region_3387", "name": "pagefile_0x0000005018f30000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 344015962112, "timestamp": "00:01:12.074", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 344020156416, "type": "region", "version": 1 }, "end_va": 344020680703, "entry_point": 0, "filename": null, "id": "region_3400", "name": "private_0x0000005019330000", "norm_filename": null, "region_type": "private_memory", "start_va": 344020156416, "timestamp": "00:01:12.108", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140694940770304, "type": "region", "version": 1 }, "end_va": 140694940778495, "entry_point": 0, "filename": null, "id": "region_3401", "name": "private_0x00007ff617f76000", "norm_filename": null, "region_type": "private_memory", "start_va": 140694940770304, "timestamp": "00:01:12.108", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 745472, "start_va": 140725068824576, "type": "region", "version": 1 }, "end_va": 140725069570047, "entry_point": 140725068824576, "filename": "\\Windows\\System32\\FirewallAPI.dll", "id": "region_3414", "name": "firewallapi.dll", "norm_filename": "c:\\windows\\system32\\firewallapi.dll", "region_type": "memory_mapped_file", "start_va": 140725068824576, "timestamp": "00:01:12.127", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 344020680704, "type": "region", "version": 1 }, "end_va": 344021204991, "entry_point": 0, "filename": null, "id": "region_3416", "name": "private_0x00000050193b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 344020680704, "timestamp": "00:01:12.150", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140694939557888, "type": "region", "version": 1 }, "end_va": 140694939566079, "entry_point": 0, "filename": null, "id": "region_3417", "name": "private_0x00007ff617e4e000", "norm_filename": null, "region_type": "private_memory", "start_va": 140694939557888, "timestamp": "00:01:12.150", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 344021204992, "type": "region", "version": 1 }, "end_va": 344021729279, "entry_point": 0, "filename": null, "id": "region_3719", "name": "private_0x0000005019430000", "norm_filename": null, "region_type": "private_memory", "start_va": 344021204992, "timestamp": "00:01:15.463", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140694939549696, "type": "region", "version": 1 }, "end_va": 140694939557887, "entry_point": 0, "filename": null, "id": "region_3720", "name": "private_0x00007ff617e4c000", "norm_filename": null, "region_type": "private_memory", "start_va": 140694939549696, "timestamp": "00:01:15.463", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 344021729280, "type": "region", "version": 1 }, "end_va": 344022253567, "entry_point": 0, "filename": null, "id": "region_4004", "name": "private_0x00000050194b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 344021729280, "timestamp": "00:01:16.806", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140694939541504, "type": "region", "version": 1 }, "end_va": 140694939549695, "entry_point": 0, "filename": null, "id": "region_4005", "name": "private_0x00007ff617e4a000", "norm_filename": null, "region_type": "private_memory", "start_va": 140694939541504, "timestamp": "00:01:16.806", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 140725068431360, "type": "region", "version": 1 }, "end_va": 140725068472319, "entry_point": 140725068437320, "filename": "\\Windows\\System32\\kernel.appcore.dll", "id": "region_4006", "name": "kernel.appcore.dll", "norm_filename": "c:\\windows\\system32\\kernel.appcore.dll", "region_type": "memory_mapped_file", "start_va": 140725068431360, "timestamp": "00:01:16.806", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 344010260480, "type": "region", "version": 1 }, "end_va": 344010264575, "entry_point": 0, "filename": null, "id": "region_4007", "name": "pagefile_0x00000050189c0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 344010260480, "timestamp": "00:01:16.807", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 671744, "start_va": 140725095825408, "type": "region", "version": 1 }, "end_va": 140725096497151, "entry_point": 140725095829872, "filename": "\\Windows\\System32\\clbcatq.dll", "id": "region_4008", "name": "clbcatq.dll", "norm_filename": "c:\\windows\\system32\\clbcatq.dll", "region_type": "memory_mapped_file", "start_va": 140725095825408, "timestamp": "00:01:16.808", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 344022253568, "type": "region", "version": 1 }, "end_va": 344022257663, "entry_point": 0, "filename": null, "id": "region_4009", "name": "pagefile_0x0000005019530000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 344022253568, "timestamp": "00:01:16.810", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 344022319104, "type": "region", "version": 1 }, "end_va": 344022843391, "entry_point": 0, "filename": null, "id": "region_4477", "name": "private_0x0000005019540000", "norm_filename": null, "region_type": "private_memory", "start_va": 344022319104, "timestamp": "00:01:19.949", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140694939533312, "type": "region", "version": 1 }, "end_va": 140694939541503, "entry_point": 0, "filename": null, "id": "region_4478", "name": "private_0x00007ff617e48000", "norm_filename": null, "region_type": "private_memory", "start_va": 140694939533312, "timestamp": "00:01:19.949", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 675840, "start_va": 140725126299648, "type": "region", "version": 1 }, "end_va": 140725126975487, "entry_point": 140725126303760, "filename": "\\Windows\\System32\\advapi32.dll", "id": "region_4495", "name": "advapi32.dll", "norm_filename": "c:\\windows\\system32\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 140725126299648, "timestamp": "00:01:19.991", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2330624, "start_va": 344022843392, "type": "region", "version": 1 }, "end_va": 344025174015, "entry_point": 344022971652, "filename": "\\Windows\\explorer.exe", "id": "region_5230", "name": "explorer.exe", "norm_filename": "c:\\windows\\explorer.exe", "region_type": "memory_mapped_file", "start_va": 344022843392, "timestamp": "00:01:22.991", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 421888, "start_va": 140725008334848, "type": "region", "version": 1 }, "end_va": 140725008756735, "entry_point": 140725008342036, "filename": "\\Windows\\System32\\FWPUCLNT.DLL", "id": "region_5308", "name": "fwpuclnt.dll", "norm_filename": "c:\\windows\\system32\\fwpuclnt.dll", "region_type": "memory_mapped_file", "start_va": 140725008334848, "timestamp": "00:01:23.770", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 53248, "start_va": 344022843392, "type": "region", "version": 1 }, "end_va": 344022896639, "entry_point": 344022843392, "filename": "\\Windows\\System32\\rundll32.exe", "id": "region_5473", "name": "rundll32.exe", "norm_filename": "c:\\windows\\system32\\rundll32.exe", "region_type": "memory_mapped_file", "start_va": 344022843392, "timestamp": "00:01:24.904", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 53248, "start_va": 344022843392, "type": "region", "version": 1 }, "end_va": 344022896639, "entry_point": 344022859532, "filename": "\\Windows\\System32\\rundll32.exe", "id": "region_5481", "name": "rundll32.exe", "norm_filename": "c:\\windows\\system32\\rundll32.exe", "region_type": "memory_mapped_file", "start_va": 344022843392, "timestamp": "00:01:24.989", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 32768, "start_va": 344022843392, "type": "region", "version": 1 }, "end_va": 344022876159, "entry_point": 344022843392, "filename": "\\Windows\\System32\\ThumbnailExtractionHost.exe", "id": "region_5698", "name": "thumbnailextractionhost.exe", "norm_filename": "c:\\windows\\system32\\thumbnailextractionhost.exe", "region_type": "memory_mapped_file", "start_va": 344022843392, "timestamp": "00:01:25.932", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 344022843392, "type": "region", "version": 1 }, "end_va": 344023367679, "entry_point": 0, "filename": null, "id": "region_5780", "name": "private_0x00000050195c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 344022843392, "timestamp": "00:01:26.127", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140694939525120, "type": "region", "version": 1 }, "end_va": 140694939533311, "entry_point": 0, "filename": null, "id": "region_5781", "name": "private_0x00007ff617e46000", "norm_filename": null, "region_type": "private_memory", "start_va": 140694939525120, "timestamp": "00:01:26.127", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 32768, "start_va": 344023367680, "type": "region", "version": 1 }, "end_va": 344023400447, "entry_point": 344023387244, "filename": "\\Windows\\System32\\ThumbnailExtractionHost.exe", "id": "region_5829", "name": "thumbnailextractionhost.exe", "norm_filename": "c:\\windows\\system32\\thumbnailextractionhost.exe", "region_type": "memory_mapped_file", "start_va": 344023367680, "timestamp": "00:01:26.393", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 344023367680, "type": "region", "version": 1 }, "end_va": 344023891967, "entry_point": 0, "filename": null, "id": "region_6063", "name": "private_0x0000005019640000", "norm_filename": null, "region_type": "private_memory", "start_va": 344023367680, "timestamp": "00:01:30.751", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140694939516928, "type": "region", "version": 1 }, "end_va": 140694939525119, "entry_point": 0, "filename": null, "id": "region_6064", "name": "private_0x00007ff617e44000", "norm_filename": null, "region_type": "private_memory", "start_va": 140694939516928, "timestamp": "00:01:30.751", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 344023891968, "type": "region", "version": 1 }, "end_va": 344024940543, "entry_point": 0, "filename": null, "id": "region_6088", "name": "private_0x00000050196c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 344023891968, "timestamp": "00:01:31.039", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 344024940544, "type": "region", "version": 1 }, "end_va": 344025464831, "entry_point": 0, "filename": null, "id": "region_6229", "name": "private_0x00000050197c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 344024940544, "timestamp": "00:01:32.322", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140694939508736, "type": "region", "version": 1 }, "end_va": 140694939516927, "entry_point": 0, "filename": null, "id": "region_6230", "name": "private_0x00007ff617e42000", "norm_filename": null, "region_type": "private_memory", "start_va": 140694939508736, "timestamp": "00:01:32.322", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 344025464832, "type": "region", "version": 1 }, "end_va": 344025989119, "entry_point": 0, "filename": null, "id": "region_6273", "name": "private_0x0000005019840000", "norm_filename": null, "region_type": "private_memory", "start_va": 344025464832, "timestamp": "00:01:32.602", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140694939500544, "type": "region", "version": 1 }, "end_va": 140694939508735, "entry_point": 0, "filename": null, "id": "region_6274", "name": "private_0x00007ff617e40000", "norm_filename": null, "region_type": "private_memory", "start_va": 140694939500544, "timestamp": "00:01:32.602", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 344025989120, "type": "region", "version": 1 }, "end_va": 344026513407, "entry_point": 0, "filename": null, "id": "region_6286", "name": "private_0x00000050198c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 344025989120, "timestamp": "00:01:32.702", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 344026513408, "type": "region", "version": 1 }, "end_va": 344027037695, "entry_point": 0, "filename": null, "id": "region_6287", "name": "private_0x0000005019940000", "norm_filename": null, "region_type": "private_memory", "start_va": 344026513408, "timestamp": "00:01:32.702", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140694939484160, "type": "region", "version": 1 }, "end_va": 140694939492351, "entry_point": 0, "filename": null, "id": "region_6288", "name": "private_0x00007ff617e3c000", "norm_filename": null, "region_type": "private_memory", "start_va": 140694939484160, "timestamp": "00:01:32.702", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140694939492352, "type": "region", "version": 1 }, "end_va": 140694939500543, "entry_point": 0, "filename": null, "id": "region_6289", "name": "private_0x00007ff617e3e000", "norm_filename": null, "region_type": "private_memory", "start_va": 140694939492352, "timestamp": "00:01:32.702", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 344027037696, "type": "region", "version": 1 }, "end_va": 344027561983, "entry_point": 0, "filename": null, "id": "region_6843", "name": "private_0x00000050199c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 344027037696, "timestamp": "00:01:35.951", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 344027561984, "type": "region", "version": 1 }, "end_va": 344028086271, "entry_point": 0, "filename": null, "id": "region_6844", "name": "private_0x0000005019a40000", "norm_filename": null, "region_type": "private_memory", "start_va": 344027561984, "timestamp": "00:01:35.951", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140694939467776, "type": "region", "version": 1 }, "end_va": 140694939475967, "entry_point": 0, "filename": null, "id": "region_6845", "name": "private_0x00007ff617e38000", "norm_filename": null, "region_type": "private_memory", "start_va": 140694939467776, "timestamp": "00:01:35.951", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140694939475968, "type": "region", "version": 1 }, "end_va": 140694939484159, "entry_point": 0, "filename": null, "id": "region_6846", "name": "private_0x00007ff617e3a000", "norm_filename": null, "region_type": "private_memory", "start_va": 140694939475968, "timestamp": "00:01:35.951", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 344028086272, "type": "region", "version": 1 }, "end_va": 344028610559, "entry_point": 0, "filename": null, "id": "region_6869", "name": "private_0x0000005019ac0000", "norm_filename": null, "region_type": "private_memory", "start_va": 344028086272, "timestamp": "00:01:36.039", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140694939459584, "type": "region", "version": 1 }, "end_va": 140694939467775, "entry_point": 0, "filename": null, "id": "region_6870", "name": "private_0x00007ff617e36000", "norm_filename": null, "region_type": "private_memory", "start_va": 140694939459584, "timestamp": "00:01:36.039", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 86016, "start_va": 344028610560, "type": "region", "version": 1 }, "end_va": 344028696575, "entry_point": 344028610560, "filename": "\\Windows\\System32\\mobsync.exe", "id": "region_7403", "name": "mobsync.exe", "norm_filename": "c:\\windows\\system32\\mobsync.exe", "region_type": "memory_mapped_file", "start_va": 344028610560, "timestamp": "00:01:40.300", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 86016, "start_va": 344028610560, "type": "region", "version": 1 }, "end_va": 344028696575, "entry_point": 344028621932, "filename": "\\Windows\\System32\\mobsync.exe", "id": "region_7541", "name": "mobsync.exe", "norm_filename": "c:\\windows\\system32\\mobsync.exe", "region_type": "memory_mapped_file", "start_va": 344028610560, "timestamp": "00:01:40.933", "type": "region", "version": 1 } ], "terminate_reason": "timeout", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "\"dwm.exe\"", "filename": "c:\\windows\\system32\\dwm.exe", "id": "proc_43", "image_name": "dwm.exe", "monitor_reason": "child_process", "monitored_id": 43, "origin_monitor_id": 38, "ref_parent_process": { "ref_id": "proc_38", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable" ], "ref_process_dump": null, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_3484", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:01:12.734", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 131072, "start_va": 554899472384, "type": "region", "version": 1 }, "end_va": 554899603455, "entry_point": 0, "filename": null, "id": "region_3485", "name": "private_0x0000008132960000", "norm_filename": null, "region_type": "private_memory", "start_va": 554899472384, "timestamp": "00:01:12.734", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 61440, "start_va": 554899603456, "type": "region", "version": 1 }, "end_va": 554899664895, "entry_point": 0, "filename": null, "id": "region_3486", "name": "pagefile_0x0000008132980000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 554899603456, "timestamp": "00:01:12.734", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 554899668992, "type": "region", "version": 1 }, "end_va": 554900193279, "entry_point": 0, "filename": null, "id": "region_3487", "name": "private_0x0000008132990000", "norm_filename": null, "region_type": "private_memory", "start_va": 554899668992, "timestamp": "00:01:12.734", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 554900193280, "type": "region", "version": 1 }, "end_va": 554900209663, "entry_point": 0, "filename": null, "id": "region_3488", "name": "pagefile_0x0000008132a10000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 554900193280, "timestamp": "00:01:12.734", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 140702993285120, "type": "region", "version": 1 }, "end_va": 140702993428479, "entry_point": 0, "filename": null, "id": "region_3489", "name": "pagefile_0x00007ff7f7ef0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 140702993285120, "timestamp": "00:01:12.734", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 140702993448960, "type": "region", "version": 1 }, "end_va": 140702993453055, "entry_point": 0, "filename": null, "id": "region_3490", "name": "private_0x00007ff7f7f18000", "norm_filename": null, "region_type": "private_memory", "start_va": 140702993448960, "timestamp": "00:01:12.734", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140702993473536, "type": "region", "version": 1 }, "end_va": 140702993481727, "entry_point": 0, "filename": null, "id": "region_3491", "name": "private_0x00007ff7f7f1e000", "norm_filename": null, "region_type": "private_memory", "start_va": 140702993473536, "timestamp": "00:01:12.734", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 131072, "start_va": 140703001149440, "type": "region", "version": 1 }, "end_va": 140703001280511, "entry_point": 140703001173904, "filename": "\\Windows\\System32\\dwm.exe", "id": "region_3492", "name": "dwm.exe", "norm_filename": "c:\\windows\\system32\\dwm.exe", "region_type": "memory_mapped_file", "start_va": 140703001149440, "timestamp": "00:01:12.734", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 140725133115392, "type": "region", "version": 1 }, "end_va": 140725134856191, "entry_point": 140725133115392, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_3493", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 140725133115392, "timestamp": "00:01:12.735", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 12288, "start_va": 554900258816, "type": "region", "version": 1 }, "end_va": 554900271103, "entry_point": 0, "filename": null, "id": "region_3509", "name": "pagefile_0x0000008132a20000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 554900258816, "timestamp": "00:01:12.767", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 554900324352, "type": "region", "version": 1 }, "end_va": 554900332543, "entry_point": 0, "filename": null, "id": "region_3511", "name": "private_0x0000008132a30000", "norm_filename": null, "region_type": "private_memory", "start_va": 554900324352, "timestamp": "00:01:12.768", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 554902028288, "type": "region", "version": 1 }, "end_va": 554903076863, "entry_point": 0, "filename": null, "id": "region_3512", "name": "private_0x0000008132bd0000", "norm_filename": null, "region_type": "private_memory", "start_va": 554902028288, "timestamp": "00:01:12.790", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1105920, "start_va": 140725090648064, "type": "region", "version": 1 }, "end_va": 140725091753983, "entry_point": 140725090656928, "filename": "\\Windows\\System32\\KernelBase.dll", "id": "region_3513", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\system32\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 140725090648064, "timestamp": "00:01:12.791", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1282048, "start_va": 140725124988928, "type": "region", "version": 1 }, "end_va": 140725126270975, "entry_point": 140725125009460, "filename": "\\Windows\\System32\\kernel32.dll", "id": "region_3514", "name": "kernel32.dll", "norm_filename": "c:\\windows\\system32\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 140725124988928, "timestamp": "00:01:12.791", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 554899472384, "type": "region", "version": 1 }, "end_va": 554899537919, "entry_point": 0, "filename": null, "id": "region_3515", "name": "pagefile_0x0000008132960000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 554899472384, "timestamp": "00:01:12.793", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 140702992236544, "type": "region", "version": 1 }, "end_va": 140702993285119, "entry_point": 0, "filename": null, "id": "region_3516", "name": "pagefile_0x00007ff7f7df0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 140702992236544, "timestamp": "00:01:12.793", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 516096, "start_va": 554900389888, "type": "region", "version": 1 }, "end_va": 554900905983, "entry_point": 554900389888, "filename": "\\Windows\\System32\\locale.nls", "id": "region_3517", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 554900389888, "timestamp": "00:01:12.795", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 569344, "start_va": 140725066203136, "type": "region", "version": 1 }, "end_va": 140725066772479, "entry_point": 140725066207268, "filename": "\\Windows\\System32\\apphelp.dll", "id": "region_3518", "name": "apphelp.dll", "norm_filename": "c:\\windows\\system32\\apphelp.dll", "region_type": "memory_mapped_file", "start_va": 140725066203136, "timestamp": "00:01:12.796", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 409600, "start_va": 554900914176, "type": "region", "version": 1 }, "end_va": 554901323775, "entry_point": 554900914176, "filename": "\\Windows\\apppatch\\apppatch64\\sysmain.sdb", "id": "region_3519", "name": "sysmain.sdb", "norm_filename": "c:\\windows\\apppatch\\apppatch64\\sysmain.sdb", "region_type": "memory_mapped_file", "start_va": 554900914176, "timestamp": "00:01:12.798", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 684032, "start_va": 140725098577920, "type": "region", "version": 1 }, "end_va": 140725099261951, "entry_point": 140725098588204, "filename": "\\Windows\\System32\\msvcrt.dll", "id": "region_3520", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\system32\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 140725098577920, "timestamp": "00:01:12.802", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1511424, "start_va": 140725093466112, "type": "region", "version": 1 }, "end_va": 140725094977535, "entry_point": 140725093620416, "filename": "\\Windows\\System32\\user32.dll", "id": "region_3521", "name": "user32.dll", "norm_filename": "c:\\windows\\system32\\user32.dll", "region_type": "memory_mapped_file", "start_va": 140725093466112, "timestamp": "00:01:12.803", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1331200, "start_va": 140725129773056, "type": "region", "version": 1 }, "end_va": 140725131104255, "entry_point": 140725129845848, "filename": "\\Windows\\System32\\gdi32.dll", "id": "region_3522", "name": "gdi32.dll", "norm_filename": "c:\\windows\\system32\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 140725129773056, "timestamp": "00:01:12.803", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 212992, "start_va": 140725095563264, "type": "region", "version": 1 }, "end_va": 140725095776255, "entry_point": 140725095567408, "filename": "\\Windows\\System32\\imm32.dll", "id": "region_3523", "name": "imm32.dll", "norm_filename": "c:\\windows\\system32\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 140725095563264, "timestamp": "00:01:12.804", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 28672, "start_va": 554899537920, "type": "region", "version": 1 }, "end_va": 554899566591, "entry_point": 0, "filename": null, "id": "region_3524", "name": "private_0x0000008132970000", "norm_filename": null, "region_type": "private_memory", "start_va": 554899537920, "timestamp": "00:01:12.804", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 176128, "start_va": 140725065678848, "type": "region", "version": 1 }, "end_va": 140725065854975, "entry_point": 140725065678848, "filename": "\\Windows\\System32\\dwmredir.dll", "id": "region_3525", "name": "dwmredir.dll", "norm_filename": "c:\\windows\\system32\\dwmredir.dll", "region_type": "memory_mapped_file", "start_va": 140725065678848, "timestamp": "00:01:12.807", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2158592, "start_va": 140725063516160, "type": "region", "version": 1 }, "end_va": 140725065674751, "entry_point": 140725063516160, "filename": "\\Windows\\System32\\dwmcore.dll", "id": "region_3662", "name": "dwmcore.dll", "norm_filename": "c:\\windows\\system32\\dwmcore.dll", "region_type": "memory_mapped_file", "start_va": 140725063516160, "timestamp": "00:01:15.292", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1277952, "start_va": 140725091762176, "type": "region", "version": 1 }, "end_va": 140725093040127, "entry_point": 140725091766288, "filename": "\\Windows\\System32\\msctf.dll", "id": "region_3663", "name": "msctf.dll", "norm_filename": "c:\\windows\\system32\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 140725091762176, "timestamp": "00:01:15.306", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 368640, "start_va": 140725043068928, "type": "region", "version": 1 }, "end_va": 140725043437567, "entry_point": 140725043073180, "filename": "\\Windows\\System32\\dcomp.dll", "id": "region_3666", "name": "dcomp.dll", "norm_filename": "c:\\windows\\system32\\dcomp.dll", "region_type": "memory_mapped_file", "start_va": 140725043068928, "timestamp": "00:01:15.329", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 851968, "start_va": 554900914176, "type": "region", "version": 1 }, "end_va": 554901766143, "entry_point": 0, "filename": null, "id": "region_3670", "name": "private_0x0000008132ac0000", "norm_filename": null, "region_type": "private_memory", "start_va": 554900914176, "timestamp": "00:01:15.349", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 28672, "start_va": 554900914176, "type": "region", "version": 1 }, "end_va": 554900942847, "entry_point": 0, "filename": null, "id": "region_3671", "name": "private_0x0000008132ac0000", "norm_filename": null, "region_type": "private_memory", "start_va": 554900914176, "timestamp": "00:01:15.350", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 554901700608, "type": "region", "version": 1 }, "end_va": 554901766143, "entry_point": 0, "filename": null, "id": "region_3672", "name": "private_0x0000008132b80000", "norm_filename": null, "region_type": "private_memory", "start_va": 554901700608, "timestamp": "00:01:15.350", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 554903076864, "type": "region", "version": 1 }, "end_va": 554904682495, "entry_point": 0, "filename": null, "id": "region_3673", "name": "pagefile_0x0000008132cd0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 554903076864, "timestamp": "00:01:15.357", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 554904715264, "type": "region", "version": 1 }, "end_va": 554906292223, "entry_point": 0, "filename": null, "id": "region_3674", "name": "pagefile_0x0000008132e60000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 554904715264, "timestamp": "00:01:15.357", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20971520, "start_va": 554906353664, "type": "region", "version": 1 }, "end_va": 554927325183, "entry_point": 0, "filename": null, "id": "region_3675", "name": "pagefile_0x0000008132ff0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 554906353664, "timestamp": "00:01:15.357", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 12288, "start_va": 554900979712, "type": "region", "version": 1 }, "end_va": 554900991999, "entry_point": 0, "filename": null, "id": "region_3676", "name": "pagefile_0x0000008132ad0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 554900979712, "timestamp": "00:01:15.367", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 554901045248, "type": "region", "version": 1 }, "end_va": 554901049343, "entry_point": 0, "filename": null, "id": "region_3677", "name": "pagefile_0x0000008132ae0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 554901045248, "timestamp": "00:01:15.367", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 554901110784, "type": "region", "version": 1 }, "end_va": 554901114879, "entry_point": 0, "filename": null, "id": "region_3678", "name": "private_0x0000008132af0000", "norm_filename": null, "region_type": "private_memory", "start_va": 554901110784, "timestamp": "00:01:15.367", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 554901176320, "type": "region", "version": 1 }, "end_va": 554901180415, "entry_point": 0, "filename": null, "id": "region_3679", "name": "private_0x0000008132b00000", "norm_filename": null, "region_type": "private_memory", "start_va": 554901176320, "timestamp": "00:01:15.367", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 554901241856, "type": "region", "version": 1 }, "end_va": 554901245951, "entry_point": 0, "filename": null, "id": "region_3680", "name": "private_0x0000008132b10000", "norm_filename": null, "region_type": "private_memory", "start_va": 554901241856, "timestamp": "00:01:15.367", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4169728, "start_va": 554927325184, "type": "region", "version": 1 }, "end_va": 554931494911, "entry_point": 0, "filename": null, "id": "region_3681", "name": "pagefile_0x00000081343f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 554927325184, "timestamp": "00:01:15.367", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1187840, "start_va": 140725066858496, "type": "region", "version": 1 }, "end_va": 140725068046335, "entry_point": 140725066904644, "filename": "\\Windows\\System32\\uxtheme.dll", "id": "region_3682", "name": "uxtheme.dll", "norm_filename": "c:\\windows\\system32\\uxtheme.dll", "region_type": "memory_mapped_file", "start_va": 140725066858496, "timestamp": "00:01:15.368", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1929216, "start_va": 140725131149312, "type": "region", "version": 1 }, "end_va": 140725133078527, "entry_point": 140725131157344, "filename": "\\Windows\\System32\\combase.dll", "id": "region_3683", "name": "combase.dll", "norm_filename": "c:\\windows\\system32\\combase.dll", "region_type": "memory_mapped_file", "start_va": 140725131149312, "timestamp": "00:01:15.370", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1269760, "start_va": 140725127806976, "type": "region", "version": 1 }, "end_va": 140725129076735, "entry_point": 140725127811408, "filename": "\\Windows\\System32\\rpcrt4.dll", "id": "region_3684", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\system32\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 140725127806976, "timestamp": "00:01:15.372", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 983040, "start_va": 554931519488, "type": "region", "version": 1 }, "end_va": 554932502527, "entry_point": 0, "filename": null, "id": "region_3685", "name": "private_0x00000081347f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 554931519488, "timestamp": "00:01:15.375", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 554901307392, "type": "region", "version": 1 }, "end_va": 554901311487, "entry_point": 0, "filename": null, "id": "region_3686", "name": "pagefile_0x0000008132b20000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 554901307392, "timestamp": "00:01:15.376", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 983040, "start_va": 554932502528, "type": "region", "version": 1 }, "end_va": 554933485567, "entry_point": 0, "filename": null, "id": "region_3687", "name": "pagefile_0x00000081348e0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 554932502528, "timestamp": "00:01:15.377", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 554901307392, "type": "region", "version": 1 }, "end_va": 554901323775, "entry_point": 0, "filename": null, "id": "region_3688", "name": "pagefile_0x0000008132b20000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 554901307392, "timestamp": "00:01:15.377", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 28672, "start_va": 554901372928, "type": "region", "version": 1 }, "end_va": 554901401599, "entry_point": 0, "filename": null, "id": "region_3689", "name": "private_0x0000008132b30000", "norm_filename": null, "region_type": "private_memory", "start_va": 554901372928, "timestamp": "00:01:15.377", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 356352, "start_va": 140725098184704, "type": "region", "version": 1 }, "end_va": 140725098541055, "entry_point": 140725098194176, "filename": "\\Windows\\System32\\sechost.dll", "id": "region_3690", "name": "sechost.dll", "norm_filename": "c:\\windows\\system32\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 140725098184704, "timestamp": "00:01:15.380", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 554931519488, "type": "region", "version": 1 }, "end_va": 554932043775, "entry_point": 0, "filename": null, "id": "region_3691", "name": "private_0x00000081347f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 554931519488, "timestamp": "00:01:15.388", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 554932436992, "type": "region", "version": 1 }, "end_va": 554932502527, "entry_point": 0, "filename": null, "id": "region_3692", "name": "private_0x00000081348d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 554932436992, "timestamp": "00:01:15.388", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 554933485568, "type": "region", "version": 1 }, "end_va": 554934009855, "entry_point": 0, "filename": null, "id": "region_3693", "name": "private_0x00000081349d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 554933485568, "timestamp": "00:01:15.388", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140702993457152, "type": "region", "version": 1 }, "end_va": 140702993465343, "entry_point": 0, "filename": null, "id": "region_3694", "name": "private_0x00007ff7f7f1a000", "norm_filename": null, "region_type": "private_memory", "start_va": 140702993457152, "timestamp": "00:01:15.388", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140702993465344, "type": "region", "version": 1 }, "end_va": 140702993473535, "entry_point": 0, "filename": null, "id": "region_3695", "name": "private_0x00007ff7f7f1c000", "norm_filename": null, "region_type": "private_memory", "start_va": 140702993465344, "timestamp": "00:01:15.388", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 554901438464, "type": "region", "version": 1 }, "end_va": 554901442559, "entry_point": 0, "filename": null, "id": "region_3698", "name": "pagefile_0x0000008132b40000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 554901438464, "timestamp": "00:01:15.414", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 554901504000, "type": "region", "version": 1 }, "end_va": 554901508095, "entry_point": 0, "filename": null, "id": "region_3699", "name": "pagefile_0x0000008132b50000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 554901504000, "timestamp": "00:01:15.414", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1650688, "start_va": 140725037039616, "type": "region", "version": 1 }, "end_va": 140725038690303, "entry_point": 140725037039616, "filename": "\\Windows\\System32\\WindowsCodecs.dll", "id": "region_3700", "name": "windowscodecs.dll", "norm_filename": "c:\\windows\\system32\\windowscodecs.dll", "region_type": "memory_mapped_file", "start_va": 140725037039616, "timestamp": "00:01:15.414", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 554934009856, "type": "region", "version": 1 }, "end_va": 554934534143, "entry_point": 0, "filename": null, "id": "region_3701", "name": "private_0x0000008134a50000", "norm_filename": null, "region_type": "private_memory", "start_va": 554934009856, "timestamp": "00:01:15.430", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140702993440768, "type": "region", "version": 1 }, "end_va": 140702993448959, "entry_point": 0, "filename": null, "id": "region_3702", "name": "private_0x00007ff7f7f16000", "norm_filename": null, "region_type": "private_memory", "start_va": 140702993440768, "timestamp": "00:01:15.430", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2129920, "start_va": 140725046935552, "type": "region", "version": 1 }, "end_va": 140725049065471, "entry_point": 140725047149852, "filename": "\\Windows\\System32\\d3d11.dll", "id": "region_3703", "name": "d3d11.dll", "norm_filename": "c:\\windows\\system32\\d3d11.dll", "region_type": "memory_mapped_file", "start_va": 140725046935552, "timestamp": "00:01:15.430", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 520192, "start_va": 140725046411264, "type": "region", "version": 1 }, "end_va": 140725046931455, "entry_point": 140725046444784, "filename": "\\Windows\\System32\\dxgi.dll", "id": "region_3704", "name": "dxgi.dll", "norm_filename": "c:\\windows\\system32\\dxgi.dll", "region_type": "memory_mapped_file", "start_va": 140725046411264, "timestamp": "00:01:15.432", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2969600, "start_va": 554934534144, "type": "region", "version": 1 }, "end_va": 554937503743, "entry_point": 554934534144, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_3705", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 554934534144, "timestamp": "00:01:15.436", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 554937548800, "type": "region", "version": 1 }, "end_va": 554938073087, "entry_point": 0, "filename": null, "id": "region_3706", "name": "private_0x0000008134db0000", "norm_filename": null, "region_type": "private_memory", "start_va": 554937548800, "timestamp": "00:01:15.439", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140702993432576, "type": "region", "version": 1 }, "end_va": 140702993440767, "entry_point": 0, "filename": null, "id": "region_3707", "name": "private_0x00007ff7f7f14000", "norm_filename": null, "region_type": "private_memory", "start_va": 140702993432576, "timestamp": "00:01:15.439", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2412544, "start_va": 140725043986432, "type": "region", "version": 1 }, "end_va": 140725046398975, "entry_point": 140725044101364, "filename": "\\Windows\\System32\\d3d10warp.dll", "id": "region_3708", "name": "d3d10warp.dll", "norm_filename": "c:\\windows\\system32\\d3d10warp.dll", "region_type": "memory_mapped_file", "start_va": 140725043986432, "timestamp": "00:01:15.439", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 554901569536, "type": "region", "version": 1 }, "end_va": 554901573631, "entry_point": 0, "filename": null, "id": "region_3710", "name": "private_0x0000008132b60000", "norm_filename": null, "region_type": "private_memory", "start_va": 554901569536, "timestamp": "00:01:15.447", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 554901635072, "type": "region", "version": 1 }, "end_va": 554901639167, "entry_point": 0, "filename": null, "id": "region_3711", "name": "private_0x0000008132b70000", "norm_filename": null, "region_type": "private_memory", "start_va": 554901635072, "timestamp": "00:01:15.447", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 554901766144, "type": "region", "version": 1 }, "end_va": 554901770239, "entry_point": 0, "filename": null, "id": "region_3712", "name": "private_0x0000008132b90000", "norm_filename": null, "region_type": "private_memory", "start_va": 554901766144, "timestamp": "00:01:15.447", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 554938073088, "type": "region", "version": 1 }, "end_va": 554938597375, "entry_point": 0, "filename": null, "id": "region_3713", "name": "private_0x0000008134e30000", "norm_filename": null, "region_type": "private_memory", "start_va": 554938073088, "timestamp": "00:01:15.448", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140702992228352, "type": "region", "version": 1 }, "end_va": 140702992236543, "entry_point": 0, "filename": null, "id": "region_3714", "name": "private_0x00007ff7f7dee000", "norm_filename": null, "region_type": "private_memory", "start_va": 140702992228352, "timestamp": "00:01:15.448", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 554901831680, "type": "region", "version": 1 }, "end_va": 554901835775, "entry_point": 0, "filename": null, "id": "region_3715", "name": "pagefile_0x0000008132ba0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 554901831680, "timestamp": "00:01:15.452", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 45056, "start_va": 140725036974080, "type": "region", "version": 1 }, "end_va": 140725037019135, "entry_point": 140725036974080, "filename": "\\Windows\\System32\\avrt.dll", "id": "region_3716", "name": "avrt.dll", "norm_filename": "c:\\windows\\system32\\avrt.dll", "region_type": "memory_mapped_file", "start_va": 140725036974080, "timestamp": "00:01:15.454", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 554938597376, "type": "region", "version": 1 }, "end_va": 554939121663, "entry_point": 0, "filename": null, "id": "region_3717", "name": "private_0x0000008134eb0000", "norm_filename": null, "region_type": "private_memory", "start_va": 554938597376, "timestamp": "00:01:15.460", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140702992220160, "type": "region", "version": 1 }, "end_va": 140702992228351, "entry_point": 0, "filename": null, "id": "region_3718", "name": "private_0x00007ff7f7dec000", "norm_filename": null, "region_type": "private_memory", "start_va": 140702992220160, "timestamp": "00:01:15.460", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 554901897216, "type": "region", "version": 1 }, "end_va": 554901901311, "entry_point": 0, "filename": null, "id": "region_3729", "name": "pagefile_0x0000008132bb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 554901897216, "timestamp": "00:01:15.477", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 554901962752, "type": "region", "version": 1 }, "end_va": 554901966847, "entry_point": 0, "filename": null, "id": "region_3730", "name": "pagefile_0x0000008132bc0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 554901962752, "timestamp": "00:01:15.477", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 554932043776, "type": "region", "version": 1 }, "end_va": 554932047871, "entry_point": 0, "filename": null, "id": "region_3731", "name": "pagefile_0x0000008134870000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 554932043776, "timestamp": "00:01:15.477", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 806912, "start_va": 140725036122112, "type": "region", "version": 1 }, "end_va": 140725036929023, "entry_point": 140725036122112, "filename": "\\Windows\\System32\\uDWM.dll", "id": "region_3732", "name": "udwm.dll", "norm_filename": "c:\\windows\\system32\\udwm.dll", "region_type": "memory_mapped_file", "start_va": 140725036122112, "timestamp": "00:01:15.488", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 978944, "start_va": 554939121664, "type": "region", "version": 1 }, "end_va": 554940100607, "entry_point": 554939121664, "filename": "\\Windows\\Resources\\Themes\\aero\\aero.msstyles", "id": "region_3733", "name": "aero.msstyles", "norm_filename": "c:\\windows\\resources\\themes\\aero\\aero.msstyles", "region_type": "memory_mapped_file", "start_va": 554939121664, "timestamp": "00:01:15.502", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 554940104704, "type": "region", "version": 1 }, "end_va": 554940628991, "entry_point": 0, "filename": null, "id": "region_3735", "name": "private_0x0000008135020000", "norm_filename": null, "region_type": "private_memory", "start_va": 554940104704, "timestamp": "00:01:15.565", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140702992211968, "type": "region", "version": 1 }, "end_va": 140702992220159, "entry_point": 0, "filename": null, "id": "region_3736", "name": "private_0x00007ff7f7dea000", "norm_filename": null, "region_type": "private_memory", "start_va": 140702992211968, "timestamp": "00:01:15.565", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 761856, "start_va": 554940628992, "type": "region", "version": 1 }, "end_va": 554941390847, "entry_point": 554940811112, "filename": "\\Windows\\System32\\rpcss.dll", "id": "region_3737", "name": "rpcss.dll", "norm_filename": "c:\\windows\\system32\\rpcss.dll", "region_type": "memory_mapped_file", "start_va": 554940628992, "timestamp": "00:01:15.569", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 140725068431360, "type": "region", "version": 1 }, "end_va": 140725068472319, "entry_point": 140725068437320, "filename": "\\Windows\\System32\\kernel.appcore.dll", "id": "region_3738", "name": "kernel.appcore.dll", "norm_filename": "c:\\windows\\system32\\kernel.appcore.dll", "region_type": "memory_mapped_file", "start_va": 140725068431360, "timestamp": "00:01:15.571", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 140725085208576, "type": "region", "version": 1 }, "end_va": 140725085249535, "entry_point": 140725085212688, "filename": "\\Windows\\System32\\cryptbase.dll", "id": "region_3739", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\system32\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 140725085208576, "timestamp": "00:01:15.573", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 385024, "start_va": 140725084815360, "type": "region", "version": 1 }, "end_va": 140725085200383, "entry_point": 140725084944032, "filename": "\\Windows\\System32\\bcryptprimitives.dll", "id": "region_3740", "name": "bcryptprimitives.dll", "norm_filename": "c:\\windows\\system32\\bcryptprimitives.dll", "region_type": "memory_mapped_file", "start_va": 140725084815360, "timestamp": "00:01:15.574", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 554932109312, "type": "region", "version": 1 }, "end_va": 554932113407, "entry_point": 0, "filename": null, "id": "region_3741", "name": "pagefile_0x0000008134880000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 554932109312, "timestamp": "00:01:15.576", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 671744, "start_va": 140725095825408, "type": "region", "version": 1 }, "end_va": 140725096497151, "entry_point": 140725095829872, "filename": "\\Windows\\System32\\clbcatq.dll", "id": "region_3742", "name": "clbcatq.dll", "norm_filename": "c:\\windows\\system32\\clbcatq.dll", "region_type": "memory_mapped_file", "start_va": 140725095825408, "timestamp": "00:01:15.577", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 554932174848, "type": "region", "version": 1 }, "end_va": 554932178943, "entry_point": 0, "filename": null, "id": "region_3743", "name": "pagefile_0x0000008134890000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 554932174848, "timestamp": "00:01:15.579", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 311296, "start_va": 140725049098240, "type": "region", "version": 1 }, "end_va": 140725049409535, "entry_point": 140725049186456, "filename": "\\Windows\\System32\\UIAnimation.dll", "id": "region_3744", "name": "uianimation.dll", "norm_filename": "c:\\windows\\system32\\uianimation.dll", "region_type": "memory_mapped_file", "start_va": 140725049098240, "timestamp": "00:01:15.580", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 98304, "start_va": 554932240384, "type": "region", "version": 1 }, "end_va": 554932338687, "entry_point": 0, "filename": null, "id": "region_3745", "name": "pagefile_0x00000081348a0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 554932240384, "timestamp": "00:01:15.586", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 196608, "start_va": 554940628992, "type": "region", "version": 1 }, "end_va": 554940825599, "entry_point": 0, "filename": null, "id": "region_3746", "name": "pagefile_0x00000081350a0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 554940628992, "timestamp": "00:01:15.586", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 554940825600, "type": "region", "version": 1 }, "end_va": 554941874175, "entry_point": 0, "filename": null, "id": "region_3747", "name": "private_0x00000081350d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 554940825600, "timestamp": "00:01:15.589", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 554932371456, "type": "region", "version": 1 }, "end_va": 554932375551, "entry_point": 0, "filename": null, "id": "region_3748", "name": "pagefile_0x00000081348c0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 554932371456, "timestamp": "00:01:15.597", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 2097152, "start_va": 554941874176, "type": "region", "version": 1 }, "end_va": 554943971327, "entry_point": 0, "filename": null, "id": "region_3749", "name": "private_0x00000081351d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 554941874176, "timestamp": "00:01:15.599", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4612096, "start_va": 140725031469056, "type": "region", "version": 1 }, "end_va": 140725036081151, "entry_point": 140725031469056, "filename": "\\Windows\\System32\\d2d1.dll", "id": "region_3750", "name": "d2d1.dll", "norm_filename": "c:\\windows\\system32\\d2d1.dll", "region_type": "memory_mapped_file", "start_va": 140725031469056, "timestamp": "00:01:15.639", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 554943971328, "type": "region", "version": 1 }, "end_va": 554945019903, "entry_point": 0, "filename": null, "id": "region_3751", "name": "private_0x00000081353d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 554943971328, "timestamp": "00:01:15.656", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 208896, "start_va": 554945019904, "type": "region", "version": 1 }, "end_va": 554945228799, "entry_point": 554945019904, "filename": "\\Windows\\System32\\en-US\\d2d1.dll.mui", "id": "region_3752", "name": "d2d1.dll.mui", "norm_filename": "c:\\windows\\system32\\en-us\\d2d1.dll.mui", "region_type": "memory_mapped_file", "start_va": 554945019904, "timestamp": "00:01:15.661", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 229376, "start_va": 140725031206912, "type": "region", "version": 1 }, "end_va": 140725031436287, "entry_point": 140725031206912, "filename": "\\Windows\\System32\\xmllite.dll", "id": "region_3753", "name": "xmllite.dll", "norm_filename": "c:\\windows\\system32\\xmllite.dll", "region_type": "memory_mapped_file", "start_va": 140725031206912, "timestamp": "00:01:15.676", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1220608, "start_va": 554945282048, "type": "region", "version": 1 }, "end_va": 554946502655, "entry_point": 0, "filename": null, "id": "region_3754", "name": "private_0x0000008135510000", "norm_filename": null, "region_type": "private_memory", "start_va": 554945282048, "timestamp": "00:01:15.703", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 196608, "start_va": 554946527232, "type": "region", "version": 1 }, "end_va": 554946723839, "entry_point": 0, "filename": null, "id": "region_3755", "name": "private_0x0000008135640000", "norm_filename": null, "region_type": "private_memory", "start_va": 554946527232, "timestamp": "00:01:15.705", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 554946527232, "type": "region", "version": 1 }, "end_va": 554946592767, "entry_point": 0, "filename": null, "id": "region_3756", "name": "pagefile_0x0000008135640000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 554946527232, "timestamp": "00:01:15.705", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 554946592768, "type": "region", "version": 1 }, "end_va": 554946658303, "entry_point": 0, "filename": null, "id": "region_3757", "name": "pagefile_0x0000008135650000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 554946592768, "timestamp": "00:01:15.705", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 554946658304, "type": "region", "version": 1 }, "end_va": 554946723839, "entry_point": 0, "filename": null, "id": "region_3758", "name": "pagefile_0x0000008135660000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 554946658304, "timestamp": "00:01:15.705", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 554946723840, "type": "region", "version": 1 }, "end_va": 554946789375, "entry_point": 0, "filename": null, "id": "region_3759", "name": "private_0x0000008135670000", "norm_filename": null, "region_type": "private_memory", "start_va": 554946723840, "timestamp": "00:01:15.718", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 554946789376, "type": "region", "version": 1 }, "end_va": 554946854911, "entry_point": 0, "filename": null, "id": "region_3760", "name": "private_0x0000008135680000", "norm_filename": null, "region_type": "private_memory", "start_va": 554946789376, "timestamp": "00:01:15.719", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "" ], "ref_process_dump": null, "size": 65536, "start_va": 140702992105472, "type": "region", "version": 1 }, "end_va": 140702992171007, "entry_point": 0, "filename": null, "id": "region_3761", "name": "private_0x00007ff7f7dd0000", "norm_filename": null, "region_type": "private_memory", "start_va": 140702992105472, "timestamp": "00:01:15.720", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 5185536, "start_va": 554946723840, "type": "region", "version": 1 }, "end_va": 554951909375, "entry_point": 0, "filename": null, "id": "region_3762", "name": "pagefile_0x0000008135670000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 554946723840, "timestamp": "00:01:15.722", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 5185536, "start_va": 554951966720, "type": "region", "version": 1 }, "end_va": 554957152255, "entry_point": 0, "filename": null, "id": "region_3763", "name": "private_0x0000008135b70000", "norm_filename": null, "region_type": "private_memory", "start_va": 554951966720, "timestamp": "00:01:15.725", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 5185536, "start_va": 554957209600, "type": "region", "version": 1 }, "end_va": 554962395135, "entry_point": 0, "filename": null, "id": "region_3764", "name": "private_0x0000008136070000", "norm_filename": null, "region_type": "private_memory", "start_va": 554957209600, "timestamp": "00:01:15.768", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 5185536, "start_va": 554962452480, "type": "region", "version": 1 }, "end_va": 554967638015, "entry_point": 0, "filename": null, "id": "region_3765", "name": "private_0x0000008136570000", "norm_filename": null, "region_type": "private_memory", "start_va": 554962452480, "timestamp": "00:01:15.811", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 5185536, "start_va": 554967695360, "type": "region", "version": 1 }, "end_va": 554972880895, "entry_point": 0, "filename": null, "id": "region_3766", "name": "private_0x0000008136a70000", "norm_filename": null, "region_type": "private_memory", "start_va": 554967695360, "timestamp": "00:01:15.874", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 282624, "start_va": 140725086126080, "type": "region", "version": 1 }, "end_va": 140725086408703, "entry_point": 140725086130832, "filename": "\\Windows\\System32\\powrprof.dll", "id": "region_3767", "name": "powrprof.dll", "norm_filename": "c:\\windows\\system32\\powrprof.dll", "region_type": "memory_mapped_file", "start_va": 140725086126080, "timestamp": "00:01:16.007", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 554957209600, "type": "region", "version": 1 }, "end_va": 554957213695, "entry_point": 0, "filename": null, "id": "region_4141", "name": "pagefile_0x0000008136070000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 554957209600, "timestamp": "00:01:17.378", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 554957275136, "type": "region", "version": 1 }, "end_va": 554957279231, "entry_point": 0, "filename": null, "id": "region_4142", "name": "pagefile_0x0000008136080000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 554957275136, "timestamp": "00:01:17.378", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 554957340672, "type": "region", "version": 1 }, "end_va": 554957344767, "entry_point": 0, "filename": null, "id": "region_4143", "name": "pagefile_0x0000008136090000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 554957340672, "timestamp": "00:01:17.378", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 554957406208, "type": "region", "version": 1 }, "end_va": 554957410303, "entry_point": 0, "filename": null, "id": "region_4144", "name": "pagefile_0x00000081360a0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 554957406208, "timestamp": "00:01:17.378", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 16384, "start_va": 554957340672, "type": "region", "version": 1 }, "end_va": 554957357055, "entry_point": 0, "filename": null, "id": "region_4161", "name": "pagefile_0x0000008136090000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 554957340672, "timestamp": "00:01:17.461", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 554957406208, "type": "region", "version": 1 }, "end_va": 554957410303, "entry_point": 0, "filename": null, "id": "region_4162", "name": "private_0x00000081360a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 554957406208, "timestamp": "00:01:17.463", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 554957471744, "type": "region", "version": 1 }, "end_va": 554957475839, "entry_point": 0, "filename": null, "id": "region_4163", "name": "private_0x00000081360b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 554957471744, "timestamp": "00:01:17.463", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 554957537280, "type": "region", "version": 1 }, "end_va": 554957541375, "entry_point": 0, "filename": null, "id": "region_4164", "name": "private_0x00000081360c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 554957537280, "timestamp": "00:01:17.463", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 554957602816, "type": "region", "version": 1 }, "end_va": 554958127103, "entry_point": 0, "filename": null, "id": "region_4165", "name": "private_0x00000081360d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 554957602816, "timestamp": "00:01:17.464", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140702992203776, "type": "region", "version": 1 }, "end_va": 140702992211967, "entry_point": 0, "filename": null, "id": "region_4166", "name": "private_0x00007ff7f7de8000", "norm_filename": null, "region_type": "private_memory", "start_va": 140702992203776, "timestamp": "00:01:17.464", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4194304, "start_va": 554958127104, "type": "region", "version": 1 }, "end_va": 554962321407, "entry_point": 0, "filename": null, "id": "region_4167", "name": "private_0x0000008136150000", "norm_filename": null, "region_type": "private_memory", "start_va": 554958127104, "timestamp": "00:01:17.470", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 16384, "start_va": 554962321408, "type": "region", "version": 1 }, "end_va": 554962337791, "entry_point": 0, "filename": null, "id": "region_4168", "name": "pagefile_0x0000008136550000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 554962321408, "timestamp": "00:01:17.472", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 554962386944, "type": "region", "version": 1 }, "end_va": 554962452479, "entry_point": 0, "filename": null, "id": "region_4169", "name": "private_0x0000008136560000", "norm_filename": null, "region_type": "private_memory", "start_va": 554962386944, "timestamp": "00:01:17.478", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 554962386944, "type": "region", "version": 1 }, "end_va": 554962391039, "entry_point": 0, "filename": null, "id": "region_4180", "name": "pagefile_0x0000008136560000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 554962386944, "timestamp": "00:01:17.566", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 32768, "start_va": 554967695360, "type": "region", "version": 1 }, "end_va": 554967728127, "entry_point": 0, "filename": null, "id": "region_4181", "name": "pagefile_0x0000008136a70000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 554967695360, "timestamp": "00:01:17.566", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 554967760896, "type": "region", "version": 1 }, "end_va": 554967769087, "entry_point": 0, "filename": null, "id": "region_4182", "name": "pagefile_0x0000008136a80000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 554967760896, "timestamp": "00:01:17.566", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 554967826432, "type": "region", "version": 1 }, "end_va": 554967834623, "entry_point": 0, "filename": null, "id": "region_4183", "name": "pagefile_0x0000008136a90000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 554967826432, "timestamp": "00:01:17.566", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 554967891968, "type": "region", "version": 1 }, "end_va": 554968154111, "entry_point": 0, "filename": null, "id": "region_4190", "name": "private_0x0000008136aa0000", "norm_filename": null, "region_type": "private_memory", "start_va": 554967891968, "timestamp": "00:01:17.614", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 554968154112, "type": "region", "version": 1 }, "end_va": 554968219647, "entry_point": 0, "filename": null, "id": "region_4191", "name": "private_0x0000008136ae0000", "norm_filename": null, "region_type": "private_memory", "start_va": 554968154112, "timestamp": "00:01:17.616", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 554968219648, "type": "region", "version": 1 }, "end_va": 554968285183, "entry_point": 0, "filename": null, "id": "region_4193", "name": "private_0x0000008136af0000", "norm_filename": null, "region_type": "private_memory", "start_va": 554968219648, "timestamp": "00:01:17.618", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 554968154112, "type": "region", "version": 1 }, "end_va": 554968162303, "entry_point": 0, "filename": null, "id": "region_4196", "name": "pagefile_0x0000008136ae0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 554968154112, "timestamp": "00:01:17.642", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 554968219648, "type": "region", "version": 1 }, "end_va": 554968227839, "entry_point": 0, "filename": null, "id": "region_4197", "name": "pagefile_0x0000008136af0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 554968219648, "timestamp": "00:01:17.643", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 554968285184, "type": "region", "version": 1 }, "end_va": 554968293375, "entry_point": 0, "filename": null, "id": "region_4218", "name": "pagefile_0x0000008136b00000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 554968285184, "timestamp": "00:01:17.769", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 16384, "start_va": 554968350720, "type": "region", "version": 1 }, "end_va": 554968367103, "entry_point": 0, "filename": null, "id": "region_4237", "name": "pagefile_0x0000008136b10000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 554968350720, "timestamp": "00:01:17.865", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 503808, "start_va": 554968416256, "type": "region", "version": 1 }, "end_va": 554968920063, "entry_point": 0, "filename": null, "id": "region_4238", "name": "pagefile_0x0000008136b20000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 554968416256, "timestamp": "00:01:17.865", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 176128, "start_va": 554968940544, "type": "region", "version": 1 }, "end_va": 554969116671, "entry_point": 0, "filename": null, "id": "region_4239", "name": "pagefile_0x0000008136ba0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 554968940544, "timestamp": "00:01:17.866", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 94208, "start_va": 554969137152, "type": "region", "version": 1 }, "end_va": 554969231359, "entry_point": 0, "filename": null, "id": "region_4240", "name": "pagefile_0x0000008136bd0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 554969137152, "timestamp": "00:01:17.866", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 94208, "start_va": 554969268224, "type": "region", "version": 1 }, "end_va": 554969362431, "entry_point": 0, "filename": null, "id": "region_4241", "name": "pagefile_0x0000008136bf0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 554969268224, "timestamp": "00:01:17.866", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 554969399296, "type": "region", "version": 1 }, "end_va": 554969464831, "entry_point": 0, "filename": null, "id": "region_4242", "name": "private_0x0000008136c10000", "norm_filename": null, "region_type": "private_memory", "start_va": 554969399296, "timestamp": "00:01:17.871", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 554969464832, "type": "region", "version": 1 }, "end_va": 554969530367, "entry_point": 0, "filename": null, "id": "region_4243", "name": "private_0x0000008136c20000", "norm_filename": null, "region_type": "private_memory", "start_va": 554969464832, "timestamp": "00:01:17.872", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 554969399296, "type": "region", "version": 1 }, "end_va": 554969923583, "entry_point": 0, "filename": null, "id": "region_4244", "name": "private_0x0000008136c10000", "norm_filename": null, "region_type": "private_memory", "start_va": 554969399296, "timestamp": "00:01:17.878", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 554969923584, "type": "region", "version": 1 }, "end_va": 554969989119, "entry_point": 0, "filename": null, "id": "region_4245", "name": "private_0x0000008136c90000", "norm_filename": null, "region_type": "private_memory", "start_va": 554969923584, "timestamp": "00:01:17.878", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 554969989120, "type": "region", "version": 1 }, "end_va": 554970054655, "entry_point": 0, "filename": null, "id": "region_4246", "name": "private_0x0000008136ca0000", "norm_filename": null, "region_type": "private_memory", "start_va": 554969989120, "timestamp": "00:01:17.879", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 554970054656, "type": "region", "version": 1 }, "end_va": 554970120191, "entry_point": 0, "filename": null, "id": "region_4247", "name": "private_0x0000008136cb0000", "norm_filename": null, "region_type": "private_memory", "start_va": 554970054656, "timestamp": "00:01:17.880", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 176128, "start_va": 554969923584, "type": "region", "version": 1 }, "end_va": 554970099711, "entry_point": 0, "filename": null, "id": "region_4288", "name": "pagefile_0x0000008136c90000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 554969923584, "timestamp": "00:01:18.050", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 554970120192, "type": "region", "version": 1 }, "end_va": 554970185727, "entry_point": 0, "filename": null, "id": "region_4289", "name": "private_0x0000008136cc0000", "norm_filename": null, "region_type": "private_memory", "start_va": 554970120192, "timestamp": "00:01:18.053", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 554970185728, "type": "region", "version": 1 }, "end_va": 554970251263, "entry_point": 0, "filename": null, "id": "region_4290", "name": "private_0x0000008136cd0000", "norm_filename": null, "region_type": "private_memory", "start_va": 554970185728, "timestamp": "00:01:18.054", "type": "region", "version": 1 } ], "terminate_reason": "timeout", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "\"LogonUI.exe\" /flags:0x0", "filename": "c:\\windows\\system32\\logonui.exe", "id": "proc_44", "image_name": "logonui.exe", "monitor_reason": "child_process", "monitored_id": 44, "origin_monitor_id": 38, "ref_parent_process": { "ref_id": "proc_38", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable" ], "ref_process_dump": null, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_3494", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:01:12.738", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 131072, "start_va": 1035205869568, "type": "region", "version": 1 }, "end_va": 1035206000639, "entry_point": 0, "filename": null, "id": "region_3495", "name": "private_0x000000f107140000", "norm_filename": null, "region_type": "private_memory", "start_va": 1035205869568, "timestamp": "00:01:12.738", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 61440, "start_va": 1035206000640, "type": "region", "version": 1 }, "end_va": 1035206062079, "entry_point": 0, "filename": null, "id": "region_3496", "name": "pagefile_0x000000f107160000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1035206000640, "timestamp": "00:01:12.738", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 1035206066176, "type": "region", "version": 1 }, "end_va": 1035206590463, "entry_point": 0, "filename": null, "id": "region_3497", "name": "private_0x000000f107170000", "norm_filename": null, "region_type": "private_memory", "start_va": 1035206066176, "timestamp": "00:01:12.738", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 1035206590464, "type": "region", "version": 1 }, "end_va": 1035206606847, "entry_point": 0, "filename": null, "id": "region_3498", "name": "pagefile_0x000000f1071f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1035206590464, "timestamp": "00:01:12.738", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 140695729405952, "type": "region", "version": 1 }, "end_va": 140695729549311, "entry_point": 0, "filename": null, "id": "region_3499", "name": "pagefile_0x00007ff646f90000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 140695729405952, "timestamp": "00:01:12.738", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 140695729565696, "type": "region", "version": 1 }, "end_va": 140695729569791, "entry_point": 0, "filename": null, "id": "region_3500", "name": "private_0x00007ff646fb7000", "norm_filename": null, "region_type": "private_memory", "start_va": 140695729565696, "timestamp": "00:01:12.738", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140695729594368, "type": "region", "version": 1 }, "end_va": 140695729602559, "entry_point": 0, "filename": null, "id": "region_3501", "name": "private_0x00007ff646fbe000", "norm_filename": null, "region_type": "private_memory", "start_va": 140695729594368, "timestamp": "00:01:12.738", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 140695735894016, "type": "region", "version": 1 }, "end_va": 140695735926783, "entry_point": 140695735894016, "filename": "\\Windows\\System32\\LogonUI.exe", "id": "region_3502", "name": "logonui.exe", "norm_filename": "c:\\windows\\system32\\logonui.exe", "region_type": "memory_mapped_file", "start_va": 140695735894016, "timestamp": "00:01:12.738", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 140725133115392, "type": "region", "version": 1 }, "end_va": 140725134856191, "entry_point": 140725133115392, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_3503", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 140725133115392, "timestamp": "00:01:12.747", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 12288, "start_va": 1035206656000, "type": "region", "version": 1 }, "end_va": 1035206668287, "entry_point": 0, "filename": null, "id": "region_3505", "name": "pagefile_0x000000f107200000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1035206656000, "timestamp": "00:01:12.757", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 1035206721536, "type": "region", "version": 1 }, "end_va": 1035206729727, "entry_point": 0, "filename": null, "id": "region_3506", "name": "private_0x000000f107210000", "norm_filename": null, "region_type": "private_memory", "start_va": 1035206721536, "timestamp": "00:01:12.757", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 1035208753152, "type": "region", "version": 1 }, "end_va": 1035209801727, "entry_point": 0, "filename": null, "id": "region_3527", "name": "private_0x000000f107400000", "norm_filename": null, "region_type": "private_memory", "start_va": 1035208753152, "timestamp": "00:01:12.846", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1105920, "start_va": 140725090648064, "type": "region", "version": 1 }, "end_va": 140725091753983, "entry_point": 140725090656928, "filename": "\\Windows\\System32\\KernelBase.dll", "id": "region_3528", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\system32\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 140725090648064, "timestamp": "00:01:12.846", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1282048, "start_va": 140725124988928, "type": "region", "version": 1 }, "end_va": 140725126270975, "entry_point": 140725125009460, "filename": "\\Windows\\System32\\kernel32.dll", "id": "region_3529", "name": "kernel32.dll", "norm_filename": "c:\\windows\\system32\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 140725124988928, "timestamp": "00:01:12.849", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 1035205869568, "type": "region", "version": 1 }, "end_va": 1035205935103, "entry_point": 0, "filename": null, "id": "region_3530", "name": "pagefile_0x000000f107140000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1035205869568, "timestamp": "00:01:12.850", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 140695728357376, "type": "region", "version": 1 }, "end_va": 140695729405951, "entry_point": 0, "filename": null, "id": "region_3531", "name": "pagefile_0x00007ff646e90000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 140695728357376, "timestamp": "00:01:12.850", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 516096, "start_va": 1035206787072, "type": "region", "version": 1 }, "end_va": 1035207303167, "entry_point": 1035206787072, "filename": "\\Windows\\System32\\locale.nls", "id": "region_3532", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 1035206787072, "timestamp": "00:01:12.852", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 684032, "start_va": 140725098577920, "type": "region", "version": 1 }, "end_va": 140725099261951, "entry_point": 140725098588204, "filename": "\\Windows\\System32\\msvcrt.dll", "id": "region_3533", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\system32\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 140725098577920, "timestamp": "00:01:12.852", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1929216, "start_va": 140725131149312, "type": "region", "version": 1 }, "end_va": 140725133078527, "entry_point": 140725131157344, "filename": "\\Windows\\System32\\combase.dll", "id": "region_3534", "name": "combase.dll", "norm_filename": "c:\\windows\\system32\\combase.dll", "region_type": "memory_mapped_file", "start_va": 140725131149312, "timestamp": "00:01:12.853", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1269760, "start_va": 140725127806976, "type": "region", "version": 1 }, "end_va": 140725129076735, "entry_point": 140725127811408, "filename": "\\Windows\\System32\\rpcrt4.dll", "id": "region_3535", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\system32\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 140725127806976, "timestamp": "00:01:12.855", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 1035205935104, "type": "region", "version": 1 }, "end_va": 1035206000639, "entry_point": 0, "filename": null, "id": "region_3536", "name": "private_0x000000f107150000", "norm_filename": null, "region_type": "private_memory", "start_va": 1035205935104, "timestamp": "00:01:12.857", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 28672, "start_va": 1035207311360, "type": "region", "version": 1 }, "end_va": 1035207340031, "entry_point": 0, "filename": null, "id": "region_3537", "name": "private_0x000000f1072a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1035207311360, "timestamp": "00:01:12.858", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 761856, "start_va": 1035207376896, "type": "region", "version": 1 }, "end_va": 1035208138751, "entry_point": 1035207559016, "filename": "\\Windows\\System32\\rpcss.dll", "id": "region_3538", "name": "rpcss.dll", "norm_filename": "c:\\windows\\system32\\rpcss.dll", "region_type": "memory_mapped_file", "start_va": 1035207376896, "timestamp": "00:01:12.860", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 140725068431360, "type": "region", "version": 1 }, "end_va": 140725068472319, "entry_point": 140725068437320, "filename": "\\Windows\\System32\\kernel.appcore.dll", "id": "region_3539", "name": "kernel.appcore.dll", "norm_filename": "c:\\windows\\system32\\kernel.appcore.dll", "region_type": "memory_mapped_file", "start_va": 140725068431360, "timestamp": "00:01:12.862", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 140725085208576, "type": "region", "version": 1 }, "end_va": 140725085249535, "entry_point": 140725085212688, "filename": "\\Windows\\System32\\cryptbase.dll", "id": "region_3540", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\system32\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 140725085208576, "timestamp": "00:01:12.863", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 385024, "start_va": 140725084815360, "type": "region", "version": 1 }, "end_va": 140725085200383, "entry_point": 140725084944032, "filename": "\\Windows\\System32\\bcryptprimitives.dll", "id": "region_3541", "name": "bcryptprimitives.dll", "norm_filename": "c:\\windows\\system32\\bcryptprimitives.dll", "region_type": "memory_mapped_file", "start_va": 140725084815360, "timestamp": "00:01:12.864", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 28672, "start_va": 1035207376896, "type": "region", "version": 1 }, "end_va": 1035207405567, "entry_point": 0, "filename": null, "id": "region_3542", "name": "private_0x000000f1072b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1035207376896, "timestamp": "00:01:12.865", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1511424, "start_va": 140725093466112, "type": "region", "version": 1 }, "end_va": 140725094977535, "entry_point": 140725093620416, "filename": "\\Windows\\System32\\user32.dll", "id": "region_3543", "name": "user32.dll", "norm_filename": "c:\\windows\\system32\\user32.dll", "region_type": "memory_mapped_file", "start_va": 140725093466112, "timestamp": "00:01:12.866", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1331200, "start_va": 140725129773056, "type": "region", "version": 1 }, "end_va": 140725131104255, "entry_point": 140725129845848, "filename": "\\Windows\\System32\\gdi32.dll", "id": "region_3544", "name": "gdi32.dll", "norm_filename": "c:\\windows\\system32\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 140725129773056, "timestamp": "00:01:12.867", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 212992, "start_va": 1035207442432, "type": "region", "version": 1 }, "end_va": 1035207655423, "entry_point": 1035207446576, "filename": "\\Windows\\System32\\imm32.dll", "id": "region_3545", "name": "imm32.dll", "norm_filename": "c:\\windows\\system32\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 1035207442432, "timestamp": "00:01:12.871", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 1035209801728, "type": "region", "version": 1 }, "end_va": 1035211407359, "entry_point": 0, "filename": null, "id": "region_3546", "name": "pagefile_0x000000f107500000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1035209801728, "timestamp": "00:01:12.871", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 212992, "start_va": 140725095563264, "type": "region", "version": 1 }, "end_va": 140725095776255, "entry_point": 140725095567408, "filename": "\\Windows\\System32\\imm32.dll", "id": "region_3547", "name": "imm32.dll", "norm_filename": "c:\\windows\\system32\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 140725095563264, "timestamp": "00:01:12.872", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1277952, "start_va": 140725091762176, "type": "region", "version": 1 }, "end_va": 140725093040127, "entry_point": 140725091766288, "filename": "\\Windows\\System32\\msctf.dll", "id": "region_3548", "name": "msctf.dll", "norm_filename": "c:\\windows\\system32\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 140725091762176, "timestamp": "00:01:12.873", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 196608, "start_va": 1035207442432, "type": "region", "version": 1 }, "end_va": 1035207639039, "entry_point": 0, "filename": null, "id": "region_3549", "name": "pagefile_0x000000f1072c0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1035207442432, "timestamp": "00:01:12.875", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 1035211440128, "type": "region", "version": 1 }, "end_va": 1035213017087, "entry_point": 0, "filename": null, "id": "region_3550", "name": "pagefile_0x000000f107690000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1035211440128, "timestamp": "00:01:12.875", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 1035207639040, "type": "region", "version": 1 }, "end_va": 1035207643135, "entry_point": 0, "filename": null, "id": "region_3551", "name": "private_0x000000f1072f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1035207639040, "timestamp": "00:01:12.877", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 1035207704576, "type": "region", "version": 1 }, "end_va": 1035207708671, "entry_point": 0, "filename": null, "id": "region_3552", "name": "private_0x000000f107300000", "norm_filename": null, "region_type": "private_memory", "start_va": 1035207704576, "timestamp": "00:01:12.877", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1187840, "start_va": 140725066858496, "type": "region", "version": 1 }, "end_va": 140725068046335, "entry_point": 140725066904644, "filename": "\\Windows\\System32\\uxtheme.dll", "id": "region_3553", "name": "uxtheme.dll", "norm_filename": "c:\\windows\\system32\\uxtheme.dll", "region_type": "memory_mapped_file", "start_va": 140725066858496, "timestamp": "00:01:12.877", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 589824, "start_va": 1035207770112, "type": "region", "version": 1 }, "end_va": 1035208359935, "entry_point": 0, "filename": null, "id": "region_3554", "name": "private_0x000000f107310000", "norm_filename": null, "region_type": "private_memory", "start_va": 1035207770112, "timestamp": "00:01:12.878", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 1035207770112, "type": "region", "version": 1 }, "end_va": 1035207774207, "entry_point": 0, "filename": null, "id": "region_3555", "name": "pagefile_0x000000f107310000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1035207770112, "timestamp": "00:01:12.879", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 1035208294400, "type": "region", "version": 1 }, "end_va": 1035208359935, "entry_point": 0, "filename": null, "id": "region_3556", "name": "private_0x000000f107390000", "norm_filename": null, "region_type": "private_memory", "start_va": 1035208294400, "timestamp": "00:01:12.879", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 983040, "start_va": 1035213078528, "type": "region", "version": 1 }, "end_va": 1035214061567, "entry_point": 0, "filename": null, "id": "region_3557", "name": "pagefile_0x000000f107820000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1035213078528, "timestamp": "00:01:12.880", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 1035207770112, "type": "region", "version": 1 }, "end_va": 1035207786495, "entry_point": 0, "filename": null, "id": "region_3558", "name": "pagefile_0x000000f107310000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1035207770112, "timestamp": "00:01:12.880", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 28672, "start_va": 1035207835648, "type": "region", "version": 1 }, "end_va": 1035207864319, "entry_point": 0, "filename": null, "id": "region_3559", "name": "private_0x000000f107320000", "norm_filename": null, "region_type": "private_memory", "start_va": 1035207835648, "timestamp": "00:01:12.880", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 1035207901184, "type": "region", "version": 1 }, "end_va": 1035207905279, "entry_point": 0, "filename": null, "id": "region_3560", "name": "pagefile_0x000000f107330000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1035207901184, "timestamp": "00:01:12.883", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 671744, "start_va": 140725095825408, "type": "region", "version": 1 }, "end_va": 140725096497151, "entry_point": 140725095825408, "filename": "\\Windows\\System32\\clbcatq.dll", "id": "region_3561", "name": "clbcatq.dll", "norm_filename": "c:\\windows\\system32\\clbcatq.dll", "region_type": "memory_mapped_file", "start_va": 140725095825408, "timestamp": "00:01:12.884", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 1035207966720, "type": "region", "version": 1 }, "end_va": 1035207970815, "entry_point": 0, "filename": null, "id": "region_3562", "name": "pagefile_0x000000f107340000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1035207966720, "timestamp": "00:01:12.891", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2633728, "start_va": 140725060829184, "type": "region", "version": 1 }, "end_va": 140725063462911, "entry_point": 140725060829184, "filename": "\\Windows\\System32\\authui.dll", "id": "region_3563", "name": "authui.dll", "norm_filename": "c:\\windows\\system32\\authui.dll", "region_type": "memory_mapped_file", "start_va": 140725060829184, "timestamp": "00:01:12.915", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 12288, "start_va": 1035208032256, "type": "region", "version": 1 }, "end_va": 1035208044543, "entry_point": 0, "filename": null, "id": "region_3567", "name": "pagefile_0x000000f107350000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1035208032256, "timestamp": "00:01:12.944", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 356352, "start_va": 140725098184704, "type": "region", "version": 1 }, "end_va": 140725098541055, "entry_point": 140725098194176, "filename": "\\Windows\\System32\\sechost.dll", "id": "region_3568", "name": "sechost.dll", "norm_filename": "c:\\windows\\system32\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 140725098184704, "timestamp": "00:01:12.945", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 659456, "start_va": 140725060108288, "type": "region", "version": 1 }, "end_va": 140725060767743, "entry_point": 140725060108288, "filename": "\\Windows\\System32\\SHCore.dll", "id": "region_3569", "name": "shcore.dll", "norm_filename": "c:\\windows\\system32\\shcore.dll", "region_type": "memory_mapped_file", "start_va": 140725060108288, "timestamp": "00:01:12.952", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 331776, "start_va": 140725095038976, "type": "region", "version": 1 }, "end_va": 140725095370751, "entry_point": 140725095038976, "filename": "\\Windows\\System32\\shlwapi.dll", "id": "region_3570", "name": "shlwapi.dll", "norm_filename": "c:\\windows\\system32\\shlwapi.dll", "region_type": "memory_mapped_file", "start_va": 140725095038976, "timestamp": "00:01:12.959", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1748992, "start_va": 140725058338816, "type": "region", "version": 1 }, "end_va": 140725060087807, "entry_point": 140725058338816, "filename": "\\Windows\\System32\\dui70.dll", "id": "region_3571", "name": "dui70.dll", "norm_filename": "c:\\windows\\system32\\dui70.dll", "region_type": "memory_mapped_file", "start_va": 140725058338816, "timestamp": "00:01:13.020", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 135168, "start_va": 140725058142208, "type": "region", "version": 1 }, "end_va": 140725058277375, "entry_point": 140725058142208, "filename": "\\Windows\\System32\\dwmapi.dll", "id": "region_3572", "name": "dwmapi.dll", "norm_filename": "c:\\windows\\system32\\dwmapi.dll", "region_type": "memory_mapped_file", "start_va": 140725058142208, "timestamp": "00:01:13.062", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 282624, "start_va": 140725086126080, "type": "region", "version": 1 }, "end_va": 140725086408703, "entry_point": 140725086130832, "filename": "\\Windows\\System32\\powrprof.dll", "id": "region_3573", "name": "powrprof.dll", "norm_filename": "c:\\windows\\system32\\powrprof.dll", "region_type": "memory_mapped_file", "start_va": 140725086126080, "timestamp": "00:01:13.067", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 1035208097792, "type": "region", "version": 1 }, "end_va": 1035208105983, "entry_point": 0, "filename": null, "id": "region_3575", "name": "pagefile_0x000000f107360000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1035208097792, "timestamp": "00:01:13.080", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2465792, "start_va": 140725055651840, "type": "region", "version": 1 }, "end_va": 140725058117631, "entry_point": 140725055651840, "filename": "\\Windows\\WinSxS\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_62475f7becb72503\\comctl32.dll", "id": "region_3576", "name": "comctl32.dll", "norm_filename": "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_62475f7becb72503\\comctl32.dll", "region_type": "memory_mapped_file", "start_va": 140725055651840, "timestamp": "00:01:13.122", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 1035208163328, "type": "region", "version": 1 }, "end_va": 1035208167423, "entry_point": 1035208163328, "filename": "\\Windows\\WindowsShell.Manifest", "id": "region_3577", "name": "windowsshell.manifest", "norm_filename": "c:\\windows\\windowsshell.manifest", "region_type": "memory_mapped_file", "start_va": 1035208163328, "timestamp": "00:01:13.134", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 1035208228864, "type": "region", "version": 1 }, "end_va": 1035208237055, "entry_point": 0, "filename": null, "id": "region_3580", "name": "pagefile_0x000000f107380000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1035208228864, "timestamp": "00:01:13.147", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 659456, "start_va": 140725054930944, "type": "region", "version": 1 }, "end_va": 140725055590399, "entry_point": 140725054930944, "filename": "\\Windows\\System32\\duser.dll", "id": "region_3581", "name": "duser.dll", "norm_filename": "c:\\windows\\system32\\duser.dll", "region_type": "memory_mapped_file", "start_va": 140725054930944, "timestamp": "00:01:13.160", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 1035214061568, "type": "region", "version": 1 }, "end_va": 1035214585855, "entry_point": 0, "filename": null, "id": "region_3582", "name": "private_0x000000f107910000", "norm_filename": null, "region_type": "private_memory", "start_va": 1035214061568, "timestamp": "00:01:13.176", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140695729586176, "type": "region", "version": 1 }, "end_va": 140695729594367, "entry_point": 0, "filename": null, "id": "region_3583", "name": "private_0x00007ff646fbc000", "norm_filename": null, "region_type": "private_memory", "start_va": 140695729586176, "timestamp": "00:01:13.176", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 12288, "start_va": 1035208163328, "type": "region", "version": 1 }, "end_va": 1035208175615, "entry_point": 0, "filename": null, "id": "region_3584", "name": "pagefile_0x000000f107370000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1035208163328, "timestamp": "00:01:13.178", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 1035208359936, "type": "region", "version": 1 }, "end_va": 1035208364031, "entry_point": 0, "filename": null, "id": "region_3585", "name": "pagefile_0x000000f1073a0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1035208359936, "timestamp": "00:01:13.178", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4169728, "start_va": 1035214585856, "type": "region", "version": 1 }, "end_va": 1035218755583, "entry_point": 0, "filename": null, "id": "region_3586", "name": "pagefile_0x000000f107990000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1035214585856, "timestamp": "00:01:13.178", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 249856, "start_va": 140725054668800, "type": "region", "version": 1 }, "end_va": 140725054918655, "entry_point": 140725054668800, "filename": "\\Windows\\System32\\SndVolSSO.dll", "id": "region_3587", "name": "sndvolsso.dll", "norm_filename": "c:\\windows\\system32\\sndvolsso.dll", "region_type": "memory_mapped_file", "start_va": 140725054668800, "timestamp": "00:01:13.183", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 1035208425472, "type": "region", "version": 1 }, "end_va": 1035208433663, "entry_point": 0, "filename": null, "id": "region_3589", "name": "pagefile_0x000000f1073b0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1035208425472, "timestamp": "00:01:13.203", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1531904, "start_va": 140725096546304, "type": "region", "version": 1 }, "end_va": 140725098078207, "entry_point": 140725096550580, "filename": "\\Windows\\System32\\ole32.dll", "id": "region_3590", "name": "ole32.dll", "norm_filename": "c:\\windows\\system32\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 140725096546304, "timestamp": "00:01:13.204", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 53248, "start_va": 140725071970304, "type": "region", "version": 1 }, "end_va": 140725072023551, "entry_point": 140725071974524, "filename": "\\Windows\\System32\\hid.dll", "id": "region_3591", "name": "hid.dll", "norm_filename": "c:\\windows\\system32\\hid.dll", "region_type": "memory_mapped_file", "start_va": 140725071970304, "timestamp": "00:01:13.204", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 745472, "start_va": 1035218780160, "type": "region", "version": 1 }, "end_va": 1035219525631, "entry_point": 1035218784544, "filename": "\\Windows\\System32\\oleaut32.dll", "id": "region_3592", "name": "oleaut32.dll", "norm_filename": "c:\\windows\\system32\\oleaut32.dll", "region_type": "memory_mapped_file", "start_va": 1035218780160, "timestamp": "00:01:13.208", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 397312, "start_va": 140725054210048, "type": "region", "version": 1 }, "end_va": 140725054607359, "entry_point": 140725054210048, "filename": "\\Windows\\System32\\MMDevAPI.dll", "id": "region_3593", "name": "mmdevapi.dll", "norm_filename": "c:\\windows\\system32\\mmdevapi.dll", "region_type": "memory_mapped_file", "start_va": 140725054210048, "timestamp": "00:01:13.215", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 155648, "start_va": 140725068103680, "type": "region", "version": 1 }, "end_va": 140725068259327, "entry_point": 140725068109212, "filename": "\\Windows\\System32\\devobj.dll", "id": "region_3594", "name": "devobj.dll", "norm_filename": "c:\\windows\\system32\\devobj.dll", "region_type": "memory_mapped_file", "start_va": 140725068103680, "timestamp": "00:01:13.227", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 303104, "start_va": 140725090320384, "type": "region", "version": 1 }, "end_va": 140725090623487, "entry_point": 140725090325080, "filename": "\\Windows\\System32\\cfgmgr32.dll", "id": "region_3595", "name": "cfgmgr32.dll", "norm_filename": "c:\\windows\\system32\\cfgmgr32.dll", "region_type": "memory_mapped_file", "start_va": 140725090320384, "timestamp": "00:01:13.228", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 1035208491008, "type": "region", "version": 1 }, "end_va": 1035208495103, "entry_point": 0, "filename": null, "id": "region_3596", "name": "pagefile_0x000000f1073c0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1035208491008, "timestamp": "00:01:13.237", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 176128, "start_va": 140725054013440, "type": "region", "version": 1 }, "end_va": 140725054189567, "entry_point": 140725054013440, "filename": "\\Windows\\System32\\slc.dll", "id": "region_3597", "name": "slc.dll", "norm_filename": "c:\\windows\\system32\\slc.dll", "region_type": "memory_mapped_file", "start_va": 140725054013440, "timestamp": "00:01:13.240", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 139264, "start_va": 140725053816832, "type": "region", "version": 1 }, "end_va": 140725053956095, "entry_point": 140725053816832, "filename": "\\Windows\\System32\\sppc.dll", "id": "region_3598", "name": "sppc.dll", "norm_filename": "c:\\windows\\system32\\sppc.dll", "region_type": "memory_mapped_file", "start_va": 140725053816832, "timestamp": "00:01:13.250", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 385024, "start_va": 140725053423616, "type": "region", "version": 1 }, "end_va": 140725053808639, "entry_point": 140725053423616, "filename": "\\Windows\\System32\\BCP47Langs.dll", "id": "region_3599", "name": "bcp47langs.dll", "norm_filename": "c:\\windows\\system32\\bcp47langs.dll", "region_type": "memory_mapped_file", "start_va": 140725053423616, "timestamp": "00:01:13.271", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 1035218780160, "type": "region", "version": 1 }, "end_va": 1035219304447, "entry_point": 0, "filename": null, "id": "region_3600", "name": "private_0x000000f107d90000", "norm_filename": null, "region_type": "private_memory", "start_va": 1035218780160, "timestamp": "00:01:13.291", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140695729577984, "type": "region", "version": 1 }, "end_va": 140695729586175, "entry_point": 0, "filename": null, "id": "region_3601", "name": "private_0x00007ff646fba000", "norm_filename": null, "region_type": "private_memory", "start_va": 140695729577984, "timestamp": "00:01:13.291", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 1035219304448, "type": "region", "version": 1 }, "end_va": 1035219828735, "entry_point": 0, "filename": null, "id": "region_3602", "name": "private_0x000000f107e10000", "norm_filename": null, "region_type": "private_memory", "start_va": 1035219304448, "timestamp": "00:01:13.294", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140695729569792, "type": "region", "version": 1 }, "end_va": 140695729577983, "entry_point": 0, "filename": null, "id": "region_3603", "name": "private_0x00007ff646fb8000", "norm_filename": null, "region_type": "private_memory", "start_va": 140695729569792, "timestamp": "00:01:13.294", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 1035208556544, "type": "region", "version": 1 }, "end_va": 1035208564735, "entry_point": 1035208556544, "filename": "\\Windows\\System32\\en-US\\dui70.dll.mui", "id": "region_3604", "name": "dui70.dll.mui", "norm_filename": "c:\\windows\\system32\\en-us\\dui70.dll.mui", "region_type": "memory_mapped_file", "start_va": 1035208556544, "timestamp": "00:01:13.298", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1961984, "start_va": 140725051457536, "type": "region", "version": 1 }, "end_va": 140725053419519, "entry_point": 140725051457536, "filename": "\\Windows\\System32\\DWrite.dll", "id": "region_3605", "name": "dwrite.dll", "norm_filename": "c:\\windows\\system32\\dwrite.dll", "region_type": "memory_mapped_file", "start_va": 140725051457536, "timestamp": "00:01:13.338", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1380352, "start_va": 140725050015744, "type": "region", "version": 1 }, "end_va": 140725051396095, "entry_point": 140725050015744, "filename": "\\Windows\\System32\\SmartcardCredentialProvider.dll", "id": "region_3606", "name": "smartcardcredentialprovider.dll", "norm_filename": "c:\\windows\\system32\\smartcardcredentialprovider.dll", "region_type": "memory_mapped_file", "start_va": 140725050015744, "timestamp": "00:01:13.363", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 1035208622080, "type": "region", "version": 1 }, "end_va": 1035208630271, "entry_point": 0, "filename": null, "id": "region_3608", "name": "pagefile_0x000000f1073e0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1035208622080, "timestamp": "00:01:13.383", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 405504, "start_va": 140725049556992, "type": "region", "version": 1 }, "end_va": 140725049962495, "entry_point": 140725049556992, "filename": "\\Windows\\System32\\oleacc.dll", "id": "region_3609", "name": "oleacc.dll", "norm_filename": "c:\\windows\\system32\\oleacc.dll", "region_type": "memory_mapped_file", "start_va": 140725049556992, "timestamp": "00:01:13.389", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 1035208687616, "type": "region", "version": 1 }, "end_va": 1035208691711, "entry_point": 1035208687616, "filename": "\\Windows\\System32\\oleaccrc.dll", "id": "region_3610", "name": "oleaccrc.dll", "norm_filename": "c:\\windows\\system32\\oleaccrc.dll", "region_type": "memory_mapped_file", "start_va": 1035208687616, "timestamp": "00:01:13.420", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 118784, "start_va": 140725049425920, "type": "region", "version": 1 }, "end_va": 140725049544703, "entry_point": 140725049425920, "filename": "\\Windows\\System32\\cngcredui.dll", "id": "region_3611", "name": "cngcredui.dll", "norm_filename": "c:\\windows\\system32\\cngcredui.dll", "region_type": "memory_mapped_file", "start_va": 140725049425920, "timestamp": "00:01:13.427", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 749568, "start_va": 140725101002752, "type": "region", "version": 1 }, "end_va": 140725101752319, "entry_point": 140725101007136, "filename": "\\Windows\\System32\\oleaut32.dll", "id": "region_3612", "name": "oleaut32.dll", "norm_filename": "c:\\windows\\system32\\oleaut32.dll", "region_type": "memory_mapped_file", "start_va": 140725101002752, "timestamp": "00:01:13.440", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2969600, "start_va": 1035219828736, "type": "region", "version": 1 }, "end_va": 1035222798335, "entry_point": 1035219828736, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_3613", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 1035219828736, "timestamp": "00:01:13.442", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 1035222843392, "type": "region", "version": 1 }, "end_va": 1035223891967, "entry_point": 0, "filename": null, "id": "region_3614", "name": "private_0x000000f108170000", "norm_filename": null, "region_type": "private_memory", "start_va": 1035222843392, "timestamp": "00:01:13.451", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 311296, "start_va": 140725049098240, "type": "region", "version": 1 }, "end_va": 140725049409535, "entry_point": 140725049098240, "filename": "\\Windows\\System32\\UIAnimation.dll", "id": "region_3615", "name": "uianimation.dll", "norm_filename": "c:\\windows\\system32\\uianimation.dll", "region_type": "memory_mapped_file", "start_va": 140725049098240, "timestamp": "00:01:13.460", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 1035223891968, "type": "region", "version": 1 }, "end_va": 1035224940543, "entry_point": 0, "filename": null, "id": "region_3616", "name": "private_0x000000f108270000", "norm_filename": null, "region_type": "private_memory", "start_va": 1035223891968, "timestamp": "00:01:13.475", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2129920, "start_va": 140725046935552, "type": "region", "version": 1 }, "end_va": 140725049065471, "entry_point": 140725046935552, "filename": "\\Windows\\System32\\d3d11.dll", "id": "region_3617", "name": "d3d11.dll", "norm_filename": "c:\\windows\\system32\\d3d11.dll", "region_type": "memory_mapped_file", "start_va": 140725046935552, "timestamp": "00:01:13.495", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 520192, "start_va": 140725046411264, "type": "region", "version": 1 }, "end_va": 140725046931455, "entry_point": 140725046411264, "filename": "\\Windows\\System32\\dxgi.dll", "id": "region_3618", "name": "dxgi.dll", "norm_filename": "c:\\windows\\system32\\dxgi.dll", "region_type": "memory_mapped_file", "start_va": 140725046411264, "timestamp": "00:01:13.512", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2412544, "start_va": 140725043986432, "type": "region", "version": 1 }, "end_va": 140725046398975, "entry_point": 140725043986432, "filename": "\\Windows\\System32\\d3d10warp.dll", "id": "region_3619", "name": "d3d10warp.dll", "norm_filename": "c:\\windows\\system32\\d3d10warp.dll", "region_type": "memory_mapped_file", "start_va": 140725043986432, "timestamp": "00:01:13.547", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 1035224940544, "type": "region", "version": 1 }, "end_va": 1035224944639, "entry_point": 0, "filename": null, "id": "region_3620", "name": "private_0x000000f108370000", "norm_filename": null, "region_type": "private_memory", "start_va": 1035224940544, "timestamp": "00:01:13.574", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 1035225006080, "type": "region", "version": 1 }, "end_va": 1035225010175, "entry_point": 0, "filename": null, "id": "region_3621", "name": "private_0x000000f108380000", "norm_filename": null, "region_type": "private_memory", "start_va": 1035225006080, "timestamp": "00:01:13.574", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 1035225071616, "type": "region", "version": 1 }, "end_va": 1035225075711, "entry_point": 0, "filename": null, "id": "region_3622", "name": "private_0x000000f108390000", "norm_filename": null, "region_type": "private_memory", "start_va": 1035225071616, "timestamp": "00:01:13.574", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 344064, "start_va": 140725043593216, "type": "region", "version": 1 }, "end_va": 140725043937279, "entry_point": 140725043593216, "filename": "\\Windows\\System32\\BioCredProv.dll", "id": "region_3623", "name": "biocredprov.dll", "norm_filename": "c:\\windows\\system32\\biocredprov.dll", "region_type": "memory_mapped_file", "start_va": 140725043593216, "timestamp": "00:01:13.574", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 1035225137152, "type": "region", "version": 1 }, "end_va": 1035225145343, "entry_point": 0, "filename": null, "id": "region_3624", "name": "pagefile_0x000000f1083a0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1035225137152, "timestamp": "00:01:13.591", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 118784, "start_va": 140725043462144, "type": "region", "version": 1 }, "end_va": 140725043580927, "entry_point": 140725043462144, "filename": "\\Windows\\System32\\winbio.dll", "id": "region_3625", "name": "winbio.dll", "norm_filename": "c:\\windows\\system32\\winbio.dll", "region_type": "memory_mapped_file", "start_va": 140725043462144, "timestamp": "00:01:13.593", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 122880, "start_va": 140725079769088, "type": "region", "version": 1 }, "end_va": 140725079891967, "entry_point": 140725079773640, "filename": "\\Windows\\System32\\cryptsp.dll", "id": "region_3626", "name": "cryptsp.dll", "norm_filename": "c:\\windows\\system32\\cryptsp.dll", "region_type": "memory_mapped_file", "start_va": 140725079769088, "timestamp": "00:01:13.603", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 1035225202688, "type": "region", "version": 1 }, "end_va": 1035225726975, "entry_point": 0, "filename": null, "id": "region_3627", "name": "private_0x000000f1083b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1035225202688, "timestamp": "00:01:13.614", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140695729557504, "type": "region", "version": 1 }, "end_va": 140695729565695, "entry_point": 0, "filename": null, "id": "region_3628", "name": "private_0x00007ff646fb5000", "norm_filename": null, "region_type": "private_memory", "start_va": 140695729557504, "timestamp": "00:01:13.614", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 368640, "start_va": 140725043068928, "type": "region", "version": 1 }, "end_va": 140725043437567, "entry_point": 140725043068928, "filename": "\\Windows\\System32\\dcomp.dll", "id": "region_3629", "name": "dcomp.dll", "norm_filename": "c:\\windows\\system32\\dcomp.dll", "region_type": "memory_mapped_file", "start_va": 140725043068928, "timestamp": "00:01:13.614", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 1035225726976, "type": "region", "version": 1 }, "end_va": 1035225731071, "entry_point": 0, "filename": null, "id": "region_3630", "name": "private_0x000000f108430000", "norm_filename": null, "region_type": "private_memory", "start_va": 1035225726976, "timestamp": "00:01:13.635", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 1035225792512, "type": "region", "version": 1 }, "end_va": 1035225796607, "entry_point": 0, "filename": null, "id": "region_3631", "name": "private_0x000000f108440000", "norm_filename": null, "region_type": "private_memory", "start_va": 1035225792512, "timestamp": "00:01:13.640", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 1035225858048, "type": "region", "version": 1 }, "end_va": 1035225862143, "entry_point": 0, "filename": null, "id": "region_3632", "name": "private_0x000000f108450000", "norm_filename": null, "region_type": "private_memory", "start_va": 1035225858048, "timestamp": "00:01:13.645", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 140725042610176, "type": "region", "version": 1 }, "end_va": 140725042659327, "entry_point": 140725042610176, "filename": "\\Windows\\System32\\winbrand.dll", "id": "region_3633", "name": "winbrand.dll", "norm_filename": "c:\\windows\\system32\\winbrand.dll", "region_type": "memory_mapped_file", "start_va": 140725042610176, "timestamp": "00:01:13.650", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 356352, "start_va": 140725042675712, "type": "region", "version": 1 }, "end_va": 140725043032063, "entry_point": 140725042675712, "filename": "\\Windows\\System32\\certCredProvider.dll", "id": "region_3634", "name": "certcredprovider.dll", "norm_filename": "c:\\windows\\system32\\certcredprovider.dll", "region_type": "memory_mapped_file", "start_va": 140725042675712, "timestamp": "00:01:13.660", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 311296, "start_va": 140725042282496, "type": "region", "version": 1 }, "end_va": 140725042593791, "entry_point": 140725042282496, "filename": "\\Windows\\System32\\wlidcredprov.dll", "id": "region_3635", "name": "wlidcredprov.dll", "norm_filename": "c:\\windows\\system32\\wlidcredprov.dll", "region_type": "memory_mapped_file", "start_va": 140725042282496, "timestamp": "00:01:13.674", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 675840, "start_va": 140725126299648, "type": "region", "version": 1 }, "end_va": 140725126975487, "entry_point": 140725126303760, "filename": "\\Windows\\System32\\advapi32.dll", "id": "region_3636", "name": "advapi32.dll", "norm_filename": "c:\\windows\\system32\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 140725126299648, "timestamp": "00:01:13.688", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 442368, "start_va": 140725041823744, "type": "region", "version": 1 }, "end_va": 140725042266111, "entry_point": 140725041823744, "filename": "\\Windows\\System32\\rasplap.dll", "id": "region_3637", "name": "rasplap.dll", "norm_filename": "c:\\windows\\system32\\rasplap.dll", "region_type": "memory_mapped_file", "start_va": 140725041823744, "timestamp": "00:01:13.695", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1003520, "start_va": 1035225923584, "type": "region", "version": 1 }, "end_va": 1035226927103, "entry_point": 1035225923584, "filename": "\\Windows\\Branding\\Basebrd\\basebrd.dll", "id": "region_3638", "name": "basebrd.dll", "norm_filename": "c:\\windows\\branding\\basebrd\\basebrd.dll", "region_type": "memory_mapped_file", "start_va": 1035225923584, "timestamp": "00:01:13.707", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1003520, "start_va": 1035225923584, "type": "region", "version": 1 }, "end_va": 1035226927103, "entry_point": 1035225930220, "filename": "\\Windows\\Branding\\Basebrd\\basebrd.dll", "id": "region_3639", "name": "basebrd.dll", "norm_filename": "c:\\windows\\branding\\basebrd\\basebrd.dll", "region_type": "memory_mapped_file", "start_va": 1035225923584, "timestamp": "00:01:13.796", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 1035226972160, "type": "region", "version": 1 }, "end_va": 1035226976255, "entry_point": 1035226972160, "filename": "\\Windows\\Branding\\Basebrd\\en-US\\basebrd.dll.mui", "id": "region_3640", "name": "basebrd.dll.mui", "norm_filename": "c:\\windows\\branding\\basebrd\\en-us\\basebrd.dll.mui", "region_type": "memory_mapped_file", "start_va": 1035226972160, "timestamp": "00:01:13.798", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 73728, "start_va": 1035227037696, "type": "region", "version": 1 }, "end_va": 1035227111423, "entry_point": 0, "filename": null, "id": "region_3641", "name": "private_0x000000f108570000", "norm_filename": null, "region_type": "private_memory", "start_va": 1035227037696, "timestamp": "00:01:13.807", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 708608, "start_va": 140725041102848, "type": "region", "version": 1 }, "end_va": 140725041811455, "entry_point": 140725041102848, "filename": "\\Windows\\System32\\rasapi32.dll", "id": "region_3642", "name": "rasapi32.dll", "norm_filename": "c:\\windows\\system32\\rasapi32.dll", "region_type": "memory_mapped_file", "start_va": 140725041102848, "timestamp": "00:01:13.817", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 73728, "start_va": 140725040971776, "type": "region", "version": 1 }, "end_va": 140725041045503, "entry_point": 140725040971776, "filename": "\\Windows\\System32\\rtutils.dll", "id": "region_3643", "name": "rtutils.dll", "norm_filename": "c:\\windows\\system32\\rtutils.dll", "region_type": "memory_mapped_file", "start_va": 140725040971776, "timestamp": "00:01:13.834", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 188416, "start_va": 140725040775168, "type": "region", "version": 1 }, "end_va": 140725040963583, "entry_point": 140725040775168, "filename": "\\Windows\\System32\\rasman.dll", "id": "region_3644", "name": "rasman.dll", "norm_filename": "c:\\windows\\system32\\rasman.dll", "region_type": "memory_mapped_file", "start_va": 140725040775168, "timestamp": "00:01:13.843", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 360448, "start_va": 140725127020544, "type": "region", "version": 1 }, "end_va": 140725127380991, "entry_point": 140725127024796, "filename": "\\Windows\\System32\\ws2_32.dll", "id": "region_3645", "name": "ws2_32.dll", "norm_filename": "c:\\windows\\system32\\ws2_32.dll", "region_type": "memory_mapped_file", "start_va": 140725127020544, "timestamp": "00:01:13.855", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 36864, "start_va": 140725103886336, "type": "region", "version": 1 }, "end_va": 140725103923199, "entry_point": 140725103891456, "filename": "\\Windows\\System32\\nsi.dll", "id": "region_3646", "name": "nsi.dll", "norm_filename": "c:\\windows\\system32\\nsi.dll", "region_type": "memory_mapped_file", "start_va": 140725103886336, "timestamp": "00:01:13.858", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 21032960, "start_va": 140725103951872, "type": "region", "version": 1 }, "end_va": 140725124984831, "entry_point": 140725103951872, "filename": "\\Windows\\System32\\shell32.dll", "id": "region_3647", "name": "shell32.dll", "norm_filename": "c:\\windows\\system32\\shell32.dll", "region_type": "memory_mapped_file", "start_va": 140725103951872, "timestamp": "00:01:13.861", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 569344, "start_va": 140725066203136, "type": "region", "version": 1 }, "end_va": 140725066772479, "entry_point": 140725066207268, "filename": "\\Windows\\System32\\apphelp.dll", "id": "region_3648", "name": "apphelp.dll", "norm_filename": "c:\\windows\\system32\\apphelp.dll", "region_type": "memory_mapped_file", "start_va": 140725066203136, "timestamp": "00:01:15.201", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 53248, "start_va": 140725040709632, "type": "region", "version": 1 }, "end_va": 140725040762879, "entry_point": 140725040709632, "filename": "\\Windows\\System32\\AuthExt.dll", "id": "region_3649", "name": "authext.dll", "norm_filename": "c:\\windows\\system32\\authext.dll", "region_type": "memory_mapped_file", "start_va": 140725040709632, "timestamp": "00:01:15.205", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1458176, "start_va": 140725039202304, "type": "region", "version": 1 }, "end_va": 140725040660479, "entry_point": 140725039202304, "filename": "\\Windows\\System32\\propsys.dll", "id": "region_3650", "name": "propsys.dll", "norm_filename": "c:\\windows\\system32\\propsys.dll", "region_type": "memory_mapped_file", "start_va": 140725039202304, "timestamp": "00:01:15.226", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 48848896, "start_va": 1035225923584, "type": "region", "version": 1 }, "end_va": 1035274772479, "entry_point": 1035225923584, "filename": "\\Windows\\System32\\imageres.dll", "id": "region_3651", "name": "imageres.dll", "norm_filename": "c:\\windows\\system32\\imageres.dll", "region_type": "memory_mapped_file", "start_va": 1035225923584, "timestamp": "00:01:15.240", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 1035274813440, "type": "region", "version": 1 }, "end_va": 1035275337727, "entry_point": 0, "filename": null, "id": "region_3652", "name": "private_0x000000f10b300000", "norm_filename": null, "region_type": "private_memory", "start_va": 1035274813440, "timestamp": "00:01:15.254", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 1035275337728, "type": "region", "version": 1 }, "end_va": 1035275862015, "entry_point": 0, "filename": null, "id": "region_3653", "name": "private_0x000000f10b380000", "norm_filename": null, "region_type": "private_memory", "start_va": 1035275337728, "timestamp": "00:01:15.254", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 1035275862016, "type": "region", "version": 1 }, "end_va": 1035276910591, "entry_point": 0, "filename": null, "id": "region_3654", "name": "private_0x000000f10b400000", "norm_filename": null, "region_type": "private_memory", "start_va": 1035275862016, "timestamp": "00:01:15.254", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140695728349184, "type": "region", "version": 1 }, "end_va": 140695728357375, "entry_point": 0, "filename": null, "id": "region_3655", "name": "private_0x00007ff646e8e000", "norm_filename": null, "region_type": "private_memory", "start_va": 140695728349184, "timestamp": "00:01:15.254", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140695729549312, "type": "region", "version": 1 }, "end_va": 140695729557503, "entry_point": 0, "filename": null, "id": "region_3656", "name": "private_0x00007ff646fb3000", "norm_filename": null, "region_type": "private_memory", "start_va": 140695729549312, "timestamp": "00:01:15.254", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 1035276910592, "type": "region", "version": 1 }, "end_va": 1035277434879, "entry_point": 0, "filename": null, "id": "region_3657", "name": "private_0x000000f10b500000", "norm_filename": null, "region_type": "private_memory", "start_va": 1035276910592, "timestamp": "00:01:15.259", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140695728340992, "type": "region", "version": 1 }, "end_va": 140695728349183, "entry_point": 0, "filename": null, "id": "region_3658", "name": "private_0x00007ff646e8c000", "norm_filename": null, "region_type": "private_memory", "start_va": 140695728340992, "timestamp": "00:01:15.259", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 69632, "start_va": 140725039071232, "type": "region", "version": 1 }, "end_va": 140725039140863, "entry_point": 140725039071232, "filename": "\\Windows\\System32\\wtsapi32.dll", "id": "region_3659", "name": "wtsapi32.dll", "norm_filename": "c:\\windows\\system32\\wtsapi32.dll", "region_type": "memory_mapped_file", "start_va": 140725039071232, "timestamp": "00:01:15.259", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 356352, "start_va": 140725078982656, "type": "region", "version": 1 }, "end_va": 140725079339007, "entry_point": 140725078989424, "filename": "\\Windows\\System32\\winsta.dll", "id": "region_3660", "name": "winsta.dll", "norm_filename": "c:\\windows\\system32\\winsta.dll", "region_type": "memory_mapped_file", "start_va": 140725078982656, "timestamp": "00:01:15.266", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 114688, "start_va": 140725038940160, "type": "region", "version": 1 }, "end_va": 140725039054847, "entry_point": 140725038940160, "filename": "\\Windows\\System32\\NetworkStatus.dll", "id": "region_3661", "name": "networkstatus.dll", "norm_filename": "c:\\windows\\system32\\networkstatus.dll", "region_type": "memory_mapped_file", "start_va": 140725038940160, "timestamp": "00:01:15.270", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 1035277434880, "type": "region", "version": 1 }, "end_va": 1035277959167, "entry_point": 0, "filename": null, "id": "region_4129", "name": "private_0x000000f10b580000", "norm_filename": null, "region_type": "private_memory", "start_va": 1035277434880, "timestamp": "00:01:17.257", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable" ], "ref_process_dump": null, "size": 675840, "start_va": 1035277959168, "type": "region", "version": 1 }, "end_va": 1035278635007, "entry_point": 1035277959168, "filename": "\\Windows\\ServiceProfiles\\LocalService\\AppData\\Local\\~FontCache-System.dat", "id": "region_4130", "name": "~fontcache-system.dat", "norm_filename": "c:\\windows\\serviceprofiles\\localservice\\appdata\\local\\~fontcache-system.dat", "region_type": "memory_mapped_file", "start_va": 1035277959168, "timestamp": "00:01:17.257", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140695728332800, "type": "region", "version": 1 }, "end_va": 140695728340991, "entry_point": 0, "filename": null, "id": "region_4131", "name": "private_0x00007ff646e8a000", "norm_filename": null, "region_type": "private_memory", "start_va": 140695728332800, "timestamp": "00:01:17.258", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16777216, "start_va": 1035278680064, "type": "region", "version": 1 }, "end_va": 1035295457279, "entry_point": 1035278680064, "filename": "\\Windows\\ServiceProfiles\\LocalService\\AppData\\Local\\~FontCache-FontFace.dat", "id": "region_4132", "name": "~fontcache-fontface.dat", "norm_filename": "c:\\windows\\serviceprofiles\\localservice\\appdata\\local\\~fontcache-fontface.dat", "region_type": "memory_mapped_file", "start_va": 1035278680064, "timestamp": "00:01:17.265", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8388608, "start_va": 1035295457280, "type": "region", "version": 1 }, "end_va": 1035303845887, "entry_point": 1035295457280, "filename": "\\Windows\\ServiceProfiles\\LocalService\\AppData\\Local\\~FontCache-S-1-5-18.dat", "id": "region_4134", "name": "~fontcache-s-1-5-18.dat", "norm_filename": "c:\\windows\\serviceprofiles\\localservice\\appdata\\local\\~fontcache-s-1-5-18.dat", "region_type": "memory_mapped_file", "start_va": 1035295457280, "timestamp": "00:01:17.290", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1781760, "start_va": 1035303845888, "type": "region", "version": 1 }, "end_va": 1035305627647, "entry_point": 1035303845888, "filename": "\\Windows\\Fonts\\seguisym.ttf", "id": "region_4136", "name": "seguisym.ttf", "norm_filename": "c:\\windows\\fonts\\seguisym.ttf", "region_type": "memory_mapped_file", "start_va": 1035303845888, "timestamp": "00:01:17.301", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 868352, "start_va": 1035305680896, "type": "region", "version": 1 }, "end_va": 1035306549247, "entry_point": 1035305680896, "filename": "\\Windows\\Fonts\\seguisb.ttf", "id": "region_4137", "name": "seguisb.ttf", "norm_filename": "c:\\windows\\fonts\\seguisb.ttf", "region_type": "memory_mapped_file", "start_va": 1035305680896, "timestamp": "00:01:17.307", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 196608, "start_va": 140725021704192, "type": "region", "version": 1 }, "end_va": 140725021900799, "entry_point": 140725021704192, "filename": "\\Windows\\System32\\shacct.dll", "id": "region_4138", "name": "shacct.dll", "norm_filename": "c:\\windows\\system32\\shacct.dll", "region_type": "memory_mapped_file", "start_va": 140725021704192, "timestamp": "00:01:17.318", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 122880, "start_va": 140725021573120, "type": "region", "version": 1 }, "end_va": 140725021695999, "entry_point": 140725021573120, "filename": "\\Windows\\System32\\samlib.dll", "id": "region_4139", "name": "samlib.dll", "norm_filename": "c:\\windows\\system32\\samlib.dll", "region_type": "memory_mapped_file", "start_va": 140725021573120, "timestamp": "00:01:17.330", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 245760, "start_va": 140725021310976, "type": "region", "version": 1 }, "end_va": 140725021556735, "entry_point": 140725021310976, "filename": "\\Windows\\System32\\InputSwitch.dll", "id": "region_4140", "name": "inputswitch.dll", "norm_filename": "c:\\windows\\system32\\inputswitch.dll", "region_type": "memory_mapped_file", "start_va": 140725021310976, "timestamp": "00:01:17.362", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 1035306598400, "type": "region", "version": 1 }, "end_va": 1035307122687, "entry_point": 0, "filename": null, "id": "region_4145", "name": "private_0x000000f10d150000", "norm_filename": null, "region_type": "private_memory", "start_va": 1035306598400, "timestamp": "00:01:17.380", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "C:\\Windows\\System32\\svchost.exe -k LocalServiceNetworkRestricted", "filename": "c:\\windows\\system32\\svchost.exe", "id": "proc_45", "image_name": "svchost.exe", "monitor_reason": "child_process", "monitored_id": 45, "origin_monitor_id": 39, "ref_parent_process": { "ref_id": "proc_39", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable" ], "ref_process_dump": null, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_3769", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:01:16.130", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 131072, "start_va": 517809831936, "type": "region", "version": 1 }, "end_va": 517809963007, "entry_point": 0, "filename": null, "id": "region_3770", "name": "private_0x000000788fdf0000", "norm_filename": null, "region_type": "private_memory", "start_va": 517809831936, "timestamp": "00:01:16.130", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 61440, "start_va": 517809963008, "type": "region", "version": 1 }, "end_va": 517810024447, "entry_point": 0, "filename": null, "id": "region_3771", "name": "pagefile_0x000000788fe10000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 517809963008, "timestamp": "00:01:16.130", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 517810028544, "type": "region", "version": 1 }, "end_va": 517810552831, "entry_point": 0, "filename": null, "id": "region_3772", "name": "private_0x000000788fe20000", "norm_filename": null, "region_type": "private_memory", "start_va": 517810028544, "timestamp": "00:01:16.130", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 517810552832, "type": "region", "version": 1 }, "end_va": 517810569215, "entry_point": 0, "filename": null, "id": "region_3773", "name": "pagefile_0x000000788fea0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 517810552832, "timestamp": "00:01:16.130", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 140694939762688, "type": "region", "version": 1 }, "end_va": 140694939906047, "entry_point": 0, "filename": null, "id": "region_3774", "name": "pagefile_0x00007ff617e80000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 140694939762688, "timestamp": "00:01:16.130", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 140694939947008, "type": "region", "version": 1 }, "end_va": 140694939951103, "entry_point": 0, "filename": null, "id": "region_3775", "name": "private_0x00007ff617ead000", "norm_filename": null, "region_type": "private_memory", "start_va": 140694939947008, "timestamp": "00:01:16.130", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140694939951104, "type": "region", "version": 1 }, "end_va": 140694939959295, "entry_point": 0, "filename": null, "id": "region_3776", "name": "private_0x00007ff617eae000", "norm_filename": null, "region_type": "private_memory", "start_va": 140694939951104, "timestamp": "00:01:16.130", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 140694944612352, "type": "region", "version": 1 }, "end_va": 140694944661503, "entry_point": 140694944620940, "filename": "\\Windows\\System32\\svchost.exe", "id": "region_3777", "name": "svchost.exe", "norm_filename": "c:\\windows\\system32\\svchost.exe", "region_type": "memory_mapped_file", "start_va": 140694944612352, "timestamp": "00:01:16.131", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 140725133115392, "type": "region", "version": 1 }, "end_va": 140725134856191, "entry_point": 140725133115392, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_3778", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 140725133115392, "timestamp": "00:01:16.132", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 517810618368, "type": "region", "version": 1 }, "end_va": 517810622463, "entry_point": 0, "filename": null, "id": "region_3779", "name": "pagefile_0x000000788feb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 517810618368, "timestamp": "00:01:16.133", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 517810683904, "type": "region", "version": 1 }, "end_va": 517810692095, "entry_point": 0, "filename": null, "id": "region_3780", "name": "private_0x000000788fec0000", "norm_filename": null, "region_type": "private_memory", "start_va": 517810683904, "timestamp": "00:01:16.133", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 517811339264, "type": "region", "version": 1 }, "end_va": 517812387839, "entry_point": 0, "filename": null, "id": "region_3781", "name": "private_0x000000788ff60000", "norm_filename": null, "region_type": "private_memory", "start_va": 517811339264, "timestamp": "00:01:16.139", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1105920, "start_va": 140725090648064, "type": "region", "version": 1 }, "end_va": 140725091753983, "entry_point": 140725090656928, "filename": "\\Windows\\System32\\KernelBase.dll", "id": "region_3782", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\system32\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 140725090648064, "timestamp": "00:01:16.139", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1282048, "start_va": 140725124988928, "type": "region", "version": 1 }, "end_va": 140725126270975, "entry_point": 140725125009460, "filename": "\\Windows\\System32\\kernel32.dll", "id": "region_3783", "name": "kernel32.dll", "norm_filename": "c:\\windows\\system32\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 140725124988928, "timestamp": "00:01:16.141", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 517809831936, "type": "region", "version": 1 }, "end_va": 517809897471, "entry_point": 0, "filename": null, "id": "region_3784", "name": "pagefile_0x000000788fdf0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 517809831936, "timestamp": "00:01:16.142", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 140694938714112, "type": "region", "version": 1 }, "end_va": 140694939762687, "entry_point": 0, "filename": null, "id": "region_3785", "name": "pagefile_0x00007ff617d80000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 140694938714112, "timestamp": "00:01:16.142", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 516096, "start_va": 517810749440, "type": "region", "version": 1 }, "end_va": 517811265535, "entry_point": 517810749440, "filename": "\\Windows\\System32\\locale.nls", "id": "region_3786", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 517810749440, "timestamp": "00:01:16.143", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 356352, "start_va": 140725098184704, "type": "region", "version": 1 }, "end_va": 140725098541055, "entry_point": 140725098194176, "filename": "\\Windows\\System32\\sechost.dll", "id": "region_3787", "name": "sechost.dll", "norm_filename": "c:\\windows\\system32\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 140725098184704, "timestamp": "00:01:16.145", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1269760, "start_va": 140725127806976, "type": "region", "version": 1 }, "end_va": 140725129076735, "entry_point": 140725127811408, "filename": "\\Windows\\System32\\rpcrt4.dll", "id": "region_3788", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\system32\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 140725127806976, "timestamp": "00:01:16.146", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1929216, "start_va": 140725131149312, "type": "region", "version": 1 }, "end_va": 140725133078527, "entry_point": 140725131157344, "filename": "\\Windows\\System32\\combase.dll", "id": "region_3789", "name": "combase.dll", "norm_filename": "c:\\windows\\system32\\combase.dll", "region_type": "memory_mapped_file", "start_va": 140725131149312, "timestamp": "00:01:16.149", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 684032, "start_va": 140725098577920, "type": "region", "version": 1 }, "end_va": 140725099261951, "entry_point": 140725098588204, "filename": "\\Windows\\System32\\msvcrt.dll", "id": "region_3790", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\system32\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 140725098577920, "timestamp": "00:01:16.150", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1376256, "start_va": 517812387840, "type": "region", "version": 1 }, "end_va": 517813764095, "entry_point": 0, "filename": null, "id": "region_3791", "name": "private_0x0000007890060000", "norm_filename": null, "region_type": "private_memory", "start_va": 517812387840, "timestamp": "00:01:16.153", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 28672, "start_va": 517809897472, "type": "region", "version": 1 }, "end_va": 517809926143, "entry_point": 0, "filename": null, "id": "region_3792", "name": "private_0x000000788fe00000", "norm_filename": null, "region_type": "private_memory", "start_va": 517809897472, "timestamp": "00:01:16.154", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 761856, "start_va": 517812387840, "type": "region", "version": 1 }, "end_va": 517813149695, "entry_point": 517812569960, "filename": "\\Windows\\System32\\rpcss.dll", "id": "region_3793", "name": "rpcss.dll", "norm_filename": "c:\\windows\\system32\\rpcss.dll", "region_type": "memory_mapped_file", "start_va": 517812387840, "timestamp": "00:01:16.156", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 517813698560, "type": "region", "version": 1 }, "end_va": 517813764095, "entry_point": 0, "filename": null, "id": "region_3794", "name": "private_0x00000078901a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 517813698560, "timestamp": "00:01:16.157", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 140725068431360, "type": "region", "version": 1 }, "end_va": 140725068472319, "entry_point": 140725068437320, "filename": "\\Windows\\System32\\kernel.appcore.dll", "id": "region_3795", "name": "kernel.appcore.dll", "norm_filename": "c:\\windows\\system32\\kernel.appcore.dll", "region_type": "memory_mapped_file", "start_va": 140725068431360, "timestamp": "00:01:16.158", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 140725085208576, "type": "region", "version": 1 }, "end_va": 140725085249535, "entry_point": 140725085212688, "filename": "\\Windows\\System32\\cryptbase.dll", "id": "region_3796", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\system32\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 140725085208576, "timestamp": "00:01:16.159", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 28672, "start_va": 517811273728, "type": "region", "version": 1 }, "end_va": 517811302399, "entry_point": 0, "filename": null, "id": "region_3797", "name": "private_0x000000788ff50000", "norm_filename": null, "region_type": "private_memory", "start_va": 517811273728, "timestamp": "00:01:16.160", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 385024, "start_va": 140725084815360, "type": "region", "version": 1 }, "end_va": 140725085200383, "entry_point": 140725084944032, "filename": "\\Windows\\System32\\bcryptprimitives.dll", "id": "region_3798", "name": "bcryptprimitives.dll", "norm_filename": "c:\\windows\\system32\\bcryptprimitives.dll", "region_type": "memory_mapped_file", "start_va": 140725084815360, "timestamp": "00:01:16.160", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1511424, "start_va": 140725093466112, "type": "region", "version": 1 }, "end_va": 140725094977535, "entry_point": 140725093620416, "filename": "\\Windows\\System32\\user32.dll", "id": "region_3799", "name": "user32.dll", "norm_filename": "c:\\windows\\system32\\user32.dll", "region_type": "memory_mapped_file", "start_va": 140725093466112, "timestamp": "00:01:16.162", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1331200, "start_va": 140725129773056, "type": "region", "version": 1 }, "end_va": 140725131104255, "entry_point": 140725129845848, "filename": "\\Windows\\System32\\gdi32.dll", "id": "region_3800", "name": "gdi32.dll", "norm_filename": "c:\\windows\\system32\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 140725129773056, "timestamp": "00:01:16.164", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 786432, "start_va": 517812387840, "type": "region", "version": 1 }, "end_va": 517813174271, "entry_point": 0, "filename": null, "id": "region_3801", "name": "pagefile_0x0000007890060000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 517812387840, "timestamp": "00:01:16.168", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 517813764096, "type": "region", "version": 1 }, "end_va": 517815369727, "entry_point": 0, "filename": null, "id": "region_3802", "name": "pagefile_0x00000078901b0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 517813764096, "timestamp": "00:01:16.168", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 517815402496, "type": "region", "version": 1 }, "end_va": 517816979455, "entry_point": 0, "filename": null, "id": "region_3803", "name": "pagefile_0x0000007890340000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 517815402496, "timestamp": "00:01:16.168", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 12288, "start_va": 517813174272, "type": "region", "version": 1 }, "end_va": 517813186559, "entry_point": 0, "filename": null, "id": "region_3804", "name": "pagefile_0x0000007890120000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 517813174272, "timestamp": "00:01:16.171", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 517813239808, "type": "region", "version": 1 }, "end_va": 517813243903, "entry_point": 0, "filename": null, "id": "region_3805", "name": "pagefile_0x0000007890130000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 517813239808, "timestamp": "00:01:16.171", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 517813305344, "type": "region", "version": 1 }, "end_va": 517813309439, "entry_point": 0, "filename": null, "id": "region_3806", "name": "private_0x0000007890140000", "norm_filename": null, "region_type": "private_memory", "start_va": 517813305344, "timestamp": "00:01:16.171", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 517813370880, "type": "region", "version": 1 }, "end_va": 517813374975, "entry_point": 0, "filename": null, "id": "region_3807", "name": "private_0x0000007890150000", "norm_filename": null, "region_type": "private_memory", "start_va": 517813370880, "timestamp": "00:01:16.171", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4169728, "start_va": 517817040896, "type": "region", "version": 1 }, "end_va": 517821210623, "entry_point": 0, "filename": null, "id": "region_3808", "name": "pagefile_0x00000078904d0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 517817040896, "timestamp": "00:01:16.171", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 517821235200, "type": "region", "version": 1 }, "end_va": 517821759487, "entry_point": 0, "filename": null, "id": "region_3809", "name": "private_0x00000078908d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 517821235200, "timestamp": "00:01:16.183", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 517821759488, "type": "region", "version": 1 }, "end_va": 517822283775, "entry_point": 0, "filename": null, "id": "region_3810", "name": "private_0x0000007890950000", "norm_filename": null, "region_type": "private_memory", "start_va": 517821759488, "timestamp": "00:01:16.183", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140694939930624, "type": "region", "version": 1 }, "end_va": 140694939938815, "entry_point": 0, "filename": null, "id": "region_3811", "name": "private_0x00007ff617ea9000", "norm_filename": null, "region_type": "private_memory", "start_va": 140694939930624, "timestamp": "00:01:16.183", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140694939938816, "type": "region", "version": 1 }, "end_va": 140694939947007, "entry_point": 0, "filename": null, "id": "region_3812", "name": "private_0x00007ff617eab000", "norm_filename": null, "region_type": "private_memory", "start_va": 140694939938816, "timestamp": "00:01:16.183", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2969600, "start_va": 517822283776, "type": "region", "version": 1 }, "end_va": 517825253375, "entry_point": 517822283776, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_3813", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 517822283776, "timestamp": "00:01:16.184", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1683456, "start_va": 140725029502976, "type": "region", "version": 1 }, "end_va": 140725031186431, "entry_point": 140725029502976, "filename": "\\Windows\\System32\\wevtsvc.dll", "id": "region_3814", "name": "wevtsvc.dll", "norm_filename": "c:\\windows\\system32\\wevtsvc.dll", "region_type": "memory_mapped_file", "start_va": 140725029502976, "timestamp": "00:01:16.207", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 950272, "start_va": 517825298432, "type": "region", "version": 1 }, "end_va": 517826248703, "entry_point": 0, "filename": null, "id": "region_3815", "name": "private_0x0000007890cb0000", "norm_filename": null, "region_type": "private_memory", "start_va": 517825298432, "timestamp": "00:01:16.225", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 28672, "start_va": 517813436416, "type": "region", "version": 1 }, "end_va": 517813465087, "entry_point": 0, "filename": null, "id": "region_3816", "name": "private_0x0000007890160000", "norm_filename": null, "region_type": "private_memory", "start_va": 517813436416, "timestamp": "00:01:16.227", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 517826281472, "type": "region", "version": 1 }, "end_va": 517827330047, "entry_point": 0, "filename": null, "id": "region_3817", "name": "private_0x0000007890da0000", "norm_filename": null, "region_type": "private_memory", "start_va": 517826281472, "timestamp": "00:01:16.228", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 517813501952, "type": "region", "version": 1 }, "end_va": 517813510143, "entry_point": 517813501952, "filename": "\\Windows\\System32\\tzres.dll", "id": "region_3818", "name": "tzres.dll", "norm_filename": "c:\\windows\\system32\\tzres.dll", "region_type": "memory_mapped_file", "start_va": 517813501952, "timestamp": "00:01:16.237", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 32768, "start_va": 517813567488, "type": "region", "version": 1 }, "end_va": 517813600255, "entry_point": 517813567488, "filename": "\\Windows\\System32\\en-US\\tzres.dll.mui", "id": "region_3819", "name": "tzres.dll.mui", "norm_filename": "c:\\windows\\system32\\en-us\\tzres.dll.mui", "region_type": "memory_mapped_file", "start_va": 517813567488, "timestamp": "00:01:16.242", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 517825298432, "type": "region", "version": 1 }, "end_va": 517825822719, "entry_point": 0, "filename": null, "id": "region_3822", "name": "private_0x0000007890cb0000", "norm_filename": null, "region_type": "private_memory", "start_va": 517825298432, "timestamp": "00:01:16.261", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 32768, "start_va": 517826215936, "type": "region", "version": 1 }, "end_va": 517826248703, "entry_point": 0, "filename": null, "id": "region_3823", "name": "private_0x0000007890d90000", "norm_filename": null, "region_type": "private_memory", "start_va": 517826215936, "timestamp": "00:01:16.261", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 517827330048, "type": "region", "version": 1 }, "end_va": 517827751935, "entry_point": 517827330048, "filename": "\\Windows\\System32\\wevtapi.dll", "id": "region_3824", "name": "wevtapi.dll", "norm_filename": "c:\\windows\\system32\\wevtapi.dll", "region_type": "memory_mapped_file", "start_va": 517827330048, "timestamp": "00:01:16.261", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140694939922432, "type": "region", "version": 1 }, "end_va": 140694939930623, "entry_point": 0, "filename": null, "id": "region_3825", "name": "private_0x00007ff617ea7000", "norm_filename": null, "region_type": "private_memory", "start_va": 140694939922432, "timestamp": "00:01:16.266", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 282624, "start_va": 140725086126080, "type": "region", "version": 1 }, "end_va": 140725086408703, "entry_point": 140725086130832, "filename": "\\Windows\\System32\\powrprof.dll", "id": "region_3826", "name": "powrprof.dll", "norm_filename": "c:\\windows\\system32\\powrprof.dll", "region_type": "memory_mapped_file", "start_va": 140725086126080, "timestamp": "00:01:16.266", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 176128, "start_va": 140725084618752, "type": "region", "version": 1 }, "end_va": 140725084794879, "entry_point": 140725084624016, "filename": "\\Windows\\System32\\sspicli.dll", "id": "region_3827", "name": "sspicli.dll", "norm_filename": "c:\\windows\\system32\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 140725084618752, "timestamp": "00:01:16.274", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 517813501952, "type": "region", "version": 1 }, "end_va": 517813506047, "entry_point": 0, "filename": null, "id": "region_3828", "name": "private_0x0000007890170000", "norm_filename": null, "region_type": "private_memory", "start_va": 517813501952, "timestamp": "00:01:16.277", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 360448, "start_va": 140725127020544, "type": "region", "version": 1 }, "end_va": 140725127380991, "entry_point": 140725127024796, "filename": "\\Windows\\System32\\ws2_32.dll", "id": "region_3852", "name": "ws2_32.dll", "norm_filename": "c:\\windows\\system32\\ws2_32.dll", "region_type": "memory_mapped_file", "start_va": 140725127020544, "timestamp": "00:01:16.293", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 36864, "start_va": 140725103886336, "type": "region", "version": 1 }, "end_va": 140725103923199, "entry_point": 140725103891456, "filename": "\\Windows\\System32\\nsi.dll", "id": "region_3853", "name": "nsi.dll", "norm_filename": "c:\\windows\\system32\\nsi.dll", "region_type": "memory_mapped_file", "start_va": 140725103886336, "timestamp": "00:01:16.294", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 360448, "start_va": 140725079375872, "type": "region", "version": 1 }, "end_va": 140725079736319, "entry_point": 140725079379984, "filename": "\\Windows\\System32\\mswsock.dll", "id": "region_3854", "name": "mswsock.dll", "norm_filename": "c:\\windows\\system32\\mswsock.dll", "region_type": "memory_mapped_file", "start_va": 140725079375872, "timestamp": "00:01:16.298", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 517827788800, "type": "region", "version": 1 }, "end_va": 517828313087, "entry_point": 0, "filename": null, "id": "region_3855", "name": "private_0x0000007890f10000", "norm_filename": null, "region_type": "private_memory", "start_va": 517827788800, "timestamp": "00:01:16.301", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140694939914240, "type": "region", "version": 1 }, "end_va": 140694939922431, "entry_point": 0, "filename": null, "id": "region_3856", "name": "private_0x00007ff617ea5000", "norm_filename": null, "region_type": "private_memory", "start_va": 140694939914240, "timestamp": "00:01:16.301", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 143360, "start_va": 140725071773696, "type": "region", "version": 1 }, "end_va": 140725071917055, "entry_point": 140725071777952, "filename": "\\Windows\\System32\\gpapi.dll", "id": "region_3857", "name": "gpapi.dll", "norm_filename": "c:\\windows\\system32\\gpapi.dll", "region_type": "memory_mapped_file", "start_va": 140725071773696, "timestamp": "00:01:16.307", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 517828313088, "type": "region", "version": 1 }, "end_va": 517828837375, "entry_point": 0, "filename": null, "id": "region_3888", "name": "private_0x0000007890f90000", "norm_filename": null, "region_type": "private_memory", "start_va": 517828313088, "timestamp": "00:01:16.362", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140694939906048, "type": "region", "version": 1 }, "end_va": 140694939914239, "entry_point": 0, "filename": null, "id": "region_3889", "name": "private_0x00007ff617ea3000", "norm_filename": null, "region_type": "private_memory", "start_va": 140694939906048, "timestamp": "00:01:16.362", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 517828837376, "type": "region", "version": 1 }, "end_va": 517829361663, "entry_point": 0, "filename": null, "id": "region_3890", "name": "private_0x0000007891010000", "norm_filename": null, "region_type": "private_memory", "start_va": 517828837376, "timestamp": "00:01:16.364", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140694938705920, "type": "region", "version": 1 }, "end_va": 140694938714111, "entry_point": 0, "filename": null, "id": "region_3891", "name": "private_0x00007ff617d7e000", "norm_filename": null, "region_type": "private_memory", "start_va": 140694938705920, "timestamp": "00:01:16.364", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 196608, "start_va": 140725028847616, "type": "region", "version": 1 }, "end_va": 140725029044223, "entry_point": 140725028847616, "filename": "\\Windows\\System32\\ntmarta.dll", "id": "region_3892", "name": "ntmarta.dll", "norm_filename": "c:\\windows\\system32\\ntmarta.dll", "region_type": "memory_mapped_file", "start_va": 140725028847616, "timestamp": "00:01:16.367", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 131072, "start_va": 517813501952, "type": "region", "version": 1 }, "end_va": 517813633023, "entry_point": 0, "filename": null, "id": "region_3894", "name": "private_0x0000007890170000", "norm_filename": null, "region_type": "private_memory", "start_va": 517813501952, "timestamp": "00:01:16.378", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 517813633024, "type": "region", "version": 1 }, "end_va": 517813637119, "entry_point": 0, "filename": null, "id": "region_3895", "name": "private_0x0000007890190000", "norm_filename": null, "region_type": "private_memory", "start_va": 517813633024, "timestamp": "00:01:16.384", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 131072, "start_va": 517825822720, "type": "region", "version": 1 }, "end_va": 517825953791, "entry_point": 0, "filename": null, "id": "region_3896", "name": "private_0x0000007890d30000", "norm_filename": null, "region_type": "private_memory", "start_va": 517825822720, "timestamp": "00:01:16.385", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 131072, "start_va": 517825953792, "type": "region", "version": 1 }, "end_va": 517826084863, "entry_point": 517825953792, "filename": "\\Windows\\System32\\microsoft-windows-kernel-power-events.dll", "id": "region_3902", "name": "microsoft-windows-kernel-power-events.dll", "norm_filename": "c:\\windows\\system32\\microsoft-windows-kernel-power-events.dll", "region_type": "memory_mapped_file", "start_va": 517825953792, "timestamp": "00:01:16.400", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 517829361664, "type": "region", "version": 1 }, "end_va": 517829885951, "entry_point": 0, "filename": null, "id": "region_3904", "name": "private_0x0000007891090000", "norm_filename": null, "region_type": "private_memory", "start_va": 517829361664, "timestamp": "00:01:16.409", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140694938697728, "type": "region", "version": 1 }, "end_va": 140694938705919, "entry_point": 0, "filename": null, "id": "region_3905", "name": "private_0x00007ff617d7c000", "norm_filename": null, "region_type": "private_memory", "start_va": 140694938697728, "timestamp": "00:01:16.409", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 517829885952, "type": "region", "version": 1 }, "end_va": 517830410239, "entry_point": 0, "filename": null, "id": "region_3907", "name": "private_0x0000007891110000", "norm_filename": null, "region_type": "private_memory", "start_va": 517829885952, "timestamp": "00:01:16.411", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140694938689536, "type": "region", "version": 1 }, "end_va": 140694938697727, "entry_point": 0, "filename": null, "id": "region_3908", "name": "private_0x00007ff617d7a000", "norm_filename": null, "region_type": "private_memory", "start_va": 140694938689536, "timestamp": "00:01:16.411", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 131072, "start_va": 517821759488, "type": "region", "version": 1 }, "end_va": 517821890559, "entry_point": 0, "filename": null, "id": "region_3910", "name": "private_0x0000007890950000", "norm_filename": null, "region_type": "private_memory", "start_va": 517821759488, "timestamp": "00:01:16.425", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 131072, "start_va": 517821890560, "type": "region", "version": 1 }, "end_va": 517822021631, "entry_point": 0, "filename": null, "id": "region_3912", "name": "private_0x0000007890970000", "norm_filename": null, "region_type": "private_memory", "start_va": 517821890560, "timestamp": "00:01:16.427", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 385024, "start_va": 517830410240, "type": "region", "version": 1 }, "end_va": 517830795263, "entry_point": 517830410240, "filename": "\\Windows\\System32\\wcmsvc.dll", "id": "region_3924", "name": "wcmsvc.dll", "norm_filename": "c:\\windows\\system32\\wcmsvc.dll", "region_type": "memory_mapped_file", "start_va": 517830410240, "timestamp": "00:01:16.480", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 737280, "start_va": 517830410240, "type": "region", "version": 1 }, "end_va": 517831147519, "entry_point": 517830410240, "filename": "\\Windows\\System32\\adtschema.dll", "id": "region_3925", "name": "adtschema.dll", "norm_filename": "c:\\windows\\system32\\adtschema.dll", "region_type": "memory_mapped_file", "start_va": 517830410240, "timestamp": "00:01:16.498", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 517831196672, "type": "region", "version": 1 }, "end_va": 517832245247, "entry_point": 0, "filename": null, "id": "region_3926", "name": "private_0x0000007891250000", "norm_filename": null, "region_type": "private_memory", "start_va": 517831196672, "timestamp": "00:01:16.514", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 745472, "start_va": 517830410240, "type": "region", "version": 1 }, "end_va": 517831155711, "entry_point": 517830414492, "filename": "\\Windows\\System32\\lsm.dll", "id": "region_3927", "name": "lsm.dll", "norm_filename": "c:\\windows\\system32\\lsm.dll", "region_type": "memory_mapped_file", "start_va": 517830410240, "timestamp": "00:01:16.532", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 245760, "start_va": 517822021632, "type": "region", "version": 1 }, "end_va": 517822267391, "entry_point": 517822021632, "filename": "\\Windows\\System32\\microsoft-windows-system-events.dll", "id": "region_3928", "name": "microsoft-windows-system-events.dll", "norm_filename": "c:\\windows\\system32\\microsoft-windows-system-events.dll", "region_type": "memory_mapped_file", "start_va": 517822021632, "timestamp": "00:01:16.541", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2056192, "start_va": 266272768, "type": "region", "version": 1 }, "end_va": 268328959, "entry_point": 266443472, "filename": "\\Windows\\System32\\drivers\\ntfs.sys", "id": "region_3932", "name": "ntfs.sys", "norm_filename": "c:\\windows\\system32\\drivers\\ntfs.sys", "region_type": "memory_mapped_file", "start_va": 266272768, "timestamp": "00:01:16.589", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 86016, "start_va": 517822021632, "type": "region", "version": 1 }, "end_va": 517822107647, "entry_point": 517822021632, "filename": "\\Windows\\System32\\PSHED.DLL", "id": "region_3933", "name": "pshed.dll", "norm_filename": "c:\\windows\\system32\\pshed.dll", "region_type": "memory_mapped_file", "start_va": 517822021632, "timestamp": "00:01:16.609", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 69632, "start_va": 517822021632, "type": "region", "version": 1 }, "end_va": 517822091263, "entry_point": 517822021632, "filename": "\\Windows\\System32\\microsoft-windows-kernel-processor-power-events.dll", "id": "region_3934", "name": "microsoft-windows-kernel-processor-power-events.dll", "norm_filename": "c:\\windows\\system32\\microsoft-windows-kernel-processor-power-events.dll", "region_type": "memory_mapped_file", "start_va": 517822021632, "timestamp": "00:01:16.621", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1302528, "start_va": 517832245248, "type": "region", "version": 1 }, "end_va": 517833547775, "entry_point": 517832245248, "filename": "\\Windows\\System32\\comres.dll", "id": "region_4024", "name": "comres.dll", "norm_filename": "c:\\windows\\system32\\comres.dll", "region_type": "memory_mapped_file", "start_va": 517832245248, "timestamp": "00:01:16.847", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 2097152, "start_va": 517833555968, "type": "region", "version": 1 }, "end_va": 517835653119, "entry_point": 0, "filename": null, "id": "region_4025", "name": "private_0x0000007891490000", "norm_filename": null, "region_type": "private_memory", "start_va": 517833555968, "timestamp": "00:01:16.855", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1339392, "start_va": 517835653120, "type": "region", "version": 1 }, "end_va": 517836992511, "entry_point": 517835657340, "filename": "\\Windows\\System32\\gpsvc.dll", "id": "region_4119", "name": "gpsvc.dll", "norm_filename": "c:\\windows\\system32\\gpsvc.dll", "region_type": "memory_mapped_file", "start_va": 517835653120, "timestamp": "00:01:17.127", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 517830410240, "type": "region", "version": 1 }, "end_va": 517830934527, "entry_point": 0, "filename": null, "id": "region_4234", "name": "private_0x0000007891190000", "norm_filename": null, "region_type": "private_memory", "start_va": 517830410240, "timestamp": "00:01:17.855", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 864256, "start_va": 140725018886144, "type": "region", "version": 1 }, "end_va": 140725019750399, "entry_point": 140725018886144, "filename": "\\Windows\\System32\\audiosrv.dll", "id": "region_4236", "name": "audiosrv.dll", "norm_filename": "c:\\windows\\system32\\audiosrv.dll", "region_type": "memory_mapped_file", "start_va": 140725018886144, "timestamp": "00:01:17.855", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 749568, "start_va": 140725101002752, "type": "region", "version": 1 }, "end_va": 140725101752319, "entry_point": 140725101007136, "filename": "\\Windows\\System32\\oleaut32.dll", "id": "region_4249", "name": "oleaut32.dll", "norm_filename": "c:\\windows\\system32\\oleaut32.dll", "region_type": "memory_mapped_file", "start_va": 140725101002752, "timestamp": "00:01:17.889", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 53248, "start_va": 140725071970304, "type": "region", "version": 1 }, "end_va": 140725072023551, "entry_point": 140725071974524, "filename": "\\Windows\\System32\\hid.dll", "id": "region_4250", "name": "hid.dll", "norm_filename": "c:\\windows\\system32\\hid.dll", "region_type": "memory_mapped_file", "start_va": 140725071970304, "timestamp": "00:01:17.892", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 397312, "start_va": 140725054210048, "type": "region", "version": 1 }, "end_va": 140725054607359, "entry_point": 140725054288584, "filename": "\\Windows\\System32\\MMDevAPI.dll", "id": "region_4251", "name": "mmdevapi.dll", "norm_filename": "c:\\windows\\system32\\mmdevapi.dll", "region_type": "memory_mapped_file", "start_va": 140725054210048, "timestamp": "00:01:17.893", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 45056, "start_va": 140725036974080, "type": "region", "version": 1 }, "end_va": 140725037019135, "entry_point": 140725036978192, "filename": "\\Windows\\System32\\avrt.dll", "id": "region_4252", "name": "avrt.dll", "norm_filename": "c:\\windows\\system32\\avrt.dll", "region_type": "memory_mapped_file", "start_va": 140725036974080, "timestamp": "00:01:17.894", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 155648, "start_va": 140725068103680, "type": "region", "version": 1 }, "end_va": 140725068259327, "entry_point": 140725068109212, "filename": "\\Windows\\System32\\devobj.dll", "id": "region_4253", "name": "devobj.dll", "norm_filename": "c:\\windows\\system32\\devobj.dll", "region_type": "memory_mapped_file", "start_va": 140725068103680, "timestamp": "00:01:17.896", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 303104, "start_va": 140725090320384, "type": "region", "version": 1 }, "end_va": 140725090623487, "entry_point": 140725090325080, "filename": "\\Windows\\System32\\cfgmgr32.dll", "id": "region_4254", "name": "cfgmgr32.dll", "norm_filename": "c:\\windows\\system32\\cfgmgr32.dll", "region_type": "memory_mapped_file", "start_va": 140725090320384, "timestamp": "00:01:17.897", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1536000, "start_va": 517835653120, "type": "region", "version": 1 }, "end_va": 517837189119, "entry_point": 517835657396, "filename": "\\Windows\\System32\\ole32.dll", "id": "region_4255", "name": "ole32.dll", "norm_filename": "c:\\windows\\system32\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 517835653120, "timestamp": "00:01:17.899", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 241664, "start_va": 517822021632, "type": "region", "version": 1 }, "end_va": 517822263295, "entry_point": 517822073532, "filename": "\\Windows\\System32\\profsvc.dll", "id": "region_4268", "name": "profsvc.dll", "norm_filename": "c:\\windows\\system32\\profsvc.dll", "region_type": "memory_mapped_file", "start_va": 517822021632, "timestamp": "00:01:17.945", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 517813633024, "type": "region", "version": 1 }, "end_va": 517813637119, "entry_point": 0, "filename": null, "id": "region_4269", "name": "pagefile_0x0000007890190000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 517813633024, "timestamp": "00:01:17.956", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 517832245248, "type": "region", "version": 1 }, "end_va": 517832769535, "entry_point": 0, "filename": null, "id": "region_4270", "name": "private_0x0000007891350000", "norm_filename": null, "region_type": "private_memory", "start_va": 517832245248, "timestamp": "00:01:17.956", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140694938681344, "type": "region", "version": 1 }, "end_va": 140694938689535, "entry_point": 0, "filename": null, "id": "region_4271", "name": "private_0x00007ff617d78000", "norm_filename": null, "region_type": "private_memory", "start_va": 140694938681344, "timestamp": "00:01:17.956", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 671744, "start_va": 140725095825408, "type": "region", "version": 1 }, "end_va": 140725096497151, "entry_point": 140725095829872, "filename": "\\Windows\\System32\\clbcatq.dll", "id": "region_4272", "name": "clbcatq.dll", "norm_filename": "c:\\windows\\system32\\clbcatq.dll", "region_type": "memory_mapped_file", "start_va": 140725095825408, "timestamp": "00:01:17.957", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 517822021632, "type": "region", "version": 1 }, "end_va": 517822025727, "entry_point": 0, "filename": null, "id": "region_4273", "name": "pagefile_0x0000007890990000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 517822021632, "timestamp": "00:01:17.959", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 517822087168, "type": "region", "version": 1 }, "end_va": 517822091263, "entry_point": 0, "filename": null, "id": "region_4276", "name": "private_0x00000078909a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 517822087168, "timestamp": "00:01:17.964", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 517822152704, "type": "region", "version": 1 }, "end_va": 517822156799, "entry_point": 0, "filename": null, "id": "region_4277", "name": "private_0x00000078909b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 517822152704, "timestamp": "00:01:17.964", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 517822218240, "type": "region", "version": 1 }, "end_va": 517822222335, "entry_point": 0, "filename": null, "id": "region_4295", "name": "pagefile_0x00000078909c0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 517822218240, "timestamp": "00:01:18.102", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 517832769536, "type": "region", "version": 1 }, "end_va": 517833293823, "entry_point": 0, "filename": null, "id": "region_4296", "name": "private_0x00000078913d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 517832769536, "timestamp": "00:01:18.102", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140694938673152, "type": "region", "version": 1 }, "end_va": 140694938681343, "entry_point": 0, "filename": null, "id": "region_4297", "name": "private_0x00007ff617d76000", "norm_filename": null, "region_type": "private_memory", "start_va": 140694938673152, "timestamp": "00:01:18.102", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 356352, "start_va": 140725078982656, "type": "region", "version": 1 }, "end_va": 140725079339007, "entry_point": 140725078989424, "filename": "\\Windows\\System32\\winsta.dll", "id": "region_4304", "name": "winsta.dll", "norm_filename": "c:\\windows\\system32\\winsta.dll", "region_type": "memory_mapped_file", "start_va": 140725078982656, "timestamp": "00:01:18.203", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 69632, "start_va": 140725039071232, "type": "region", "version": 1 }, "end_va": 140725039140863, "entry_point": 140725039075456, "filename": "\\Windows\\System32\\wtsapi32.dll", "id": "region_4315", "name": "wtsapi32.dll", "norm_filename": "c:\\windows\\system32\\wtsapi32.dll", "region_type": "memory_mapped_file", "start_va": 140725039071232, "timestamp": "00:01:18.272", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 589824, "start_va": 517835653120, "type": "region", "version": 1 }, "end_va": 517836242943, "entry_point": 517835725216, "filename": "\\Windows\\System32\\winlogon.exe", "id": "region_4316", "name": "winlogon.exe", "norm_filename": "c:\\windows\\system32\\winlogon.exe", "region_type": "memory_mapped_file", "start_va": 517835653120, "timestamp": "00:01:18.279", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 517836242944, "type": "region", "version": 1 }, "end_va": 517836767231, "entry_point": 0, "filename": null, "id": "region_4317", "name": "private_0x0000007891720000", "norm_filename": null, "region_type": "private_memory", "start_va": 517836242944, "timestamp": "00:01:18.298", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140694938664960, "type": "region", "version": 1 }, "end_va": 140694938673151, "entry_point": 0, "filename": null, "id": "region_4318", "name": "private_0x00007ff617d74000", "norm_filename": null, "region_type": "private_memory", "start_va": 140694938664960, "timestamp": "00:01:18.298", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 140725011021824, "type": "region", "version": 1 }, "end_va": 140725011062783, "entry_point": 140725011021824, "filename": "\\Windows\\System32\\lmhsvc.dll", "id": "region_4325", "name": "lmhsvc.dll", "norm_filename": "c:\\windows\\system32\\lmhsvc.dll", "region_type": "memory_mapped_file", "start_va": 140725011021824, "timestamp": "00:01:18.389", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 517836767232, "type": "region", "version": 1 }, "end_va": 517837291519, "entry_point": 0, "filename": null, "id": "region_4330", "name": "private_0x00000078917a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 517836767232, "timestamp": "00:01:18.744", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140694938656768, "type": "region", "version": 1 }, "end_va": 140694938664959, "entry_point": 0, "filename": null, "id": "region_4331", "name": "private_0x00007ff617d72000", "norm_filename": null, "region_type": "private_memory", "start_va": 140694938656768, "timestamp": "00:01:18.744", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 167936, "start_va": 140725016985600, "type": "region", "version": 1 }, "end_va": 140725017153535, "entry_point": 140725017016680, "filename": "\\Windows\\System32\\IPHLPAPI.DLL", "id": "region_4332", "name": "iphlpapi.dll", "norm_filename": "c:\\windows\\system32\\iphlpapi.dll", "region_type": "memory_mapped_file", "start_va": 140725016985600, "timestamp": "00:01:18.869", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 517837291520, "type": "region", "version": 1 }, "end_va": 517837815807, "entry_point": 0, "filename": null, "id": "region_4334", "name": "private_0x0000007891820000", "norm_filename": null, "region_type": "private_memory", "start_va": 517837291520, "timestamp": "00:01:19.318", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140694938648576, "type": "region", "version": 1 }, "end_va": 140694938656767, "entry_point": 0, "filename": null, "id": "region_4335", "name": "private_0x00007ff617d70000", "norm_filename": null, "region_type": "private_memory", "start_va": 140694938648576, "timestamp": "00:01:19.318", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 36864, "start_va": 140725010890752, "type": "region", "version": 1 }, "end_va": 140725010927615, "entry_point": 140725010890752, "filename": "\\Windows\\System32\\nrpsrv.dll", "id": "region_4336", "name": "nrpsrv.dll", "norm_filename": "c:\\windows\\system32\\nrpsrv.dll", "region_type": "memory_mapped_file", "start_va": 140725010890752, "timestamp": "00:01:19.318", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 140725016920064, "type": "region", "version": 1 }, "end_va": 140725016961023, "entry_point": 140725016924356, "filename": "\\Windows\\System32\\winnsi.dll", "id": "region_4349", "name": "winnsi.dll", "norm_filename": "c:\\windows\\system32\\winnsi.dll", "region_type": "memory_mapped_file", "start_va": 140725016920064, "timestamp": "00:01:19.526", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 385024, "start_va": 140725010497536, "type": "region", "version": 1 }, "end_va": 140725010882559, "entry_point": 140725010501808, "filename": "\\Windows\\System32\\wcmsvc.dll", "id": "region_4378", "name": "wcmsvc.dll", "norm_filename": "c:\\windows\\system32\\wcmsvc.dll", "region_type": "memory_mapped_file", "start_va": 140725010497536, "timestamp": "00:01:19.635", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 372736, "start_va": 140725010104320, "type": "region", "version": 1 }, "end_va": 140725010477055, "entry_point": 140725010104320, "filename": "\\Windows\\System32\\dhcpcore.dll", "id": "region_4379", "name": "dhcpcore.dll", "norm_filename": "c:\\windows\\system32\\dhcpcore.dll", "region_type": "memory_mapped_file", "start_va": 140725010104320, "timestamp": "00:01:19.645", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 517837815808, "type": "region", "version": 1 }, "end_va": 517838340095, "entry_point": 0, "filename": null, "id": "region_4385", "name": "private_0x00000078918a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 517837815808, "timestamp": "00:01:19.668", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140694938640384, "type": "region", "version": 1 }, "end_va": 140694938648575, "entry_point": 0, "filename": null, "id": "region_4386", "name": "private_0x00007ff617d6e000", "norm_filename": null, "region_type": "private_memory", "start_va": 140694938640384, "timestamp": "00:01:19.668", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 667648, "start_va": 140725076951040, "type": "region", "version": 1 }, "end_va": 140725077618687, "entry_point": 140725077040104, "filename": "\\Windows\\System32\\dnsapi.dll", "id": "region_4387", "name": "dnsapi.dll", "norm_filename": "c:\\windows\\system32\\dnsapi.dll", "region_type": "memory_mapped_file", "start_va": 140725076951040, "timestamp": "00:01:19.668", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 122880, "start_va": 140725009645568, "type": "region", "version": 1 }, "end_va": 140725009768447, "entry_point": 140725009645568, "filename": "\\Windows\\System32\\wcmcsp.dll", "id": "region_4389", "name": "wcmcsp.dll", "norm_filename": "c:\\windows\\system32\\wcmcsp.dll", "region_type": "memory_mapped_file", "start_va": 140725009645568, "timestamp": "00:01:19.688", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1531904, "start_va": 140725096546304, "type": "region", "version": 1 }, "end_va": 140725098078207, "entry_point": 140725096550580, "filename": "\\Windows\\System32\\ole32.dll", "id": "region_4390", "name": "ole32.dll", "norm_filename": "c:\\windows\\system32\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 140725096546304, "timestamp": "00:01:19.698", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 57344, "start_va": 140725009580032, "type": "region", "version": 1 }, "end_va": 140725009637375, "entry_point": 140725009580032, "filename": "\\Windows\\System32\\wmiclnt.dll", "id": "region_4391", "name": "wmiclnt.dll", "norm_filename": "c:\\windows\\system32\\wmiclnt.dll", "region_type": "memory_mapped_file", "start_va": 140725009580032, "timestamp": "00:01:19.700", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 745472, "start_va": 140725068824576, "type": "region", "version": 1 }, "end_va": 140725069570047, "entry_point": 140725068901472, "filename": "\\Windows\\System32\\FirewallAPI.dll", "id": "region_4414", "name": "firewallapi.dll", "norm_filename": "c:\\windows\\system32\\firewallapi.dll", "region_type": "memory_mapped_file", "start_va": 140725068824576, "timestamp": "00:01:19.782", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 290816, "start_va": 140725008007168, "type": "region", "version": 1 }, "end_va": 140725008297983, "entry_point": 140725008007168, "filename": "\\Windows\\System32\\dhcpcore6.dll", "id": "region_4416", "name": "dhcpcore6.dll", "norm_filename": "c:\\windows\\system32\\dhcpcore6.dll", "region_type": "memory_mapped_file", "start_va": 140725008007168, "timestamp": "00:01:19.806", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 517838340096, "type": "region", "version": 1 }, "end_va": 517838864383, "entry_point": 0, "filename": null, "id": "region_4417", "name": "private_0x0000007891920000", "norm_filename": null, "region_type": "private_memory", "start_va": 517838340096, "timestamp": "00:01:19.824", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140694938632192, "type": "region", "version": 1 }, "end_va": 140694938640383, "entry_point": 0, "filename": null, "id": "region_4418", "name": "private_0x00007ff617d6c000", "norm_filename": null, "region_type": "private_memory", "start_va": 140694938632192, "timestamp": "00:01:19.824", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 140725028716544, "type": "region", "version": 1 }, "end_va": 140725028818943, "entry_point": 140725028721024, "filename": "\\Windows\\System32\\nlaapi.dll", "id": "region_4419", "name": "nlaapi.dll", "norm_filename": "c:\\windows\\system32\\nlaapi.dll", "region_type": "memory_mapped_file", "start_va": 140725028716544, "timestamp": "00:01:19.825", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 962560, "start_va": 140725079900160, "type": "region", "version": 1 }, "end_va": 140725080862719, "entry_point": 140725080103596, "filename": "\\Windows\\System32\\kerberos.dll", "id": "region_4420", "name": "kerberos.dll", "norm_filename": "c:\\windows\\system32\\kerberos.dll", "region_type": "memory_mapped_file", "start_va": 140725079900160, "timestamp": "00:01:19.832", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 73728, "start_va": 140725087174656, "type": "region", "version": 1 }, "end_va": 140725087248383, "entry_point": 140725087178996, "filename": "\\Windows\\System32\\msasn1.dll", "id": "region_4421", "name": "msasn1.dll", "norm_filename": "c:\\windows\\system32\\msasn1.dll", "region_type": "memory_mapped_file", "start_va": 140725087174656, "timestamp": "00:01:19.833", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 98304, "start_va": 140725080883200, "type": "region", "version": 1 }, "end_va": 140725080981503, "entry_point": 140725080903032, "filename": "\\Windows\\System32\\cryptdll.dll", "id": "region_4422", "name": "cryptdll.dll", "norm_filename": "c:\\windows\\system32\\cryptdll.dll", "region_type": "memory_mapped_file", "start_va": 140725080883200, "timestamp": "00:01:19.834", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 517825953792, "type": "region", "version": 1 }, "end_va": 517825957887, "entry_point": 0, "filename": null, "id": "region_4423", "name": "private_0x0000007890d50000", "norm_filename": null, "region_type": "private_memory", "start_va": 517825953792, "timestamp": "00:01:19.837", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 517838864384, "type": "region", "version": 1 }, "end_va": 517839388671, "entry_point": 0, "filename": null, "id": "region_4424", "name": "private_0x00000078919a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 517838864384, "timestamp": "00:01:19.845", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140694938624000, "type": "region", "version": 1 }, "end_va": 140694938632191, "entry_point": 0, "filename": null, "id": "region_4425", "name": "private_0x00007ff617d6a000", "norm_filename": null, "region_type": "private_memory", "start_va": 140694938624000, "timestamp": "00:01:19.845", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 517839388672, "type": "region", "version": 1 }, "end_va": 517839912959, "entry_point": 0, "filename": null, "id": "region_4471", "name": "private_0x0000007891a20000", "norm_filename": null, "region_type": "private_memory", "start_va": 517839388672, "timestamp": "00:01:19.932", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140694938615808, "type": "region", "version": 1 }, "end_va": 140694938623999, "entry_point": 0, "filename": null, "id": "region_4472", "name": "private_0x00007ff617d68000", "norm_filename": null, "region_type": "private_memory", "start_va": 140694938615808, "timestamp": "00:01:19.932", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 517839912960, "type": "region", "version": 1 }, "end_va": 517840437247, "entry_point": 0, "filename": null, "id": "region_4474", "name": "private_0x0000007891aa0000", "norm_filename": null, "region_type": "private_memory", "start_va": 517839912960, "timestamp": "00:01:19.941", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140694938607616, "type": "region", "version": 1 }, "end_va": 140694938615807, "entry_point": 0, "filename": null, "id": "region_4475", "name": "private_0x00007ff617d66000", "norm_filename": null, "region_type": "private_memory", "start_va": 140694938607616, "timestamp": "00:01:19.941", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 81920, "start_va": 140725007810560, "type": "region", "version": 1 }, "end_va": 140725007892479, "entry_point": 140725007810560, "filename": "\\Windows\\System32\\dhcpcsvc6.dll", "id": "region_4476", "name": "dhcpcsvc6.dll", "norm_filename": "c:\\windows\\system32\\dhcpcsvc6.dll", "region_type": "memory_mapped_file", "start_va": 140725007810560, "timestamp": "00:01:19.941", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 517840437248, "type": "region", "version": 1 }, "end_va": 517840961535, "entry_point": 0, "filename": null, "id": "region_4488", "name": "private_0x0000007891b20000", "norm_filename": null, "region_type": "private_memory", "start_va": 517840437248, "timestamp": "00:01:19.975", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140694938599424, "type": "region", "version": 1 }, "end_va": 140694938607615, "entry_point": 0, "filename": null, "id": "region_4489", "name": "private_0x00007ff617d64000", "norm_filename": null, "region_type": "private_memory", "start_va": 140694938599424, "timestamp": "00:01:19.975", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 140725007679488, "type": "region", "version": 1 }, "end_va": 140725007781887, "entry_point": 140725007679488, "filename": "\\Windows\\System32\\dhcpcsvc.dll", "id": "region_4490", "name": "dhcpcsvc.dll", "norm_filename": "c:\\windows\\system32\\dhcpcsvc.dll", "region_type": "memory_mapped_file", "start_va": 140725007679488, "timestamp": "00:01:19.975", "type": "region", "version": 1 } ], "terminate_reason": "timeout", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "C:\\Windows\\system32\\svchost.exe -k netsvcs", "filename": "c:\\windows\\system32\\svchost.exe", "id": "proc_46", "image_name": "svchost.exe", "monitor_reason": "child_process", "monitored_id": 46, "origin_monitor_id": 39, "ref_parent_process": { "ref_id": "proc_39", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable" ], "ref_process_dump": null, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_3840", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:01:16.290", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 131072, "start_va": 4294967296, "type": "region", "version": 1 }, "end_va": 4295098367, "entry_point": 0, "filename": null, "id": "region_3841", "name": "private_0x0000000100000000", "norm_filename": null, "region_type": "private_memory", "start_va": 4294967296, "timestamp": "00:01:16.290", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 61440, "start_va": 4295098368, "type": "region", "version": 1 }, "end_va": 4295159807, "entry_point": 0, "filename": null, "id": "region_3842", "name": "pagefile_0x0000000100020000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 4295098368, "timestamp": "00:01:16.290", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 4295163904, "type": "region", "version": 1 }, "end_va": 4295688191, "entry_point": 0, "filename": null, "id": "region_3843", "name": "private_0x0000000100030000", "norm_filename": null, "region_type": "private_memory", "start_va": 4295163904, "timestamp": "00:01:16.290", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 4295688192, "type": "region", "version": 1 }, "end_va": 4295704575, "entry_point": 0, "filename": null, "id": "region_3844", "name": "pagefile_0x00000001000b0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 4295688192, "timestamp": "00:01:16.290", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 140694938320896, "type": "region", "version": 1 }, "end_va": 140694938464255, "entry_point": 0, "filename": null, "id": "region_3845", "name": "pagefile_0x00007ff617d20000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 140694938320896, "timestamp": "00:01:16.290", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 140694938501120, "type": "region", "version": 1 }, "end_va": 140694938505215, "entry_point": 0, "filename": null, "id": "region_3846", "name": "private_0x00007ff617d4c000", "norm_filename": null, "region_type": "private_memory", "start_va": 140694938501120, "timestamp": "00:01:16.290", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140694938509312, "type": "region", "version": 1 }, "end_va": 140694938517503, "entry_point": 0, "filename": null, "id": "region_3847", "name": "private_0x00007ff617d4e000", "norm_filename": null, "region_type": "private_memory", "start_va": 140694938509312, "timestamp": "00:01:16.290", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 140694944612352, "type": "region", "version": 1 }, "end_va": 140694944661503, "entry_point": 140694944620940, "filename": "\\Windows\\System32\\svchost.exe", "id": "region_3848", "name": "svchost.exe", "norm_filename": "c:\\windows\\system32\\svchost.exe", "region_type": "memory_mapped_file", "start_va": 140694944612352, "timestamp": "00:01:16.290", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 140725133115392, "type": "region", "version": 1 }, "end_va": 140725134856191, "entry_point": 140725133115392, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_3849", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 140725133115392, "timestamp": "00:01:16.291", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 4295753728, "type": "region", "version": 1 }, "end_va": 4295757823, "entry_point": 0, "filename": null, "id": "region_3850", "name": "pagefile_0x00000001000c0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 4295753728, "timestamp": "00:01:16.292", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 4295819264, "type": "region", "version": 1 }, "end_va": 4295827455, "entry_point": 0, "filename": null, "id": "region_3851", "name": "private_0x00000001000d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 4295819264, "timestamp": "00:01:16.292", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 4296278016, "type": "region", "version": 1 }, "end_va": 4297326591, "entry_point": 0, "filename": null, "id": "region_3858", "name": "private_0x0000000100140000", "norm_filename": null, "region_type": "private_memory", "start_va": 4296278016, "timestamp": "00:01:16.316", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1105920, "start_va": 140725090648064, "type": "region", "version": 1 }, "end_va": 140725091753983, "entry_point": 140725090656928, "filename": "\\Windows\\System32\\KernelBase.dll", "id": "region_3859", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\system32\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 140725090648064, "timestamp": "00:01:16.316", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1282048, "start_va": 140725124988928, "type": "region", "version": 1 }, "end_va": 140725126270975, "entry_point": 140725125009460, "filename": "\\Windows\\System32\\kernel32.dll", "id": "region_3860", "name": "kernel32.dll", "norm_filename": "c:\\windows\\system32\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 140725124988928, "timestamp": "00:01:16.317", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 4294967296, "type": "region", "version": 1 }, "end_va": 4295032831, "entry_point": 0, "filename": null, "id": "region_3861", "name": "pagefile_0x0000000100000000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 4294967296, "timestamp": "00:01:16.318", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 140694937272320, "type": "region", "version": 1 }, "end_va": 140694938320895, "entry_point": 0, "filename": null, "id": "region_3862", "name": "pagefile_0x00007ff617c20000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 140694937272320, "timestamp": "00:01:16.318", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 516096, "start_va": 4297326592, "type": "region", "version": 1 }, "end_va": 4297842687, "entry_point": 4297326592, "filename": "\\Windows\\System32\\locale.nls", "id": "region_3863", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 4297326592, "timestamp": "00:01:16.320", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 356352, "start_va": 140725098184704, "type": "region", "version": 1 }, "end_va": 140725098541055, "entry_point": 140725098194176, "filename": "\\Windows\\System32\\sechost.dll", "id": "region_3864", "name": "sechost.dll", "norm_filename": "c:\\windows\\system32\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 140725098184704, "timestamp": "00:01:16.321", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1269760, "start_va": 140725127806976, "type": "region", "version": 1 }, "end_va": 140725129076735, "entry_point": 140725127811408, "filename": "\\Windows\\System32\\rpcrt4.dll", "id": "region_3865", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\system32\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 140725127806976, "timestamp": "00:01:16.322", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1929216, "start_va": 140725131149312, "type": "region", "version": 1 }, "end_va": 140725133078527, "entry_point": 140725131157344, "filename": "\\Windows\\System32\\combase.dll", "id": "region_3866", "name": "combase.dll", "norm_filename": "c:\\windows\\system32\\combase.dll", "region_type": "memory_mapped_file", "start_va": 140725131149312, "timestamp": "00:01:16.325", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 684032, "start_va": 140725098577920, "type": "region", "version": 1 }, "end_va": 140725099261951, "entry_point": 140725098588204, "filename": "\\Windows\\System32\\msvcrt.dll", "id": "region_3867", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\system32\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 140725098577920, "timestamp": "00:01:16.327", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 4297850880, "type": "region", "version": 1 }, "end_va": 4298899455, "entry_point": 0, "filename": null, "id": "region_3868", "name": "private_0x00000001002c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 4297850880, "timestamp": "00:01:16.328", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 28672, "start_va": 4295032832, "type": "region", "version": 1 }, "end_va": 4295061503, "entry_point": 0, "filename": null, "id": "region_3869", "name": "private_0x0000000100010000", "norm_filename": null, "region_type": "private_memory", "start_va": 4295032832, "timestamp": "00:01:16.329", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 761856, "start_va": 4297850880, "type": "region", "version": 1 }, "end_va": 4298612735, "entry_point": 4298033000, "filename": "\\Windows\\System32\\rpcss.dll", "id": "region_3870", "name": "rpcss.dll", "norm_filename": "c:\\windows\\system32\\rpcss.dll", "region_type": "memory_mapped_file", "start_va": 4297850880, "timestamp": "00:01:16.331", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 4298833920, "type": "region", "version": 1 }, "end_va": 4298899455, "entry_point": 0, "filename": null, "id": "region_3871", "name": "private_0x00000001003b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 4298833920, "timestamp": "00:01:16.332", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 140725068431360, "type": "region", "version": 1 }, "end_va": 140725068472319, "entry_point": 140725068437320, "filename": "\\Windows\\System32\\kernel.appcore.dll", "id": "region_3872", "name": "kernel.appcore.dll", "norm_filename": "c:\\windows\\system32\\kernel.appcore.dll", "region_type": "memory_mapped_file", "start_va": 140725068431360, "timestamp": "00:01:16.333", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 140725085208576, "type": "region", "version": 1 }, "end_va": 140725085249535, "entry_point": 140725085212688, "filename": "\\Windows\\System32\\cryptbase.dll", "id": "region_3873", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\system32\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 140725085208576, "timestamp": "00:01:16.334", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 28672, "start_va": 4295884800, "type": "region", "version": 1 }, "end_va": 4295913471, "entry_point": 0, "filename": null, "id": "region_3874", "name": "private_0x00000001000e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 4295884800, "timestamp": "00:01:16.335", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 385024, "start_va": 140725084815360, "type": "region", "version": 1 }, "end_va": 140725085200383, "entry_point": 140725084944032, "filename": "\\Windows\\System32\\bcryptprimitives.dll", "id": "region_3875", "name": "bcryptprimitives.dll", "norm_filename": "c:\\windows\\system32\\bcryptprimitives.dll", "region_type": "memory_mapped_file", "start_va": 140725084815360, "timestamp": "00:01:16.335", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1511424, "start_va": 140725093466112, "type": "region", "version": 1 }, "end_va": 140725094977535, "entry_point": 140725093620416, "filename": "\\Windows\\System32\\user32.dll", "id": "region_3876", "name": "user32.dll", "norm_filename": "c:\\windows\\system32\\user32.dll", "region_type": "memory_mapped_file", "start_va": 140725093466112, "timestamp": "00:01:16.337", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1331200, "start_va": 140725129773056, "type": "region", "version": 1 }, "end_va": 140725131104255, "entry_point": 140725129845848, "filename": "\\Windows\\System32\\gdi32.dll", "id": "region_3877", "name": "gdi32.dll", "norm_filename": "c:\\windows\\system32\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 140725129773056, "timestamp": "00:01:16.338", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 786432, "start_va": 4297850880, "type": "region", "version": 1 }, "end_va": 4298637311, "entry_point": 0, "filename": null, "id": "region_3878", "name": "pagefile_0x00000001002c0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 4297850880, "timestamp": "00:01:16.342", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 4298899456, "type": "region", "version": 1 }, "end_va": 4300505087, "entry_point": 0, "filename": null, "id": "region_3879", "name": "pagefile_0x00000001003c0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 4298899456, "timestamp": "00:01:16.342", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 4300537856, "type": "region", "version": 1 }, "end_va": 4302114815, "entry_point": 0, "filename": null, "id": "region_3880", "name": "pagefile_0x0000000100550000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 4300537856, "timestamp": "00:01:16.342", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 12288, "start_va": 4295950336, "type": "region", "version": 1 }, "end_va": 4295962623, "entry_point": 0, "filename": null, "id": "region_3881", "name": "pagefile_0x00000001000f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 4295950336, "timestamp": "00:01:16.345", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 4296015872, "type": "region", "version": 1 }, "end_va": 4296019967, "entry_point": 0, "filename": null, "id": "region_3882", "name": "pagefile_0x0000000100100000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 4296015872, "timestamp": "00:01:16.345", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 4296081408, "type": "region", "version": 1 }, "end_va": 4296085503, "entry_point": 0, "filename": null, "id": "region_3883", "name": "private_0x0000000100110000", "norm_filename": null, "region_type": "private_memory", "start_va": 4296081408, "timestamp": "00:01:16.345", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 4296146944, "type": "region", "version": 1 }, "end_va": 4296151039, "entry_point": 0, "filename": null, "id": "region_3884", "name": "private_0x0000000100120000", "norm_filename": null, "region_type": "private_memory", "start_va": 4296146944, "timestamp": "00:01:16.345", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4169728, "start_va": 4302176256, "type": "region", "version": 1 }, "end_va": 4306345983, "entry_point": 0, "filename": null, "id": "region_3885", "name": "pagefile_0x00000001006e0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 4302176256, "timestamp": "00:01:16.345", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 4306370560, "type": "region", "version": 1 }, "end_va": 4306894847, "entry_point": 0, "filename": null, "id": "region_3897", "name": "private_0x0000000100ae0000", "norm_filename": null, "region_type": "private_memory", "start_va": 4306370560, "timestamp": "00:01:16.395", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 4306894848, "type": "region", "version": 1 }, "end_va": 4307419135, "entry_point": 0, "filename": null, "id": "region_3898", "name": "private_0x0000000100b60000", "norm_filename": null, "region_type": "private_memory", "start_va": 4306894848, "timestamp": "00:01:16.395", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2969600, "start_va": 4307419136, "type": "region", "version": 1 }, "end_va": 4310388735, "entry_point": 4307419136, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_3899", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 4307419136, "timestamp": "00:01:16.395", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140694938484736, "type": "region", "version": 1 }, "end_va": 140694938492927, "entry_point": 0, "filename": null, "id": "region_3900", "name": "private_0x00007ff617d48000", "norm_filename": null, "region_type": "private_memory", "start_va": 140694938484736, "timestamp": "00:01:16.395", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140694938492928, "type": "region", "version": 1 }, "end_va": 140694938501119, "entry_point": 0, "filename": null, "id": "region_3901", "name": "private_0x00007ff617d4a000", "norm_filename": null, "region_type": "private_memory", "start_va": 140694938492928, "timestamp": "00:01:16.395", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 4310433792, "type": "region", "version": 1 }, "end_va": 4310958079, "entry_point": 0, "filename": null, "id": "region_3913", "name": "private_0x0000000100ec0000", "norm_filename": null, "region_type": "private_memory", "start_va": 4310433792, "timestamp": "00:01:16.437", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140694938476544, "type": "region", "version": 1 }, "end_va": 140694938484735, "entry_point": 0, "filename": null, "id": "region_3914", "name": "private_0x00007ff617d46000", "norm_filename": null, "region_type": "private_memory", "start_va": 140694938476544, "timestamp": "00:01:16.437", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1339392, "start_va": 140725027340288, "type": "region", "version": 1 }, "end_va": 140725028679679, "entry_point": 140725027340288, "filename": "\\Windows\\System32\\gpsvc.dll", "id": "region_3915", "name": "gpsvc.dll", "norm_filename": "c:\\windows\\system32\\gpsvc.dll", "region_type": "memory_mapped_file", "start_va": 140725027340288, "timestamp": "00:01:16.444", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 4310958080, "type": "region", "version": 1 }, "end_va": 4311482367, "entry_point": 0, "filename": null, "id": "region_3916", "name": "private_0x0000000100f40000", "norm_filename": null, "region_type": "private_memory", "start_va": 4310958080, "timestamp": "00:01:16.455", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140694938468352, "type": "region", "version": 1 }, "end_va": 140694938476543, "entry_point": 0, "filename": null, "id": "region_3917", "name": "private_0x00007ff617d44000", "norm_filename": null, "region_type": "private_memory", "start_va": 140694938468352, "timestamp": "00:01:16.455", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 151552, "start_va": 140725073608704, "type": "region", "version": 1 }, "end_va": 140725073760255, "entry_point": 140725073612916, "filename": "\\Windows\\System32\\srvcli.dll", "id": "region_3918", "name": "srvcli.dll", "norm_filename": "c:\\windows\\system32\\srvcli.dll", "region_type": "memory_mapped_file", "start_va": 140725073608704, "timestamp": "00:01:16.459", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 368640, "start_va": 140725127413760, "type": "region", "version": 1 }, "end_va": 140725127782399, "entry_point": 140725127413760, "filename": "\\Windows\\System32\\Wldap32.dll", "id": "region_3919", "name": "wldap32.dll", "norm_filename": "c:\\windows\\system32\\wldap32.dll", "region_type": "memory_mapped_file", "start_va": 140725127413760, "timestamp": "00:01:16.460", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 143360, "start_va": 140725071773696, "type": "region", "version": 1 }, "end_va": 140725071917055, "entry_point": 140725071777952, "filename": "\\Windows\\System32\\gpapi.dll", "id": "region_3920", "name": "gpapi.dll", "norm_filename": "c:\\windows\\system32\\gpapi.dll", "region_type": "memory_mapped_file", "start_va": 140725071773696, "timestamp": "00:01:16.467", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 36864, "start_va": 140725103886336, "type": "region", "version": 1 }, "end_va": 140725103923199, "entry_point": 140725103891456, "filename": "\\Windows\\System32\\nsi.dll", "id": "region_3921", "name": "nsi.dll", "norm_filename": "c:\\windows\\system32\\nsi.dll", "region_type": "memory_mapped_file", "start_va": 140725103886336, "timestamp": "00:01:16.468", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 421888, "start_va": 140725029044224, "type": "region", "version": 1 }, "end_va": 140725029466111, "entry_point": 140725029048500, "filename": "\\Windows\\System32\\wevtapi.dll", "id": "region_3922", "name": "wevtapi.dll", "norm_filename": "c:\\windows\\system32\\wevtapi.dll", "region_type": "memory_mapped_file", "start_va": 140725029044224, "timestamp": "00:01:16.470", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 45056, "start_va": 140725068562432, "type": "region", "version": 1 }, "end_va": 140725068607487, "entry_point": 140725068575188, "filename": "\\Windows\\System32\\sysntfy.dll", "id": "region_3923", "name": "sysntfy.dll", "norm_filename": "c:\\windows\\system32\\sysntfy.dll", "region_type": "memory_mapped_file", "start_va": 140725068562432, "timestamp": "00:01:16.471", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 140725028716544, "type": "region", "version": 1 }, "end_va": 140725028818943, "entry_point": 140725028716544, "filename": "\\Windows\\System32\\nlaapi.dll", "id": "region_3931", "name": "nlaapi.dll", "norm_filename": "c:\\windows\\system32\\nlaapi.dll", "region_type": "memory_mapped_file", "start_va": 140725028716544, "timestamp": "00:01:16.583", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 241664, "start_va": 140725027078144, "type": "region", "version": 1 }, "end_va": 140725027319807, "entry_point": 140725027078144, "filename": "\\Windows\\System32\\profsvc.dll", "id": "region_3935", "name": "profsvc.dll", "norm_filename": "c:\\windows\\system32\\profsvc.dll", "region_type": "memory_mapped_file", "start_va": 140725027078144, "timestamp": "00:01:16.642", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 126976, "start_va": 140725076557824, "type": "region", "version": 1 }, "end_va": 140725076684799, "entry_point": 140725076562672, "filename": "\\Windows\\System32\\userenv.dll", "id": "region_3936", "name": "userenv.dll", "norm_filename": "c:\\windows\\system32\\userenv.dll", "region_type": "memory_mapped_file", "start_va": 140725076557824, "timestamp": "00:01:16.648", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 749568, "start_va": 140725101002752, "type": "region", "version": 1 }, "end_va": 140725101752319, "entry_point": 140725101007136, "filename": "\\Windows\\System32\\oleaut32.dll", "id": "region_3937", "name": "oleaut32.dll", "norm_filename": "c:\\windows\\system32\\oleaut32.dll", "region_type": "memory_mapped_file", "start_va": 140725101002752, "timestamp": "00:01:16.649", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 81920, "start_va": 140725086453760, "type": "region", "version": 1 }, "end_va": 140725086535679, "entry_point": 140725086468812, "filename": "\\Windows\\System32\\profapi.dll", "id": "region_3938", "name": "profapi.dll", "norm_filename": "c:\\windows\\system32\\profapi.dll", "region_type": "memory_mapped_file", "start_va": 140725086453760, "timestamp": "00:01:16.650", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1536000, "start_va": 4311482368, "type": "region", "version": 1 }, "end_va": 4313018367, "entry_point": 4311486644, "filename": "\\Windows\\System32\\ole32.dll", "id": "region_3939", "name": "ole32.dll", "norm_filename": "c:\\windows\\system32\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 4311482368, "timestamp": "00:01:16.654", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 851968, "start_va": 4311482368, "type": "region", "version": 1 }, "end_va": 4312334335, "entry_point": 0, "filename": null, "id": "region_3940", "name": "private_0x0000000100fc0000", "norm_filename": null, "region_type": "private_memory", "start_va": 4311482368, "timestamp": "00:01:16.658", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 69632, "start_va": 140725026947072, "type": "region", "version": 1 }, "end_va": 140725027016703, "entry_point": 140725026947072, "filename": "\\Windows\\System32\\themeservice.dll", "id": "region_3941", "name": "themeservice.dll", "norm_filename": "c:\\windows\\system32\\themeservice.dll", "region_type": "memory_mapped_file", "start_va": 140725026947072, "timestamp": "00:01:16.661", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 147456, "start_va": 140725026750464, "type": "region", "version": 1 }, "end_va": 140725026897919, "entry_point": 140725026750464, "filename": "\\Windows\\System32\\profsvcext.dll", "id": "region_3942", "name": "profsvcext.dll", "norm_filename": "c:\\windows\\system32\\profsvcext.dll", "region_type": "memory_mapped_file", "start_va": 140725026750464, "timestamp": "00:01:16.669", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 163840, "start_va": 140725026553856, "type": "region", "version": 1 }, "end_va": 140725026717695, "entry_point": 140725026553856, "filename": "\\Windows\\System32\\ntdsapi.dll", "id": "region_3988", "name": "ntdsapi.dll", "norm_filename": "c:\\windows\\system32\\ntdsapi.dll", "region_type": "memory_mapped_file", "start_va": 140725026553856, "timestamp": "00:01:16.747", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 86016, "start_va": 140725025898496, "type": "region", "version": 1 }, "end_va": 140725025984511, "entry_point": 140725025898496, "filename": "\\Windows\\System32\\netapi32.dll", "id": "region_3990", "name": "netapi32.dll", "norm_filename": "c:\\windows\\system32\\netapi32.dll", "region_type": "memory_mapped_file", "start_va": 140725025898496, "timestamp": "00:01:16.766", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 21032960, "start_va": 140725103951872, "type": "region", "version": 1 }, "end_va": 140725124984831, "entry_point": 140725103956224, "filename": "\\Windows\\System32\\shell32.dll", "id": "region_3991", "name": "shell32.dll", "norm_filename": "c:\\windows\\system32\\shell32.dll", "region_type": "memory_mapped_file", "start_va": 140725103951872, "timestamp": "00:01:16.774", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 110592, "start_va": 140725025767424, "type": "region", "version": 1 }, "end_va": 140725025878015, "entry_point": 140725025767424, "filename": "\\Windows\\System32\\atl.dll", "id": "region_3992", "name": "atl.dll", "norm_filename": "c:\\windows\\system32\\atl.dll", "region_type": "memory_mapped_file", "start_va": 140725025767424, "timestamp": "00:01:16.778", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 331776, "start_va": 140725095038976, "type": "region", "version": 1 }, "end_va": 140725095370751, "entry_point": 140725095043776, "filename": "\\Windows\\System32\\shlwapi.dll", "id": "region_3993", "name": "shlwapi.dll", "norm_filename": "c:\\windows\\system32\\shlwapi.dll", "region_type": "memory_mapped_file", "start_va": 140725095038976, "timestamp": "00:01:16.785", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 360448, "start_va": 140725127020544, "type": "region", "version": 1 }, "end_va": 140725127380991, "entry_point": 140725127024796, "filename": "\\Windows\\System32\\ws2_32.dll", "id": "region_3997", "name": "ws2_32.dll", "norm_filename": "c:\\windows\\system32\\ws2_32.dll", "region_type": "memory_mapped_file", "start_va": 140725127020544, "timestamp": "00:01:16.798", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 4311482368, "type": "region", "version": 1 }, "end_va": 4312006655, "entry_point": 0, "filename": null, "id": "region_4018", "name": "private_0x0000000100fc0000", "norm_filename": null, "region_type": "private_memory", "start_va": 4311482368, "timestamp": "00:01:16.831", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 4312268800, "type": "region", "version": 1 }, "end_va": 4312334335, "entry_point": 0, "filename": null, "id": "region_4019", "name": "private_0x0000000101080000", "norm_filename": null, "region_type": "private_memory", "start_va": 4312268800, "timestamp": "00:01:16.831", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140694937264128, "type": "region", "version": 1 }, "end_va": 140694937272319, "entry_point": 0, "filename": null, "id": "region_4020", "name": "private_0x00007ff617c1e000", "norm_filename": null, "region_type": "private_memory", "start_va": 140694937264128, "timestamp": "00:01:16.831", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 140725072494592, "type": "region", "version": 1 }, "end_va": 140725072543743, "entry_point": 140725072499804, "filename": "\\Windows\\System32\\netutils.dll", "id": "region_4021", "name": "netutils.dll", "norm_filename": "c:\\windows\\system32\\netutils.dll", "region_type": "memory_mapped_file", "start_va": 140725072494592, "timestamp": "00:01:16.831", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 90112, "start_va": 140725025636352, "type": "region", "version": 1 }, "end_va": 140725025726463, "entry_point": 140725025636352, "filename": "\\Windows\\System32\\wkscli.dll", "id": "region_4023", "name": "wkscli.dll", "norm_filename": "c:\\windows\\system32\\wkscli.dll", "region_type": "memory_mapped_file", "start_va": 140725025636352, "timestamp": "00:01:16.836", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 249856, "start_va": 140725076688896, "type": "region", "version": 1 }, "end_va": 140725076938751, "entry_point": 140725076693408, "filename": "\\Windows\\System32\\logoncli.dll", "id": "region_4026", "name": "logoncli.dll", "norm_filename": "c:\\windows\\system32\\logoncli.dll", "region_type": "memory_mapped_file", "start_va": 140725076688896, "timestamp": "00:01:16.860", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 356352, "start_va": 140725078982656, "type": "region", "version": 1 }, "end_va": 140725079339007, "entry_point": 140725078989424, "filename": "\\Windows\\System32\\winsta.dll", "id": "region_4027", "name": "winsta.dll", "norm_filename": "c:\\windows\\system32\\winsta.dll", "region_type": "memory_mapped_file", "start_va": 140725078982656, "timestamp": "00:01:16.867", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 36864, "start_va": 140725025570816, "type": "region", "version": 1 }, "end_va": 140725025607679, "entry_point": 140725025570816, "filename": "\\Windows\\System32\\dsrole.dll", "id": "region_4028", "name": "dsrole.dll", "norm_filename": "c:\\windows\\system32\\dsrole.dll", "region_type": "memory_mapped_file", "start_va": 140725025570816, "timestamp": "00:01:16.871", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 4296212480, "type": "region", "version": 1 }, "end_va": 4296216575, "entry_point": 0, "filename": null, "id": "region_4029", "name": "pagefile_0x0000000100130000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 4296212480, "timestamp": "00:01:16.880", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 4312334336, "type": "region", "version": 1 }, "end_va": 4312858623, "entry_point": 0, "filename": null, "id": "region_4030", "name": "private_0x0000000101090000", "norm_filename": null, "region_type": "private_memory", "start_va": 4312334336, "timestamp": "00:01:16.880", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140694937255936, "type": "region", "version": 1 }, "end_va": 140694937264127, "entry_point": 0, "filename": null, "id": "region_4031", "name": "private_0x00007ff617c1c000", "norm_filename": null, "region_type": "private_memory", "start_va": 140694937255936, "timestamp": "00:01:16.880", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 671744, "start_va": 140725095825408, "type": "region", "version": 1 }, "end_va": 140725096497151, "entry_point": 140725095829872, "filename": "\\Windows\\System32\\clbcatq.dll", "id": "region_4032", "name": "clbcatq.dll", "norm_filename": "c:\\windows\\system32\\clbcatq.dll", "region_type": "memory_mapped_file", "start_va": 140725095825408, "timestamp": "00:01:16.881", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 122880, "start_va": 140725079769088, "type": "region", "version": 1 }, "end_va": 140725079891967, "entry_point": 140725079773640, "filename": "\\Windows\\System32\\cryptsp.dll", "id": "region_4033", "name": "cryptsp.dll", "norm_filename": "c:\\windows\\system32\\cryptsp.dll", "region_type": "memory_mapped_file", "start_va": 140725079769088, "timestamp": "00:01:16.887", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 217088, "start_va": 140725075443712, "type": "region", "version": 1 }, "end_va": 140725075660799, "entry_point": 140725075448792, "filename": "\\Windows\\System32\\rsaenh.dll", "id": "region_4034", "name": "rsaenh.dll", "norm_filename": "c:\\windows\\system32\\rsaenh.dll", "region_type": "memory_mapped_file", "start_va": 140725075443712, "timestamp": "00:01:16.889", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 155648, "start_va": 140725082062848, "type": "region", "version": 1 }, "end_va": 140725082218495, "entry_point": 140725082086248, "filename": "\\Windows\\System32\\bcrypt.dll", "id": "region_4035", "name": "bcrypt.dll", "norm_filename": "c:\\windows\\system32\\bcrypt.dll", "region_type": "memory_mapped_file", "start_va": 140725082062848, "timestamp": "00:01:16.890", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 4312858624, "type": "region", "version": 1 }, "end_va": 4313382911, "entry_point": 0, "filename": null, "id": "region_4036", "name": "private_0x0000000101110000", "norm_filename": null, "region_type": "private_memory", "start_va": 4312858624, "timestamp": "00:01:16.899", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140694937247744, "type": "region", "version": 1 }, "end_va": 140694937255935, "entry_point": 0, "filename": null, "id": "region_4037", "name": "private_0x00007ff617c1a000", "norm_filename": null, "region_type": "private_memory", "start_va": 140694937247744, "timestamp": "00:01:16.899", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 94208, "start_va": 140725025439744, "type": "region", "version": 1 }, "end_va": 140725025533951, "entry_point": 140725025439744, "filename": "\\Windows\\System32\\Sens.dll", "id": "region_4038", "name": "sens.dll", "norm_filename": "c:\\windows\\system32\\sens.dll", "region_type": "memory_mapped_file", "start_va": 140725025439744, "timestamp": "00:01:16.902", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 4298637312, "type": "region", "version": 1 }, "end_va": 4298641407, "entry_point": 0, "filename": null, "id": "region_4039", "name": "pagefile_0x0000000100380000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 4298637312, "timestamp": "00:01:16.913", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 4298702848, "type": "region", "version": 1 }, "end_va": 4298706943, "entry_point": 0, "filename": null, "id": "region_4080", "name": "pagefile_0x0000000100390000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 4298702848, "timestamp": "00:01:16.977", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1691648, "start_va": 140725023735808, "type": "region", "version": 1 }, "end_va": 140725025427455, "entry_point": 140725023735808, "filename": "\\Windows\\System32\\taskschd.dll", "id": "region_4081", "name": "taskschd.dll", "norm_filename": "c:\\windows\\system32\\taskschd.dll", "region_type": "memory_mapped_file", "start_va": 140725023735808, "timestamp": "00:01:16.997", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 155648, "start_va": 140725021900800, "type": "region", "version": 1 }, "end_va": 140725022056447, "entry_point": 140725021900800, "filename": "\\Windows\\System32\\mmcss.dll", "id": "region_4108", "name": "mmcss.dll", "norm_filename": "c:\\windows\\system32\\mmcss.dll", "region_type": "memory_mapped_file", "start_va": 140725021900800, "timestamp": "00:01:17.080", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 4298768384, "type": "region", "version": 1 }, "end_va": 4298772479, "entry_point": 0, "filename": null, "id": "region_4109", "name": "pagefile_0x00000001003a0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 4298768384, "timestamp": "00:01:17.086", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 45056, "start_va": 140725036974080, "type": "region", "version": 1 }, "end_va": 140725037019135, "entry_point": 140725036978192, "filename": "\\Windows\\System32\\avrt.dll", "id": "region_4120", "name": "avrt.dll", "norm_filename": "c:\\windows\\system32\\avrt.dll", "region_type": "memory_mapped_file", "start_va": 140725036974080, "timestamp": "00:01:17.137", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 4313382912, "type": "region", "version": 1 }, "end_va": 4313907199, "entry_point": 0, "filename": null, "id": "region_4311", "name": "private_0x0000000101190000", "norm_filename": null, "region_type": "private_memory", "start_va": 4313382912, "timestamp": "00:01:18.257", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140694937239552, "type": "region", "version": 1 }, "end_va": 140694937247743, "entry_point": 0, "filename": null, "id": "region_4312", "name": "private_0x00007ff617c18000", "norm_filename": null, "region_type": "private_memory", "start_va": 140694937239552, "timestamp": "00:01:18.257", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 675840, "start_va": 140725126299648, "type": "region", "version": 1 }, "end_va": 140725126975487, "entry_point": 140725126303760, "filename": "\\Windows\\System32\\advapi32.dll", "id": "region_4313", "name": "advapi32.dll", "norm_filename": "c:\\windows\\system32\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 140725126299648, "timestamp": "00:01:18.258", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 196608, "start_va": 140725028847616, "type": "region", "version": 1 }, "end_va": 140725029044223, "entry_point": 140725028871328, "filename": "\\Windows\\System32\\ntmarta.dll", "id": "region_4314", "name": "ntmarta.dll", "norm_filename": "c:\\windows\\system32\\ntmarta.dll", "region_type": "memory_mapped_file", "start_va": 140725028847616, "timestamp": "00:01:18.261", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 4313907200, "type": "region", "version": 1 }, "end_va": 4314431487, "entry_point": 0, "filename": null, "id": "region_4322", "name": "private_0x0000000101210000", "norm_filename": null, "region_type": "private_memory", "start_va": 4313907200, "timestamp": "00:01:18.379", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140694937231360, "type": "region", "version": 1 }, "end_va": 140694937239551, "entry_point": 0, "filename": null, "id": "region_4323", "name": "private_0x00007ff617c16000", "norm_filename": null, "region_type": "private_memory", "start_va": 140694937231360, "timestamp": "00:01:18.379", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 176128, "start_va": 140725084618752, "type": "region", "version": 1 }, "end_va": 140725084794879, "entry_point": 140725084624016, "filename": "\\Windows\\System32\\sspicli.dll", "id": "region_4324", "name": "sspicli.dll", "norm_filename": "c:\\windows\\system32\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 140725084618752, "timestamp": "00:01:18.379", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 122880, "start_va": 140725021573120, "type": "region", "version": 1 }, "end_va": 140725021695999, "entry_point": 140725021581404, "filename": "\\Windows\\System32\\samlib.dll", "id": "region_4329", "name": "samlib.dll", "norm_filename": "c:\\windows\\system32\\samlib.dll", "region_type": "memory_mapped_file", "start_va": 140725021573120, "timestamp": "00:01:18.417", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 4298768384, "type": "region", "version": 1 }, "end_va": 4298772479, "entry_point": 0, "filename": null, "id": "region_4392", "name": "private_0x00000001003a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 4298768384, "timestamp": "00:01:19.718", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 196608, "start_va": 140725021704192, "type": "region", "version": 1 }, "end_va": 140725021900799, "entry_point": 140725021709084, "filename": "\\Windows\\System32\\shacct.dll", "id": "region_4393", "name": "shacct.dll", "norm_filename": "c:\\windows\\system32\\shacct.dll", "region_type": "memory_mapped_file", "start_va": 140725021704192, "timestamp": "00:01:19.720", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 282624, "start_va": 140725086126080, "type": "region", "version": 1 }, "end_va": 140725086408703, "entry_point": 140725086130832, "filename": "\\Windows\\System32\\powrprof.dll", "id": "region_4394", "name": "powrprof.dll", "norm_filename": "c:\\windows\\system32\\powrprof.dll", "region_type": "memory_mapped_file", "start_va": 140725086126080, "timestamp": "00:01:19.721", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 659456, "start_va": 140725060108288, "type": "region", "version": 1 }, "end_va": 140725060767743, "entry_point": 140725060112544, "filename": "\\Windows\\System32\\SHCore.dll", "id": "region_4395", "name": "shcore.dll", "norm_filename": "c:\\windows\\system32\\shcore.dll", "region_type": "memory_mapped_file", "start_va": 140725060108288, "timestamp": "00:01:19.722", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 770048, "start_va": 140725008793600, "type": "region", "version": 1 }, "end_va": 140725009563647, "entry_point": 140725008793600, "filename": "\\Windows\\System32\\SettingSyncCore.dll", "id": "region_4401", "name": "settingsynccore.dll", "norm_filename": "c:\\windows\\system32\\settingsynccore.dll", "region_type": "memory_mapped_file", "start_va": 140725008793600, "timestamp": "00:01:19.752", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 12288, "start_va": 4312006656, "type": "region", "version": 1 }, "end_va": 4312018943, "entry_point": 0, "filename": null, "id": "region_4413", "name": "pagefile_0x0000000101040000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 4312006656, "timestamp": "00:01:19.765", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 4314431488, "type": "region", "version": 1 }, "end_va": 4314955775, "entry_point": 0, "filename": null, "id": "region_4501", "name": "private_0x0000000101290000", "norm_filename": null, "region_type": "private_memory", "start_va": 4314431488, "timestamp": "00:01:20.009", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140694937223168, "type": "region", "version": 1 }, "end_va": 140694937231359, "entry_point": 0, "filename": null, "id": "region_4502", "name": "private_0x00007ff617c14000", "norm_filename": null, "region_type": "private_memory", "start_va": 140694937223168, "timestamp": "00:01:20.009", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 147456, "start_va": 140725019934720, "type": "region", "version": 1 }, "end_va": 140725020082175, "entry_point": 140725019938992, "filename": "\\Windows\\System32\\IDStore.dll", "id": "region_4504", "name": "idstore.dll", "norm_filename": "c:\\windows\\system32\\idstore.dll", "region_type": "memory_mapped_file", "start_va": 140725019934720, "timestamp": "00:01:20.036", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 140725007613952, "type": "region", "version": 1 }, "end_va": 140725007663103, "entry_point": 140725007613952, "filename": "\\Windows\\System32\\CredentialMigrationHandler.dll", "id": "region_4505", "name": "credentialmigrationhandler.dll", "norm_filename": "c:\\windows\\system32\\credentialmigrationhandler.dll", "region_type": "memory_mapped_file", "start_va": 140725007613952, "timestamp": "00:01:20.042", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1531904, "start_va": 140725096546304, "type": "region", "version": 1 }, "end_va": 140725098078207, "entry_point": 140725096550580, "filename": "\\Windows\\System32\\ole32.dll", "id": "region_4506", "name": "ole32.dll", "norm_filename": "c:\\windows\\system32\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 140725096546304, "timestamp": "00:01:20.049", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1929216, "start_va": 140725088026624, "type": "region", "version": 1 }, "end_va": 140725089955839, "entry_point": 140725088030884, "filename": "\\Windows\\System32\\crypt32.dll", "id": "region_4507", "name": "crypt32.dll", "norm_filename": "c:\\windows\\system32\\crypt32.dll", "region_type": "memory_mapped_file", "start_va": 140725088026624, "timestamp": "00:01:20.050", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 69632, "start_va": 140725039071232, "type": "region", "version": 1 }, "end_va": 140725039140863, "entry_point": 140725039075456, "filename": "\\Windows\\System32\\wtsapi32.dll", "id": "region_4508", "name": "wtsapi32.dll", "norm_filename": "c:\\windows\\system32\\wtsapi32.dll", "region_type": "memory_mapped_file", "start_va": 140725039071232, "timestamp": "00:01:20.051", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2359296, "start_va": 140725005254656, "type": "region", "version": 1 }, "end_va": 140725007613951, "entry_point": 140725005254656, "filename": "\\Windows\\System32\\wininet.dll", "id": "region_4509", "name": "wininet.dll", "norm_filename": "c:\\windows\\system32\\wininet.dll", "region_type": "memory_mapped_file", "start_va": 140725005254656, "timestamp": "00:01:20.073", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 73728, "start_va": 140725087174656, "type": "region", "version": 1 }, "end_va": 140725087248383, "entry_point": 140725087178996, "filename": "\\Windows\\System32\\msasn1.dll", "id": "region_4510", "name": "msasn1.dll", "norm_filename": "c:\\windows\\system32\\msasn1.dll", "region_type": "memory_mapped_file", "start_va": 140725087174656, "timestamp": "00:01:20.083", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 4314955776, "type": "region", "version": 1 }, "end_va": 4315480063, "entry_point": 0, "filename": null, "id": "region_4521", "name": "private_0x0000000101310000", "norm_filename": null, "region_type": "private_memory", "start_va": 4314955776, "timestamp": "00:01:20.161", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140694937214976, "type": "region", "version": 1 }, "end_va": 140694937223167, "entry_point": 0, "filename": null, "id": "region_4522", "name": "private_0x00007ff617c12000", "norm_filename": null, "region_type": "private_memory", "start_va": 140694937214976, "timestamp": "00:01:20.161", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2785280, "start_va": 140725002436608, "type": "region", "version": 1 }, "end_va": 140725005221887, "entry_point": 140725002436608, "filename": "\\Windows\\System32\\iertutil.dll", "id": "region_4523", "name": "iertutil.dll", "norm_filename": "c:\\windows\\system32\\iertutil.dll", "region_type": "memory_mapped_file", "start_va": 140725002436608, "timestamp": "00:01:20.161", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 643072, "start_va": 140725001781248, "type": "region", "version": 1 }, "end_va": 140725002424319, "entry_point": 140725001781248, "filename": "\\Windows\\System32\\shsvcs.dll", "id": "region_4524", "name": "shsvcs.dll", "norm_filename": "c:\\windows\\system32\\shsvcs.dll", "region_type": "memory_mapped_file", "start_va": 140725001781248, "timestamp": "00:01:20.184", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 303104, "start_va": 140725090320384, "type": "region", "version": 1 }, "end_va": 140725090623487, "entry_point": 140725090325080, "filename": "\\Windows\\System32\\cfgmgr32.dll", "id": "region_4525", "name": "cfgmgr32.dll", "norm_filename": "c:\\windows\\system32\\cfgmgr32.dll", "region_type": "memory_mapped_file", "start_va": 140725090320384, "timestamp": "00:01:20.193", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 53248, "start_va": 140725071970304, "type": "region", "version": 1 }, "end_va": 140725072023551, "entry_point": 140725071974524, "filename": "\\Windows\\System32\\hid.dll", "id": "region_4526", "name": "hid.dll", "norm_filename": "c:\\windows\\system32\\hid.dll", "region_type": "memory_mapped_file", "start_va": 140725071970304, "timestamp": "00:01:20.194", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 4315480064, "type": "region", "version": 1 }, "end_va": 4316004351, "entry_point": 0, "filename": null, "id": "region_4528", "name": "private_0x0000000101390000", "norm_filename": null, "region_type": "private_memory", "start_va": 4315480064, "timestamp": "00:01:20.225", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140694937206784, "type": "region", "version": 1 }, "end_va": 140694937214975, "entry_point": 0, "filename": null, "id": "region_4529", "name": "private_0x00007ff617c10000", "norm_filename": null, "region_type": "private_memory", "start_va": 140694937206784, "timestamp": "00:01:20.225", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1220608, "start_va": 140725000536064, "type": "region", "version": 1 }, "end_va": 140725001756671, "entry_point": 140725000536064, "filename": "\\Windows\\System32\\schedsvc.dll", "id": "region_4530", "name": "schedsvc.dll", "norm_filename": "c:\\windows\\system32\\schedsvc.dll", "region_type": "memory_mapped_file", "start_va": 140725000536064, "timestamp": "00:01:20.225", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 217088, "start_va": 140725000273920, "type": "region", "version": 1 }, "end_va": 140725000491007, "entry_point": 140725000273920, "filename": "\\Windows\\System32\\ubpm.dll", "id": "region_4531", "name": "ubpm.dll", "norm_filename": "c:\\windows\\system32\\ubpm.dll", "region_type": "memory_mapped_file", "start_va": 140725000273920, "timestamp": "00:01:20.243", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 294912, "start_va": 140725072560128, "type": "region", "version": 1 }, "end_va": 140725072855039, "entry_point": 140725072564364, "filename": "\\Windows\\System32\\authz.dll", "id": "region_4532", "name": "authz.dll", "norm_filename": "c:\\windows\\system32\\authz.dll", "region_type": "memory_mapped_file", "start_va": 140725072560128, "timestamp": "00:01:20.247", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 57344, "start_va": 140725072035840, "type": "region", "version": 1 }, "end_va": 140725072093183, "entry_point": 140725072048272, "filename": "\\Windows\\System32\\pcwum.dll", "id": "region_4533", "name": "pcwum.dll", "norm_filename": "c:\\windows\\system32\\pcwum.dll", "region_type": "memory_mapped_file", "start_va": 140725072035840, "timestamp": "00:01:20.248", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 45056, "start_va": 140725000208384, "type": "region", "version": 1 }, "end_va": 140725000253439, "entry_point": 140725000208384, "filename": "\\Windows\\System32\\ktmw32.dll", "id": "region_4534", "name": "ktmw32.dll", "norm_filename": "c:\\windows\\system32\\ktmw32.dll", "region_type": "memory_mapped_file", "start_va": 140725000208384, "timestamp": "00:01:20.253", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 229376, "start_va": 140725031206912, "type": "region", "version": 1 }, "end_va": 140725031436287, "entry_point": 140725031211060, "filename": "\\Windows\\System32\\xmllite.dll", "id": "region_4535", "name": "xmllite.dll", "norm_filename": "c:\\windows\\system32\\xmllite.dll", "region_type": "memory_mapped_file", "start_va": 140725031206912, "timestamp": "00:01:20.258", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 140725073870848, "type": "region", "version": 1 }, "end_va": 140725073903615, "entry_point": 140725073880948, "filename": "\\Windows\\System32\\dabapi.dll", "id": "region_4536", "name": "dabapi.dll", "norm_filename": "c:\\windows\\system32\\dabapi.dll", "region_type": "memory_mapped_file", "start_va": 140725073870848, "timestamp": "00:01:20.260", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 140725000142848, "type": "region", "version": 1 }, "end_va": 140725000183807, "entry_point": 140725000142848, "filename": "\\Windows\\System32\\CSystemEventsBrokerClient.dll", "id": "region_4537", "name": "csystemeventsbrokerclient.dll", "norm_filename": "c:\\windows\\system32\\csystemeventsbrokerclient.dll", "region_type": "memory_mapped_file", "start_va": 140725000142848, "timestamp": "00:01:20.262", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 45056, "start_va": 140725073805312, "type": "region", "version": 1 }, "end_va": 140725073850367, "entry_point": 140725073822460, "filename": "\\Windows\\System32\\EventAggregation.dll", "id": "region_4538", "name": "eventaggregation.dll", "norm_filename": "c:\\windows\\system32\\eventaggregation.dll", "region_type": "memory_mapped_file", "start_va": 140725073805312, "timestamp": "00:01:20.268", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1376256, "start_va": 4316004352, "type": "region", "version": 1 }, "end_va": 4317380607, "entry_point": 0, "filename": null, "id": "region_4539", "name": "private_0x0000000101410000", "norm_filename": null, "region_type": "private_memory", "start_va": 4316004352, "timestamp": "00:01:20.276", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 4316004352, "type": "region", "version": 1 }, "end_va": 4316528639, "entry_point": 0, "filename": null, "id": "region_4541", "name": "private_0x0000000101410000", "norm_filename": null, "region_type": "private_memory", "start_va": 4316004352, "timestamp": "00:01:20.280", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 4317315072, "type": "region", "version": 1 }, "end_va": 4317380607, "entry_point": 0, "filename": null, "id": "region_4542", "name": "private_0x0000000101550000", "norm_filename": null, "region_type": "private_memory", "start_va": 4317315072, "timestamp": "00:01:20.280", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 4317380608, "type": "region", "version": 1 }, "end_va": 4318429183, "entry_point": 0, "filename": null, "id": "region_4543", "name": "private_0x0000000101560000", "norm_filename": null, "region_type": "private_memory", "start_va": 4317380608, "timestamp": "00:01:20.280", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140694937198592, "type": "region", "version": 1 }, "end_va": 140694937206783, "entry_point": 0, "filename": null, "id": "region_4544", "name": "private_0x00007ff617c0e000", "norm_filename": null, "region_type": "private_memory", "start_va": 140694937198592, "timestamp": "00:01:20.280", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 155648, "start_va": 140725068103680, "type": "region", "version": 1 }, "end_va": 140725068259327, "entry_point": 140725068109212, "filename": "\\Windows\\System32\\devobj.dll", "id": "region_4545", "name": "devobj.dll", "norm_filename": "c:\\windows\\system32\\devobj.dll", "region_type": "memory_mapped_file", "start_va": 140725068103680, "timestamp": "00:01:20.281", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 57344, "start_va": 140725009580032, "type": "region", "version": 1 }, "end_va": 140725009637375, "entry_point": 140725009608584, "filename": "\\Windows\\System32\\wmiclnt.dll", "id": "region_4549", "name": "wmiclnt.dll", "norm_filename": "c:\\windows\\system32\\wmiclnt.dll", "region_type": "memory_mapped_file", "start_va": 140725009580032, "timestamp": "00:01:20.305", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 4312072192, "type": "region", "version": 1 }, "end_va": 4312076287, "entry_point": 0, "filename": null, "id": "region_4550", "name": "private_0x0000000101050000", "norm_filename": null, "region_type": "private_memory", "start_va": 4312072192, "timestamp": "00:01:20.308", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 4316528640, "type": "region", "version": 1 }, "end_va": 4317052927, "entry_point": 0, "filename": null, "id": "region_4560", "name": "private_0x0000000101490000", "norm_filename": null, "region_type": "private_memory", "start_va": 4316528640, "timestamp": "00:01:20.317", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 4318429184, "type": "region", "version": 1 }, "end_va": 4318953471, "entry_point": 0, "filename": null, "id": "region_4561", "name": "private_0x0000000101660000", "norm_filename": null, "region_type": "private_memory", "start_va": 4318429184, "timestamp": "00:01:20.317", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140694937182208, "type": "region", "version": 1 }, "end_va": 140694937190399, "entry_point": 0, "filename": null, "id": "region_4562", "name": "private_0x00007ff617c0a000", "norm_filename": null, "region_type": "private_memory", "start_va": 140694937182208, "timestamp": "00:01:20.317", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140694937190400, "type": "region", "version": 1 }, "end_va": 140694937198591, "entry_point": 0, "filename": null, "id": "region_4563", "name": "private_0x00007ff617c0c000", "norm_filename": null, "region_type": "private_memory", "start_va": 140694937190400, "timestamp": "00:01:20.317", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 28672, "start_va": 4312072192, "type": "region", "version": 1 }, "end_va": 4312100863, "entry_point": 0, "filename": null, "id": "region_4564", "name": "private_0x0000000101050000", "norm_filename": null, "region_type": "private_memory", "start_va": 4312072192, "timestamp": "00:01:20.318", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 733184, "start_va": 140725016133632, "type": "region", "version": 1 }, "end_va": 140725016866815, "entry_point": 140725016137960, "filename": "\\Windows\\System32\\fveapi.dll", "id": "region_4569", "name": "fveapi.dll", "norm_filename": "c:\\windows\\system32\\fveapi.dll", "region_type": "memory_mapped_file", "start_va": 140725016133632, "timestamp": "00:01:20.337", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 106496, "start_va": 140725016002560, "type": "region", "version": 1 }, "end_va": 140725016109055, "entry_point": 140725016071940, "filename": "\\Windows\\System32\\bcd.dll", "id": "region_4570", "name": "bcd.dll", "norm_filename": "c:\\windows\\system32\\bcd.dll", "region_type": "memory_mapped_file", "start_va": 140725016002560, "timestamp": "00:01:20.339", "type": "region", "version": 1 } ], "terminate_reason": "timeout", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "C:\\Windows\\system32\\svchost.exe -k LocalService", "filename": "c:\\windows\\system32\\svchost.exe", "id": "proc_47", "image_name": "svchost.exe", "monitor_reason": "child_process", "monitored_id": 47, "origin_monitor_id": 39, "ref_parent_process": { "ref_id": "proc_39", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable" ], "ref_process_dump": null, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_3943", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:01:16.688", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 131072, "start_va": 541117644800, "type": "region", "version": 1 }, "end_va": 541117775871, "entry_point": 0, "filename": null, "id": "region_3944", "name": "private_0x0000007dfd200000", "norm_filename": null, "region_type": "private_memory", "start_va": 541117644800, "timestamp": "00:01:16.688", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 61440, "start_va": 541117775872, "type": "region", "version": 1 }, "end_va": 541117837311, "entry_point": 0, "filename": null, "id": "region_3945", "name": "pagefile_0x0000007dfd220000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 541117775872, "timestamp": "00:01:16.688", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 541117841408, "type": "region", "version": 1 }, "end_va": 541118365695, "entry_point": 0, "filename": null, "id": "region_3946", "name": "private_0x0000007dfd230000", "norm_filename": null, "region_type": "private_memory", "start_va": 541117841408, "timestamp": "00:01:16.688", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 541118365696, "type": "region", "version": 1 }, "end_va": 541118382079, "entry_point": 0, "filename": null, "id": "region_3947", "name": "pagefile_0x0000007dfd2b0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 541118365696, "timestamp": "00:01:16.688", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 140694938386432, "type": "region", "version": 1 }, "end_va": 140694938529791, "entry_point": 0, "filename": null, "id": "region_3948", "name": "pagefile_0x00007ff617d30000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 140694938386432, "timestamp": "00:01:16.688", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 140694938570752, "type": "region", "version": 1 }, "end_va": 140694938574847, "entry_point": 0, "filename": null, "id": "region_3949", "name": "private_0x00007ff617d5d000", "norm_filename": null, "region_type": "private_memory", "start_va": 140694938570752, "timestamp": "00:01:16.688", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140694938574848, "type": "region", "version": 1 }, "end_va": 140694938583039, "entry_point": 0, "filename": null, "id": "region_3950", "name": "private_0x00007ff617d5e000", "norm_filename": null, "region_type": "private_memory", "start_va": 140694938574848, "timestamp": "00:01:16.688", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 140694944612352, "type": "region", "version": 1 }, "end_va": 140694944661503, "entry_point": 140694944620940, "filename": "\\Windows\\System32\\svchost.exe", "id": "region_3951", "name": "svchost.exe", "norm_filename": "c:\\windows\\system32\\svchost.exe", "region_type": "memory_mapped_file", "start_va": 140694944612352, "timestamp": "00:01:16.689", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 140725133115392, "type": "region", "version": 1 }, "end_va": 140725134856191, "entry_point": 140725133115392, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_3952", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 140725133115392, "timestamp": "00:01:16.689", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 541118431232, "type": "region", "version": 1 }, "end_va": 541118435327, "entry_point": 0, "filename": null, "id": "region_3953", "name": "pagefile_0x0000007dfd2c0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 541118431232, "timestamp": "00:01:16.690", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 541118496768, "type": "region", "version": 1 }, "end_va": 541118504959, "entry_point": 0, "filename": null, "id": "region_3954", "name": "private_0x0000007dfd2d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 541118496768, "timestamp": "00:01:16.690", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 541118758912, "type": "region", "version": 1 }, "end_va": 541119807487, "entry_point": 0, "filename": null, "id": "region_3955", "name": "private_0x0000007dfd310000", "norm_filename": null, "region_type": "private_memory", "start_va": 541118758912, "timestamp": "00:01:16.697", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1105920, "start_va": 140725090648064, "type": "region", "version": 1 }, "end_va": 140725091753983, "entry_point": 140725090656928, "filename": "\\Windows\\System32\\KernelBase.dll", "id": "region_3956", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\system32\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 140725090648064, "timestamp": "00:01:16.697", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1282048, "start_va": 140725124988928, "type": "region", "version": 1 }, "end_va": 140725126270975, "entry_point": 140725125009460, "filename": "\\Windows\\System32\\kernel32.dll", "id": "region_3957", "name": "kernel32.dll", "norm_filename": "c:\\windows\\system32\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 140725124988928, "timestamp": "00:01:16.698", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 541117644800, "type": "region", "version": 1 }, "end_va": 541117710335, "entry_point": 0, "filename": null, "id": "region_3958", "name": "pagefile_0x0000007dfd200000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 541117644800, "timestamp": "00:01:16.700", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 140694937337856, "type": "region", "version": 1 }, "end_va": 140694938386431, "entry_point": 0, "filename": null, "id": "region_3959", "name": "pagefile_0x00007ff617c30000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 140694937337856, "timestamp": "00:01:16.700", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 516096, "start_va": 541119807488, "type": "region", "version": 1 }, "end_va": 541120323583, "entry_point": 541119807488, "filename": "\\Windows\\System32\\locale.nls", "id": "region_3960", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 541119807488, "timestamp": "00:01:16.702", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 356352, "start_va": 140725098184704, "type": "region", "version": 1 }, "end_va": 140725098541055, "entry_point": 140725098194176, "filename": "\\Windows\\System32\\sechost.dll", "id": "region_3961", "name": "sechost.dll", "norm_filename": "c:\\windows\\system32\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 140725098184704, "timestamp": "00:01:16.703", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1269760, "start_va": 140725127806976, "type": "region", "version": 1 }, "end_va": 140725129076735, "entry_point": 140725127811408, "filename": "\\Windows\\System32\\rpcrt4.dll", "id": "region_3962", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\system32\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 140725127806976, "timestamp": "00:01:16.703", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1929216, "start_va": 140725131149312, "type": "region", "version": 1 }, "end_va": 140725133078527, "entry_point": 140725131157344, "filename": "\\Windows\\System32\\combase.dll", "id": "region_3963", "name": "combase.dll", "norm_filename": "c:\\windows\\system32\\combase.dll", "region_type": "memory_mapped_file", "start_va": 140725131149312, "timestamp": "00:01:16.707", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 684032, "start_va": 140725098577920, "type": "region", "version": 1 }, "end_va": 140725099261951, "entry_point": 140725098588204, "filename": "\\Windows\\System32\\msvcrt.dll", "id": "region_3964", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\system32\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 140725098577920, "timestamp": "00:01:16.708", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1310720, "start_va": 541120331776, "type": "region", "version": 1 }, "end_va": 541121642495, "entry_point": 0, "filename": null, "id": "region_3965", "name": "private_0x0000007dfd490000", "norm_filename": null, "region_type": "private_memory", "start_va": 541120331776, "timestamp": "00:01:16.710", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 28672, "start_va": 541117710336, "type": "region", "version": 1 }, "end_va": 541117739007, "entry_point": 0, "filename": null, "id": "region_3966", "name": "private_0x0000007dfd210000", "norm_filename": null, "region_type": "private_memory", "start_va": 541117710336, "timestamp": "00:01:16.711", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 761856, "start_va": 541120331776, "type": "region", "version": 1 }, "end_va": 541121093631, "entry_point": 541120513896, "filename": "\\Windows\\System32\\rpcss.dll", "id": "region_3967", "name": "rpcss.dll", "norm_filename": "c:\\windows\\system32\\rpcss.dll", "region_type": "memory_mapped_file", "start_va": 541120331776, "timestamp": "00:01:16.713", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 541121576960, "type": "region", "version": 1 }, "end_va": 541121642495, "entry_point": 0, "filename": null, "id": "region_3968", "name": "private_0x0000007dfd5c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 541121576960, "timestamp": "00:01:16.713", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 140725068431360, "type": "region", "version": 1 }, "end_va": 140725068472319, "entry_point": 140725068437320, "filename": "\\Windows\\System32\\kernel.appcore.dll", "id": "region_3969", "name": "kernel.appcore.dll", "norm_filename": "c:\\windows\\system32\\kernel.appcore.dll", "region_type": "memory_mapped_file", "start_va": 140725068431360, "timestamp": "00:01:16.714", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 140725085208576, "type": "region", "version": 1 }, "end_va": 140725085249535, "entry_point": 140725085212688, "filename": "\\Windows\\System32\\cryptbase.dll", "id": "region_3970", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\system32\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 140725085208576, "timestamp": "00:01:16.716", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 28672, "start_va": 541118562304, "type": "region", "version": 1 }, "end_va": 541118590975, "entry_point": 0, "filename": null, "id": "region_3971", "name": "private_0x0000007dfd2e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 541118562304, "timestamp": "00:01:16.717", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 385024, "start_va": 140725084815360, "type": "region", "version": 1 }, "end_va": 140725085200383, "entry_point": 140725084944032, "filename": "\\Windows\\System32\\bcryptprimitives.dll", "id": "region_3972", "name": "bcryptprimitives.dll", "norm_filename": "c:\\windows\\system32\\bcryptprimitives.dll", "region_type": "memory_mapped_file", "start_va": 140725084815360, "timestamp": "00:01:16.718", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1511424, "start_va": 140725093466112, "type": "region", "version": 1 }, "end_va": 140725094977535, "entry_point": 140725093620416, "filename": "\\Windows\\System32\\user32.dll", "id": "region_3973", "name": "user32.dll", "norm_filename": "c:\\windows\\system32\\user32.dll", "region_type": "memory_mapped_file", "start_va": 140725093466112, "timestamp": "00:01:16.720", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1331200, "start_va": 140725129773056, "type": "region", "version": 1 }, "end_va": 140725131104255, "entry_point": 140725129845848, "filename": "\\Windows\\System32\\gdi32.dll", "id": "region_3974", "name": "gdi32.dll", "norm_filename": "c:\\windows\\system32\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 140725129773056, "timestamp": "00:01:16.721", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 786432, "start_va": 541120331776, "type": "region", "version": 1 }, "end_va": 541121118207, "entry_point": 0, "filename": null, "id": "region_3975", "name": "pagefile_0x0000007dfd490000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 541120331776, "timestamp": "00:01:16.724", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 541121642496, "type": "region", "version": 1 }, "end_va": 541123248127, "entry_point": 0, "filename": null, "id": "region_3976", "name": "pagefile_0x0000007dfd5d0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 541121642496, "timestamp": "00:01:16.725", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 541123280896, "type": "region", "version": 1 }, "end_va": 541124857855, "entry_point": 0, "filename": null, "id": "region_3977", "name": "pagefile_0x0000007dfd760000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 541123280896, "timestamp": "00:01:16.725", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 12288, "start_va": 541118627840, "type": "region", "version": 1 }, "end_va": 541118640127, "entry_point": 0, "filename": null, "id": "region_3978", "name": "pagefile_0x0000007dfd2f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 541118627840, "timestamp": "00:01:16.728", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 541118693376, "type": "region", "version": 1 }, "end_va": 541118697471, "entry_point": 0, "filename": null, "id": "region_3979", "name": "pagefile_0x0000007dfd300000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 541118693376, "timestamp": "00:01:16.728", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 541121118208, "type": "region", "version": 1 }, "end_va": 541121122303, "entry_point": 0, "filename": null, "id": "region_3980", "name": "private_0x0000007dfd550000", "norm_filename": null, "region_type": "private_memory", "start_va": 541121118208, "timestamp": "00:01:16.728", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 541121183744, "type": "region", "version": 1 }, "end_va": 541121187839, "entry_point": 0, "filename": null, "id": "region_3981", "name": "private_0x0000007dfd560000", "norm_filename": null, "region_type": "private_memory", "start_va": 541121183744, "timestamp": "00:01:16.728", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4169728, "start_va": 541124919296, "type": "region", "version": 1 }, "end_va": 541129089023, "entry_point": 0, "filename": null, "id": "region_3982", "name": "pagefile_0x0000007dfd8f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 541124919296, "timestamp": "00:01:16.728", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 541129113600, "type": "region", "version": 1 }, "end_va": 541129637887, "entry_point": 0, "filename": null, "id": "region_3983", "name": "private_0x0000007dfdcf0000", "norm_filename": null, "region_type": "private_memory", "start_va": 541129113600, "timestamp": "00:01:16.741", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 541129637888, "type": "region", "version": 1 }, "end_va": 541130162175, "entry_point": 0, "filename": null, "id": "region_3984", "name": "private_0x0000007dfdd70000", "norm_filename": null, "region_type": "private_memory", "start_va": 541129637888, "timestamp": "00:01:16.741", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140694938554368, "type": "region", "version": 1 }, "end_va": 140694938562559, "entry_point": 0, "filename": null, "id": "region_3985", "name": "private_0x00007ff617d59000", "norm_filename": null, "region_type": "private_memory", "start_va": 140694938554368, "timestamp": "00:01:16.741", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140694938562560, "type": "region", "version": 1 }, "end_va": 140694938570751, "entry_point": 0, "filename": null, "id": "region_3986", "name": "private_0x00007ff617d5b000", "norm_filename": null, "region_type": "private_memory", "start_va": 140694938562560, "timestamp": "00:01:16.741", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2969600, "start_va": 541130162176, "type": "region", "version": 1 }, "end_va": 541133131775, "entry_point": 541130162176, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_3987", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 541130162176, "timestamp": "00:01:16.741", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 491520, "start_va": 140725026029568, "type": "region", "version": 1 }, "end_va": 140725026521087, "entry_point": 140725026029568, "filename": "\\Windows\\System32\\es.dll", "id": "region_3989", "name": "es.dll", "norm_filename": "c:\\windows\\system32\\es.dll", "region_type": "memory_mapped_file", "start_va": 140725026029568, "timestamp": "00:01:16.758", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 122880, "start_va": 140725079769088, "type": "region", "version": 1 }, "end_va": 140725079891967, "entry_point": 140725079773640, "filename": "\\Windows\\System32\\cryptsp.dll", "id": "region_3994", "name": "cryptsp.dll", "norm_filename": "c:\\windows\\system32\\cryptsp.dll", "region_type": "memory_mapped_file", "start_va": 140725079769088, "timestamp": "00:01:16.791", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 217088, "start_va": 140725075443712, "type": "region", "version": 1 }, "end_va": 140725075660799, "entry_point": 140725075448792, "filename": "\\Windows\\System32\\rsaenh.dll", "id": "region_3995", "name": "rsaenh.dll", "norm_filename": "c:\\windows\\system32\\rsaenh.dll", "region_type": "memory_mapped_file", "start_va": 140725075443712, "timestamp": "00:01:16.793", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 155648, "start_va": 140725082062848, "type": "region", "version": 1 }, "end_va": 140725082218495, "entry_point": 140725082086248, "filename": "\\Windows\\System32\\bcrypt.dll", "id": "region_3996", "name": "bcrypt.dll", "norm_filename": "c:\\windows\\system32\\bcrypt.dll", "region_type": "memory_mapped_file", "start_va": 140725082062848, "timestamp": "00:01:16.794", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 541133176832, "type": "region", "version": 1 }, "end_va": 541133701119, "entry_point": 0, "filename": null, "id": "region_3998", "name": "private_0x0000007dfe0d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 541133176832, "timestamp": "00:01:16.800", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 541133701120, "type": "region", "version": 1 }, "end_va": 541134225407, "entry_point": 0, "filename": null, "id": "region_3999", "name": "private_0x0000007dfe150000", "norm_filename": null, "region_type": "private_memory", "start_va": 541133701120, "timestamp": "00:01:16.800", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140694938537984, "type": "region", "version": 1 }, "end_va": 140694938546175, "entry_point": 0, "filename": null, "id": "region_4000", "name": "private_0x00007ff617d55000", "norm_filename": null, "region_type": "private_memory", "start_va": 140694938537984, "timestamp": "00:01:16.800", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140694938546176, "type": "region", "version": 1 }, "end_va": 140694938554367, "entry_point": 0, "filename": null, "id": "region_4001", "name": "private_0x00007ff617d57000", "norm_filename": null, "region_type": "private_memory", "start_va": 140694938546176, "timestamp": "00:01:16.800", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 541121249280, "type": "region", "version": 1 }, "end_va": 541121253375, "entry_point": 0, "filename": null, "id": "region_4002", "name": "pagefile_0x0000007dfd570000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 541121249280, "timestamp": "00:01:16.801", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 671744, "start_va": 140725095825408, "type": "region", "version": 1 }, "end_va": 140725096497151, "entry_point": 140725095829872, "filename": "\\Windows\\System32\\clbcatq.dll", "id": "region_4003", "name": "clbcatq.dll", "norm_filename": "c:\\windows\\system32\\clbcatq.dll", "region_type": "memory_mapped_file", "start_va": 140725095825408, "timestamp": "00:01:16.801", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 749568, "start_va": 140725101002752, "type": "region", "version": 1 }, "end_va": 140725101752319, "entry_point": 140725101007136, "filename": "\\Windows\\System32\\oleaut32.dll", "id": "region_4013", "name": "oleaut32.dll", "norm_filename": "c:\\windows\\system32\\oleaut32.dll", "region_type": "memory_mapped_file", "start_va": 140725101002752, "timestamp": "00:01:16.818", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1536000, "start_va": 541134225408, "type": "region", "version": 1 }, "end_va": 541135761407, "entry_point": 541134229684, "filename": "\\Windows\\System32\\ole32.dll", "id": "region_4014", "name": "ole32.dll", "norm_filename": "c:\\windows\\system32\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 541134225408, "timestamp": "00:01:16.820", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 541134225408, "type": "region", "version": 1 }, "end_va": 541134749695, "entry_point": 0, "filename": null, "id": "region_4015", "name": "private_0x0000007dfe1d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 541134225408, "timestamp": "00:01:16.826", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140694938529792, "type": "region", "version": 1 }, "end_va": 140694938537983, "entry_point": 0, "filename": null, "id": "region_4016", "name": "private_0x00007ff617d53000", "norm_filename": null, "region_type": "private_memory", "start_va": 140694938529792, "timestamp": "00:01:16.826", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 675840, "start_va": 140725126299648, "type": "region", "version": 1 }, "end_va": 140725126975487, "entry_point": 140725126303760, "filename": "\\Windows\\System32\\advapi32.dll", "id": "region_4017", "name": "advapi32.dll", "norm_filename": "c:\\windows\\system32\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 140725126299648, "timestamp": "00:01:16.827", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 541134749696, "type": "region", "version": 1 }, "end_va": 541135798271, "entry_point": 0, "filename": null, "id": "region_4022", "name": "private_0x0000007dfe250000", "norm_filename": null, "region_type": "private_memory", "start_va": 541134749696, "timestamp": "00:01:16.833", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1363968, "start_va": 140725022097408, "type": "region", "version": 1 }, "end_va": 140725023461375, "entry_point": 140725022097408, "filename": "\\Windows\\System32\\FntCache.dll", "id": "region_4103", "name": "fntcache.dll", "norm_filename": "c:\\windows\\system32\\fntcache.dll", "region_type": "memory_mapped_file", "start_va": 140725022097408, "timestamp": "00:01:17.060", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 541135798272, "type": "region", "version": 1 }, "end_va": 541136322559, "entry_point": 0, "filename": null, "id": "region_4121", "name": "private_0x0000007dfe350000", "norm_filename": null, "region_type": "private_memory", "start_va": 541135798272, "timestamp": "00:01:17.159", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 541136322560, "type": "region", "version": 1 }, "end_va": 541136846847, "entry_point": 0, "filename": null, "id": "region_4122", "name": "private_0x0000007dfe3d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 541136322560, "timestamp": "00:01:17.159", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140694937321472, "type": "region", "version": 1 }, "end_va": 140694937329663, "entry_point": 0, "filename": null, "id": "region_4123", "name": "private_0x00007ff617c2c000", "norm_filename": null, "region_type": "private_memory", "start_va": 140694937321472, "timestamp": "00:01:17.159", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140694937329664, "type": "region", "version": 1 }, "end_va": 140694937337855, "entry_point": 0, "filename": null, "id": "region_4124", "name": "private_0x00007ff617c2e000", "norm_filename": null, "region_type": "private_memory", "start_va": 140694937329664, "timestamp": "00:01:17.159", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 16777216, "start_va": 541136846848, "type": "region", "version": 1 }, "end_va": 541153624063, "entry_point": 541136846848, "filename": "\\Windows\\ServiceProfiles\\LocalService\\AppData\\Local\\~FontCache-FontFace.dat", "id": "region_4125", "name": "~fontcache-fontface.dat", "norm_filename": "c:\\windows\\serviceprofiles\\localservice\\appdata\\local\\~fontcache-fontface.dat", "region_type": "memory_mapped_file", "start_va": 541136846848, "timestamp": "00:01:17.161", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 541153624064, "type": "region", "version": 1 }, "end_va": 541154672639, "entry_point": 0, "filename": null, "id": "region_4126", "name": "private_0x0000007dff450000", "norm_filename": null, "region_type": "private_memory", "start_va": 541153624064, "timestamp": "00:01:17.168", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 675840, "start_va": 541154672640, "type": "region", "version": 1 }, "end_va": 541155348479, "entry_point": 541154672640, "filename": "\\Windows\\ServiceProfiles\\LocalService\\AppData\\Local\\~FontCache-System.dat", "id": "region_4127", "name": "~fontcache-system.dat", "norm_filename": "c:\\windows\\serviceprofiles\\localservice\\appdata\\local\\~fontcache-system.dat", "region_type": "memory_mapped_file", "start_va": 541154672640, "timestamp": "00:01:17.175", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8388608, "start_va": 541155393536, "type": "region", "version": 1 }, "end_va": 541163782143, "entry_point": 541155393536, "filename": "\\Windows\\ServiceProfiles\\LocalService\\AppData\\Local\\~FontCache-S-1-5-18.dat", "id": "region_4133", "name": "~fontcache-s-1-5-18.dat", "norm_filename": "c:\\windows\\serviceprofiles\\localservice\\appdata\\local\\~fontcache-s-1-5-18.dat", "region_type": "memory_mapped_file", "start_va": 541155393536, "timestamp": "00:01:17.287", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 140725010956288, "type": "region", "version": 1 }, "end_va": 140725011005439, "entry_point": 140725010956288, "filename": "\\Windows\\System32\\nsisvc.dll", "id": "region_4328", "name": "nsisvc.dll", "norm_filename": "c:\\windows\\system32\\nsisvc.dll", "region_type": "memory_mapped_file", "start_va": 140725010956288, "timestamp": "00:01:18.407", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 36864, "start_va": 140725103886336, "type": "region", "version": 1 }, "end_va": 140725103923199, "entry_point": 140725103891456, "filename": "\\Windows\\System32\\nsi.dll", "id": "region_4333", "name": "nsi.dll", "norm_filename": "c:\\windows\\system32\\nsi.dll", "region_type": "memory_mapped_file", "start_va": 140725103886336, "timestamp": "00:01:19.306", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 541163782144, "type": "region", "version": 1 }, "end_va": 541164306431, "entry_point": 0, "filename": null, "id": "region_4632", "name": "private_0x0000007dffe00000", "norm_filename": null, "region_type": "private_memory", "start_va": 541163782144, "timestamp": "00:01:20.731", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140694937313280, "type": "region", "version": 1 }, "end_va": 140694937321471, "entry_point": 0, "filename": null, "id": "region_4633", "name": "private_0x00007ff617c2a000", "norm_filename": null, "region_type": "private_memory", "start_va": 140694937313280, "timestamp": "00:01:20.731", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8388608, "start_va": 539018395648, "type": "region", "version": 1 }, "end_va": 539026784255, "entry_point": 539018395648, "filename": "\\Windows\\ServiceProfiles\\LocalService\\AppData\\Local\\~FontCache-S-1-5-21-3643094112-4209292109-138530109-1001.dat", "id": "region_5385", "name": "~fontcache-s-1-5-21-3643094112-4209292109-138530109-1001.dat", "norm_filename": "c:\\windows\\serviceprofiles\\localservice\\appdata\\local\\~fontcache-s-1-5-21-3643094112-4209292109-138530109-1001.dat", "region_type": "memory_mapped_file", "start_va": 539018395648, "timestamp": "00:01:24.308", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 69632, "start_va": 541121314816, "type": "region", "version": 1 }, "end_va": 541121384447, "entry_point": 541121319968, "filename": "\\Windows\\System32\\es.dll", "id": "region_5531", "name": "es.dll", "norm_filename": "c:\\windows\\system32\\es.dll", "region_type": "memory_mapped_file", "start_va": 541121314816, "timestamp": "00:01:25.258", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 541164306432, "type": "region", "version": 1 }, "end_va": 541164830719, "entry_point": 0, "filename": null, "id": "region_5532", "name": "private_0x0000007dffe80000", "norm_filename": null, "region_type": "private_memory", "start_va": 541164306432, "timestamp": "00:01:25.259", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140694937305088, "type": "region", "version": 1 }, "end_va": 140694937313279, "entry_point": 0, "filename": null, "id": "region_5533", "name": "private_0x00007ff617c28000", "norm_filename": null, "region_type": "private_memory", "start_va": 140694937305088, "timestamp": "00:01:25.259", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 618496, "start_va": 140725085405184, "type": "region", "version": 1 }, "end_va": 140725086023679, "entry_point": 140725085411516, "filename": "\\Windows\\System32\\sxs.dll", "id": "region_5534", "name": "sxs.dll", "norm_filename": "c:\\windows\\system32\\sxs.dll", "region_type": "memory_mapped_file", "start_va": 140725085405184, "timestamp": "00:01:25.261", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1531904, "start_va": 140725096546304, "type": "region", "version": 1 }, "end_va": 140725098078207, "entry_point": 140725096550580, "filename": "\\Windows\\System32\\ole32.dll", "id": "region_5537", "name": "ole32.dll", "norm_filename": "c:\\windows\\system32\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 140725096546304, "timestamp": "00:01:25.284", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 541121445888, "type": "region", "version": 1 }, "end_va": 541121462271, "entry_point": 541121445888, "filename": "\\Windows\\System32\\stdole2.tlb", "id": "region_5538", "name": "stdole2.tlb", "norm_filename": "c:\\windows\\system32\\stdole2.tlb", "region_type": "memory_mapped_file", "start_va": 541121445888, "timestamp": "00:01:25.288", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 541164830720, "type": "region", "version": 1 }, "end_va": 541165355007, "entry_point": 0, "filename": null, "id": "region_6537", "name": "private_0x0000007dfff00000", "norm_filename": null, "region_type": "private_memory", "start_va": 541164830720, "timestamp": "00:01:33.905", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140694937296896, "type": "region", "version": 1 }, "end_va": 140694937305087, "entry_point": 0, "filename": null, "id": "region_6538", "name": "private_0x00007ff617c26000", "norm_filename": null, "region_type": "private_memory", "start_va": 140694937296896, "timestamp": "00:01:33.905", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 806912, "start_va": 140725041037312, "type": "region", "version": 1 }, "end_va": 140725041844223, "entry_point": 140725041041564, "filename": "\\Windows\\System32\\winhttp.dll", "id": "region_6539", "name": "winhttp.dll", "norm_filename": "c:\\windows\\system32\\winhttp.dll", "region_type": "memory_mapped_file", "start_va": 140725041037312, "timestamp": "00:01:33.906", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 541165355008, "type": "region", "version": 1 }, "end_va": 541165879295, "entry_point": 0, "filename": null, "id": "region_6563", "name": "private_0x0000007dfff80000", "norm_filename": null, "region_type": "private_memory", "start_va": 541165355008, "timestamp": "00:01:33.976", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140694937288704, "type": "region", "version": 1 }, "end_va": 140694937296895, "entry_point": 0, "filename": null, "id": "region_6564", "name": "private_0x00007ff617c24000", "norm_filename": null, "region_type": "private_memory", "start_va": 140694937288704, "timestamp": "00:01:33.976", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 360448, "start_va": 140725127020544, "type": "region", "version": 1 }, "end_va": 140725127380991, "entry_point": 140725127024796, "filename": "\\Windows\\System32\\ws2_32.dll", "id": "region_6565", "name": "ws2_32.dll", "norm_filename": "c:\\windows\\system32\\ws2_32.dll", "region_type": "memory_mapped_file", "start_va": 140725127020544, "timestamp": "00:01:33.987", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 360448, "start_va": 140725079375872, "type": "region", "version": 1 }, "end_va": 140725079736319, "entry_point": 140725079379984, "filename": "\\Windows\\System32\\mswsock.dll", "id": "region_6566", "name": "mswsock.dll", "norm_filename": "c:\\windows\\system32\\mswsock.dll", "region_type": "memory_mapped_file", "start_va": 140725079375872, "timestamp": "00:01:33.991", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 167936, "start_va": 140725016985600, "type": "region", "version": 1 }, "end_va": 140725017153535, "entry_point": 140725017016680, "filename": "\\Windows\\System32\\IPHLPAPI.DLL", "id": "region_6569", "name": "iphlpapi.dll", "norm_filename": "c:\\windows\\system32\\iphlpapi.dll", "region_type": "memory_mapped_file", "start_va": 140725016985600, "timestamp": "00:01:34.011", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 140725016920064, "type": "region", "version": 1 }, "end_va": 140725016961023, "entry_point": 140725016924356, "filename": "\\Windows\\System32\\winnsi.dll", "id": "region_6570", "name": "winnsi.dll", "norm_filename": "c:\\windows\\system32\\winnsi.dll", "region_type": "memory_mapped_file", "start_va": 140725016920064, "timestamp": "00:01:34.012", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 539026784256, "type": "region", "version": 1 }, "end_va": 539027832831, "entry_point": 0, "filename": null, "id": "region_6676", "name": "private_0x0000007d80800000", "norm_filename": null, "region_type": "private_memory", "start_va": 539026784256, "timestamp": "00:01:34.836", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 539027832832, "type": "region", "version": 1 }, "end_va": 539028357119, "entry_point": 0, "filename": null, "id": "region_6801", "name": "private_0x0000007d80900000", "norm_filename": null, "region_type": "private_memory", "start_va": 539027832832, "timestamp": "00:01:35.772", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140694937280512, "type": "region", "version": 1 }, "end_va": 140694937288703, "entry_point": 0, "filename": null, "id": "region_6803", "name": "private_0x00007ff617c22000", "norm_filename": null, "region_type": "private_memory", "start_va": 140694937280512, "timestamp": "00:01:35.773", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 110592, "start_va": 140724927463424, "type": "region", "version": 1 }, "end_va": 140724927574015, "entry_point": 140724927479892, "filename": "\\Windows\\System32\\wdi.dll", "id": "region_6805", "name": "wdi.dll", "norm_filename": "c:\\windows\\system32\\wdi.dll", "region_type": "memory_mapped_file", "start_va": 140724927463424, "timestamp": "00:01:35.773", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 536576, "start_va": 140724926873600, "type": "region", "version": 1 }, "end_va": 140724927410175, "entry_point": 140724926873600, "filename": "\\Windows\\System32\\netprofmsvc.dll", "id": "region_6836", "name": "netprofmsvc.dll", "norm_filename": "c:\\windows\\system32\\netprofmsvc.dll", "region_type": "memory_mapped_file", "start_va": 140724926873600, "timestamp": "00:01:35.853", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 140725028716544, "type": "region", "version": 1 }, "end_va": 140725028818943, "entry_point": 140725028721024, "filename": "\\Windows\\System32\\nlaapi.dll", "id": "region_6839", "name": "nlaapi.dll", "norm_filename": "c:\\windows\\system32\\nlaapi.dll", "region_type": "memory_mapped_file", "start_va": 140725028716544, "timestamp": "00:01:35.902", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 539028357120, "type": "region", "version": 1 }, "end_va": 539028881407, "entry_point": 0, "filename": null, "id": "region_6847", "name": "private_0x0000007d80980000", "norm_filename": null, "region_type": "private_memory", "start_va": 539028357120, "timestamp": "00:01:35.954", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140694937272320, "type": "region", "version": 1 }, "end_va": 140694937280511, "entry_point": 0, "filename": null, "id": "region_6848", "name": "private_0x00007ff617c20000", "norm_filename": null, "region_type": "private_memory", "start_va": 140694937272320, "timestamp": "00:01:35.954", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 667648, "start_va": 140725076951040, "type": "region", "version": 1 }, "end_va": 140725077618687, "entry_point": 140725077040104, "filename": "\\Windows\\System32\\dnsapi.dll", "id": "region_6849", "name": "dnsapi.dll", "norm_filename": "c:\\windows\\system32\\dnsapi.dll", "region_type": "memory_mapped_file", "start_va": 140725076951040, "timestamp": "00:01:35.957", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1122304, "start_va": 140724924186624, "type": "region", "version": 1 }, "end_va": 140724925308927, "entry_point": 140724924186624, "filename": "\\Windows\\System32\\perftrack.dll", "id": "region_6860", "name": "perftrack.dll", "norm_filename": "c:\\windows\\system32\\perftrack.dll", "region_type": "memory_mapped_file", "start_va": 140724924186624, "timestamp": "00:01:36.005", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 539028881408, "type": "region", "version": 1 }, "end_va": 539028889599, "entry_point": 539028881408, "filename": "\\Windows\\System32\\en-US\\netprofmsvc.dll.mui", "id": "region_6884", "name": "netprofmsvc.dll.mui", "norm_filename": "c:\\windows\\system32\\en-us\\netprofmsvc.dll.mui", "region_type": "memory_mapped_file", "start_va": 539028881408, "timestamp": "00:01:36.086", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 539028946944, "type": "region", "version": 1 }, "end_va": 539029471231, "entry_point": 0, "filename": null, "id": "region_6887", "name": "private_0x0000007d80a10000", "norm_filename": null, "region_type": "private_memory", "start_va": 539028946944, "timestamp": "00:01:36.118", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140694937264128, "type": "region", "version": 1 }, "end_va": 140694937272319, "entry_point": 0, "filename": null, "id": "region_6888", "name": "private_0x00007ff617c1e000", "norm_filename": null, "region_type": "private_memory", "start_va": 140694937264128, "timestamp": "00:01:36.118", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 539029471232, "type": "region", "version": 1 }, "end_va": 539029995519, "entry_point": 0, "filename": null, "id": "region_6893", "name": "private_0x0000007d80a90000", "norm_filename": null, "region_type": "private_memory", "start_va": 539029471232, "timestamp": "00:01:36.166", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 539029995520, "type": "region", "version": 1 }, "end_va": 539030003711, "entry_point": 0, "filename": null, "id": "region_6894", "name": "pagefile_0x0000007d80b10000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 539029995520, "timestamp": "00:01:36.166", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140694937255936, "type": "region", "version": 1 }, "end_va": 140694937264127, "entry_point": 0, "filename": null, "id": "region_6895", "name": "private_0x00007ff617c1c000", "norm_filename": null, "region_type": "private_memory", "start_va": 140694937255936, "timestamp": "00:01:36.166", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 176128, "start_va": 140725084618752, "type": "region", "version": 1 }, "end_va": 140725084794879, "entry_point": 140725084624016, "filename": "\\Windows\\System32\\sspicli.dll", "id": "region_6896", "name": "sspicli.dll", "norm_filename": "c:\\windows\\system32\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 140725084618752, "timestamp": "00:01:36.167", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 536576, "start_va": 140724922679296, "type": "region", "version": 1 }, "end_va": 140724923215871, "entry_point": 140724922679296, "filename": "\\Windows\\System32\\wer.dll", "id": "region_6897", "name": "wer.dll", "norm_filename": "c:\\windows\\system32\\wer.dll", "region_type": "memory_mapped_file", "start_va": 140724922679296, "timestamp": "00:01:36.173", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 114688, "start_va": 140725040906240, "type": "region", "version": 1 }, "end_va": 140725041020927, "entry_point": 140725040910476, "filename": "\\Windows\\System32\\aepic.dll", "id": "region_6898", "name": "aepic.dll", "norm_filename": "c:\\windows\\system32\\aepic.dll", "region_type": "memory_mapped_file", "start_va": 140725040906240, "timestamp": "00:01:36.178", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 57344, "start_va": 140725072035840, "type": "region", "version": 1 }, "end_va": 140725072093183, "entry_point": 140725072048272, "filename": "\\Windows\\System32\\pcwum.dll", "id": "region_6899", "name": "pcwum.dll", "norm_filename": "c:\\windows\\system32\\pcwum.dll", "region_type": "memory_mapped_file", "start_va": 140725072035840, "timestamp": "00:01:36.179", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 65536, "start_va": 140725043462144, "type": "region", "version": 1 }, "end_va": 140725043527679, "entry_point": 140725043471648, "filename": "\\Windows\\System32\\sfc_os.dll", "id": "region_6900", "name": "sfc_os.dll", "norm_filename": "c:\\windows\\system32\\sfc_os.dll", "region_type": "memory_mapped_file", "start_va": 140725043462144, "timestamp": "00:01:36.187", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 140724958855168, "type": "region", "version": 1 }, "end_va": 140724958896127, "entry_point": 140724958859456, "filename": "\\Windows\\System32\\version.dll", "id": "region_6901", "name": "version.dll", "norm_filename": "c:\\windows\\system32\\version.dll", "region_type": "memory_mapped_file", "start_va": 140724958855168, "timestamp": "00:01:36.189", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 327680, "start_va": 539030061056, "type": "region", "version": 1 }, "end_va": 539030388735, "entry_point": 0, "filename": null, "id": "region_6906", "name": "private_0x0000007d80b20000", "norm_filename": null, "region_type": "private_memory", "start_va": 539030061056, "timestamp": "00:01:36.200", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 81920, "start_va": 140725007810560, "type": "region", "version": 1 }, "end_va": 140725007892479, "entry_point": 140725007816576, "filename": "\\Windows\\System32\\dhcpcsvc6.dll", "id": "region_6908", "name": "dhcpcsvc6.dll", "norm_filename": "c:\\windows\\system32\\dhcpcsvc6.dll", "region_type": "memory_mapped_file", "start_va": 140725007810560, "timestamp": "00:01:36.212", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 539030388736, "type": "region", "version": 1 }, "end_va": 539030913023, "entry_point": 0, "filename": null, "id": "region_6909", "name": "private_0x0000007d80b70000", "norm_filename": null, "region_type": "private_memory", "start_va": 539030388736, "timestamp": "00:01:36.219", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 539030913024, "type": "region", "version": 1 }, "end_va": 539031437311, "entry_point": 0, "filename": null, "id": "region_6910", "name": "private_0x0000007d80bf0000", "norm_filename": null, "region_type": "private_memory", "start_va": 539030913024, "timestamp": "00:01:36.219", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 539031437312, "type": "region", "version": 1 }, "end_va": 539031961599, "entry_point": 0, "filename": null, "id": "region_6911", "name": "private_0x0000007d80c70000", "norm_filename": null, "region_type": "private_memory", "start_va": 539031437312, "timestamp": "00:01:36.219", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140694937231360, "type": "region", "version": 1 }, "end_va": 140694937239551, "entry_point": 0, "filename": null, "id": "region_6912", "name": "private_0x00007ff617c16000", "norm_filename": null, "region_type": "private_memory", "start_va": 140694937231360, "timestamp": "00:01:36.219", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140694937239552, "type": "region", "version": 1 }, "end_va": 140694937247743, "entry_point": 0, "filename": null, "id": "region_6913", "name": "private_0x00007ff617c18000", "norm_filename": null, "region_type": "private_memory", "start_va": 140694937239552, "timestamp": "00:01:36.219", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140694937247744, "type": "region", "version": 1 }, "end_va": 140694937255935, "entry_point": 0, "filename": null, "id": "region_6914", "name": "private_0x00007ff617c1a000", "norm_filename": null, "region_type": "private_memory", "start_va": 140694937247744, "timestamp": "00:01:36.219", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 140725007679488, "type": "region", "version": 1 }, "end_va": 140725007781887, "entry_point": 140725007687116, "filename": "\\Windows\\System32\\dhcpcsvc.dll", "id": "region_6915", "name": "dhcpcsvc.dll", "norm_filename": "c:\\windows\\system32\\dhcpcsvc.dll", "region_type": "memory_mapped_file", "start_va": 140725007679488, "timestamp": "00:01:36.219", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 57344, "start_va": 140724922286080, "type": "region", "version": 1 }, "end_va": 140724922343423, "entry_point": 140724922286080, "filename": "\\Windows\\System32\\npmproxy.dll", "id": "region_6917", "name": "npmproxy.dll", "norm_filename": "c:\\windows\\system32\\npmproxy.dll", "region_type": "memory_mapped_file", "start_va": 140724922286080, "timestamp": "00:01:36.232", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 36864, "start_va": 140724927594496, "type": "region", "version": 1 }, "end_va": 140724927631359, "entry_point": 140724927599236, "filename": "\\Windows\\System32\\rasadhlp.dll", "id": "region_6919", "name": "rasadhlp.dll", "norm_filename": "c:\\windows\\system32\\rasadhlp.dll", "region_type": "memory_mapped_file", "start_va": 140724927594496, "timestamp": "00:01:36.248", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 539031961600, "type": "region", "version": 1 }, "end_va": 539032485887, "entry_point": 0, "filename": null, "id": "region_6940", "name": "private_0x0000007d80cf0000", "norm_filename": null, "region_type": "private_memory", "start_va": 539031961600, "timestamp": "00:01:36.360", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140694937223168, "type": "region", "version": 1 }, "end_va": 140694937231359, "entry_point": 0, "filename": null, "id": "region_6941", "name": "private_0x00007ff617c14000", "norm_filename": null, "region_type": "private_memory", "start_va": 140694937223168, "timestamp": "00:01:36.360", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 303104, "start_va": 140725090320384, "type": "region", "version": 1 }, "end_va": 140725090623487, "entry_point": 140725090325080, "filename": "\\Windows\\System32\\cfgmgr32.dll", "id": "region_6942", "name": "cfgmgr32.dll", "norm_filename": "c:\\windows\\system32\\cfgmgr32.dll", "region_type": "memory_mapped_file", "start_va": 140725090320384, "timestamp": "00:01:36.360", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 539030061056, "type": "region", "version": 1 }, "end_va": 539030065151, "entry_point": 0, "filename": null, "id": "region_6956", "name": "private_0x0000007d80b20000", "norm_filename": null, "region_type": "private_memory", "start_va": 539030061056, "timestamp": "00:01:36.505", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 539030323200, "type": "region", "version": 1 }, "end_va": 539030388735, "entry_point": 0, "filename": null, "id": "region_6957", "name": "private_0x0000007d80b60000", "norm_filename": null, "region_type": "private_memory", "start_va": 539030323200, "timestamp": "00:01:36.505", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 143360, "start_va": 140725071773696, "type": "region", "version": 1 }, "end_va": 140725071917055, "entry_point": 140725071777952, "filename": "\\Windows\\System32\\gpapi.dll", "id": "region_6958", "name": "gpapi.dll", "norm_filename": "c:\\windows\\system32\\gpapi.dll", "region_type": "memory_mapped_file", "start_va": 140725071773696, "timestamp": "00:01:36.506", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 539032485888, "type": "region", "version": 1 }, "end_va": 539033010175, "entry_point": 0, "filename": null, "id": "region_6977", "name": "private_0x0000007d80d70000", "norm_filename": null, "region_type": "private_memory", "start_va": 539032485888, "timestamp": "00:01:36.772", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 539033010176, "type": "region", "version": 1 }, "end_va": 539033534463, "entry_point": 0, "filename": null, "id": "region_6978", "name": "private_0x0000007d80df0000", "norm_filename": null, "region_type": "private_memory", "start_va": 539033010176, "timestamp": "00:01:36.772", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140694937206784, "type": "region", "version": 1 }, "end_va": 140694937214975, "entry_point": 0, "filename": null, "id": "region_6979", "name": "private_0x00007ff617c10000", "norm_filename": null, "region_type": "private_memory", "start_va": 140694937206784, "timestamp": "00:01:36.772", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140694937214976, "type": "region", "version": 1 }, "end_va": 140694937223167, "entry_point": 0, "filename": null, "id": "region_6980", "name": "private_0x00007ff617c12000", "norm_filename": null, "region_type": "private_memory", "start_va": 140694937214976, "timestamp": "00:01:36.772", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 539033534464, "type": "region", "version": 1 }, "end_va": 539034058751, "entry_point": 0, "filename": null, "id": "region_7207", "name": "private_0x0000007d80e70000", "norm_filename": null, "region_type": "private_memory", "start_va": 539033534464, "timestamp": "00:01:38.346", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 539034058752, "type": "region", "version": 1 }, "end_va": 539034583039, "entry_point": 0, "filename": null, "id": "region_7208", "name": "private_0x0000007d80ef0000", "norm_filename": null, "region_type": "private_memory", "start_va": 539034058752, "timestamp": "00:01:38.346", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140694937190400, "type": "region", "version": 1 }, "end_va": 140694937198591, "entry_point": 0, "filename": null, "id": "region_7209", "name": "private_0x00007ff617c0c000", "norm_filename": null, "region_type": "private_memory", "start_va": 140694937190400, "timestamp": "00:01:38.346", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140694937198592, "type": "region", "version": 1 }, "end_va": 140694937206783, "entry_point": 0, "filename": null, "id": "region_7210", "name": "private_0x00007ff617c0e000", "norm_filename": null, "region_type": "private_memory", "start_va": 140694937198592, "timestamp": "00:01:38.346", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 2097152, "start_va": 539034583040, "type": "region", "version": 1 }, "end_va": 539036680191, "entry_point": 0, "filename": null, "id": "region_7310", "name": "private_0x0000007d80f70000", "norm_filename": null, "region_type": "private_memory", "start_va": 539034583040, "timestamp": "00:01:39.621", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 539030061056, "type": "region", "version": 1 }, "end_va": 539030065151, "entry_point": 0, "filename": null, "id": "region_7777", "name": "pagefile_0x0000007d80b20000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 539030061056, "timestamp": "00:01:43.468", "type": "region", "version": 1 } ], "terminate_reason": "timeout", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "C:\\Windows\\System32\\svchost.exe -k LocalSystemNetworkRestricted", "filename": "c:\\windows\\system32\\svchost.exe", "id": "proc_48", "image_name": "svchost.exe", "monitor_reason": "child_process", "monitored_id": 48, "origin_monitor_id": 39, "ref_parent_process": { "ref_id": "proc_39", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable" ], "ref_process_dump": null, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_4040", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:01:16.934", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 131072, "start_va": 699715944448, "type": "region", "version": 1 }, "end_va": 699716075519, "entry_point": 0, "filename": null, "id": "region_4041", "name": "private_0x000000a2ea520000", "norm_filename": null, "region_type": "private_memory", "start_va": 699715944448, "timestamp": "00:01:16.934", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 61440, "start_va": 699716075520, "type": "region", "version": 1 }, "end_va": 699716136959, "entry_point": 0, "filename": null, "id": "region_4042", "name": "pagefile_0x000000a2ea540000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 699716075520, "timestamp": "00:01:16.934", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 699716141056, "type": "region", "version": 1 }, "end_va": 699716665343, "entry_point": 0, "filename": null, "id": "region_4043", "name": "private_0x000000a2ea550000", "norm_filename": null, "region_type": "private_memory", "start_va": 699716141056, "timestamp": "00:01:16.934", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 699716665344, "type": "region", "version": 1 }, "end_va": 699716681727, "entry_point": 0, "filename": null, "id": "region_4044", "name": "pagefile_0x000000a2ea5d0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 699716665344, "timestamp": "00:01:16.934", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 140694931308544, "type": "region", "version": 1 }, "end_va": 140694931451903, "entry_point": 0, "filename": null, "id": "region_4045", "name": "pagefile_0x00007ff617670000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 140694931308544, "timestamp": "00:01:16.934", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 140694931476480, "type": "region", "version": 1 }, "end_va": 140694931480575, "entry_point": 0, "filename": null, "id": "region_4046", "name": "private_0x00007ff617699000", "norm_filename": null, "region_type": "private_memory", "start_va": 140694931476480, "timestamp": "00:01:16.934", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140694931496960, "type": "region", "version": 1 }, "end_va": 140694931505151, "entry_point": 0, "filename": null, "id": "region_4047", "name": "private_0x00007ff61769e000", "norm_filename": null, "region_type": "private_memory", "start_va": 140694931496960, "timestamp": "00:01:16.934", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 140694944612352, "type": "region", "version": 1 }, "end_va": 140694944661503, "entry_point": 140694944620940, "filename": "\\Windows\\System32\\svchost.exe", "id": "region_4048", "name": "svchost.exe", "norm_filename": "c:\\windows\\system32\\svchost.exe", "region_type": "memory_mapped_file", "start_va": 140694944612352, "timestamp": "00:01:16.934", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 140725133115392, "type": "region", "version": 1 }, "end_va": 140725134856191, "entry_point": 140725133115392, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_4049", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 140725133115392, "timestamp": "00:01:16.935", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 699716730880, "type": "region", "version": 1 }, "end_va": 699716734975, "entry_point": 0, "filename": null, "id": "region_4050", "name": "pagefile_0x000000a2ea5e0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 699716730880, "timestamp": "00:01:16.936", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 699716796416, "type": "region", "version": 1 }, "end_va": 699716804607, "entry_point": 0, "filename": null, "id": "region_4051", "name": "private_0x000000a2ea5f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 699716796416, "timestamp": "00:01:16.937", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 699717386240, "type": "region", "version": 1 }, "end_va": 699718434815, "entry_point": 0, "filename": null, "id": "region_4052", "name": "private_0x000000a2ea680000", "norm_filename": null, "region_type": "private_memory", "start_va": 699717386240, "timestamp": "00:01:16.944", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1105920, "start_va": 140725090648064, "type": "region", "version": 1 }, "end_va": 140725091753983, "entry_point": 140725090656928, "filename": "\\Windows\\System32\\KernelBase.dll", "id": "region_4053", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\system32\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 140725090648064, "timestamp": "00:01:16.944", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1282048, "start_va": 140725124988928, "type": "region", "version": 1 }, "end_va": 140725126270975, "entry_point": 140725125009460, "filename": "\\Windows\\System32\\kernel32.dll", "id": "region_4054", "name": "kernel32.dll", "norm_filename": "c:\\windows\\system32\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 140725124988928, "timestamp": "00:01:16.945", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 699715944448, "type": "region", "version": 1 }, "end_va": 699716009983, "entry_point": 0, "filename": null, "id": "region_4055", "name": "pagefile_0x000000a2ea520000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 699715944448, "timestamp": "00:01:16.946", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 140694930259968, "type": "region", "version": 1 }, "end_va": 140694931308543, "entry_point": 0, "filename": null, "id": "region_4056", "name": "pagefile_0x00007ff617570000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 140694930259968, "timestamp": "00:01:16.946", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 516096, "start_va": 699716861952, "type": "region", "version": 1 }, "end_va": 699717378047, "entry_point": 699716861952, "filename": "\\Windows\\System32\\locale.nls", "id": "region_4057", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 699716861952, "timestamp": "00:01:16.949", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 356352, "start_va": 140725098184704, "type": "region", "version": 1 }, "end_va": 140725098541055, "entry_point": 140725098194176, "filename": "\\Windows\\System32\\sechost.dll", "id": "region_4058", "name": "sechost.dll", "norm_filename": "c:\\windows\\system32\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 140725098184704, "timestamp": "00:01:16.949", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1269760, "start_va": 140725127806976, "type": "region", "version": 1 }, "end_va": 140725129076735, "entry_point": 140725127811408, "filename": "\\Windows\\System32\\rpcrt4.dll", "id": "region_4059", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\system32\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 140725127806976, "timestamp": "00:01:16.950", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1929216, "start_va": 140725131149312, "type": "region", "version": 1 }, "end_va": 140725133078527, "entry_point": 140725131157344, "filename": "\\Windows\\System32\\combase.dll", "id": "region_4060", "name": "combase.dll", "norm_filename": "c:\\windows\\system32\\combase.dll", "region_type": "memory_mapped_file", "start_va": 140725131149312, "timestamp": "00:01:16.954", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 684032, "start_va": 140725098577920, "type": "region", "version": 1 }, "end_va": 140725099261951, "entry_point": 140725098588204, "filename": "\\Windows\\System32\\msvcrt.dll", "id": "region_4061", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\system32\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 140725098577920, "timestamp": "00:01:16.955", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 2097152, "start_va": 699718434816, "type": "region", "version": 1 }, "end_va": 699720531967, "entry_point": 0, "filename": null, "id": "region_4062", "name": "private_0x000000a2ea780000", "norm_filename": null, "region_type": "private_memory", "start_va": 699718434816, "timestamp": "00:01:16.956", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 28672, "start_va": 699716009984, "type": "region", "version": 1 }, "end_va": 699716038655, "entry_point": 0, "filename": null, "id": "region_4063", "name": "private_0x000000a2ea530000", "norm_filename": null, "region_type": "private_memory", "start_va": 699716009984, "timestamp": "00:01:16.957", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 761856, "start_va": 699718434816, "type": "region", "version": 1 }, "end_va": 699719196671, "entry_point": 699718616936, "filename": "\\Windows\\System32\\rpcss.dll", "id": "region_4064", "name": "rpcss.dll", "norm_filename": "c:\\windows\\system32\\rpcss.dll", "region_type": "memory_mapped_file", "start_va": 699718434816, "timestamp": "00:01:16.959", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 699720466432, "type": "region", "version": 1 }, "end_va": 699720531967, "entry_point": 0, "filename": null, "id": "region_4065", "name": "private_0x000000a2ea970000", "norm_filename": null, "region_type": "private_memory", "start_va": 699720466432, "timestamp": "00:01:16.960", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 140725068431360, "type": "region", "version": 1 }, "end_va": 140725068472319, "entry_point": 140725068437320, "filename": "\\Windows\\System32\\kernel.appcore.dll", "id": "region_4066", "name": "kernel.appcore.dll", "norm_filename": "c:\\windows\\system32\\kernel.appcore.dll", "region_type": "memory_mapped_file", "start_va": 140725068431360, "timestamp": "00:01:16.961", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 140725085208576, "type": "region", "version": 1 }, "end_va": 140725085249535, "entry_point": 140725085212688, "filename": "\\Windows\\System32\\cryptbase.dll", "id": "region_4067", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\system32\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 140725085208576, "timestamp": "00:01:16.962", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 28672, "start_va": 699718434816, "type": "region", "version": 1 }, "end_va": 699718463487, "entry_point": 0, "filename": null, "id": "region_4068", "name": "private_0x000000a2ea780000", "norm_filename": null, "region_type": "private_memory", "start_va": 699718434816, "timestamp": "00:01:16.963", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 385024, "start_va": 140725084815360, "type": "region", "version": 1 }, "end_va": 140725085200383, "entry_point": 140725084944032, "filename": "\\Windows\\System32\\bcryptprimitives.dll", "id": "region_4069", "name": "bcryptprimitives.dll", "norm_filename": "c:\\windows\\system32\\bcryptprimitives.dll", "region_type": "memory_mapped_file", "start_va": 140725084815360, "timestamp": "00:01:16.964", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1511424, "start_va": 140725093466112, "type": "region", "version": 1 }, "end_va": 140725094977535, "entry_point": 140725093620416, "filename": "\\Windows\\System32\\user32.dll", "id": "region_4070", "name": "user32.dll", "norm_filename": "c:\\windows\\system32\\user32.dll", "region_type": "memory_mapped_file", "start_va": 140725093466112, "timestamp": "00:01:16.966", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1331200, "start_va": 140725129773056, "type": "region", "version": 1 }, "end_va": 140725131104255, "entry_point": 140725129845848, "filename": "\\Windows\\System32\\gdi32.dll", "id": "region_4071", "name": "gdi32.dll", "norm_filename": "c:\\windows\\system32\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 140725129773056, "timestamp": "00:01:16.967", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 699718500352, "type": "region", "version": 1 }, "end_va": 699720105983, "entry_point": 0, "filename": null, "id": "region_4072", "name": "pagefile_0x000000a2ea790000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 699718500352, "timestamp": "00:01:16.970", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 699720531968, "type": "region", "version": 1 }, "end_va": 699722108927, "entry_point": 0, "filename": null, "id": "region_4073", "name": "pagefile_0x000000a2ea980000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 699720531968, "timestamp": "00:01:16.970", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 786432, "start_va": 699722170368, "type": "region", "version": 1 }, "end_va": 699722956799, "entry_point": 0, "filename": null, "id": "region_4074", "name": "pagefile_0x000000a2eab10000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 699722170368, "timestamp": "00:01:16.970", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 12288, "start_va": 699720138752, "type": "region", "version": 1 }, "end_va": 699720151039, "entry_point": 0, "filename": null, "id": "region_4075", "name": "pagefile_0x000000a2ea920000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 699720138752, "timestamp": "00:01:16.975", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 699720204288, "type": "region", "version": 1 }, "end_va": 699720208383, "entry_point": 0, "filename": null, "id": "region_4076", "name": "pagefile_0x000000a2ea930000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 699720204288, "timestamp": "00:01:16.975", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 699720269824, "type": "region", "version": 1 }, "end_va": 699720273919, "entry_point": 0, "filename": null, "id": "region_4077", "name": "private_0x000000a2ea940000", "norm_filename": null, "region_type": "private_memory", "start_va": 699720269824, "timestamp": "00:01:16.975", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 699720335360, "type": "region", "version": 1 }, "end_va": 699720339455, "entry_point": 0, "filename": null, "id": "region_4078", "name": "private_0x000000a2ea950000", "norm_filename": null, "region_type": "private_memory", "start_va": 699720335360, "timestamp": "00:01:16.975", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4169728, "start_va": 699722956800, "type": "region", "version": 1 }, "end_va": 699727126527, "entry_point": 0, "filename": null, "id": "region_4079", "name": "pagefile_0x000000a2eabd0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 699722956800, "timestamp": "00:01:16.975", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 699727151104, "type": "region", "version": 1 }, "end_va": 699727675391, "entry_point": 0, "filename": null, "id": "region_4089", "name": "private_0x000000a2eafd0000", "norm_filename": null, "region_type": "private_memory", "start_va": 699727151104, "timestamp": "00:01:17.016", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 699727675392, "type": "region", "version": 1 }, "end_va": 699728199679, "entry_point": 0, "filename": null, "id": "region_4090", "name": "private_0x000000a2eb050000", "norm_filename": null, "region_type": "private_memory", "start_va": 699727675392, "timestamp": "00:01:17.016", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140694931480576, "type": "region", "version": 1 }, "end_va": 140694931488767, "entry_point": 0, "filename": null, "id": "region_4091", "name": "private_0x00007ff61769a000", "norm_filename": null, "region_type": "private_memory", "start_va": 140694931480576, "timestamp": "00:01:17.016", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140694931488768, "type": "region", "version": 1 }, "end_va": 140694931496959, "entry_point": 0, "filename": null, "id": "region_4092", "name": "private_0x00007ff61769c000", "norm_filename": null, "region_type": "private_memory", "start_va": 140694931488768, "timestamp": "00:01:17.016", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2969600, "start_va": 699728199680, "type": "region", "version": 1 }, "end_va": 699731169279, "entry_point": 699728199680, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_4093", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 699728199680, "timestamp": "00:01:17.017", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 225280, "start_va": 140725023473664, "type": "region", "version": 1 }, "end_va": 140725023698943, "entry_point": 140725023473664, "filename": "\\Windows\\System32\\AudioEndpointBuilder.dll", "id": "region_4094", "name": "audioendpointbuilder.dll", "norm_filename": "c:\\windows\\system32\\audioendpointbuilder.dll", "region_type": "memory_mapped_file", "start_va": 140725023473664, "timestamp": "00:01:17.021", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 155648, "start_va": 140725082062848, "type": "region", "version": 1 }, "end_va": 140725082218495, "entry_point": 140725082086248, "filename": "\\Windows\\System32\\bcrypt.dll", "id": "region_4095", "name": "bcrypt.dll", "norm_filename": "c:\\windows\\system32\\bcrypt.dll", "region_type": "memory_mapped_file", "start_va": 140725082062848, "timestamp": "00:01:17.034", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 303104, "start_va": 140725090320384, "type": "region", "version": 1 }, "end_va": 140725090623487, "entry_point": 140725090325080, "filename": "\\Windows\\System32\\cfgmgr32.dll", "id": "region_4096", "name": "cfgmgr32.dll", "norm_filename": "c:\\windows\\system32\\cfgmgr32.dll", "region_type": "memory_mapped_file", "start_va": 140725090320384, "timestamp": "00:01:17.035", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 397312, "start_va": 140725054210048, "type": "region", "version": 1 }, "end_va": 140725054607359, "entry_point": 140725054288584, "filename": "\\Windows\\System32\\MMDevAPI.dll", "id": "region_4097", "name": "mmdevapi.dll", "norm_filename": "c:\\windows\\system32\\mmdevapi.dll", "region_type": "memory_mapped_file", "start_va": 140725054210048, "timestamp": "00:01:17.036", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 155648, "start_va": 140725068103680, "type": "region", "version": 1 }, "end_va": 140725068259327, "entry_point": 140725068109212, "filename": "\\Windows\\System32\\devobj.dll", "id": "region_4098", "name": "devobj.dll", "norm_filename": "c:\\windows\\system32\\devobj.dll", "region_type": "memory_mapped_file", "start_va": 140725068103680, "timestamp": "00:01:17.038", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 699720400896, "type": "region", "version": 1 }, "end_va": 699720404991, "entry_point": 0, "filename": null, "id": "region_4110", "name": "pagefile_0x000000a2ea960000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 699720400896, "timestamp": "00:01:17.109", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 699731214336, "type": "region", "version": 1 }, "end_va": 699731738623, "entry_point": 0, "filename": null, "id": "region_4111", "name": "private_0x000000a2eb3b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 699731214336, "timestamp": "00:01:17.109", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140694931468288, "type": "region", "version": 1 }, "end_va": 140694931476479, "entry_point": 0, "filename": null, "id": "region_4112", "name": "private_0x00007ff617697000", "norm_filename": null, "region_type": "private_memory", "start_va": 140694931468288, "timestamp": "00:01:17.109", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 671744, "start_va": 140725095825408, "type": "region", "version": 1 }, "end_va": 140725096497151, "entry_point": 140725095829872, "filename": "\\Windows\\System32\\clbcatq.dll", "id": "region_4113", "name": "clbcatq.dll", "norm_filename": "c:\\windows\\system32\\clbcatq.dll", "region_type": "memory_mapped_file", "start_va": 140725095825408, "timestamp": "00:01:17.109", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 699727675392, "type": "region", "version": 1 }, "end_va": 699727679487, "entry_point": 0, "filename": null, "id": "region_4114", "name": "pagefile_0x000000a2eb050000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 699727675392, "timestamp": "00:01:17.111", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 699731738624, "type": "region", "version": 1 }, "end_va": 699732262911, "entry_point": 0, "filename": null, "id": "region_4115", "name": "private_0x000000a2eb430000", "norm_filename": null, "region_type": "private_memory", "start_va": 699731738624, "timestamp": "00:01:17.113", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 699727740928, "type": "region", "version": 1 }, "end_va": 699727745023, "entry_point": 0, "filename": null, "id": "region_4117", "name": "private_0x000000a2eb060000", "norm_filename": null, "region_type": "private_memory", "start_va": 699727740928, "timestamp": "00:01:17.116", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 699727806464, "type": "region", "version": 1 }, "end_va": 699727810559, "entry_point": 0, "filename": null, "id": "region_4118", "name": "private_0x000000a2eb070000", "norm_filename": null, "region_type": "private_memory", "start_va": 699727806464, "timestamp": "00:01:17.116", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 699727872000, "type": "region", "version": 1 }, "end_va": 699727876095, "entry_point": 699727872000, "filename": "\\Windows\\System32\\en-US\\MMDevAPI.dll.mui", "id": "region_4128", "name": "mmdevapi.dll.mui", "norm_filename": "c:\\windows\\system32\\en-us\\mmdevapi.dll.mui", "region_type": "memory_mapped_file", "start_va": 699727872000, "timestamp": "00:01:17.177", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 699727937536, "type": "region", "version": 1 }, "end_va": 699727941631, "entry_point": 0, "filename": null, "id": "region_4135", "name": "private_0x000000a2eb090000", "norm_filename": null, "region_type": "private_memory", "start_va": 699727937536, "timestamp": "00:01:17.294", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 699732262912, "type": "region", "version": 1 }, "end_va": 699732787199, "entry_point": 0, "filename": null, "id": "region_4150", "name": "private_0x000000a2eb4b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 699732262912, "timestamp": "00:01:17.403", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140694931460096, "type": "region", "version": 1 }, "end_va": 140694931468287, "entry_point": 0, "filename": null, "id": "region_4151", "name": "private_0x00007ff617695000", "norm_filename": null, "region_type": "private_memory", "start_va": 140694931460096, "timestamp": "00:01:17.403", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 282624, "start_va": 140725086126080, "type": "region", "version": 1 }, "end_va": 140725086408703, "entry_point": 140725086130832, "filename": "\\Windows\\System32\\powrprof.dll", "id": "region_4152", "name": "powrprof.dll", "norm_filename": "c:\\windows\\system32\\powrprof.dll", "region_type": "memory_mapped_file", "start_va": 140725086126080, "timestamp": "00:01:17.403", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 69632, "start_va": 140725039071232, "type": "region", "version": 1 }, "end_va": 140725039140863, "entry_point": 140725039075456, "filename": "\\Windows\\System32\\wtsapi32.dll", "id": "region_4153", "name": "wtsapi32.dll", "norm_filename": "c:\\windows\\system32\\wtsapi32.dll", "region_type": "memory_mapped_file", "start_va": 140725039071232, "timestamp": "00:01:17.414", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 356352, "start_va": 140725078982656, "type": "region", "version": 1 }, "end_va": 140725079339007, "entry_point": 140725078989424, "filename": "\\Windows\\System32\\winsta.dll", "id": "region_4171", "name": "winsta.dll", "norm_filename": "c:\\windows\\system32\\winsta.dll", "region_type": "memory_mapped_file", "start_va": 140725078982656, "timestamp": "00:01:17.540", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 483328, "start_va": 140725020786688, "type": "region", "version": 1 }, "end_va": 140725021270015, "entry_point": 140725020786688, "filename": "\\Windows\\System32\\pcasvc.dll", "id": "region_6390", "name": "pcasvc.dll", "norm_filename": "c:\\windows\\system32\\pcasvc.dll", "region_type": "memory_mapped_file", "start_va": 140725020786688, "timestamp": "00:01:33.026", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 675840, "start_va": 140725126299648, "type": "region", "version": 1 }, "end_va": 140725126975487, "entry_point": 140725126303760, "filename": "\\Windows\\System32\\advapi32.dll", "id": "region_6428", "name": "advapi32.dll", "norm_filename": "c:\\windows\\system32\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 140725126299648, "timestamp": "00:01:33.281", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 699732787200, "type": "region", "version": 1 }, "end_va": 699733311487, "entry_point": 0, "filename": null, "id": "region_6483", "name": "private_0x000000a2eb530000", "norm_filename": null, "region_type": "private_memory", "start_va": 699732787200, "timestamp": "00:01:33.402", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140694931451904, "type": "region", "version": 1 }, "end_va": 140694931460095, "entry_point": 0, "filename": null, "id": "region_6484", "name": "private_0x00007ff617693000", "norm_filename": null, "region_type": "private_memory", "start_va": 140694931451904, "timestamp": "00:01:33.402", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 114688, "start_va": 140725040906240, "type": "region", "version": 1 }, "end_va": 140725041020927, "entry_point": 140725040906240, "filename": "\\Windows\\System32\\aepic.dll", "id": "region_6485", "name": "aepic.dll", "norm_filename": "c:\\windows\\system32\\aepic.dll", "region_type": "memory_mapped_file", "start_va": 140725040906240, "timestamp": "00:01:33.402", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 569344, "start_va": 140725066203136, "type": "region", "version": 1 }, "end_va": 140725066772479, "entry_point": 140725066207268, "filename": "\\Windows\\System32\\apphelp.dll", "id": "region_6486", "name": "apphelp.dll", "norm_filename": "c:\\windows\\system32\\apphelp.dll", "region_type": "memory_mapped_file", "start_va": 140725066203136, "timestamp": "00:01:33.461", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 126976, "start_va": 140725076557824, "type": "region", "version": 1 }, "end_va": 140725076684799, "entry_point": 140725076562672, "filename": "\\Windows\\System32\\userenv.dll", "id": "region_6487", "name": "userenv.dll", "norm_filename": "c:\\windows\\system32\\userenv.dll", "region_type": "memory_mapped_file", "start_va": 140725076557824, "timestamp": "00:01:33.462", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 65536, "start_va": 140725043462144, "type": "region", "version": 1 }, "end_va": 140725043527679, "entry_point": 140725043462144, "filename": "\\Windows\\System32\\sfc_os.dll", "id": "region_6488", "name": "sfc_os.dll", "norm_filename": "c:\\windows\\system32\\sfc_os.dll", "region_type": "memory_mapped_file", "start_va": 140725043462144, "timestamp": "00:01:33.468", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 140724958855168, "type": "region", "version": 1 }, "end_va": 140724958896127, "entry_point": 140724958859456, "filename": "\\Windows\\System32\\version.dll", "id": "region_6489", "name": "version.dll", "norm_filename": "c:\\windows\\system32\\version.dll", "region_type": "memory_mapped_file", "start_va": 140724958855168, "timestamp": "00:01:33.483", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 81920, "start_va": 140725086453760, "type": "region", "version": 1 }, "end_va": 140725086535679, "entry_point": 140725086468812, "filename": "\\Windows\\System32\\profapi.dll", "id": "region_6490", "name": "profapi.dll", "norm_filename": "c:\\windows\\system32\\profapi.dll", "region_type": "memory_mapped_file", "start_va": 140725086453760, "timestamp": "00:01:33.487", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1257472, "start_va": 140724935196672, "type": "region", "version": 1 }, "end_va": 140724936454143, "entry_point": 140724935196672, "filename": "\\Windows\\System32\\sysmain.dll", "id": "region_6494", "name": "sysmain.dll", "norm_filename": "c:\\windows\\system32\\sysmain.dll", "region_type": "memory_mapped_file", "start_va": 140724935196672, "timestamp": "00:01:33.546", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 699733311488, "type": "region", "version": 1 }, "end_va": 699733835775, "entry_point": 0, "filename": null, "id": "region_6500", "name": "private_0x000000a2eb5b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 699733311488, "timestamp": "00:01:33.598", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140694930251776, "type": "region", "version": 1 }, "end_va": 140694930259967, "entry_point": 0, "filename": null, "id": "region_6501", "name": "private_0x00007ff61756e000", "norm_filename": null, "region_type": "private_memory", "start_va": 140694930251776, "timestamp": "00:01:33.598", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 699733835776, "type": "region", "version": 1 }, "end_va": 699734360063, "entry_point": 0, "filename": null, "id": "region_6502", "name": "private_0x000000a2eb630000", "norm_filename": null, "region_type": "private_memory", "start_va": 699733835776, "timestamp": "00:01:33.599", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 699734360064, "type": "region", "version": 1 }, "end_va": 699734884351, "entry_point": 0, "filename": null, "id": "region_6503", "name": "private_0x000000a2eb6b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 699734360064, "timestamp": "00:01:33.599", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140694930235392, "type": "region", "version": 1 }, "end_va": 140694930243583, "entry_point": 0, "filename": null, "id": "region_6504", "name": "private_0x00007ff61756a000", "norm_filename": null, "region_type": "private_memory", "start_va": 140694930235392, "timestamp": "00:01:33.599", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140694930243584, "type": "region", "version": 1 }, "end_va": 140694930251775, "entry_point": 0, "filename": null, "id": "region_6505", "name": "private_0x00007ff61756c000", "norm_filename": null, "region_type": "private_memory", "start_va": 140694930243584, "timestamp": "00:01:33.599", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 699734884352, "type": "region", "version": 1 }, "end_va": 699735408639, "entry_point": 0, "filename": null, "id": "region_6506", "name": "private_0x000000a2eb730000", "norm_filename": null, "region_type": "private_memory", "start_va": 699734884352, "timestamp": "00:01:33.601", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140694930227200, "type": "region", "version": 1 }, "end_va": 140694930235391, "entry_point": 0, "filename": null, "id": "region_6507", "name": "private_0x00007ff617568000", "norm_filename": null, "region_type": "private_memory", "start_va": 140694930227200, "timestamp": "00:01:33.601", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 699735408640, "type": "region", "version": 1 }, "end_va": 699736457215, "entry_point": 0, "filename": null, "id": "region_6512", "name": "private_0x000000a2eb7b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 699735408640, "timestamp": "00:01:33.632", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1179648, "start_va": 699736457216, "type": "region", "version": 1 }, "end_va": 699737636863, "entry_point": 0, "filename": null, "id": "region_6515", "name": "private_0x000000a2eb8b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 699736457216, "timestamp": "00:01:33.667", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4294967296, "start_va": 699737636864, "type": "region", "version": 1 }, "end_va": 704032604159, "entry_point": 0, "filename": null, "id": "region_6516", "name": "private_0x000000a2eb9d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 699737636864, "timestamp": "00:01:33.752", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 139264, "start_va": 140725020590080, "type": "region", "version": 1 }, "end_va": 140725020729343, "entry_point": 140725020590080, "filename": "\\Windows\\System32\\trkwks.dll", "id": "region_6517", "name": "trkwks.dll", "norm_filename": "c:\\windows\\system32\\trkwks.dll", "region_type": "memory_mapped_file", "start_va": 140725020590080, "timestamp": "00:01:33.753", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 699736457216, "type": "region", "version": 1 }, "end_va": 699736981503, "entry_point": 0, "filename": null, "id": "region_6553", "name": "private_0x000000a2eb8b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 699736457216, "timestamp": "00:01:33.938", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 131072, "start_va": 699737505792, "type": "region", "version": 1 }, "end_va": 699737636863, "entry_point": 0, "filename": null, "id": "region_6554", "name": "private_0x000000a2eb9b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 699737505792, "timestamp": "00:01:33.938", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140694930219008, "type": "region", "version": 1 }, "end_va": 140694930227199, "entry_point": 0, "filename": null, "id": "region_6555", "name": "private_0x00007ff617566000", "norm_filename": null, "region_type": "private_memory", "start_va": 140694930219008, "timestamp": "00:01:33.938", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 167936, "start_va": 140724923662336, "type": "region", "version": 1 }, "end_va": 140724923830271, "entry_point": 140724923662336, "filename": "\\Windows\\System32\\ncbservice.dll", "id": "region_6886", "name": "ncbservice.dll", "norm_filename": "c:\\windows\\system32\\ncbservice.dll", "region_type": "memory_mapped_file", "start_va": 140724923662336, "timestamp": "00:01:36.109", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 360448, "start_va": 140725127020544, "type": "region", "version": 1 }, "end_va": 140725127380991, "entry_point": 140725127024796, "filename": "\\Windows\\System32\\ws2_32.dll", "id": "region_6902", "name": "ws2_32.dll", "norm_filename": "c:\\windows\\system32\\ws2_32.dll", "region_type": "memory_mapped_file", "start_va": 140725127020544, "timestamp": "00:01:36.194", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 167936, "start_va": 140725016985600, "type": "region", "version": 1 }, "end_va": 140725017153535, "entry_point": 140725017016680, "filename": "\\Windows\\System32\\IPHLPAPI.DLL", "id": "region_6903", "name": "iphlpapi.dll", "norm_filename": "c:\\windows\\system32\\iphlpapi.dll", "region_type": "memory_mapped_file", "start_va": 140725016985600, "timestamp": "00:01:36.195", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 749568, "start_va": 140725101002752, "type": "region", "version": 1 }, "end_va": 140725101752319, "entry_point": 140725101007136, "filename": "\\Windows\\System32\\oleaut32.dll", "id": "region_6904", "name": "oleaut32.dll", "norm_filename": "c:\\windows\\system32\\oleaut32.dll", "region_type": "memory_mapped_file", "start_va": 140725101002752, "timestamp": "00:01:36.196", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 36864, "start_va": 140725103886336, "type": "region", "version": 1 }, "end_va": 140725103923199, "entry_point": 140725103891456, "filename": "\\Windows\\System32\\nsi.dll", "id": "region_6905", "name": "nsi.dll", "norm_filename": "c:\\windows\\system32\\nsi.dll", "region_type": "memory_mapped_file", "start_va": 140725103886336, "timestamp": "00:01:36.197", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 147456, "start_va": 140724921827328, "type": "region", "version": 1 }, "end_va": 140724921974783, "entry_point": 140724921827328, "filename": "\\Windows\\System32\\BrokerLib.dll", "id": "region_6947", "name": "brokerlib.dll", "norm_filename": "c:\\windows\\system32\\brokerlib.dll", "region_type": "memory_mapped_file", "start_va": 140724921827328, "timestamp": "00:01:36.374", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 140725016920064, "type": "region", "version": 1 }, "end_va": 140725016961023, "entry_point": 140725016924356, "filename": "\\Windows\\System32\\winnsi.dll", "id": "region_6949", "name": "winnsi.dll", "norm_filename": "c:\\windows\\system32\\winnsi.dll", "region_type": "memory_mapped_file", "start_va": 140725016920064, "timestamp": "00:01:36.445", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 45056, "start_va": 140725038874624, "type": "region", "version": 1 }, "end_va": 140725038919679, "entry_point": 140725038890336, "filename": "\\Windows\\System32\\bi.dll", "id": "region_6959", "name": "bi.dll", "norm_filename": "c:\\windows\\system32\\bi.dll", "region_type": "memory_mapped_file", "start_va": 140725038874624, "timestamp": "00:01:36.522", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1536000, "start_va": 704032604160, "type": "region", "version": 1 }, "end_va": 704034140159, "entry_point": 704032608436, "filename": "\\Windows\\System32\\ole32.dll", "id": "region_6960", "name": "ole32.dll", "norm_filename": "c:\\windows\\system32\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 704032604160, "timestamp": "00:01:36.528", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 98304, "start_va": 140724923269120, "type": "region", "version": 1 }, "end_va": 140724923367423, "entry_point": 140724923269120, "filename": "\\Windows\\System32\\wpdbusenum.dll", "id": "region_6973", "name": "wpdbusenum.dll", "norm_filename": "c:\\windows\\system32\\wpdbusenum.dll", "region_type": "memory_mapped_file", "start_va": 140724923269120, "timestamp": "00:01:36.676", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 679936, "start_va": 140724920254464, "type": "region", "version": 1 }, "end_va": 140724920934399, "entry_point": 140724920254464, "filename": "\\Windows\\System32\\PortableDeviceApi.dll", "id": "region_6974", "name": "portabledeviceapi.dll", "norm_filename": "c:\\windows\\system32\\portabledeviceapi.dll", "region_type": "memory_mapped_file", "start_va": 140724920254464, "timestamp": "00:01:36.715", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 360448, "start_va": 140725079375872, "type": "region", "version": 1 }, "end_va": 140725079736319, "entry_point": 140725079379984, "filename": "\\Windows\\System32\\mswsock.dll", "id": "region_7003", "name": "mswsock.dll", "norm_filename": "c:\\windows\\system32\\mswsock.dll", "region_type": "memory_mapped_file", "start_va": 140725079375872, "timestamp": "00:01:37.183", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1925120, "start_va": 140725101789184, "type": "region", "version": 1 }, "end_va": 140725103714303, "entry_point": 140725101793472, "filename": "\\Windows\\System32\\setupapi.dll", "id": "region_7005", "name": "setupapi.dll", "norm_filename": "c:\\windows\\system32\\setupapi.dll", "region_type": "memory_mapped_file", "start_va": 140725101789184, "timestamp": "00:01:37.195", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 86016, "start_va": 140724917633024, "type": "region", "version": 1 }, "end_va": 140724917719039, "entry_point": 140724917633024, "filename": "\\Windows\\System32\\PortableDeviceConnectApi.dll", "id": "region_7023", "name": "portabledeviceconnectapi.dll", "norm_filename": "c:\\windows\\system32\\portabledeviceconnectapi.dll", "region_type": "memory_mapped_file", "start_va": 140724917633024, "timestamp": "00:01:37.244", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 319488, "start_va": 140725089992704, "type": "region", "version": 1 }, "end_va": 140725090312191, "entry_point": 140725089997432, "filename": "\\Windows\\System32\\wintrust.dll", "id": "region_7030", "name": "wintrust.dll", "norm_filename": "c:\\windows\\system32\\wintrust.dll", "region_type": "memory_mapped_file", "start_va": 140725089992704, "timestamp": "00:01:37.479", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1929216, "start_va": 140725088026624, "type": "region", "version": 1 }, "end_va": 140725089955839, "entry_point": 140725088030884, "filename": "\\Windows\\System32\\crypt32.dll", "id": "region_7031", "name": "crypt32.dll", "norm_filename": "c:\\windows\\system32\\crypt32.dll", "region_type": "memory_mapped_file", "start_va": 140725088026624, "timestamp": "00:01:37.481", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 73728, "start_va": 140725087174656, "type": "region", "version": 1 }, "end_va": 140725087248383, "entry_point": 140725087178996, "filename": "\\Windows\\System32\\msasn1.dll", "id": "region_7032", "name": "msasn1.dll", "norm_filename": "c:\\windows\\system32\\msasn1.dll", "region_type": "memory_mapped_file", "start_va": 140725087174656, "timestamp": "00:01:37.482", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 331776, "start_va": 140725095038976, "type": "region", "version": 1 }, "end_va": 140725095370751, "entry_point": 140725095043776, "filename": "\\Windows\\System32\\shlwapi.dll", "id": "region_7033", "name": "shlwapi.dll", "norm_filename": "c:\\windows\\system32\\shlwapi.dll", "region_type": "memory_mapped_file", "start_va": 140725095038976, "timestamp": "00:01:37.486", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 659456, "start_va": 140725060108288, "type": "region", "version": 1 }, "end_va": 140725060767743, "entry_point": 140725060112544, "filename": "\\Windows\\System32\\SHCore.dll", "id": "region_7034", "name": "shcore.dll", "norm_filename": "c:\\windows\\system32\\shcore.dll", "region_type": "memory_mapped_file", "start_va": 140725060108288, "timestamp": "00:01:37.488", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 699736981504, "type": "region", "version": 1 }, "end_va": 699737505791, "entry_point": 0, "filename": null, "id": "region_7136", "name": "private_0x000000a2eb930000", "norm_filename": null, "region_type": "private_memory", "start_va": 699736981504, "timestamp": "00:01:37.971", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140694930210816, "type": "region", "version": 1 }, "end_va": 140694930219007, "entry_point": 0, "filename": null, "id": "region_7137", "name": "private_0x00007ff617564000", "norm_filename": null, "region_type": "private_memory", "start_va": 140694930210816, "timestamp": "00:01:37.971", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 749568, "start_va": 140724997980160, "type": "region", "version": 1 }, "end_va": 140724998729727, "entry_point": 140724997984424, "filename": "\\Windows\\System32\\twinapi.dll", "id": "region_7138", "name": "twinapi.dll", "norm_filename": "c:\\windows\\system32\\twinapi.dll", "region_type": "memory_mapped_file", "start_va": 140724997980160, "timestamp": "00:01:37.971", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 704032604160, "type": "region", "version": 1 }, "end_va": 704033652735, "entry_point": 0, "filename": null, "id": "region_7139", "name": "private_0x000000a3eb9d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 704032604160, "timestamp": "00:01:37.975", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 249856, "start_va": 140724958986240, "type": "region", "version": 1 }, "end_va": 140724959236095, "entry_point": 140724959009020, "filename": "\\Windows\\System32\\netprofm.dll", "id": "region_7213", "name": "netprofm.dll", "norm_filename": "c:\\windows\\system32\\netprofm.dll", "region_type": "memory_mapped_file", "start_va": 140724958986240, "timestamp": "00:01:38.414", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 122880, "start_va": 140725079769088, "type": "region", "version": 1 }, "end_va": 140725079891967, "entry_point": 140725079773640, "filename": "\\Windows\\System32\\cryptsp.dll", "id": "region_7214", "name": "cryptsp.dll", "norm_filename": "c:\\windows\\system32\\cryptsp.dll", "region_type": "memory_mapped_file", "start_va": 140725079769088, "timestamp": "00:01:38.417", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 217088, "start_va": 140725075443712, "type": "region", "version": 1 }, "end_va": 140725075660799, "entry_point": 140725075448792, "filename": "\\Windows\\System32\\rsaenh.dll", "id": "region_7215", "name": "rsaenh.dll", "norm_filename": "c:\\windows\\system32\\rsaenh.dll", "region_type": "memory_mapped_file", "start_va": 140725075443712, "timestamp": "00:01:38.419", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 57344, "start_va": 140724922286080, "type": "region", "version": 1 }, "end_va": 140724922343423, "entry_point": 140724922314740, "filename": "\\Windows\\System32\\npmproxy.dll", "id": "region_7239", "name": "npmproxy.dll", "norm_filename": "c:\\windows\\system32\\npmproxy.dll", "region_type": "memory_mapped_file", "start_va": 140724922286080, "timestamp": "00:01:38.687", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 704033652736, "type": "region", "version": 1 }, "end_va": 704034177023, "entry_point": 0, "filename": null, "id": "region_7395", "name": "private_0x000000a3ebad0000", "norm_filename": null, "region_type": "private_memory", "start_va": 704033652736, "timestamp": "00:01:40.216", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140694930202624, "type": "region", "version": 1 }, "end_va": 140694930210815, "entry_point": 0, "filename": null, "id": "region_7396", "name": "private_0x00007ff617562000", "norm_filename": null, "region_type": "private_memory", "start_va": 140694930202624, "timestamp": "00:01:40.216", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 196608, "start_va": 140725028847616, "type": "region", "version": 1 }, "end_va": 140725029044223, "entry_point": 140725028871328, "filename": "\\Windows\\System32\\ntmarta.dll", "id": "region_9291", "name": "ntmarta.dll", "norm_filename": "c:\\windows\\system32\\ntmarta.dll", "region_type": "memory_mapped_file", "start_va": 140725028847616, "timestamp": "00:02:13.872", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1691648, "start_va": 140725023735808, "type": "region", "version": 1 }, "end_va": 140725025427455, "entry_point": 140725023740764, "filename": "\\Windows\\System32\\taskschd.dll", "id": "region_9298", "name": "taskschd.dll", "norm_filename": "c:\\windows\\system32\\taskschd.dll", "region_type": "memory_mapped_file", "start_va": 140725023735808, "timestamp": "00:02:14.025", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 176128, "start_va": 140725084618752, "type": "region", "version": 1 }, "end_va": 140725084794879, "entry_point": 140725084624016, "filename": "\\Windows\\System32\\sspicli.dll", "id": "region_9299", "name": "sspicli.dll", "norm_filename": "c:\\windows\\system32\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 140725084618752, "timestamp": "00:02:14.027", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 229376, "start_va": 140725031206912, "type": "region", "version": 1 }, "end_va": 140725031436287, "entry_point": 140725031211060, "filename": "\\Windows\\System32\\xmllite.dll", "id": "region_9311", "name": "xmllite.dll", "norm_filename": "c:\\windows\\system32\\xmllite.dll", "region_type": "memory_mapped_file", "start_va": 140725031206912, "timestamp": "00:02:14.064", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 704034177024, "type": "region", "version": 1 }, "end_va": 704035225599, "entry_point": 0, "filename": null, "id": "region_9316", "name": "private_0x000000a3ebb50000", "norm_filename": null, "region_type": "private_memory", "start_va": 704034177024, "timestamp": "00:02:14.142", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 200704, "start_va": 699731214336, "type": "region", "version": 1 }, "end_va": 699731415039, "entry_point": 0, "filename": null, "id": "region_9328", "name": "private_0x000000a2eb3b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 699731214336, "timestamp": "00:02:14.930", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 699728003072, "type": "region", "version": 1 }, "end_va": 699728011263, "entry_point": 0, "filename": null, "id": "region_9329", "name": "private_0x000000a2eb0a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 699728003072, "timestamp": "00:02:14.930", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 28672, "start_va": 699727937536, "type": "region", "version": 1 }, "end_va": 699727966207, "entry_point": 0, "filename": null, "id": "region_9330", "name": "private_0x000000a2eb090000", "norm_filename": null, "region_type": "private_memory", "start_va": 699727937536, "timestamp": "00:02:14.932", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 699728003072, "type": "region", "version": 1 }, "end_va": 699728007167, "entry_point": 0, "filename": null, "id": "region_9331", "name": "private_0x000000a2eb0a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 699728003072, "timestamp": "00:02:14.933", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 699728068608, "type": "region", "version": 1 }, "end_va": 699728076799, "entry_point": 0, "filename": null, "id": "region_9332", "name": "private_0x000000a2eb0b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 699728068608, "timestamp": "00:02:14.933", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 36864, "start_va": 140724930347008, "type": "region", "version": 1 }, "end_va": 140724930383871, "entry_point": 140724930347008, "filename": "\\Windows\\System32\\SystemEventsBrokerClient.dll", "id": "region_9336", "name": "systemeventsbrokerclient.dll", "norm_filename": "c:\\windows\\system32\\systemeventsbrokerclient.dll", "region_type": "memory_mapped_file", "start_va": 140724930347008, "timestamp": "00:02:14.953", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 699728003072, "type": "region", "version": 1 }, "end_va": 699728015359, "entry_point": 0, "filename": null, "id": "region_9337", "name": "private_0x000000a2eb0a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 699728003072, "timestamp": "00:02:14.964", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 699728003072, "type": "region", "version": 1 }, "end_va": 699728007167, "entry_point": 699728003072, "filename": "\\Windows\\Prefetch\\PfSvPerfStats.bin", "id": "region_9339", "name": "pfsvperfstats.bin", "norm_filename": "c:\\windows\\prefetch\\pfsvperfstats.bin", "region_type": "memory_mapped_file", "start_va": 699728003072, "timestamp": "00:02:14.965", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 704035225600, "type": "region", "version": 1 }, "end_va": 704035749887, "entry_point": 0, "filename": null, "id": "region_9341", "name": "private_0x000000a3ebc50000", "norm_filename": null, "region_type": "private_memory", "start_va": 704035225600, "timestamp": "00:02:15.026", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140694930194432, "type": "region", "version": 1 }, "end_va": 140694930202623, "entry_point": 0, "filename": null, "id": "region_9342", "name": "private_0x00007ff617560000", "norm_filename": null, "region_type": "private_memory", "start_va": 140694930194432, "timestamp": "00:02:15.026", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1531904, "start_va": 140725096546304, "type": "region", "version": 1 }, "end_va": 140725098078207, "entry_point": 140725096550580, "filename": "\\Windows\\System32\\ole32.dll", "id": "region_9344", "name": "ole32.dll", "norm_filename": "c:\\windows\\system32\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 140725096546304, "timestamp": "00:02:15.027", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 163840, "start_va": 699728003072, "type": "region", "version": 1 }, "end_va": 699728166911, "entry_point": 0, "filename": null, "id": "region_9345", "name": "private_0x000000a2eb0a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 699728003072, "timestamp": "00:02:15.030", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 704035749888, "type": "region", "version": 1 }, "end_va": 704035753983, "entry_point": 0, "filename": null, "id": "region_9346", "name": "pagefile_0x000000a3ebcd0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 704035749888, "timestamp": "00:02:15.042", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2813952, "start_va": 140724980547584, "type": "region", "version": 1 }, "end_va": 140724983361535, "entry_point": 140724980555492, "filename": "\\Windows\\System32\\actxprxy.dll", "id": "region_9347", "name": "actxprxy.dll", "norm_filename": "c:\\windows\\system32\\actxprxy.dll", "region_type": "memory_mapped_file", "start_va": 140724980547584, "timestamp": "00:02:15.046", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 28672, "start_va": 704035815424, "type": "region", "version": 1 }, "end_va": 704035844095, "entry_point": 704035815424, "filename": "\\Windows\\Prefetch\\DLLHOST.EXE-74CFCB84.pf", "id": "region_9348", "name": "dllhost.exe-74cfcb84.pf", "norm_filename": "c:\\windows\\prefetch\\dllhost.exe-74cfcb84.pf", "region_type": "memory_mapped_file", "start_va": 704035815424, "timestamp": "00:02:15.065", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 2097152, "start_va": 704035880960, "type": "region", "version": 1 }, "end_va": 704037978111, "entry_point": 0, "filename": null, "id": "region_9349", "name": "private_0x000000a3ebcf0000", "norm_filename": null, "region_type": "private_memory", "start_va": 704035880960, "timestamp": "00:02:15.065", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 704035815424, "type": "region", "version": 1 }, "end_va": 704035831807, "entry_point": 704035815424, "filename": "\\Windows\\Prefetch\\ARMSVC.EXE-28C8C2BA.pf", "id": "region_9350", "name": "armsvc.exe-28c8c2ba.pf", "norm_filename": "c:\\windows\\prefetch\\armsvc.exe-28c8c2ba.pf", "region_type": "memory_mapped_file", "start_va": 704035815424, "timestamp": "00:02:15.074", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 57344, "start_va": 704035225600, "type": "region", "version": 1 }, "end_va": 704035282943, "entry_point": 704035225600, "filename": "\\Windows\\Prefetch\\TASKHOST.EXE-9D9F554C.pf", "id": "region_9353", "name": "taskhost.exe-9d9f554c.pf", "norm_filename": "c:\\windows\\prefetch\\taskhost.exe-9d9f554c.pf", "region_type": "memory_mapped_file", "start_va": 704035225600, "timestamp": "00:02:15.094", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20480, "start_va": 704035225600, "type": "region", "version": 1 }, "end_va": 704035246079, "entry_point": 704035225600, "filename": "\\Windows\\Prefetch\\SVCHOST.EXE-135A30D8.pf", "id": "region_9354", "name": "svchost.exe-135a30d8.pf", "norm_filename": "c:\\windows\\prefetch\\svchost.exe-135a30d8.pf", "region_type": "memory_mapped_file", "start_va": 704035225600, "timestamp": "00:02:15.102", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 28672, "start_va": 704035225600, "type": "region", "version": 1 }, "end_va": 704035254271, "entry_point": 704035225600, "filename": "\\Windows\\Prefetch\\MOBSYNC.EXE-D8BC6ED2.pf", "id": "region_9355", "name": "mobsync.exe-d8bc6ed2.pf", "norm_filename": "c:\\windows\\prefetch\\mobsync.exe-d8bc6ed2.pf", "region_type": "memory_mapped_file", "start_va": 704035225600, "timestamp": "00:02:15.107", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 24576, "start_va": 704035225600, "type": "region", "version": 1 }, "end_va": 704035250175, "entry_point": 704035225600, "filename": "\\Windows\\Prefetch\\AUDIODG.EXE-D0D776AC.pf", "id": "region_9356", "name": "audiodg.exe-d0d776ac.pf", "norm_filename": "c:\\windows\\prefetch\\audiodg.exe-d0d776ac.pf", "region_type": "memory_mapped_file", "start_va": 704035225600, "timestamp": "00:02:15.112", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 699731214336, "type": "region", "version": 1 }, "end_va": 699731230719, "entry_point": 699731214336, "filename": "\\Windows\\Prefetch\\THUMBNAILEXTRACTIONHOST.EXE-64F19B6A.pf", "id": "region_9761", "name": "thumbnailextractionhost.exe-64f19b6a.pf", "norm_filename": "c:\\windows\\prefetch\\thumbnailextractionhost.exe-64f19b6a.pf", "region_type": "memory_mapped_file", "start_va": 699731214336, "timestamp": "00:02:21.628", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 90112, "start_va": 699731214336, "type": "region", "version": 1 }, "end_va": 699731304447, "entry_point": 699731214336, "filename": "\\Windows\\Prefetch\\SPPSVC.EXE-CBE91656.pf", "id": "region_10979", "name": "sppsvc.exe-cbe91656.pf", "norm_filename": "c:\\windows\\prefetch\\sppsvc.exe-cbe91656.pf", "region_type": "memory_mapped_file", "start_va": 699731214336, "timestamp": "00:03:45.536", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 167936, "start_va": 699731214336, "type": "region", "version": 1 }, "end_va": 699731382271, "entry_point": 0, "filename": null, "id": "region_10991", "name": "private_0x000000a2eb3b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 699731214336, "timestamp": "00:04:25.352", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 626688, "start_va": 704037978112, "type": "region", "version": 1 }, "end_va": 704038604799, "entry_point": 0, "filename": null, "id": "region_10992", "name": "private_0x000000a3ebef0000", "norm_filename": null, "region_type": "private_memory", "start_va": 704037978112, "timestamp": "00:04:25.375", "type": "region", "version": 1 } ], "terminate_reason": "timeout", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "C:\\Windows\\system32\\svchost.exe -k NetworkService", "filename": "c:\\windows\\system32\\svchost.exe", "id": "proc_49", "image_name": "svchost.exe", "monitor_reason": "child_process", "monitored_id": 49, "origin_monitor_id": 39, "ref_parent_process": { "ref_id": "proc_39", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable" ], "ref_process_dump": null, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_4337", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:01:19.523", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 131072, "start_va": 813969440768, "type": "region", "version": 1 }, "end_va": 813969571839, "entry_point": 0, "filename": null, "id": "region_4338", "name": "private_0x000000bd845c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 813969440768, "timestamp": "00:01:19.523", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 61440, "start_va": 813969571840, "type": "region", "version": 1 }, "end_va": 813969633279, "entry_point": 0, "filename": null, "id": "region_4339", "name": "pagefile_0x000000bd845e0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 813969571840, "timestamp": "00:01:19.523", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 813969637376, "type": "region", "version": 1 }, "end_va": 813970161663, "entry_point": 0, "filename": null, "id": "region_4340", "name": "private_0x000000bd845f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 813969637376, "timestamp": "00:01:19.523", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 813970161664, "type": "region", "version": 1 }, "end_va": 813970178047, "entry_point": 0, "filename": null, "id": "region_4341", "name": "pagefile_0x000000bd84670000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 813970161664, "timestamp": "00:01:19.523", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 140694928031744, "type": "region", "version": 1 }, "end_va": 140694928175103, "entry_point": 0, "filename": null, "id": "region_4342", "name": "pagefile_0x00007ff617350000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 140694928031744, "timestamp": "00:01:19.523", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140694928211968, "type": "region", "version": 1 }, "end_va": 140694928220159, "entry_point": 0, "filename": null, "id": "region_4343", "name": "private_0x00007ff61737c000", "norm_filename": null, "region_type": "private_memory", "start_va": 140694928211968, "timestamp": "00:01:19.523", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 140694928220160, "type": "region", "version": 1 }, "end_va": 140694928224255, "entry_point": 0, "filename": null, "id": "region_4344", "name": "private_0x00007ff61737e000", "norm_filename": null, "region_type": "private_memory", "start_va": 140694928220160, "timestamp": "00:01:19.523", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 140694944612352, "type": "region", "version": 1 }, "end_va": 140694944661503, "entry_point": 140694944620940, "filename": "\\Windows\\System32\\svchost.exe", "id": "region_4345", "name": "svchost.exe", "norm_filename": "c:\\windows\\system32\\svchost.exe", "region_type": "memory_mapped_file", "start_va": 140694944612352, "timestamp": "00:01:19.523", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 140725133115392, "type": "region", "version": 1 }, "end_va": 140725134856191, "entry_point": 140725133115392, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_4346", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 140725133115392, "timestamp": "00:01:19.524", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 813970227200, "type": "region", "version": 1 }, "end_va": 813970231295, "entry_point": 0, "filename": null, "id": "region_4347", "name": "pagefile_0x000000bd84680000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 813970227200, "timestamp": "00:01:19.525", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 813970292736, "type": "region", "version": 1 }, "end_va": 813970300927, "entry_point": 0, "filename": null, "id": "region_4348", "name": "private_0x000000bd84690000", "norm_filename": null, "region_type": "private_memory", "start_va": 813970292736, "timestamp": "00:01:19.525", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 813971734528, "type": "region", "version": 1 }, "end_va": 813972783103, "entry_point": 0, "filename": null, "id": "region_4350", "name": "private_0x000000bd847f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 813971734528, "timestamp": "00:01:19.576", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1105920, "start_va": 140725090648064, "type": "region", "version": 1 }, "end_va": 140725091753983, "entry_point": 140725090656928, "filename": "\\Windows\\System32\\KernelBase.dll", "id": "region_4351", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\system32\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 140725090648064, "timestamp": "00:01:19.577", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1282048, "start_va": 140725124988928, "type": "region", "version": 1 }, "end_va": 140725126270975, "entry_point": 140725125009460, "filename": "\\Windows\\System32\\kernel32.dll", "id": "region_4352", "name": "kernel32.dll", "norm_filename": "c:\\windows\\system32\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 140725124988928, "timestamp": "00:01:19.578", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 813969440768, "type": "region", "version": 1 }, "end_va": 813969506303, "entry_point": 0, "filename": null, "id": "region_4353", "name": "pagefile_0x000000bd845c0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 813969440768, "timestamp": "00:01:19.581", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 140694926983168, "type": "region", "version": 1 }, "end_va": 140694928031743, "entry_point": 0, "filename": null, "id": "region_4354", "name": "pagefile_0x00007ff617250000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 140694926983168, "timestamp": "00:01:19.581", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 516096, "start_va": 813970358272, "type": "region", "version": 1 }, "end_va": 813970874367, "entry_point": 813970358272, "filename": "\\Windows\\System32\\locale.nls", "id": "region_4355", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 813970358272, "timestamp": "00:01:19.583", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 356352, "start_va": 140725098184704, "type": "region", "version": 1 }, "end_va": 140725098541055, "entry_point": 140725098194176, "filename": "\\Windows\\System32\\sechost.dll", "id": "region_4356", "name": "sechost.dll", "norm_filename": "c:\\windows\\system32\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 140725098184704, "timestamp": "00:01:19.584", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1269760, "start_va": 140725127806976, "type": "region", "version": 1 }, "end_va": 140725129076735, "entry_point": 140725127811408, "filename": "\\Windows\\System32\\rpcrt4.dll", "id": "region_4357", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\system32\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 140725127806976, "timestamp": "00:01:19.584", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1929216, "start_va": 140725131149312, "type": "region", "version": 1 }, "end_va": 140725133078527, "entry_point": 140725131157344, "filename": "\\Windows\\System32\\combase.dll", "id": "region_4358", "name": "combase.dll", "norm_filename": "c:\\windows\\system32\\combase.dll", "region_type": "memory_mapped_file", "start_va": 140725131149312, "timestamp": "00:01:19.588", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 684032, "start_va": 140725098577920, "type": "region", "version": 1 }, "end_va": 140725099261951, "entry_point": 140725098588204, "filename": "\\Windows\\System32\\msvcrt.dll", "id": "region_4359", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\system32\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 140725098577920, "timestamp": "00:01:19.589", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 813972783104, "type": "region", "version": 1 }, "end_va": 813973831679, "entry_point": 0, "filename": null, "id": "region_4360", "name": "private_0x000000bd848f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 813972783104, "timestamp": "00:01:19.591", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 28672, "start_va": 813969506304, "type": "region", "version": 1 }, "end_va": 813969534975, "entry_point": 0, "filename": null, "id": "region_4361", "name": "private_0x000000bd845d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 813969506304, "timestamp": "00:01:19.591", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 761856, "start_va": 813970882560, "type": "region", "version": 1 }, "end_va": 813971644415, "entry_point": 813971064680, "filename": "\\Windows\\System32\\rpcss.dll", "id": "region_4362", "name": "rpcss.dll", "norm_filename": "c:\\windows\\system32\\rpcss.dll", "region_type": "memory_mapped_file", "start_va": 813970882560, "timestamp": "00:01:19.594", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 140725068431360, "type": "region", "version": 1 }, "end_va": 140725068472319, "entry_point": 140725068437320, "filename": "\\Windows\\System32\\kernel.appcore.dll", "id": "region_4363", "name": "kernel.appcore.dll", "norm_filename": "c:\\windows\\system32\\kernel.appcore.dll", "region_type": "memory_mapped_file", "start_va": 140725068431360, "timestamp": "00:01:19.596", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 140725085208576, "type": "region", "version": 1 }, "end_va": 140725085249535, "entry_point": 140725085212688, "filename": "\\Windows\\System32\\cryptbase.dll", "id": "region_4364", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\system32\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 140725085208576, "timestamp": "00:01:19.598", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 28672, "start_va": 813970882560, "type": "region", "version": 1 }, "end_va": 813970911231, "entry_point": 0, "filename": null, "id": "region_4365", "name": "private_0x000000bd84720000", "norm_filename": null, "region_type": "private_memory", "start_va": 813970882560, "timestamp": "00:01:19.599", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 385024, "start_va": 140725084815360, "type": "region", "version": 1 }, "end_va": 140725085200383, "entry_point": 140725084944032, "filename": "\\Windows\\System32\\bcryptprimitives.dll", "id": "region_4366", "name": "bcryptprimitives.dll", "norm_filename": "c:\\windows\\system32\\bcryptprimitives.dll", "region_type": "memory_mapped_file", "start_va": 140725084815360, "timestamp": "00:01:19.599", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1511424, "start_va": 140725093466112, "type": "region", "version": 1 }, "end_va": 140725094977535, "entry_point": 140725093620416, "filename": "\\Windows\\System32\\user32.dll", "id": "region_4367", "name": "user32.dll", "norm_filename": "c:\\windows\\system32\\user32.dll", "region_type": "memory_mapped_file", "start_va": 140725093466112, "timestamp": "00:01:19.601", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1331200, "start_va": 140725129773056, "type": "region", "version": 1 }, "end_va": 140725131104255, "entry_point": 140725129845848, "filename": "\\Windows\\System32\\gdi32.dll", "id": "region_4368", "name": "gdi32.dll", "norm_filename": "c:\\windows\\system32\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 140725129773056, "timestamp": "00:01:19.602", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 786432, "start_va": 813970948096, "type": "region", "version": 1 }, "end_va": 813971734527, "entry_point": 0, "filename": null, "id": "region_4369", "name": "pagefile_0x000000bd84730000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 813970948096, "timestamp": "00:01:19.606", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 813973831680, "type": "region", "version": 1 }, "end_va": 813975437311, "entry_point": 0, "filename": null, "id": "region_4370", "name": "pagefile_0x000000bd849f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 813973831680, "timestamp": "00:01:19.606", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 813975470080, "type": "region", "version": 1 }, "end_va": 813977047039, "entry_point": 0, "filename": null, "id": "region_4371", "name": "pagefile_0x000000bd84b80000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 813975470080, "timestamp": "00:01:19.606", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 12288, "start_va": 813972783104, "type": "region", "version": 1 }, "end_va": 813972795391, "entry_point": 0, "filename": null, "id": "region_4372", "name": "pagefile_0x000000bd848f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 813972783104, "timestamp": "00:01:19.610", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 813972848640, "type": "region", "version": 1 }, "end_va": 813972852735, "entry_point": 0, "filename": null, "id": "region_4373", "name": "pagefile_0x000000bd84900000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 813972848640, "timestamp": "00:01:19.610", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 813972914176, "type": "region", "version": 1 }, "end_va": 813972918271, "entry_point": 0, "filename": null, "id": "region_4374", "name": "private_0x000000bd84910000", "norm_filename": null, "region_type": "private_memory", "start_va": 813972914176, "timestamp": "00:01:19.610", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 813972979712, "type": "region", "version": 1 }, "end_va": 813972983807, "entry_point": 0, "filename": null, "id": "region_4375", "name": "private_0x000000bd84920000", "norm_filename": null, "region_type": "private_memory", "start_va": 813972979712, "timestamp": "00:01:19.610", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 813973766144, "type": "region", "version": 1 }, "end_va": 813973831679, "entry_point": 0, "filename": null, "id": "region_4376", "name": "private_0x000000bd849e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 813973766144, "timestamp": "00:01:19.610", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4169728, "start_va": 813977108480, "type": "region", "version": 1 }, "end_va": 813981278207, "entry_point": 0, "filename": null, "id": "region_4377", "name": "pagefile_0x000000bd84d10000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 813977108480, "timestamp": "00:01:19.610", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 813973045248, "type": "region", "version": 1 }, "end_va": 813973569535, "entry_point": 0, "filename": null, "id": "region_4380", "name": "private_0x000000bd84930000", "norm_filename": null, "region_type": "private_memory", "start_va": 813973045248, "timestamp": "00:01:19.660", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 813981302784, "type": "region", "version": 1 }, "end_va": 813981827071, "entry_point": 0, "filename": null, "id": "region_4381", "name": "private_0x000000bd85110000", "norm_filename": null, "region_type": "private_memory", "start_va": 813981302784, "timestamp": "00:01:19.660", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140694928195584, "type": "region", "version": 1 }, "end_va": 140694928203775, "entry_point": 0, "filename": null, "id": "region_4382", "name": "private_0x00007ff617378000", "norm_filename": null, "region_type": "private_memory", "start_va": 140694928195584, "timestamp": "00:01:19.660", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140694928203776, "type": "region", "version": 1 }, "end_va": 140694928211967, "entry_point": 0, "filename": null, "id": "region_4383", "name": "private_0x00007ff61737a000", "norm_filename": null, "region_type": "private_memory", "start_va": 140694928203776, "timestamp": "00:01:19.660", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2969600, "start_va": 813981827072, "type": "region", "version": 1 }, "end_va": 813984796671, "entry_point": 813981827072, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_4384", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 813981827072, "timestamp": "00:01:19.661", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 270336, "start_va": 140725009776640, "type": "region", "version": 1 }, "end_va": 140725010046975, "entry_point": 140725009776640, "filename": "\\Windows\\System32\\dnsrslvr.dll", "id": "region_4388", "name": "dnsrslvr.dll", "norm_filename": "c:\\windows\\system32\\dnsrslvr.dll", "region_type": "memory_mapped_file", "start_va": 140725009776640, "timestamp": "00:01:19.673", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 360448, "start_va": 140725127020544, "type": "region", "version": 1 }, "end_va": 140725127380991, "entry_point": 140725127024796, "filename": "\\Windows\\System32\\ws2_32.dll", "id": "region_4397", "name": "ws2_32.dll", "norm_filename": "c:\\windows\\system32\\ws2_32.dll", "region_type": "memory_mapped_file", "start_va": 140725127020544, "timestamp": "00:01:19.731", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 667648, "start_va": 140725076951040, "type": "region", "version": 1 }, "end_va": 140725077618687, "entry_point": 140725077040104, "filename": "\\Windows\\System32\\dnsapi.dll", "id": "region_4398", "name": "dnsapi.dll", "norm_filename": "c:\\windows\\system32\\dnsapi.dll", "region_type": "memory_mapped_file", "start_va": 140725076951040, "timestamp": "00:01:19.732", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 140725016920064, "type": "region", "version": 1 }, "end_va": 140725016961023, "entry_point": 140725016924356, "filename": "\\Windows\\System32\\winnsi.dll", "id": "region_4399", "name": "winnsi.dll", "norm_filename": "c:\\windows\\system32\\winnsi.dll", "region_type": "memory_mapped_file", "start_va": 140725016920064, "timestamp": "00:01:19.734", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 36864, "start_va": 140725103886336, "type": "region", "version": 1 }, "end_va": 140725103923199, "entry_point": 140725103891456, "filename": "\\Windows\\System32\\nsi.dll", "id": "region_4400", "name": "nsi.dll", "norm_filename": "c:\\windows\\system32\\nsi.dll", "region_type": "memory_mapped_file", "start_va": 140725103886336, "timestamp": "00:01:19.735", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 421888, "start_va": 140725008334848, "type": "region", "version": 1 }, "end_va": 140725008756735, "entry_point": 140725008334848, "filename": "\\Windows\\System32\\FWPUCLNT.DLL", "id": "region_4415", "name": "fwpuclnt.dll", "norm_filename": "c:\\windows\\system32\\fwpuclnt.dll", "region_type": "memory_mapped_file", "start_va": 140725008334848, "timestamp": "00:01:19.786", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 140725007941632, "type": "region", "version": 1 }, "end_va": 140725007974399, "entry_point": 140725007941632, "filename": "\\Windows\\System32\\dnsext.dll", "id": "region_4437", "name": "dnsext.dll", "norm_filename": "c:\\windows\\system32\\dnsext.dll", "region_type": "memory_mapped_file", "start_va": 140725007941632, "timestamp": "00:01:19.877", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 126976, "start_va": 140725076557824, "type": "region", "version": 1 }, "end_va": 140725076684799, "entry_point": 140725076562672, "filename": "\\Windows\\System32\\userenv.dll", "id": "region_4438", "name": "userenv.dll", "norm_filename": "c:\\windows\\system32\\userenv.dll", "region_type": "memory_mapped_file", "start_va": 140725076557824, "timestamp": "00:01:19.881", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 81920, "start_va": 140725086453760, "type": "region", "version": 1 }, "end_va": 140725086535679, "entry_point": 140725086468812, "filename": "\\Windows\\System32\\profapi.dll", "id": "region_4439", "name": "profapi.dll", "norm_filename": "c:\\windows\\system32\\profapi.dll", "region_type": "memory_mapped_file", "start_va": 140725086453760, "timestamp": "00:01:19.882", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 813984841728, "type": "region", "version": 1 }, "end_va": 813985366015, "entry_point": 0, "filename": null, "id": "region_4440", "name": "private_0x000000bd85470000", "norm_filename": null, "region_type": "private_memory", "start_va": 813984841728, "timestamp": "00:01:19.886", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140694928187392, "type": "region", "version": 1 }, "end_va": 140694928195583, "entry_point": 0, "filename": null, "id": "region_4441", "name": "private_0x00007ff617376000", "norm_filename": null, "region_type": "private_memory", "start_va": 140694928187392, "timestamp": "00:01:19.886", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 143360, "start_va": 140725071773696, "type": "region", "version": 1 }, "end_va": 140725071917055, "entry_point": 140725071777952, "filename": "\\Windows\\System32\\gpapi.dll", "id": "region_4442", "name": "gpapi.dll", "norm_filename": "c:\\windows\\system32\\gpapi.dll", "region_type": "memory_mapped_file", "start_va": 140725071773696, "timestamp": "00:01:19.893", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 813985366016, "type": "region", "version": 1 }, "end_va": 813985890303, "entry_point": 0, "filename": null, "id": "region_4511", "name": "private_0x000000bd854f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 813985366016, "timestamp": "00:01:20.088", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 813985890304, "type": "region", "version": 1 }, "end_va": 813986414591, "entry_point": 0, "filename": null, "id": "region_4512", "name": "private_0x000000bd85570000", "norm_filename": null, "region_type": "private_memory", "start_va": 813985890304, "timestamp": "00:01:20.088", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140694926974976, "type": "region", "version": 1 }, "end_va": 140694926983167, "entry_point": 0, "filename": null, "id": "region_4513", "name": "private_0x00007ff61724e000", "norm_filename": null, "region_type": "private_memory", "start_va": 140694926974976, "timestamp": "00:01:20.088", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140694928179200, "type": "region", "version": 1 }, "end_va": 140694928187391, "entry_point": 0, "filename": null, "id": "region_4514", "name": "private_0x00007ff617374000", "norm_filename": null, "region_type": "private_memory", "start_va": 140694928179200, "timestamp": "00:01:20.088", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 167936, "start_va": 140725016985600, "type": "region", "version": 1 }, "end_va": 140725017153535, "entry_point": 140725017016680, "filename": "\\Windows\\System32\\IPHLPAPI.DLL", "id": "region_4515", "name": "iphlpapi.dll", "norm_filename": "c:\\windows\\system32\\iphlpapi.dll", "region_type": "memory_mapped_file", "start_va": 140725016985600, "timestamp": "00:01:20.091", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 81920, "start_va": 140725007810560, "type": "region", "version": 1 }, "end_va": 140725007892479, "entry_point": 140725007816576, "filename": "\\Windows\\System32\\dhcpcsvc6.dll", "id": "region_4516", "name": "dhcpcsvc6.dll", "norm_filename": "c:\\windows\\system32\\dhcpcsvc6.dll", "region_type": "memory_mapped_file", "start_va": 140725007810560, "timestamp": "00:01:20.095", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 140725007679488, "type": "region", "version": 1 }, "end_va": 140725007781887, "entry_point": 140725007687116, "filename": "\\Windows\\System32\\dhcpcsvc.dll", "id": "region_4517", "name": "dhcpcsvc.dll", "norm_filename": "c:\\windows\\system32\\dhcpcsvc.dll", "region_type": "memory_mapped_file", "start_va": 140725007679488, "timestamp": "00:01:20.098", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 813986414592, "type": "region", "version": 1 }, "end_va": 813986938879, "entry_point": 0, "filename": null, "id": "region_4518", "name": "private_0x000000bd855f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 813986414592, "timestamp": "00:01:20.102", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140694926966784, "type": "region", "version": 1 }, "end_va": 140694926974975, "entry_point": 0, "filename": null, "id": "region_4519", "name": "private_0x00007ff61724c000", "norm_filename": null, "region_type": "private_memory", "start_va": 140694926966784, "timestamp": "00:01:20.102", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 360448, "start_va": 140725079375872, "type": "region", "version": 1 }, "end_va": 140725079736319, "entry_point": 140725079379984, "filename": "\\Windows\\System32\\mswsock.dll", "id": "region_4520", "name": "mswsock.dll", "norm_filename": "c:\\windows\\system32\\mswsock.dll", "region_type": "memory_mapped_file", "start_va": 140725079375872, "timestamp": "00:01:20.102", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 813986938880, "type": "region", "version": 1 }, "end_va": 813987463167, "entry_point": 0, "filename": null, "id": "region_5243", "name": "private_0x000000bd85670000", "norm_filename": null, "region_type": "private_memory", "start_va": 813986938880, "timestamp": "00:01:23.176", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140694926958592, "type": "region", "version": 1 }, "end_va": 140694926966783, "entry_point": 0, "filename": null, "id": "region_5244", "name": "private_0x00007ff61724a000", "norm_filename": null, "region_type": "private_memory", "start_va": 140694926958592, "timestamp": "00:01:23.176", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 851968, "start_va": 813987463168, "type": "region", "version": 1 }, "end_va": 813988315135, "entry_point": 0, "filename": null, "id": "region_5246", "name": "private_0x000000bd856f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 813987463168, "timestamp": "00:01:23.182", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 813987463168, "type": "region", "version": 1 }, "end_va": 813987987455, "entry_point": 0, "filename": null, "id": "region_5629", "name": "private_0x000000bd856f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 813987463168, "timestamp": "00:01:25.570", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 813988249600, "type": "region", "version": 1 }, "end_va": 813988315135, "entry_point": 0, "filename": null, "id": "region_5630", "name": "private_0x000000bd857b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 813988249600, "timestamp": "00:01:25.570", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140694926950400, "type": "region", "version": 1 }, "end_va": 140694926958591, "entry_point": 0, "filename": null, "id": "region_5631", "name": "private_0x00007ff617248000", "norm_filename": null, "region_type": "private_memory", "start_va": 140694926950400, "timestamp": "00:01:25.570", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 294912, "start_va": 140724964818944, "type": "region", "version": 1 }, "end_va": 140724965113855, "entry_point": 140724964818944, "filename": "\\Windows\\System32\\wkssvc.dll", "id": "region_5632", "name": "wkssvc.dll", "norm_filename": "c:\\windows\\system32\\wkssvc.dll", "region_type": "memory_mapped_file", "start_va": 140724964818944, "timestamp": "00:01:25.570", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 140725072494592, "type": "region", "version": 1 }, "end_va": 140725072543743, "entry_point": 140725072499804, "filename": "\\Windows\\System32\\netutils.dll", "id": "region_5635", "name": "netutils.dll", "norm_filename": "c:\\windows\\system32\\netutils.dll", "region_type": "memory_mapped_file", "start_va": 140725072494592, "timestamp": "00:01:25.601", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 813988315136, "type": "region", "version": 1 }, "end_va": 813988839423, "entry_point": 0, "filename": null, "id": "region_5636", "name": "private_0x000000bd857c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 813988315136, "timestamp": "00:01:25.607", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140694926942208, "type": "region", "version": 1 }, "end_va": 140694926950399, "entry_point": 0, "filename": null, "id": "region_5637", "name": "private_0x00007ff617246000", "norm_filename": null, "region_type": "private_memory", "start_va": 140694926942208, "timestamp": "00:01:25.607", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 176128, "start_va": 140725084618752, "type": "region", "version": 1 }, "end_va": 140725084794879, "entry_point": 140725084624016, "filename": "\\Windows\\System32\\sspicli.dll", "id": "region_5638", "name": "sspicli.dll", "norm_filename": "c:\\windows\\system32\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 140725084618752, "timestamp": "00:01:25.607", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 813973569536, "type": "region", "version": 1 }, "end_va": 813973573631, "entry_point": 0, "filename": null, "id": "region_5700", "name": "private_0x000000bd849b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 813973569536, "timestamp": "00:01:25.955", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 813988839424, "type": "region", "version": 1 }, "end_va": 813989887999, "entry_point": 0, "filename": null, "id": "region_5731", "name": "private_0x000000bd85840000", "norm_filename": null, "region_type": "private_memory", "start_va": 813988839424, "timestamp": "00:01:26.001", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 813989888000, "type": "region", "version": 1 }, "end_va": 813990412287, "entry_point": 0, "filename": null, "id": "region_5782", "name": "private_0x000000bd85940000", "norm_filename": null, "region_type": "private_memory", "start_va": 813989888000, "timestamp": "00:01:26.130", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140694926934016, "type": "region", "version": 1 }, "end_va": 140694926942207, "entry_point": 0, "filename": null, "id": "region_5783", "name": "private_0x00007ff617244000", "norm_filename": null, "region_type": "private_memory", "start_va": 140694926934016, "timestamp": "00:01:26.130", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 327680, "start_va": 140725081210880, "type": "region", "version": 1 }, "end_va": 140725081538559, "entry_point": 140725081217356, "filename": "\\Windows\\System32\\netjoin.dll", "id": "region_5784", "name": "netjoin.dll", "norm_filename": "c:\\windows\\system32\\netjoin.dll", "region_type": "memory_mapped_file", "start_va": 140725081210880, "timestamp": "00:01:26.130", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 155648, "start_va": 140725082062848, "type": "region", "version": 1 }, "end_va": 140725082218495, "entry_point": 140725082086248, "filename": "\\Windows\\System32\\bcrypt.dll", "id": "region_5785", "name": "bcrypt.dll", "norm_filename": "c:\\windows\\system32\\bcrypt.dll", "region_type": "memory_mapped_file", "start_va": 140725082062848, "timestamp": "00:01:26.132", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 675840, "start_va": 140725126299648, "type": "region", "version": 1 }, "end_va": 140725126975487, "entry_point": 140725126303760, "filename": "\\Windows\\System32\\advapi32.dll", "id": "region_5816", "name": "advapi32.dll", "norm_filename": "c:\\windows\\system32\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 140725126299648, "timestamp": "00:01:26.353", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 749568, "start_va": 140725101002752, "type": "region", "version": 1 }, "end_va": 140725101752319, "entry_point": 140725101007136, "filename": "\\Windows\\System32\\oleaut32.dll", "id": "region_5817", "name": "oleaut32.dll", "norm_filename": "c:\\windows\\system32\\oleaut32.dll", "region_type": "memory_mapped_file", "start_va": 140725101002752, "timestamp": "00:01:26.360", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1536000, "start_va": 813990412288, "type": "region", "version": 1 }, "end_va": 813991948287, "entry_point": 813990416564, "filename": "\\Windows\\System32\\ole32.dll", "id": "region_5818", "name": "ole32.dll", "norm_filename": "c:\\windows\\system32\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 813990412288, "timestamp": "00:01:26.362", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 813973569536, "type": "region", "version": 1 }, "end_va": 813973573631, "entry_point": 0, "filename": null, "id": "region_5819", "name": "pagefile_0x000000bd849b0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 813973569536, "timestamp": "00:01:26.365", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 671744, "start_va": 140725095825408, "type": "region", "version": 1 }, "end_va": 140725096497151, "entry_point": 140725095829872, "filename": "\\Windows\\System32\\clbcatq.dll", "id": "region_5820", "name": "clbcatq.dll", "norm_filename": "c:\\windows\\system32\\clbcatq.dll", "region_type": "memory_mapped_file", "start_va": 140725095825408, "timestamp": "00:01:26.366", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 813973635072, "type": "region", "version": 1 }, "end_va": 813973639167, "entry_point": 0, "filename": null, "id": "region_5825", "name": "pagefile_0x000000bd849c0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 813973635072, "timestamp": "00:01:26.379", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1691648, "start_va": 140725023735808, "type": "region", "version": 1 }, "end_va": 140725025427455, "entry_point": 140725023740764, "filename": "\\Windows\\System32\\taskschd.dll", "id": "region_5826", "name": "taskschd.dll", "norm_filename": "c:\\windows\\system32\\taskschd.dll", "region_type": "memory_mapped_file", "start_va": 140725023735808, "timestamp": "00:01:26.380", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 147456, "start_va": 140725043593216, "type": "region", "version": 1 }, "end_va": 140725043740671, "entry_point": 140725043593216, "filename": "\\Windows\\System32\\cryptsvc.dll", "id": "region_6272", "name": "cryptsvc.dll", "norm_filename": "c:\\windows\\system32\\cryptsvc.dll", "region_type": "memory_mapped_file", "start_va": 140725043593216, "timestamp": "00:01:32.583", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1929216, "start_va": 140725088026624, "type": "region", "version": 1 }, "end_va": 140725089955839, "entry_point": 140725088030884, "filename": "\\Windows\\System32\\crypt32.dll", "id": "region_6307", "name": "crypt32.dll", "norm_filename": "c:\\windows\\system32\\crypt32.dll", "region_type": "memory_mapped_file", "start_va": 140725088026624, "timestamp": "00:01:32.735", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 73728, "start_va": 140725087174656, "type": "region", "version": 1 }, "end_va": 140725087248383, "entry_point": 140725087178996, "filename": "\\Windows\\System32\\msasn1.dll", "id": "region_6308", "name": "msasn1.dll", "norm_filename": "c:\\windows\\system32\\msasn1.dll", "region_type": "memory_mapped_file", "start_va": 140725087174656, "timestamp": "00:01:32.736", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 813990412288, "type": "region", "version": 1 }, "end_va": 813990936575, "entry_point": 0, "filename": null, "id": "region_6349", "name": "private_0x000000bd859c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 813990412288, "timestamp": "00:01:32.867", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140694926925824, "type": "region", "version": 1 }, "end_va": 140694926934015, "entry_point": 0, "filename": null, "id": "region_6350", "name": "private_0x00007ff617242000", "norm_filename": null, "region_type": "private_memory", "start_va": 140694926925824, "timestamp": "00:01:32.867", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 57344, "start_va": 140725043527680, "type": "region", "version": 1 }, "end_va": 140725043585023, "entry_point": 140725043527680, "filename": "\\Windows\\System32\\crypttpmeksvc.dll", "id": "region_6351", "name": "crypttpmeksvc.dll", "norm_filename": "c:\\windows\\system32\\crypttpmeksvc.dll", "region_type": "memory_mapped_file", "start_va": 140725043527680, "timestamp": "00:01:32.867", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 147456, "start_va": 140725081866240, "type": "region", "version": 1 }, "end_va": 140725082013695, "entry_point": 140725081897200, "filename": "\\Windows\\System32\\ncrypt.dll", "id": "region_6354", "name": "ncrypt.dll", "norm_filename": "c:\\windows\\system32\\ncrypt.dll", "region_type": "memory_mapped_file", "start_va": 140725081866240, "timestamp": "00:01:32.890", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 237568, "start_va": 140725081604096, "type": "region", "version": 1 }, "end_va": 140725081841663, "entry_point": 140725081759456, "filename": "\\Windows\\System32\\ntasn1.dll", "id": "region_6355", "name": "ntasn1.dll", "norm_filename": "c:\\windows\\system32\\ntasn1.dll", "region_type": "memory_mapped_file", "start_va": 140725081604096, "timestamp": "00:01:32.892", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 126976, "start_va": 140725042741248, "type": "region", "version": 1 }, "end_va": 140725042868223, "entry_point": 140725042741248, "filename": "\\Windows\\System32\\cryptcatsvc.dll", "id": "region_6356", "name": "cryptcatsvc.dll", "norm_filename": "c:\\windows\\system32\\cryptcatsvc.dll", "region_type": "memory_mapped_file", "start_va": 140725042741248, "timestamp": "00:01:32.902", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 401408, "start_va": 140725042282496, "type": "region", "version": 1 }, "end_va": 140725042683903, "entry_point": 140725042282496, "filename": "\\Windows\\System32\\nlasvc.dll", "id": "region_6373", "name": "nlasvc.dll", "norm_filename": "c:\\windows\\system32\\nlasvc.dll", "region_type": "memory_mapped_file", "start_va": 140725042282496, "timestamp": "00:01:32.921", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 303104, "start_va": 140725090320384, "type": "region", "version": 1 }, "end_va": 140725090623487, "entry_point": 140725090325080, "filename": "\\Windows\\System32\\cfgmgr32.dll", "id": "region_6377", "name": "cfgmgr32.dll", "norm_filename": "c:\\windows\\system32\\cfgmgr32.dll", "region_type": "memory_mapped_file", "start_va": 140725090320384, "timestamp": "00:01:32.958", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 421888, "start_va": 140725029044224, "type": "region", "version": 1 }, "end_va": 140725029466111, "entry_point": 140725029048500, "filename": "\\Windows\\System32\\wevtapi.dll", "id": "region_6378", "name": "wevtapi.dll", "norm_filename": "c:\\windows\\system32\\wevtapi.dll", "region_type": "memory_mapped_file", "start_va": 140725029044224, "timestamp": "00:01:32.959", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 376832, "start_va": 140725041889280, "type": "region", "version": 1 }, "end_va": 140725042266111, "entry_point": 140725041905776, "filename": "\\Windows\\System32\\ncsi.dll", "id": "region_6379", "name": "ncsi.dll", "norm_filename": "c:\\windows\\system32\\ncsi.dll", "region_type": "memory_mapped_file", "start_va": 140725041889280, "timestamp": "00:01:32.960", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 282624, "start_va": 140725086126080, "type": "region", "version": 1 }, "end_va": 140725086408703, "entry_point": 140725086130832, "filename": "\\Windows\\System32\\powrprof.dll", "id": "region_6380", "name": "powrprof.dll", "norm_filename": "c:\\windows\\system32\\powrprof.dll", "region_type": "memory_mapped_file", "start_va": 140725086126080, "timestamp": "00:01:32.961", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 806912, "start_va": 140725041037312, "type": "region", "version": 1 }, "end_va": 140725041844223, "entry_point": 140725041041564, "filename": "\\Windows\\System32\\winhttp.dll", "id": "region_6382", "name": "winhttp.dll", "norm_filename": "c:\\windows\\system32\\winhttp.dll", "region_type": "memory_mapped_file", "start_va": 140725041037312, "timestamp": "00:01:32.971", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 813973700608, "type": "region", "version": 1 }, "end_va": 813973704703, "entry_point": 0, "filename": null, "id": "region_6433", "name": "private_0x000000bd849d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 813973700608, "timestamp": "00:01:33.323", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 813990936576, "type": "region", "version": 1 }, "end_va": 813991460863, "entry_point": 0, "filename": null, "id": "region_6434", "name": "private_0x000000bd85a40000", "norm_filename": null, "region_type": "private_memory", "start_va": 813990936576, "timestamp": "00:01:33.323", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 813991460864, "type": "region", "version": 1 }, "end_va": 813991985151, "entry_point": 0, "filename": null, "id": "region_6435", "name": "private_0x000000bd85ac0000", "norm_filename": null, "region_type": "private_memory", "start_va": 813991460864, "timestamp": "00:01:33.323", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140694926909440, "type": "region", "version": 1 }, "end_va": 140694926917631, "entry_point": 0, "filename": null, "id": "region_6436", "name": "private_0x00007ff61723e000", "norm_filename": null, "region_type": "private_memory", "start_va": 140694926909440, "timestamp": "00:01:33.323", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140694926917632, "type": "region", "version": 1 }, "end_va": 140694926925823, "entry_point": 0, "filename": null, "id": "region_6437", "name": "private_0x00007ff617240000", "norm_filename": null, "region_type": "private_memory", "start_va": 140694926917632, "timestamp": "00:01:33.323", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1703936, "start_va": 813991985152, "type": "region", "version": 1 }, "end_va": 813993689087, "entry_point": 0, "filename": null, "id": "region_6448", "name": "private_0x000000bd85b40000", "norm_filename": null, "region_type": "private_memory", "start_va": 813991985152, "timestamp": "00:01:33.328", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 813991985152, "type": "region", "version": 1 }, "end_va": 813993033727, "entry_point": 0, "filename": null, "id": "region_6451", "name": "private_0x000000bd85b40000", "norm_filename": null, "region_type": "private_memory", "start_va": 813991985152, "timestamp": "00:01:33.339", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 813993623552, "type": "region", "version": 1 }, "end_va": 813993689087, "entry_point": 0, "filename": null, "id": "region_6452", "name": "private_0x000000bd85cd0000", "norm_filename": null, "region_type": "private_memory", "start_va": 813993623552, "timestamp": "00:01:33.339", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 77824, "start_va": 140725040775168, "type": "region", "version": 1 }, "end_va": 140725040852991, "entry_point": 140725040775168, "filename": "\\Windows\\System32\\ssdpapi.dll", "id": "region_6455", "name": "ssdpapi.dll", "norm_filename": "c:\\windows\\system32\\ssdpapi.dll", "region_type": "memory_mapped_file", "start_va": 140725040775168, "timestamp": "00:01:33.365", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1572864, "start_va": 140725011546112, "type": "region", "version": 1 }, "end_va": 140725013118975, "entry_point": 140725011546112, "filename": "\\Windows\\System32\\vssapi.dll", "id": "region_6518", "name": "vssapi.dll", "norm_filename": "c:\\windows\\system32\\vssapi.dll", "region_type": "memory_mapped_file", "start_va": 140725011546112, "timestamp": "00:01:33.793", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 90112, "start_va": 140725020459008, "type": "region", "version": 1 }, "end_va": 140725020549119, "entry_point": 140725020459008, "filename": "\\Windows\\System32\\vsstrace.dll", "id": "region_6519", "name": "vsstrace.dll", "norm_filename": "c:\\windows\\system32\\vsstrace.dll", "region_type": "memory_mapped_file", "start_va": 140725020459008, "timestamp": "00:01:33.814", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 36864, "start_va": 140725025570816, "type": "region", "version": 1 }, "end_va": 140725025607679, "entry_point": 140725025574956, "filename": "\\Windows\\System32\\dsrole.dll", "id": "region_6520", "name": "dsrole.dll", "norm_filename": "c:\\windows\\system32\\dsrole.dll", "region_type": "memory_mapped_file", "start_va": 140725025570816, "timestamp": "00:01:33.823", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 106496, "start_va": 140725016002560, "type": "region", "version": 1 }, "end_va": 140725016109055, "entry_point": 140725016071940, "filename": "\\Windows\\System32\\bcd.dll", "id": "region_6521", "name": "bcd.dll", "norm_filename": "c:\\windows\\system32\\bcd.dll", "region_type": "memory_mapped_file", "start_va": 140725016002560, "timestamp": "00:01:33.824", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 94208, "start_va": 140725019803648, "type": "region", "version": 1 }, "end_va": 140725019897855, "entry_point": 140725019807792, "filename": "\\Windows\\System32\\samcli.dll", "id": "region_6556", "name": "samcli.dll", "norm_filename": "c:\\windows\\system32\\samcli.dll", "region_type": "memory_mapped_file", "start_va": 140725019803648, "timestamp": "00:01:33.949", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 122880, "start_va": 140725021573120, "type": "region", "version": 1 }, "end_va": 140725021695999, "entry_point": 140725021581404, "filename": "\\Windows\\System32\\samlib.dll", "id": "region_6557", "name": "samlib.dll", "norm_filename": "c:\\windows\\system32\\samlib.dll", "region_type": "memory_mapped_file", "start_va": 140725021573120, "timestamp": "00:01:33.951", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 122880, "start_va": 140725079769088, "type": "region", "version": 1 }, "end_va": 140725079891967, "entry_point": 140725079773640, "filename": "\\Windows\\System32\\cryptsp.dll", "id": "region_6558", "name": "cryptsp.dll", "norm_filename": "c:\\windows\\system32\\cryptsp.dll", "region_type": "memory_mapped_file", "start_va": 140725079769088, "timestamp": "00:01:33.957", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 217088, "start_va": 140725075443712, "type": "region", "version": 1 }, "end_va": 140725075660799, "entry_point": 140725075448792, "filename": "\\Windows\\System32\\rsaenh.dll", "id": "region_6559", "name": "rsaenh.dll", "norm_filename": "c:\\windows\\system32\\rsaenh.dll", "region_type": "memory_mapped_file", "start_va": 140725075443712, "timestamp": "00:01:33.959", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 813993033728, "type": "region", "version": 1 }, "end_va": 813993558015, "entry_point": 0, "filename": null, "id": "region_6560", "name": "private_0x000000bd85c40000", "norm_filename": null, "region_type": "private_memory", "start_va": 813993033728, "timestamp": "00:01:33.963", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140694926901248, "type": "region", "version": 1 }, "end_va": 140694926909439, "entry_point": 0, "filename": null, "id": "region_6561", "name": "private_0x00007ff61723c000", "norm_filename": null, "region_type": "private_memory", "start_va": 140694926901248, "timestamp": "00:01:33.963", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 491520, "start_va": 140725026029568, "type": "region", "version": 1 }, "end_va": 140725026521087, "entry_point": 140725026034720, "filename": "\\Windows\\System32\\es.dll", "id": "region_6562", "name": "es.dll", "norm_filename": "c:\\windows\\system32\\es.dll", "region_type": "memory_mapped_file", "start_va": 140725026029568, "timestamp": "00:01:33.964", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1458176, "start_va": 140725039202304, "type": "region", "version": 1 }, "end_va": 140725040660479, "entry_point": 140725039341808, "filename": "\\Windows\\System32\\propsys.dll", "id": "region_6567", "name": "propsys.dll", "norm_filename": "c:\\windows\\system32\\propsys.dll", "region_type": "memory_mapped_file", "start_va": 140725039202304, "timestamp": "00:01:34.005", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 57344, "start_va": 140725009580032, "type": "region", "version": 1 }, "end_va": 140725009637375, "entry_point": 140725009608584, "filename": "\\Windows\\System32\\wmiclnt.dll", "id": "region_6568", "name": "wmiclnt.dll", "norm_filename": "c:\\windows\\system32\\wmiclnt.dll", "region_type": "memory_mapped_file", "start_va": 140725009580032, "timestamp": "00:01:34.009", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 90112, "start_va": 140725025636352, "type": "region", "version": 1 }, "end_va": 140725025726463, "entry_point": 140725025640520, "filename": "\\Windows\\System32\\wkscli.dll", "id": "region_6576", "name": "wkscli.dll", "norm_filename": "c:\\windows\\system32\\wkscli.dll", "region_type": "memory_mapped_file", "start_va": 140725025636352, "timestamp": "00:01:34.128", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 311296, "start_va": 140725011218432, "type": "region", "version": 1 }, "end_va": 140725011529727, "entry_point": 140725011218432, "filename": "\\Windows\\System32\\wlanapi.dll", "id": "region_6583", "name": "wlanapi.dll", "norm_filename": "c:\\windows\\system32\\wlanapi.dll", "region_type": "memory_mapped_file", "start_va": 140725011218432, "timestamp": "00:01:34.178", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 813993689088, "type": "region", "version": 1 }, "end_va": 813994213375, "entry_point": 0, "filename": null, "id": "region_6602", "name": "private_0x000000bd85ce0000", "norm_filename": null, "region_type": "private_memory", "start_va": 813993689088, "timestamp": "00:01:34.475", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140694926893056, "type": "region", "version": 1 }, "end_va": 140694926901247, "entry_point": 0, "filename": null, "id": "region_6603", "name": "private_0x00007ff61723a000", "norm_filename": null, "region_type": "private_memory", "start_va": 140694926893056, "timestamp": "00:01:34.475", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 813987987456, "type": "region", "version": 1 }, "end_va": 813987991551, "entry_point": 0, "filename": null, "id": "region_6605", "name": "private_0x000000bd85770000", "norm_filename": null, "region_type": "private_memory", "start_va": 813987987456, "timestamp": "00:01:34.491", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 813994213376, "type": "region", "version": 1 }, "end_va": 813994737663, "entry_point": 0, "filename": null, "id": "region_6633", "name": "private_0x000000bd85d60000", "norm_filename": null, "region_type": "private_memory", "start_va": 813994213376, "timestamp": "00:01:34.720", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 813994737664, "type": "region", "version": 1 }, "end_va": 813995786239, "entry_point": 0, "filename": null, "id": "region_6634", "name": "private_0x000000bd85de0000", "norm_filename": null, "region_type": "private_memory", "start_va": 813994737664, "timestamp": "00:01:34.720", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140694926884864, "type": "region", "version": 1 }, "end_va": 140694926893055, "entry_point": 0, "filename": null, "id": "region_6635", "name": "private_0x00007ff617238000", "norm_filename": null, "region_type": "private_memory", "start_va": 140694926884864, "timestamp": "00:01:34.720", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 69632, "start_va": 140725039071232, "type": "region", "version": 1 }, "end_va": 140725039140863, "entry_point": 140725039075456, "filename": "\\Windows\\System32\\wtsapi32.dll", "id": "region_6636", "name": "wtsapi32.dll", "norm_filename": "c:\\windows\\system32\\wtsapi32.dll", "region_type": "memory_mapped_file", "start_va": 140725039071232, "timestamp": "00:01:34.720", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 356352, "start_va": 140725078982656, "type": "region", "version": 1 }, "end_va": 140725079339007, "entry_point": 140725078989424, "filename": "\\Windows\\System32\\winsta.dll", "id": "region_6637", "name": "winsta.dll", "norm_filename": "c:\\windows\\system32\\winsta.dll", "region_type": "memory_mapped_file", "start_va": 140725078982656, "timestamp": "00:01:34.722", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 813995786240, "type": "region", "version": 1 }, "end_va": 813996310527, "entry_point": 0, "filename": null, "id": "region_6669", "name": "private_0x000000bd85ee0000", "norm_filename": null, "region_type": "private_memory", "start_va": 813995786240, "timestamp": "00:01:34.749", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140694926876672, "type": "region", "version": 1 }, "end_va": 140694926884863, "entry_point": 0, "filename": null, "id": "region_6670", "name": "private_0x00007ff617236000", "norm_filename": null, "region_type": "private_memory", "start_va": 140694926876672, "timestamp": "00:01:34.749", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 983040, "start_va": 813996310528, "type": "region", "version": 1 }, "end_va": 813997293567, "entry_point": 0, "filename": null, "id": "region_6678", "name": "private_0x000000bd85f60000", "norm_filename": null, "region_type": "private_memory", "start_va": 813996310528, "timestamp": "00:01:34.868", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 813997293568, "type": "region", "version": 1 }, "end_va": 813998342143, "entry_point": 0, "filename": null, "id": "region_6688", "name": "private_0x000000bd86050000", "norm_filename": null, "region_type": "private_memory", "start_va": 813997293568, "timestamp": "00:01:35.058", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 28672, "start_va": 813987987456, "type": "region", "version": 1 }, "end_va": 813988016127, "entry_point": 0, "filename": null, "id": "region_6835", "name": "private_0x000000bd85770000", "norm_filename": null, "region_type": "private_memory", "start_va": 813987987456, "timestamp": "00:01:35.832", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 813996310528, "type": "region", "version": 1 }, "end_va": 813996834815, "entry_point": 0, "filename": null, "id": "region_7560", "name": "private_0x000000bd85f60000", "norm_filename": null, "region_type": "private_memory", "start_va": 813996310528, "timestamp": "00:01:41.036", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 813997228032, "type": "region", "version": 1 }, "end_va": 813997293567, "entry_point": 0, "filename": null, "id": "region_7561", "name": "private_0x000000bd86040000", "norm_filename": null, "region_type": "private_memory", "start_va": 813997228032, "timestamp": "00:01:41.036", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140694926868480, "type": "region", "version": 1 }, "end_va": 140694926876671, "entry_point": 0, "filename": null, "id": "region_7562", "name": "private_0x00007ff617234000", "norm_filename": null, "region_type": "private_memory", "start_va": 140694926868480, "timestamp": "00:01:41.036", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 813998342144, "type": "region", "version": 1 }, "end_va": 813998866431, "entry_point": 0, "filename": null, "id": "region_7584", "name": "private_0x000000bd86150000", "norm_filename": null, "region_type": "private_memory", "start_va": 813998342144, "timestamp": "00:01:41.290", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140694926860288, "type": "region", "version": 1 }, "end_va": 140694926868479, "entry_point": 0, "filename": null, "id": "region_7585", "name": "private_0x00007ff617232000", "norm_filename": null, "region_type": "private_memory", "start_va": 140694926860288, "timestamp": "00:01:41.290", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 813998866432, "type": "region", "version": 1 }, "end_va": 813999390719, "entry_point": 0, "filename": null, "id": "region_7671", "name": "private_0x000000bd861d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 813998866432, "timestamp": "00:01:42.387", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140694926852096, "type": "region", "version": 1 }, "end_va": 140694926860287, "entry_point": 0, "filename": null, "id": "region_7672", "name": "private_0x00007ff617230000", "norm_filename": null, "region_type": "private_memory", "start_va": 140694926852096, "timestamp": "00:01:42.387", "type": "region", "version": 1 } ], "terminate_reason": "timeout", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "C:\\Windows\\system32\\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}", "filename": "c:\\windows\\system32\\dllhost.exe", "id": "proc_50", "image_name": "dllhost.exe", "monitor_reason": "child_process", "monitored_id": 50, "origin_monitor_id": 41, "ref_parent_process": { "ref_id": "proc_41", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable" ], "ref_process_dump": null, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_4426", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:01:19.861", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 131072, "start_va": 241894621184, "type": "region", "version": 1 }, "end_va": 241894752255, "entry_point": 0, "filename": null, "id": "region_4427", "name": "private_0x00000038520b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 241894621184, "timestamp": "00:01:19.862", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 61440, "start_va": 241894752256, "type": "region", "version": 1 }, "end_va": 241894813695, "entry_point": 0, "filename": null, "id": "region_4428", "name": "pagefile_0x00000038520d0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 241894752256, "timestamp": "00:01:19.862", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 241894817792, "type": "region", "version": 1 }, "end_va": 241895866367, "entry_point": 0, "filename": null, "id": "region_4429", "name": "private_0x00000038520e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 241894817792, "timestamp": "00:01:19.862", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 241895866368, "type": "region", "version": 1 }, "end_va": 241895882751, "entry_point": 0, "filename": null, "id": "region_4430", "name": "pagefile_0x00000038521e0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 241895866368, "timestamp": "00:01:19.862", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 140694736863232, "type": "region", "version": 1 }, "end_va": 140694737006591, "entry_point": 0, "filename": null, "id": "region_4431", "name": "pagefile_0x00007ff60bd00000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 140694736863232, "timestamp": "00:01:19.862", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140694737047552, "type": "region", "version": 1 }, "end_va": 140694737055743, "entry_point": 0, "filename": null, "id": "region_4432", "name": "private_0x00007ff60bd2d000", "norm_filename": null, "region_type": "private_memory", "start_va": 140694737047552, "timestamp": "00:01:19.862", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 140694737055744, "type": "region", "version": 1 }, "end_va": 140694737059839, "entry_point": 0, "filename": null, "id": "region_4433", "name": "private_0x00007ff60bd2f000", "norm_filename": null, "region_type": "private_memory", "start_va": 140694737055744, "timestamp": "00:01:19.862", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 28672, "start_va": 140694737453056, "type": "region", "version": 1 }, "end_va": 140694737481727, "entry_point": 140694737453056, "filename": "\\Windows\\System32\\dllhost.exe", "id": "region_4434", "name": "dllhost.exe", "norm_filename": "c:\\windows\\system32\\dllhost.exe", "region_type": "memory_mapped_file", "start_va": 140694737453056, "timestamp": "00:01:19.862", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 140725133115392, "type": "region", "version": 1 }, "end_va": 140725134856191, "entry_point": 140725133115392, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_4435", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 140725133115392, "timestamp": "00:01:19.866", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 241895931904, "type": "region", "version": 1 }, "end_va": 241895940095, "entry_point": 0, "filename": null, "id": "region_4436", "name": "private_0x00000038521f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 241895931904, "timestamp": "00:01:19.867", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 241897832448, "type": "region", "version": 1 }, "end_va": 241898881023, "entry_point": 0, "filename": null, "id": "region_4443", "name": "private_0x00000038523c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 241897832448, "timestamp": "00:01:19.897", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1105920, "start_va": 140725090648064, "type": "region", "version": 1 }, "end_va": 140725091753983, "entry_point": 140725090656928, "filename": "\\Windows\\System32\\KernelBase.dll", "id": "region_4444", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\system32\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 140725090648064, "timestamp": "00:01:19.897", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1282048, "start_va": 140725124988928, "type": "region", "version": 1 }, "end_va": 140725126270975, "entry_point": 140725125009460, "filename": "\\Windows\\System32\\kernel32.dll", "id": "region_4445", "name": "kernel32.dll", "norm_filename": "c:\\windows\\system32\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 140725124988928, "timestamp": "00:01:19.897", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 241894621184, "type": "region", "version": 1 }, "end_va": 241894686719, "entry_point": 0, "filename": null, "id": "region_4446", "name": "pagefile_0x00000038520b0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 241894621184, "timestamp": "00:01:19.898", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 140694735814656, "type": "region", "version": 1 }, "end_va": 140694736863231, "entry_point": 0, "filename": null, "id": "region_4447", "name": "pagefile_0x00007ff60bc00000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 140694735814656, "timestamp": "00:01:19.898", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 516096, "start_va": 241895997440, "type": "region", "version": 1 }, "end_va": 241896513535, "entry_point": 241895997440, "filename": "\\Windows\\System32\\locale.nls", "id": "region_4448", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 241895997440, "timestamp": "00:01:19.901", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 684032, "start_va": 140725098577920, "type": "region", "version": 1 }, "end_va": 140725099261951, "entry_point": 140725098588204, "filename": "\\Windows\\System32\\msvcrt.dll", "id": "region_4449", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\system32\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 140725098577920, "timestamp": "00:01:19.901", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1929216, "start_va": 140725131149312, "type": "region", "version": 1 }, "end_va": 140725133078527, "entry_point": 140725131157344, "filename": "\\Windows\\System32\\combase.dll", "id": "region_4450", "name": "combase.dll", "norm_filename": "c:\\windows\\system32\\combase.dll", "region_type": "memory_mapped_file", "start_va": 140725131149312, "timestamp": "00:01:19.902", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1269760, "start_va": 140725127806976, "type": "region", "version": 1 }, "end_va": 140725129076735, "entry_point": 140725127811408, "filename": "\\Windows\\System32\\rpcrt4.dll", "id": "region_4451", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\system32\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 140725127806976, "timestamp": "00:01:19.903", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 196608, "start_va": 241896521728, "type": "region", "version": 1 }, "end_va": 241896718335, "entry_point": 0, "filename": null, "id": "region_4452", "name": "private_0x0000003852280000", "norm_filename": null, "region_type": "private_memory", "start_va": 241896521728, "timestamp": "00:01:19.907", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 28672, "start_va": 241894686720, "type": "region", "version": 1 }, "end_va": 241894715391, "entry_point": 0, "filename": null, "id": "region_4453", "name": "private_0x00000038520c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 241894686720, "timestamp": "00:01:19.908", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 761856, "start_va": 241896718336, "type": "region", "version": 1 }, "end_va": 241897480191, "entry_point": 241896900456, "filename": "\\Windows\\System32\\rpcss.dll", "id": "region_4454", "name": "rpcss.dll", "norm_filename": "c:\\windows\\system32\\rpcss.dll", "region_type": "memory_mapped_file", "start_va": 241896718336, "timestamp": "00:01:19.910", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 140725068431360, "type": "region", "version": 1 }, "end_va": 140725068472319, "entry_point": 140725068437320, "filename": "\\Windows\\System32\\kernel.appcore.dll", "id": "region_4455", "name": "kernel.appcore.dll", "norm_filename": "c:\\windows\\system32\\kernel.appcore.dll", "region_type": "memory_mapped_file", "start_va": 140725068431360, "timestamp": "00:01:19.911", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 140725085208576, "type": "region", "version": 1 }, "end_va": 140725085249535, "entry_point": 140725085212688, "filename": "\\Windows\\System32\\cryptbase.dll", "id": "region_4456", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\system32\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 140725085208576, "timestamp": "00:01:19.913", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 28672, "start_va": 241896521728, "type": "region", "version": 1 }, "end_va": 241896550399, "entry_point": 0, "filename": null, "id": "region_4457", "name": "private_0x0000003852280000", "norm_filename": null, "region_type": "private_memory", "start_va": 241896521728, "timestamp": "00:01:19.914", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 241896652800, "type": "region", "version": 1 }, "end_va": 241896718335, "entry_point": 0, "filename": null, "id": "region_4458", "name": "private_0x00000038522a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 241896652800, "timestamp": "00:01:19.914", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 385024, "start_va": 140725084815360, "type": "region", "version": 1 }, "end_va": 140725085200383, "entry_point": 140725084944032, "filename": "\\Windows\\System32\\bcryptprimitives.dll", "id": "region_4459", "name": "bcryptprimitives.dll", "norm_filename": "c:\\windows\\system32\\bcryptprimitives.dll", "region_type": "memory_mapped_file", "start_va": 140725084815360, "timestamp": "00:01:19.914", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 241896587264, "type": "region", "version": 1 }, "end_va": 241896591359, "entry_point": 0, "filename": null, "id": "region_4460", "name": "pagefile_0x0000003852290000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 241896587264, "timestamp": "00:01:19.916", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 671744, "start_va": 140725095825408, "type": "region", "version": 1 }, "end_va": 140725096497151, "entry_point": 140725095829872, "filename": "\\Windows\\System32\\clbcatq.dll", "id": "region_4461", "name": "clbcatq.dll", "norm_filename": "c:\\windows\\system32\\clbcatq.dll", "region_type": "memory_mapped_file", "start_va": 140725095825408, "timestamp": "00:01:19.917", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 241896718336, "type": "region", "version": 1 }, "end_va": 241896722431, "entry_point": 0, "filename": null, "id": "region_4462", "name": "pagefile_0x00000038522b0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 241896718336, "timestamp": "00:01:19.918", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1511424, "start_va": 140725093466112, "type": "region", "version": 1 }, "end_va": 140725094977535, "entry_point": 140725093620416, "filename": "\\Windows\\System32\\user32.dll", "id": "region_4463", "name": "user32.dll", "norm_filename": "c:\\windows\\system32\\user32.dll", "region_type": "memory_mapped_file", "start_va": 140725093466112, "timestamp": "00:01:19.919", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1331200, "start_va": 140725129773056, "type": "region", "version": 1 }, "end_va": 140725131104255, "entry_point": 140725129845848, "filename": "\\Windows\\System32\\gdi32.dll", "id": "region_4464", "name": "gdi32.dll", "norm_filename": "c:\\windows\\system32\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 140725129773056, "timestamp": "00:01:19.920", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 786432, "start_va": 241896783872, "type": "region", "version": 1 }, "end_va": 241897570303, "entry_point": 0, "filename": null, "id": "region_4465", "name": "pagefile_0x00000038522c0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 241896783872, "timestamp": "00:01:19.925", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 241898881024, "type": "region", "version": 1 }, "end_va": 241900486655, "entry_point": 0, "filename": null, "id": "region_4466", "name": "pagefile_0x00000038524c0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 241898881024, "timestamp": "00:01:19.925", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 241900519424, "type": "region", "version": 1 }, "end_va": 241902096383, "entry_point": 0, "filename": null, "id": "region_4467", "name": "pagefile_0x0000003852650000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 241900519424, "timestamp": "00:01:19.925", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 241897570304, "type": "region", "version": 1 }, "end_va": 241897574399, "entry_point": 0, "filename": null, "id": "region_4468", "name": "private_0x0000003852380000", "norm_filename": null, "region_type": "private_memory", "start_va": 241897570304, "timestamp": "00:01:19.929", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 241897635840, "type": "region", "version": 1 }, "end_va": 241897639935, "entry_point": 0, "filename": null, "id": "region_4469", "name": "private_0x0000003852390000", "norm_filename": null, "region_type": "private_memory", "start_va": 241897635840, "timestamp": "00:01:19.929", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 356352, "start_va": 140725098184704, "type": "region", "version": 1 }, "end_va": 140725098541055, "entry_point": 140725098194176, "filename": "\\Windows\\System32\\sechost.dll", "id": "region_4479", "name": "sechost.dll", "norm_filename": "c:\\windows\\system32\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 140725098184704, "timestamp": "00:01:19.950", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 122880, "start_va": 140725079769088, "type": "region", "version": 1 }, "end_va": 140725079891967, "entry_point": 140725079773640, "filename": "\\Windows\\System32\\cryptsp.dll", "id": "region_4480", "name": "cryptsp.dll", "norm_filename": "c:\\windows\\system32\\cryptsp.dll", "region_type": "memory_mapped_file", "start_va": 140725079769088, "timestamp": "00:01:19.955", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 217088, "start_va": 140725075443712, "type": "region", "version": 1 }, "end_va": 140725075660799, "entry_point": 140725075448792, "filename": "\\Windows\\System32\\rsaenh.dll", "id": "region_4481", "name": "rsaenh.dll", "norm_filename": "c:\\windows\\system32\\rsaenh.dll", "region_type": "memory_mapped_file", "start_va": 140725075443712, "timestamp": "00:01:19.957", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 155648, "start_va": 140725082062848, "type": "region", "version": 1 }, "end_va": 140725082218495, "entry_point": 140725082086248, "filename": "\\Windows\\System32\\bcrypt.dll", "id": "region_4482", "name": "bcrypt.dll", "norm_filename": "c:\\windows\\system32\\bcrypt.dll", "region_type": "memory_mapped_file", "start_va": 140725082062848, "timestamp": "00:01:19.958", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2969600, "start_va": 241902157824, "type": "region", "version": 1 }, "end_va": 241905127423, "entry_point": 241902157824, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_4483", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 241902157824, "timestamp": "00:01:19.960", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 241905172480, "type": "region", "version": 1 }, "end_va": 241906221055, "entry_point": 0, "filename": null, "id": "region_4484", "name": "private_0x0000003852ac0000", "norm_filename": null, "region_type": "private_memory", "start_va": 241905172480, "timestamp": "00:01:19.965", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140694737039360, "type": "region", "version": 1 }, "end_va": 140694737047551, "entry_point": 0, "filename": null, "id": "region_4485", "name": "private_0x00007ff60bd2b000", "norm_filename": null, "region_type": "private_memory", "start_va": 140694737039360, "timestamp": "00:01:19.965", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 241906221056, "type": "region", "version": 1 }, "end_va": 241907269631, "entry_point": 0, "filename": null, "id": "region_4486", "name": "private_0x0000003852bc0000", "norm_filename": null, "region_type": "private_memory", "start_va": 241906221056, "timestamp": "00:01:19.965", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140694737031168, "type": "region", "version": 1 }, "end_va": 140694737039359, "entry_point": 0, "filename": null, "id": "region_4487", "name": "private_0x00007ff60bd29000", "norm_filename": null, "region_type": "private_memory", "start_va": 140694737031168, "timestamp": "00:01:19.965", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 241907269632, "type": "region", "version": 1 }, "end_va": 241908318207, "entry_point": 0, "filename": null, "id": "region_4491", "name": "private_0x0000003852cc0000", "norm_filename": null, "region_type": "private_memory", "start_va": 241907269632, "timestamp": "00:01:19.982", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 241908318208, "type": "region", "version": 1 }, "end_va": 241909366783, "entry_point": 0, "filename": null, "id": "region_4492", "name": "private_0x0000003852dc0000", "norm_filename": null, "region_type": "private_memory", "start_va": 241908318208, "timestamp": "00:01:19.982", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140694737014784, "type": "region", "version": 1 }, "end_va": 140694737022975, "entry_point": 0, "filename": null, "id": "region_4493", "name": "private_0x00007ff60bd25000", "norm_filename": null, "region_type": "private_memory", "start_va": 140694737014784, "timestamp": "00:01:19.982", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140694737022976, "type": "region", "version": 1 }, "end_va": 140694737031167, "entry_point": 0, "filename": null, "id": "region_4494", "name": "private_0x00007ff60bd27000", "norm_filename": null, "region_type": "private_memory", "start_va": 140694737022976, "timestamp": "00:01:19.982", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 241909366784, "type": "region", "version": 1 }, "end_va": 241910415359, "entry_point": 0, "filename": null, "id": "region_4496", "name": "private_0x0000003852ec0000", "norm_filename": null, "region_type": "private_memory", "start_va": 241909366784, "timestamp": "00:01:19.996", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140694737006592, "type": "region", "version": 1 }, "end_va": 140694737014783, "entry_point": 0, "filename": null, "id": "region_4497", "name": "private_0x00007ff60bd23000", "norm_filename": null, "region_type": "private_memory", "start_va": 140694737006592, "timestamp": "00:01:19.996", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 147456, "start_va": 140725019934720, "type": "region", "version": 1 }, "end_va": 140725020082175, "entry_point": 140725019938992, "filename": "\\Windows\\System32\\IDStore.dll", "id": "region_4498", "name": "idstore.dll", "norm_filename": "c:\\windows\\system32\\idstore.dll", "region_type": "memory_mapped_file", "start_va": 140725019934720, "timestamp": "00:01:19.998", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 126976, "start_va": 140725076557824, "type": "region", "version": 1 }, "end_va": 140725076684799, "entry_point": 140725076562672, "filename": "\\Windows\\System32\\userenv.dll", "id": "region_4499", "name": "userenv.dll", "norm_filename": "c:\\windows\\system32\\userenv.dll", "region_type": "memory_mapped_file", "start_va": 140725076557824, "timestamp": "00:01:20.001", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 81920, "start_va": 140725086453760, "type": "region", "version": 1 }, "end_va": 140725086535679, "entry_point": 140725086468812, "filename": "\\Windows\\System32\\profapi.dll", "id": "region_4500", "name": "profapi.dll", "norm_filename": "c:\\windows\\system32\\profapi.dll", "region_type": "memory_mapped_file", "start_va": 140725086453760, "timestamp": "00:01:20.003", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "C:\\Windows\\System32\\spoolsv.exe", "filename": "c:\\windows\\system32\\spoolsv.exe", "id": "proc_51", "image_name": "spoolsv.exe", "monitor_reason": "child_process", "monitored_id": 51, "origin_monitor_id": 39, "ref_parent_process": { "ref_id": "proc_39", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 131072, "start_va": 8781824, "type": "region", "version": 1 }, "end_va": 8912895, "entry_point": 0, "filename": null, "id": "region_4636", "name": "private_0x0000000000860000", "norm_filename": null, "region_type": "private_memory", "start_va": 8781824, "timestamp": "00:01:20.898", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 61440, "start_va": 8912896, "type": "region", "version": 1 }, "end_va": 8974335, "entry_point": 0, "filename": null, "id": "region_4637", "name": "pagefile_0x0000000000880000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 8912896, "timestamp": "00:01:20.898", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 8978432, "type": "region", "version": 1 }, "end_va": 9240575, "entry_point": 0, "filename": null, "id": "region_4638", "name": "private_0x0000000000890000", "norm_filename": null, "region_type": "private_memory", "start_va": 8978432, "timestamp": "00:01:20.898", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 9240576, "type": "region", "version": 1 }, "end_va": 9256959, "entry_point": 0, "filename": null, "id": "region_4639", "name": "pagefile_0x00000000008d0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 9240576, "timestamp": "00:01:20.898", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable" ], "ref_process_dump": null, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_4640", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:01:20.898", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 140696297275392, "type": "region", "version": 1 }, "end_va": 140696297418751, "entry_point": 0, "filename": null, "id": "region_4641", "name": "pagefile_0x00007ff668d20000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 140696297275392, "timestamp": "00:01:20.898", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140696297459712, "type": "region", "version": 1 }, "end_va": 140696297467903, "entry_point": 0, "filename": null, "id": "region_4642", "name": "private_0x00007ff668d4d000", "norm_filename": null, "region_type": "private_memory", "start_va": 140696297459712, "timestamp": "00:01:20.898", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 140696297467904, "type": "region", "version": 1 }, "end_va": 140696297471999, "entry_point": 0, "filename": null, "id": "region_4643", "name": "private_0x00007ff668d4f000", "norm_filename": null, "region_type": "private_memory", "start_va": 140696297467904, "timestamp": "00:01:20.898", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 811008, "start_va": 140696312152064, "type": "region", "version": 1 }, "end_va": 140696312963071, "entry_point": 140696312152064, "filename": "\\Windows\\System32\\spoolsv.exe", "id": "region_4644", "name": "spoolsv.exe", "norm_filename": "c:\\windows\\system32\\spoolsv.exe", "region_type": "memory_mapped_file", "start_va": 140696312152064, "timestamp": "00:01:20.898", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 140725133115392, "type": "region", "version": 1 }, "end_va": 140725134856191, "entry_point": 140725133115392, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_4645", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 140725133115392, "timestamp": "00:01:20.908", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 9306112, "type": "region", "version": 1 }, "end_va": 9310207, "entry_point": 0, "filename": null, "id": "region_4648", "name": "pagefile_0x00000000008e0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 9306112, "timestamp": "00:01:20.910", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 9371648, "type": "region", "version": 1 }, "end_va": 9379839, "entry_point": 0, "filename": null, "id": "region_4669", "name": "private_0x00000000008f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 9371648, "timestamp": "00:01:20.965", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 9633792, "type": "region", "version": 1 }, "end_va": 10682367, "entry_point": 0, "filename": null, "id": "region_4690", "name": "private_0x0000000000930000", "norm_filename": null, "region_type": "private_memory", "start_va": 9633792, "timestamp": "00:01:21.020", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1105920, "start_va": 140725090648064, "type": "region", "version": 1 }, "end_va": 140725091753983, "entry_point": 140725090656928, "filename": "\\Windows\\System32\\KernelBase.dll", "id": "region_4691", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\system32\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 140725090648064, "timestamp": "00:01:21.020", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1282048, "start_va": 140725124988928, "type": "region", "version": 1 }, "end_va": 140725126270975, "entry_point": 140725125009460, "filename": "\\Windows\\System32\\kernel32.dll", "id": "region_4692", "name": "kernel32.dll", "norm_filename": "c:\\windows\\system32\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 140725124988928, "timestamp": "00:01:21.021", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 8781824, "type": "region", "version": 1 }, "end_va": 8847359, "entry_point": 0, "filename": null, "id": "region_4693", "name": "pagefile_0x0000000000860000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 8781824, "timestamp": "00:01:21.022", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 140696296226816, "type": "region", "version": 1 }, "end_va": 140696297275391, "entry_point": 0, "filename": null, "id": "region_4694", "name": "pagefile_0x00007ff668c20000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 140696296226816, "timestamp": "00:01:21.022", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 516096, "start_va": 10682368, "type": "region", "version": 1 }, "end_va": 11198463, "entry_point": 10682368, "filename": "\\Windows\\System32\\locale.nls", "id": "region_4695", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 10682368, "timestamp": "00:01:21.025", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1511424, "start_va": 140725093466112, "type": "region", "version": 1 }, "end_va": 140725094977535, "entry_point": 140725093620416, "filename": "\\Windows\\System32\\user32.dll", "id": "region_4696", "name": "user32.dll", "norm_filename": "c:\\windows\\system32\\user32.dll", "region_type": "memory_mapped_file", "start_va": 140725093466112, "timestamp": "00:01:21.025", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 684032, "start_va": 140725098577920, "type": "region", "version": 1 }, "end_va": 140725099261951, "entry_point": 140725098588204, "filename": "\\Windows\\System32\\msvcrt.dll", "id": "region_4697", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\system32\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 140725098577920, "timestamp": "00:01:21.026", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 356352, "start_va": 140725098184704, "type": "region", "version": 1 }, "end_va": 140725098541055, "entry_point": 140725098194176, "filename": "\\Windows\\System32\\sechost.dll", "id": "region_4698", "name": "sechost.dll", "norm_filename": "c:\\windows\\system32\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 140725098184704, "timestamp": "00:01:21.026", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1269760, "start_va": 140725127806976, "type": "region", "version": 1 }, "end_va": 140725129076735, "entry_point": 140725127811408, "filename": "\\Windows\\System32\\rpcrt4.dll", "id": "region_4699", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\system32\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 140725127806976, "timestamp": "00:01:21.027", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 667648, "start_va": 140725076951040, "type": "region", "version": 1 }, "end_va": 140725077618687, "entry_point": 140725077040104, "filename": "\\Windows\\System32\\dnsapi.dll", "id": "region_4700", "name": "dnsapi.dll", "norm_filename": "c:\\windows\\system32\\dnsapi.dll", "region_type": "memory_mapped_file", "start_va": 140725076951040, "timestamp": "00:01:21.028", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 28672, "start_va": 8847360, "type": "region", "version": 1 }, "end_va": 8876031, "entry_point": 0, "filename": null, "id": "region_4701", "name": "private_0x0000000000870000", "norm_filename": null, "region_type": "private_memory", "start_va": 8847360, "timestamp": "00:01:21.028", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 282624, "start_va": 140725086126080, "type": "region", "version": 1 }, "end_va": 140725086408703, "entry_point": 140725086130832, "filename": "\\Windows\\System32\\powrprof.dll", "id": "region_4702", "name": "powrprof.dll", "norm_filename": "c:\\windows\\system32\\powrprof.dll", "region_type": "memory_mapped_file", "start_va": 140725086126080, "timestamp": "00:01:21.029", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1331200, "start_va": 140725129773056, "type": "region", "version": 1 }, "end_va": 140725131104255, "entry_point": 140725129845848, "filename": "\\Windows\\System32\\gdi32.dll", "id": "region_4703", "name": "gdi32.dll", "norm_filename": "c:\\windows\\system32\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 140725129773056, "timestamp": "00:01:21.030", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 360448, "start_va": 140725127020544, "type": "region", "version": 1 }, "end_va": 140725127380991, "entry_point": 140725127024796, "filename": "\\Windows\\System32\\ws2_32.dll", "id": "region_4704", "name": "ws2_32.dll", "norm_filename": "c:\\windows\\system32\\ws2_32.dll", "region_type": "memory_mapped_file", "start_va": 140725127020544, "timestamp": "00:01:21.033", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 36864, "start_va": 140725103886336, "type": "region", "version": 1 }, "end_va": 140725103923199, "entry_point": 140725103891456, "filename": "\\Windows\\System32\\nsi.dll", "id": "region_4705", "name": "nsi.dll", "norm_filename": "c:\\windows\\system32\\nsi.dll", "region_type": "memory_mapped_file", "start_va": 140725103886336, "timestamp": "00:01:21.034", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 11206656, "type": "region", "version": 1 }, "end_va": 12812287, "entry_point": 0, "filename": null, "id": "region_4706", "name": "pagefile_0x0000000000ab0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 11206656, "timestamp": "00:01:21.039", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 12845056, "type": "region", "version": 1 }, "end_va": 14422015, "entry_point": 0, "filename": null, "id": "region_4707", "name": "pagefile_0x0000000000c40000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 12845056, "timestamp": "00:01:21.039", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 786432, "start_va": 14483456, "type": "region", "version": 1 }, "end_va": 15269887, "entry_point": 0, "filename": null, "id": "region_4708", "name": "pagefile_0x0000000000dd0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 14483456, "timestamp": "00:01:21.039", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 12288, "start_va": 9437184, "type": "region", "version": 1 }, "end_va": 9449471, "entry_point": 0, "filename": null, "id": "region_4709", "name": "pagefile_0x0000000000900000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 9437184, "timestamp": "00:01:21.043", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 9502720, "type": "region", "version": 1 }, "end_va": 9506815, "entry_point": 0, "filename": null, "id": "region_4710", "name": "pagefile_0x0000000000910000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 9502720, "timestamp": "00:01:21.043", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 9568256, "type": "region", "version": 1 }, "end_va": 9572351, "entry_point": 0, "filename": null, "id": "region_4711", "name": "private_0x0000000000920000", "norm_filename": null, "region_type": "private_memory", "start_va": 9568256, "timestamp": "00:01:21.043", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4169728, "start_va": 15269888, "type": "region", "version": 1 }, "end_va": 19439615, "entry_point": 0, "filename": null, "id": "region_4712", "name": "pagefile_0x0000000000e90000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 15269888, "timestamp": "00:01:21.043", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 19464192, "type": "region", "version": 1 }, "end_va": 19468287, "entry_point": 0, "filename": null, "id": "region_4713", "name": "private_0x0000000001290000", "norm_filename": null, "region_type": "private_memory", "start_va": 19464192, "timestamp": "00:01:21.043", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 196608, "start_va": 19529728, "type": "region", "version": 1 }, "end_va": 19726335, "entry_point": 0, "filename": null, "id": "region_4714", "name": "private_0x00000000012a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 19529728, "timestamp": "00:01:21.043", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 28672, "start_va": 19529728, "type": "region", "version": 1 }, "end_va": 19558399, "entry_point": 0, "filename": null, "id": "region_4715", "name": "private_0x00000000012a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 19529728, "timestamp": "00:01:21.044", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 19660800, "type": "region", "version": 1 }, "end_va": 19726335, "entry_point": 0, "filename": null, "id": "region_4716", "name": "private_0x00000000012c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 19660800, "timestamp": "00:01:21.044", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 19726336, "type": "region", "version": 1 }, "end_va": 19988479, "entry_point": 0, "filename": null, "id": "region_4741", "name": "private_0x00000000012d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 19726336, "timestamp": "00:01:21.124", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 19988480, "type": "region", "version": 1 }, "end_va": 20250623, "entry_point": 0, "filename": null, "id": "region_4742", "name": "private_0x0000000001310000", "norm_filename": null, "region_type": "private_memory", "start_va": 19988480, "timestamp": "00:01:21.124", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140696297443328, "type": "region", "version": 1 }, "end_va": 140696297451519, "entry_point": 0, "filename": null, "id": "region_4743", "name": "private_0x00007ff668d49000", "norm_filename": null, "region_type": "private_memory", "start_va": 140696297443328, "timestamp": "00:01:21.124", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140696297451520, "type": "region", "version": 1 }, "end_va": 140696297459711, "entry_point": 0, "filename": null, "id": "region_4744", "name": "private_0x00007ff668d4b000", "norm_filename": null, "region_type": "private_memory", "start_va": 140696297451520, "timestamp": "00:01:21.124", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1929216, "start_va": 140725131149312, "type": "region", "version": 1 }, "end_va": 140725133078527, "entry_point": 140725131157344, "filename": "\\Windows\\System32\\combase.dll", "id": "region_4762", "name": "combase.dll", "norm_filename": "c:\\windows\\system32\\combase.dll", "region_type": "memory_mapped_file", "start_va": 140725131149312, "timestamp": "00:01:21.191", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 761856, "start_va": 20250624, "type": "region", "version": 1 }, "end_va": 21012479, "entry_point": 20432744, "filename": "\\Windows\\System32\\rpcss.dll", "id": "region_4763", "name": "rpcss.dll", "norm_filename": "c:\\windows\\system32\\rpcss.dll", "region_type": "memory_mapped_file", "start_va": 20250624, "timestamp": "00:01:21.194", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 140725068431360, "type": "region", "version": 1 }, "end_va": 140725068472319, "entry_point": 140725068437320, "filename": "\\Windows\\System32\\kernel.appcore.dll", "id": "region_4764", "name": "kernel.appcore.dll", "norm_filename": "c:\\windows\\system32\\kernel.appcore.dll", "region_type": "memory_mapped_file", "start_va": 140725068431360, "timestamp": "00:01:21.195", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 140725085208576, "type": "region", "version": 1 }, "end_va": 140725085249535, "entry_point": 140725085212688, "filename": "\\Windows\\System32\\cryptbase.dll", "id": "region_4765", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\system32\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 140725085208576, "timestamp": "00:01:21.197", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 385024, "start_va": 140725084815360, "type": "region", "version": 1 }, "end_va": 140725085200383, "entry_point": 140725084944032, "filename": "\\Windows\\System32\\bcryptprimitives.dll", "id": "region_4766", "name": "bcryptprimitives.dll", "norm_filename": "c:\\windows\\system32\\bcryptprimitives.dll", "region_type": "memory_mapped_file", "start_va": 140725084815360, "timestamp": "00:01:21.198", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 851968, "start_va": 20250624, "type": "region", "version": 1 }, "end_va": 21102591, "entry_point": 0, "filename": null, "id": "region_4767", "name": "private_0x0000000001350000", "norm_filename": null, "region_type": "private_memory", "start_va": 20250624, "timestamp": "00:01:21.201", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 176128, "start_va": 140725084618752, "type": "region", "version": 1 }, "end_va": 140725084794879, "entry_point": 140725084624016, "filename": "\\Windows\\System32\\sspicli.dll", "id": "region_4770", "name": "sspicli.dll", "norm_filename": "c:\\windows\\system32\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 140725084618752, "timestamp": "00:01:21.214", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 19595264, "type": "region", "version": 1 }, "end_va": 19599359, "entry_point": 0, "filename": null, "id": "region_4771", "name": "private_0x00000000012b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 19595264, "timestamp": "00:01:21.217", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 20250624, "type": "region", "version": 1 }, "end_va": 20254719, "entry_point": 0, "filename": null, "id": "region_4772", "name": "private_0x0000000001350000", "norm_filename": null, "region_type": "private_memory", "start_va": 20250624, "timestamp": "00:01:21.218", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 21037056, "type": "region", "version": 1 }, "end_va": 21102591, "entry_point": 0, "filename": null, "id": "region_4773", "name": "private_0x0000000001410000", "norm_filename": null, "region_type": "private_memory", "start_va": 21037056, "timestamp": "00:01:21.218", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 20250624, "type": "region", "version": 1 }, "end_va": 20512767, "entry_point": 0, "filename": null, "id": "region_4775", "name": "private_0x0000000001350000", "norm_filename": null, "region_type": "private_memory", "start_va": 20250624, "timestamp": "00:01:21.243", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140696297435136, "type": "region", "version": 1 }, "end_va": 140696297443327, "entry_point": 0, "filename": null, "id": "region_4776", "name": "private_0x00007ff668d47000", "norm_filename": null, "region_type": "private_memory", "start_va": 140696297435136, "timestamp": "00:01:21.243", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 360448, "start_va": 140725079375872, "type": "region", "version": 1 }, "end_va": 140725079736319, "entry_point": 140725079379984, "filename": "\\Windows\\System32\\mswsock.dll", "id": "region_4814", "name": "mswsock.dll", "norm_filename": "c:\\windows\\system32\\mswsock.dll", "region_type": "memory_mapped_file", "start_va": 140725079375872, "timestamp": "00:01:21.335", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 20512768, "type": "region", "version": 1 }, "end_va": 20774911, "entry_point": 0, "filename": null, "id": "region_10743", "name": "private_0x0000000001390000", "norm_filename": null, "region_type": "private_memory", "start_va": 20512768, "timestamp": "00:03:21.538", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2969600, "start_va": 21102592, "type": "region", "version": 1 }, "end_va": 24072191, "entry_point": 21102592, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_10744", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 21102592, "timestamp": "00:03:21.538", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140696297426944, "type": "region", "version": 1 }, "end_va": 140696297435135, "entry_point": 0, "filename": null, "id": "region_10745", "name": "private_0x00007ff668d45000", "norm_filename": null, "region_type": "private_memory", "start_va": 140696297426944, "timestamp": "00:03:21.539", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 167936, "start_va": 140725016985600, "type": "region", "version": 1 }, "end_va": 140725017153535, "entry_point": 140725017016680, "filename": "\\Windows\\System32\\IPHLPAPI.DLL", "id": "region_10746", "name": "iphlpapi.dll", "norm_filename": "c:\\windows\\system32\\iphlpapi.dll", "region_type": "memory_mapped_file", "start_va": 140725016985600, "timestamp": "00:03:21.542", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 140725016920064, "type": "region", "version": 1 }, "end_va": 140725016961023, "entry_point": 140725016924356, "filename": "\\Windows\\System32\\winnsi.dll", "id": "region_10747", "name": "winnsi.dll", "norm_filename": "c:\\windows\\system32\\winnsi.dll", "region_type": "memory_mapped_file", "start_va": 140725016920064, "timestamp": "00:03:21.556", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 36864, "start_va": 140724927594496, "type": "region", "version": 1 }, "end_va": 140724927631359, "entry_point": 140724927599236, "filename": "\\Windows\\System32\\rasadhlp.dll", "id": "region_10750", "name": "rasadhlp.dll", "norm_filename": "c:\\windows\\system32\\rasadhlp.dll", "region_type": "memory_mapped_file", "start_va": 140724927594496, "timestamp": "00:03:21.576", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 421888, "start_va": 140725008334848, "type": "region", "version": 1 }, "end_va": 140725008756735, "entry_point": 140725008342036, "filename": "\\Windows\\System32\\FWPUCLNT.DLL", "id": "region_10751", "name": "fwpuclnt.dll", "norm_filename": "c:\\windows\\system32\\fwpuclnt.dll", "region_type": "memory_mapped_file", "start_va": 140725008334848, "timestamp": "00:03:21.605", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1052672, "start_va": 140724899151872, "type": "region", "version": 1 }, "end_va": 140724900204543, "entry_point": 140724899151872, "filename": "\\Windows\\System32\\localspl.dll", "id": "region_10752", "name": "localspl.dll", "norm_filename": "c:\\windows\\system32\\localspl.dll", "region_type": "memory_mapped_file", "start_va": 140724899151872, "timestamp": "00:03:21.655", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 151552, "start_va": 140725073608704, "type": "region", "version": 1 }, "end_va": 140725073760255, "entry_point": 140725073612916, "filename": "\\Windows\\System32\\srvcli.dll", "id": "region_10753", "name": "srvcli.dll", "norm_filename": "c:\\windows\\system32\\srvcli.dll", "region_type": "memory_mapped_file", "start_va": 140725073608704, "timestamp": "00:03:21.711", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 675840, "start_va": 140725126299648, "type": "region", "version": 1 }, "end_va": 140725126975487, "entry_point": 140725126303760, "filename": "\\Windows\\System32\\advapi32.dll", "id": "region_10754", "name": "advapi32.dll", "norm_filename": "c:\\windows\\system32\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 140725126299648, "timestamp": "00:03:21.713", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 303104, "start_va": 140725090320384, "type": "region", "version": 1 }, "end_va": 140725090623487, "entry_point": 140725090325080, "filename": "\\Windows\\System32\\cfgmgr32.dll", "id": "region_10755", "name": "cfgmgr32.dll", "norm_filename": "c:\\windows\\system32\\cfgmgr32.dll", "region_type": "memory_mapped_file", "start_va": 140725090320384, "timestamp": "00:03:21.714", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 122880, "start_va": 140725079769088, "type": "region", "version": 1 }, "end_va": 140725079891967, "entry_point": 140725079773640, "filename": "\\Windows\\System32\\cryptsp.dll", "id": "region_10756", "name": "cryptsp.dll", "norm_filename": "c:\\windows\\system32\\cryptsp.dll", "region_type": "memory_mapped_file", "start_va": 140725079769088, "timestamp": "00:03:21.716", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 73728, "start_va": 140724905902080, "type": "region", "version": 1 }, "end_va": 140724905975807, "entry_point": 140724905902080, "filename": "\\Windows\\System32\\spoolss.dll", "id": "region_10757", "name": "spoolss.dll", "norm_filename": "c:\\windows\\system32\\spoolss.dll", "region_type": "memory_mapped_file", "start_va": 140724905902080, "timestamp": "00:03:21.803", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1925120, "start_va": 140725101789184, "type": "region", "version": 1 }, "end_va": 140725103714303, "entry_point": 140725101793472, "filename": "\\Windows\\System32\\setupapi.dll", "id": "region_10758", "name": "setupapi.dll", "norm_filename": "c:\\windows\\system32\\setupapi.dll", "region_type": "memory_mapped_file", "start_va": 140725101789184, "timestamp": "00:03:21.878", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 503808, "start_va": 140724965801984, "type": "region", "version": 1 }, "end_va": 140724966305791, "entry_point": 140724965807352, "filename": "\\Windows\\System32\\winspool.drv", "id": "region_10759", "name": "winspool.drv", "norm_filename": "c:\\windows\\system32\\winspool.drv", "region_type": "memory_mapped_file", "start_va": 140724965801984, "timestamp": "00:03:21.898", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 24117248, "type": "region", "version": 1 }, "end_va": 25165823, "entry_point": 0, "filename": null, "id": "region_10760", "name": "private_0x0000000001700000", "norm_filename": null, "region_type": "private_memory", "start_va": 24117248, "timestamp": "00:03:22.004", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 25165824, "type": "region", "version": 1 }, "end_va": 26214399, "entry_point": 0, "filename": null, "id": "region_10761", "name": "private_0x0000000001800000", "norm_filename": null, "region_type": "private_memory", "start_va": 25165824, "timestamp": "00:03:22.086", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 73728, "start_va": 140724905771008, "type": "region", "version": 1 }, "end_va": 140724905844735, "entry_point": 140724905771008, "filename": "\\Windows\\System32\\PrintIsolationProxy.dll", "id": "region_10762", "name": "printisolationproxy.dll", "norm_filename": "c:\\windows\\system32\\printisolationproxy.dll", "region_type": "memory_mapped_file", "start_va": 140724905771008, "timestamp": "00:03:22.121", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 61440, "start_va": 140724905705472, "type": "region", "version": 1 }, "end_va": 140724905766911, "entry_point": 140724905705472, "filename": "\\Windows\\System32\\FXSMON.dll", "id": "region_10763", "name": "fxsmon.dll", "norm_filename": "c:\\windows\\system32\\fxsmon.dll", "region_type": "memory_mapped_file", "start_va": 140724905705472, "timestamp": "00:03:22.173", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 221184, "start_va": 140724898889728, "type": "region", "version": 1 }, "end_va": 140724899110911, "entry_point": 140724898889728, "filename": "\\Windows\\System32\\tcpmon.dll", "id": "region_10764", "name": "tcpmon.dll", "norm_filename": "c:\\windows\\system32\\tcpmon.dll", "region_type": "memory_mapped_file", "start_va": 140724898889728, "timestamp": "00:03:22.239", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 140724898824192, "type": "region", "version": 1 }, "end_va": 140724898873343, "entry_point": 140724898824192, "filename": "\\Windows\\System32\\snmpapi.dll", "id": "region_10765", "name": "snmpapi.dll", "norm_filename": "c:\\windows\\system32\\snmpapi.dll", "region_type": "memory_mapped_file", "start_va": 140724898824192, "timestamp": "00:03:22.291", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 77824, "start_va": 140724898693120, "type": "region", "version": 1 }, "end_va": 140724898770943, "entry_point": 140724898693120, "filename": "\\Windows\\System32\\wsnmp32.dll", "id": "region_10766", "name": "wsnmp32.dll", "norm_filename": "c:\\windows\\system32\\wsnmp32.dll", "region_type": "memory_mapped_file", "start_va": 140724898693120, "timestamp": "00:03:22.391", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 299008, "start_va": 140724898365440, "type": "region", "version": 1 }, "end_va": 140724898664447, "entry_point": 140724898365440, "filename": "\\Windows\\System32\\usbmon.dll", "id": "region_10767", "name": "usbmon.dll", "norm_filename": "c:\\windows\\system32\\usbmon.dll", "region_type": "memory_mapped_file", "start_va": 140724898365440, "timestamp": "00:03:23.182", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 749568, "start_va": 140725101002752, "type": "region", "version": 1 }, "end_va": 140725101752319, "entry_point": 140725101007136, "filename": "\\Windows\\System32\\oleaut32.dll", "id": "region_10768", "name": "oleaut32.dll", "norm_filename": "c:\\windows\\system32\\oleaut32.dll", "region_type": "memory_mapped_file", "start_va": 140725101002752, "timestamp": "00:03:23.199", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1536000, "start_va": 26214400, "type": "region", "version": 1 }, "end_va": 27750399, "entry_point": 26218676, "filename": "\\Windows\\System32\\ole32.dll", "id": "region_10769", "name": "ole32.dll", "norm_filename": "c:\\windows\\system32\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 26214400, "timestamp": "00:03:23.263", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 155648, "start_va": 140725068103680, "type": "region", "version": 1 }, "end_va": 140725068259327, "entry_point": 140725068109212, "filename": "\\Windows\\System32\\devobj.dll", "id": "region_10770", "name": "devobj.dll", "norm_filename": "c:\\windows\\system32\\devobj.dll", "region_type": "memory_mapped_file", "start_va": 140725068103680, "timestamp": "00:03:23.274", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 319488, "start_va": 140725089992704, "type": "region", "version": 1 }, "end_va": 140725090312191, "entry_point": 140725089997432, "filename": "\\Windows\\System32\\wintrust.dll", "id": "region_10771", "name": "wintrust.dll", "norm_filename": "c:\\windows\\system32\\wintrust.dll", "region_type": "memory_mapped_file", "start_va": 140725089992704, "timestamp": "00:03:23.319", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1929216, "start_va": 140725088026624, "type": "region", "version": 1 }, "end_va": 140725089955839, "entry_point": 140725088030884, "filename": "\\Windows\\System32\\crypt32.dll", "id": "region_10772", "name": "crypt32.dll", "norm_filename": "c:\\windows\\system32\\crypt32.dll", "region_type": "memory_mapped_file", "start_va": 140725088026624, "timestamp": "00:03:23.325", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 73728, "start_va": 140725087174656, "type": "region", "version": 1 }, "end_va": 140725087248383, "entry_point": 140725087178996, "filename": "\\Windows\\System32\\msasn1.dll", "id": "region_10773", "name": "msasn1.dll", "norm_filename": "c:\\windows\\system32\\msasn1.dll", "region_type": "memory_mapped_file", "start_va": 140725087174656, "timestamp": "00:03:23.327", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 311296, "start_va": 140724898037760, "type": "region", "version": 1 }, "end_va": 140724898349055, "entry_point": 140724898037760, "filename": "\\Windows\\System32\\WSDMon.dll", "id": "region_10774", "name": "wsdmon.dll", "norm_filename": "c:\\windows\\system32\\wsdmon.dll", "region_type": "memory_mapped_file", "start_va": 140724898037760, "timestamp": "00:03:23.390", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 634880, "start_va": 140724895940608, "type": "region", "version": 1 }, "end_va": 140724896575487, "entry_point": 140724895940608, "filename": "\\Windows\\System32\\WSDApi.dll", "id": "region_10775", "name": "wsdapi.dll", "norm_filename": "c:\\windows\\system32\\wsdapi.dll", "region_type": "memory_mapped_file", "start_va": 140724895940608, "timestamp": "00:03:23.446", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1458176, "start_va": 140724894433280, "type": "region", "version": 1 }, "end_va": 140724895891455, "entry_point": 140724894433280, "filename": "\\Windows\\System32\\webservices.dll", "id": "region_10776", "name": "webservices.dll", "norm_filename": "c:\\windows\\system32\\webservices.dll", "region_type": "memory_mapped_file", "start_va": 140724894433280, "timestamp": "00:03:23.504", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 745472, "start_va": 140725068824576, "type": "region", "version": 1 }, "end_va": 140725069570047, "entry_point": 140725068901472, "filename": "\\Windows\\System32\\FirewallAPI.dll", "id": "region_10777", "name": "firewallapi.dll", "norm_filename": "c:\\windows\\system32\\firewallapi.dll", "region_type": "memory_mapped_file", "start_va": 140725068824576, "timestamp": "00:03:23.586", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 20250624, "type": "region", "version": 1 }, "end_va": 20254719, "entry_point": 0, "filename": null, "id": "region_10778", "name": "pagefile_0x0000000001350000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 20250624, "timestamp": "00:03:23.699", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 671744, "start_va": 140725095825408, "type": "region", "version": 1 }, "end_va": 140725096497151, "entry_point": 140725095829872, "filename": "\\Windows\\System32\\clbcatq.dll", "id": "region_10779", "name": "clbcatq.dll", "norm_filename": "c:\\windows\\system32\\clbcatq.dll", "region_type": "memory_mapped_file", "start_va": 140725095825408, "timestamp": "00:03:23.701", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 20316160, "type": "region", "version": 1 }, "end_va": 20320255, "entry_point": 0, "filename": null, "id": "region_10780", "name": "pagefile_0x0000000001360000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 20316160, "timestamp": "00:03:23.713", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 163840, "start_va": 140724897841152, "type": "region", "version": 1 }, "end_va": 140724898004991, "entry_point": 140724897841152, "filename": "\\Windows\\System32\\fundisc.dll", "id": "region_10781", "name": "fundisc.dll", "norm_filename": "c:\\windows\\system32\\fundisc.dll", "region_type": "memory_mapped_file", "start_va": 140724897841152, "timestamp": "00:03:23.767", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 20774912, "type": "region", "version": 1 }, "end_va": 21037055, "entry_point": 0, "filename": null, "id": "region_10782", "name": "private_0x00000000013d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 20774912, "timestamp": "00:03:23.806", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 229376, "start_va": 140725031206912, "type": "region", "version": 1 }, "end_va": 140725031436287, "entry_point": 140725031211060, "filename": "\\Windows\\System32\\xmllite.dll", "id": "region_10784", "name": "xmllite.dll", "norm_filename": "c:\\windows\\system32\\xmllite.dll", "region_type": "memory_mapped_file", "start_va": 140725031206912, "timestamp": "00:03:23.807", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 69632, "start_va": 140724897710080, "type": "region", "version": 1 }, "end_va": 140724897779711, "entry_point": 140724897710080, "filename": "\\Windows\\System32\\fdPnp.dll", "id": "region_10785", "name": "fdpnp.dll", "norm_filename": "c:\\windows\\system32\\fdpnp.dll", "region_type": "memory_mapped_file", "start_va": 140724897710080, "timestamp": "00:03:23.857", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 110592, "start_va": 140725025767424, "type": "region", "version": 1 }, "end_va": 140725025878015, "entry_point": 140725025772696, "filename": "\\Windows\\System32\\atl.dll", "id": "region_10786", "name": "atl.dll", "norm_filename": "c:\\windows\\system32\\atl.dll", "region_type": "memory_mapped_file", "start_va": 140725025767424, "timestamp": "00:03:23.907", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 26214400, "type": "region", "version": 1 }, "end_va": 26476543, "entry_point": 0, "filename": null, "id": "region_10787", "name": "private_0x0000000001900000", "norm_filename": null, "region_type": "private_memory", "start_va": 26214400, "timestamp": "00:03:24.016", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 26476544, "type": "region", "version": 1 }, "end_va": 26738687, "entry_point": 0, "filename": null, "id": "region_10788", "name": "private_0x0000000001940000", "norm_filename": null, "region_type": "private_memory", "start_va": 26476544, "timestamp": "00:03:24.016", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140696296218624, "type": "region", "version": 1 }, "end_va": 140696296226815, "entry_point": 0, "filename": null, "id": "region_10789", "name": "private_0x00007ff668c1e000", "norm_filename": null, "region_type": "private_memory", "start_va": 140696296218624, "timestamp": "00:03:24.016", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140696297418752, "type": "region", "version": 1 }, "end_va": 140696297426943, "entry_point": 0, "filename": null, "id": "region_10790", "name": "private_0x00007ff668d43000", "norm_filename": null, "region_type": "private_memory", "start_va": 140696297418752, "timestamp": "00:03:24.016", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 757760, "start_va": 140724893646848, "type": "region", "version": 1 }, "end_va": 140724894404607, "entry_point": 140724893646848, "filename": "\\Windows\\System32\\drvstore.dll", "id": "region_10791", "name": "drvstore.dll", "norm_filename": "c:\\windows\\system32\\drvstore.dll", "region_type": "memory_mapped_file", "start_va": 140724893646848, "timestamp": "00:03:24.016", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 28672, "start_va": 20381696, "type": "region", "version": 1 }, "end_va": 20410367, "entry_point": 0, "filename": null, "id": "region_10792", "name": "private_0x0000000001370000", "norm_filename": null, "region_type": "private_memory", "start_va": 20381696, "timestamp": "00:03:24.567", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 57344, "start_va": 140724897644544, "type": "region", "version": 1 }, "end_va": 140724897701887, "entry_point": 140724897644544, "filename": "\\Windows\\System32\\spool\\prtprocs\\x64\\winprint.dll", "id": "region_10793", "name": "winprint.dll", "norm_filename": "c:\\windows\\system32\\spool\\prtprocs\\x64\\winprint.dll", "region_type": "memory_mapped_file", "start_va": 140724897644544, "timestamp": "00:03:24.636", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 126976, "start_va": 140725076557824, "type": "region", "version": 1 }, "end_va": 140725076684799, "entry_point": 140725076562672, "filename": "\\Windows\\System32\\userenv.dll", "id": "region_10794", "name": "userenv.dll", "norm_filename": "c:\\windows\\system32\\userenv.dll", "region_type": "memory_mapped_file", "start_va": 140725076557824, "timestamp": "00:03:24.673", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 81920, "start_va": 140725086453760, "type": "region", "version": 1 }, "end_va": 140725086535679, "entry_point": 140725086468812, "filename": "\\Windows\\System32\\profapi.dll", "id": "region_10795", "name": "profapi.dll", "norm_filename": "c:\\windows\\system32\\profapi.dll", "region_type": "memory_mapped_file", "start_va": 140725086453760, "timestamp": "00:03:24.674", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 143360, "start_va": 140725071773696, "type": "region", "version": 1 }, "end_va": 140725071917055, "entry_point": 140725071777952, "filename": "\\Windows\\System32\\gpapi.dll", "id": "region_10796", "name": "gpapi.dll", "norm_filename": "c:\\windows\\system32\\gpapi.dll", "region_type": "memory_mapped_file", "start_va": 140725071773696, "timestamp": "00:03:24.680", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 26738688, "type": "region", "version": 1 }, "end_va": 27000831, "entry_point": 0, "filename": null, "id": "region_10797", "name": "private_0x0000000001980000", "norm_filename": null, "region_type": "private_memory", "start_va": 26738688, "timestamp": "00:03:24.682", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140696296210432, "type": "region", "version": 1 }, "end_va": 140696296218623, "entry_point": 0, "filename": null, "id": "region_10798", "name": "private_0x00007ff668c1c000", "norm_filename": null, "region_type": "private_memory", "start_va": 140696296210432, "timestamp": "00:03:24.682", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 140724958855168, "type": "region", "version": 1 }, "end_va": 140724958896127, "entry_point": 140724958859456, "filename": "\\Windows\\System32\\version.dll", "id": "region_10799", "name": "version.dll", "norm_filename": "c:\\windows\\system32\\version.dll", "region_type": "memory_mapped_file", "start_va": 140724958855168, "timestamp": "00:03:24.682", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 36864, "start_va": 140725025570816, "type": "region", "version": 1 }, "end_va": 140725025607679, "entry_point": 140725025574956, "filename": "\\Windows\\System32\\dsrole.dll", "id": "region_10800", "name": "dsrole.dll", "norm_filename": "c:\\windows\\system32\\dsrole.dll", "region_type": "memory_mapped_file", "start_va": 140725025570816, "timestamp": "00:03:24.690", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 27000832, "type": "region", "version": 1 }, "end_va": 27262975, "entry_point": 0, "filename": null, "id": "region_10801", "name": "private_0x00000000019c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 27000832, "timestamp": "00:03:24.717", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 27262976, "type": "region", "version": 1 }, "end_va": 27525119, "entry_point": 0, "filename": null, "id": "region_10802", "name": "private_0x0000000001a00000", "norm_filename": null, "region_type": "private_memory", "start_va": 27262976, "timestamp": "00:03:24.717", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 27525120, "type": "region", "version": 1 }, "end_va": 27787263, "entry_point": 0, "filename": null, "id": "region_10803", "name": "private_0x0000000001a40000", "norm_filename": null, "region_type": "private_memory", "start_va": 27525120, "timestamp": "00:03:24.717", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1052672, "start_va": 27787264, "type": "region", "version": 1 }, "end_va": 28839935, "entry_point": 0, "filename": null, "id": "region_10804", "name": "private_0x0000000001a80000", "norm_filename": null, "region_type": "private_memory", "start_va": 27787264, "timestamp": "00:03:24.717", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140696296185856, "type": "region", "version": 1 }, "end_va": 140696296194047, "entry_point": 0, "filename": null, "id": "region_10805", "name": "private_0x00007ff668c16000", "norm_filename": null, "region_type": "private_memory", "start_va": 140696296185856, "timestamp": "00:03:24.717", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140696296194048, "type": "region", "version": 1 }, "end_va": 140696296202239, "entry_point": 0, "filename": null, "id": "region_10806", "name": "private_0x00007ff668c18000", "norm_filename": null, "region_type": "private_memory", "start_va": 140696296194048, "timestamp": "00:03:24.717", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140696296202240, "type": "region", "version": 1 }, "end_va": 140696296210431, "entry_point": 0, "filename": null, "id": "region_10807", "name": "private_0x00007ff668c1a000", "norm_filename": null, "region_type": "private_memory", "start_va": 140696296202240, "timestamp": "00:03:24.717", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 81920, "start_va": 140724892663808, "type": "region", "version": 1 }, "end_va": 140724892745727, "entry_point": 140724892663808, "filename": "\\Windows\\System32\\devrtl.dll", "id": "region_10808", "name": "devrtl.dll", "norm_filename": "c:\\windows\\system32\\devrtl.dll", "region_type": "memory_mapped_file", "start_va": 140724892663808, "timestamp": "00:03:24.752", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 118784, "start_va": 140725073477632, "type": "region", "version": 1 }, "end_va": 140725073596415, "entry_point": 140725073488620, "filename": "\\Windows\\System32\\SPInf.dll", "id": "region_10809", "name": "spinf.dll", "norm_filename": "c:\\windows\\system32\\spinf.dll", "region_type": "memory_mapped_file", "start_va": 140725073477632, "timestamp": "00:03:24.777", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 823296, "start_va": 140724892794880, "type": "region", "version": 1 }, "end_va": 140724893618175, "entry_point": 140724892794880, "filename": "\\Windows\\System32\\win32spl.dll", "id": "region_10810", "name": "win32spl.dll", "norm_filename": "c:\\windows\\system32\\win32spl.dll", "region_type": "memory_mapped_file", "start_va": 140724892794880, "timestamp": "00:03:24.781", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 20447232, "type": "region", "version": 1 }, "end_va": 20451327, "entry_point": 20447232, "filename": "\\Windows\\Inf\\c_printer.inf", "id": "region_10811", "name": "c_printer.inf", "norm_filename": "c:\\windows\\inf\\c_printer.inf", "region_type": "memory_mapped_file", "start_va": 20447232, "timestamp": "00:03:24.884", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 27787264, "type": "region", "version": 1 }, "end_va": 28049407, "entry_point": 0, "filename": null, "id": "region_10812", "name": "private_0x0000000001a80000", "norm_filename": null, "region_type": "private_memory", "start_va": 27787264, "timestamp": "00:03:24.905", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140696296177664, "type": "region", "version": 1 }, "end_va": 140696296185855, "entry_point": 0, "filename": null, "id": "region_10813", "name": "private_0x00007ff668c14000", "norm_filename": null, "region_type": "private_memory", "start_va": 140696296177664, "timestamp": "00:03:24.905", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 180224, "start_va": 140724892467200, "type": "region", "version": 1 }, "end_va": 140724892647423, "entry_point": 140724892467200, "filename": "\\Windows\\System32\\inetpp.dll", "id": "region_10814", "name": "inetpp.dll", "norm_filename": "c:\\windows\\system32\\inetpp.dll", "region_type": "memory_mapped_file", "start_va": 140724892467200, "timestamp": "00:03:24.917", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 28049408, "type": "region", "version": 1 }, "end_va": 28311551, "entry_point": 0, "filename": null, "id": "region_10815", "name": "private_0x0000000001ac0000", "norm_filename": null, "region_type": "private_memory", "start_va": 28049408, "timestamp": "00:03:24.960", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140696296169472, "type": "region", "version": 1 }, "end_va": 140696296177663, "entry_point": 0, "filename": null, "id": "region_10816", "name": "private_0x00007ff668c12000", "norm_filename": null, "region_type": "private_memory", "start_va": 140696296169472, "timestamp": "00:03:24.960", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 20447232, "type": "region", "version": 1 }, "end_va": 20455423, "entry_point": 20447232, "filename": "\\Windows\\System32\\tzres.dll", "id": "region_10817", "name": "tzres.dll", "norm_filename": "c:\\windows\\system32\\tzres.dll", "region_type": "memory_mapped_file", "start_va": 20447232, "timestamp": "00:03:24.973", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 28311552, "type": "region", "version": 1 }, "end_va": 28573695, "entry_point": 0, "filename": null, "id": "region_10818", "name": "private_0x0000000001b00000", "norm_filename": null, "region_type": "private_memory", "start_va": 28311552, "timestamp": "00:03:24.984", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 32768, "start_va": 28573696, "type": "region", "version": 1 }, "end_va": 28606463, "entry_point": 28573696, "filename": "\\Windows\\System32\\en-US\\tzres.dll.mui", "id": "region_10819", "name": "tzres.dll.mui", "norm_filename": "c:\\windows\\system32\\en-us\\tzres.dll.mui", "region_type": "memory_mapped_file", "start_va": 28573696, "timestamp": "00:03:24.984", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140696296161280, "type": "region", "version": 1 }, "end_va": 140696296169471, "entry_point": 0, "filename": null, "id": "region_10820", "name": "private_0x00007ff668c10000", "norm_filename": null, "region_type": "private_memory", "start_va": 140696296161280, "timestamp": "00:03:25.005", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 217088, "start_va": 140725075443712, "type": "region", "version": 1 }, "end_va": 140725075660799, "entry_point": 140725075448792, "filename": "\\Windows\\System32\\rsaenh.dll", "id": "region_10823", "name": "rsaenh.dll", "norm_filename": "c:\\windows\\system32\\rsaenh.dll", "region_type": "memory_mapped_file", "start_va": 140725075443712, "timestamp": "00:03:25.017", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 155648, "start_va": 140725082062848, "type": "region", "version": 1 }, "end_va": 140725082218495, "entry_point": 140725082086248, "filename": "\\Windows\\System32\\bcrypt.dll", "id": "region_10824", "name": "bcrypt.dll", "norm_filename": "c:\\windows\\system32\\bcrypt.dll", "region_type": "memory_mapped_file", "start_va": 140725082062848, "timestamp": "00:03:25.018", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 356352, "start_va": 140725078982656, "type": "region", "version": 1 }, "end_va": 140725079339007, "entry_point": 140725078989424, "filename": "\\Windows\\System32\\winsta.dll", "id": "region_10825", "name": "winsta.dll", "norm_filename": "c:\\windows\\system32\\winsta.dll", "region_type": "memory_mapped_file", "start_va": 140725078982656, "timestamp": "00:03:25.021", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 65536, "start_va": 140724958658560, "type": "region", "version": 1 }, "end_va": 140724958724095, "entry_point": 140724958662816, "filename": "\\Windows\\System32\\cscapi.dll", "id": "region_10828", "name": "cscapi.dll", "norm_filename": "c:\\windows\\system32\\cscapi.dll", "region_type": "memory_mapped_file", "start_va": 140724958658560, "timestamp": "00:03:25.048", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 20447232, "type": "region", "version": 1 }, "end_va": 20451327, "entry_point": 0, "filename": null, "id": "region_10829", "name": "private_0x0000000001380000", "norm_filename": null, "region_type": "private_memory", "start_va": 20447232, "timestamp": "00:03:25.063", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 140725072494592, "type": "region", "version": 1 }, "end_va": 140725072543743, "entry_point": 140725072499804, "filename": "\\Windows\\System32\\netutils.dll", "id": "region_10830", "name": "netutils.dll", "norm_filename": "c:\\windows\\system32\\netutils.dll", "region_type": "memory_mapped_file", "start_va": 140725072494592, "timestamp": "00:03:25.160", "type": "region", "version": 1 } ], "terminate_reason": "timeout", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "C:\\Windows\\system32\\userinit.exe", "filename": "c:\\windows\\system32\\userinit.exe", "id": "proc_52", "image_name": "userinit.exe", "monitor_reason": "child_process", "monitored_id": 52, "origin_monitor_id": 38, "ref_parent_process": { "ref_id": "proc_38", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable" ], "ref_process_dump": null, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_4656", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:01:20.945", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 131072, "start_va": 40133984256, "type": "region", "version": 1 }, "end_va": 40134115327, "entry_point": 0, "filename": null, "id": "region_4657", "name": "private_0x00000009582c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 40133984256, "timestamp": "00:01:20.945", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 61440, "start_va": 40134115328, "type": "region", "version": 1 }, "end_va": 40134176767, "entry_point": 0, "filename": null, "id": "region_4658", "name": "pagefile_0x00000009582e0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 40134115328, "timestamp": "00:01:20.945", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 40134180864, "type": "region", "version": 1 }, "end_va": 40134705151, "entry_point": 0, "filename": null, "id": "region_4659", "name": "private_0x00000009582f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 40134180864, "timestamp": "00:01:20.945", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 40134705152, "type": "region", "version": 1 }, "end_va": 40134721535, "entry_point": 0, "filename": null, "id": "region_4660", "name": "pagefile_0x0000000958370000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 40134705152, "timestamp": "00:01:20.945", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 140701126098944, "type": "region", "version": 1 }, "end_va": 140701126242303, "entry_point": 0, "filename": null, "id": "region_4661", "name": "pagefile_0x00007ff788a40000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 140701126098944, "timestamp": "00:01:20.945", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 140701126270976, "type": "region", "version": 1 }, "end_va": 140701126275071, "entry_point": 0, "filename": null, "id": "region_4662", "name": "private_0x00007ff788a6a000", "norm_filename": null, "region_type": "private_memory", "start_va": 140701126270976, "timestamp": "00:01:20.945", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140701126287360, "type": "region", "version": 1 }, "end_va": 140701126295551, "entry_point": 0, "filename": null, "id": "region_4663", "name": "private_0x00007ff788a6e000", "norm_filename": null, "region_type": "private_memory", "start_va": 140701126287360, "timestamp": "00:01:20.945", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 140701130686464, "type": "region", "version": 1 }, "end_va": 140701130727423, "entry_point": 140701130686464, "filename": "\\Windows\\System32\\userinit.exe", "id": "region_4664", "name": "userinit.exe", "norm_filename": "c:\\windows\\system32\\userinit.exe", "region_type": "memory_mapped_file", "start_va": 140701130686464, "timestamp": "00:01:20.945", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 140725133115392, "type": "region", "version": 1 }, "end_va": 140725134856191, "entry_point": 140725133115392, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_4665", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 140725133115392, "timestamp": "00:01:20.952", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 40134770688, "type": "region", "version": 1 }, "end_va": 40134774783, "entry_point": 0, "filename": null, "id": "region_4667", "name": "pagefile_0x0000000958380000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 40134770688, "timestamp": "00:01:20.953", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 40134836224, "type": "region", "version": 1 }, "end_va": 40134844415, "entry_point": 0, "filename": null, "id": "region_4668", "name": "private_0x0000000958390000", "norm_filename": null, "region_type": "private_memory", "start_va": 40134836224, "timestamp": "00:01:20.953", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 40135491584, "type": "region", "version": 1 }, "end_va": 40136540159, "entry_point": 0, "filename": null, "id": "region_4670", "name": "private_0x0000000958430000", "norm_filename": null, "region_type": "private_memory", "start_va": 40135491584, "timestamp": "00:01:20.980", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1105920, "start_va": 140725090648064, "type": "region", "version": 1 }, "end_va": 140725091753983, "entry_point": 140725090656928, "filename": "\\Windows\\System32\\KernelBase.dll", "id": "region_4671", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\system32\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 140725090648064, "timestamp": "00:01:20.980", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1282048, "start_va": 140725124988928, "type": "region", "version": 1 }, "end_va": 140725126270975, "entry_point": 140725125009460, "filename": "\\Windows\\System32\\kernel32.dll", "id": "region_4672", "name": "kernel32.dll", "norm_filename": "c:\\windows\\system32\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 140725124988928, "timestamp": "00:01:20.981", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 40133984256, "type": "region", "version": 1 }, "end_va": 40134049791, "entry_point": 0, "filename": null, "id": "region_4673", "name": "pagefile_0x00000009582c0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 40133984256, "timestamp": "00:01:20.982", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 140701125050368, "type": "region", "version": 1 }, "end_va": 140701126098943, "entry_point": 0, "filename": null, "id": "region_4674", "name": "pagefile_0x00007ff788940000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 140701125050368, "timestamp": "00:01:20.982", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 516096, "start_va": 40134901760, "type": "region", "version": 1 }, "end_va": 40135417855, "entry_point": 40134901760, "filename": "\\Windows\\System32\\locale.nls", "id": "region_4675", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 40134901760, "timestamp": "00:01:20.983", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 684032, "start_va": 140725098577920, "type": "region", "version": 1 }, "end_va": 140725099261951, "entry_point": 140725098588204, "filename": "\\Windows\\System32\\msvcrt.dll", "id": "region_4676", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\system32\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 140725098577920, "timestamp": "00:01:20.986", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1900544, "start_va": 40136540160, "type": "region", "version": 1 }, "end_va": 40138440703, "entry_point": 0, "filename": null, "id": "region_4677", "name": "private_0x0000000958530000", "norm_filename": null, "region_type": "private_memory", "start_va": 40136540160, "timestamp": "00:01:20.988", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 28672, "start_va": 40134049792, "type": "region", "version": 1 }, "end_va": 40134078463, "entry_point": 0, "filename": null, "id": "region_4678", "name": "private_0x00000009582d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 40134049792, "timestamp": "00:01:20.989", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 36864, "start_va": 140724998766592, "type": "region", "version": 1 }, "end_va": 140724998803455, "entry_point": 140724998766592, "filename": "\\Windows\\System32\\userinitext.dll", "id": "region_4683", "name": "userinitext.dll", "norm_filename": "c:\\windows\\system32\\userinitext.dll", "region_type": "memory_mapped_file", "start_va": 140724998766592, "timestamp": "00:01:20.993", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 126976, "start_va": 140725076557824, "type": "region", "version": 1 }, "end_va": 140725076684799, "entry_point": 140725076562672, "filename": "\\Windows\\System32\\userenv.dll", "id": "region_4684", "name": "userenv.dll", "norm_filename": "c:\\windows\\system32\\userenv.dll", "region_type": "memory_mapped_file", "start_va": 140725076557824, "timestamp": "00:01:21.006", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1511424, "start_va": 140725093466112, "type": "region", "version": 1 }, "end_va": 140725094977535, "entry_point": 140725093620416, "filename": "\\Windows\\System32\\user32.dll", "id": "region_4685", "name": "user32.dll", "norm_filename": "c:\\windows\\system32\\user32.dll", "region_type": "memory_mapped_file", "start_va": 140725093466112, "timestamp": "00:01:21.007", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1269760, "start_va": 140725127806976, "type": "region", "version": 1 }, "end_va": 140725129076735, "entry_point": 140725127811408, "filename": "\\Windows\\System32\\rpcrt4.dll", "id": "region_4686", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\system32\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 140725127806976, "timestamp": "00:01:21.008", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 28672, "start_va": 40135426048, "type": "region", "version": 1 }, "end_va": 40135454719, "entry_point": 0, "filename": null, "id": "region_4687", "name": "private_0x0000000958420000", "norm_filename": null, "region_type": "private_memory", "start_va": 40135426048, "timestamp": "00:01:21.009", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 81920, "start_va": 140725086453760, "type": "region", "version": 1 }, "end_va": 140725086535679, "entry_point": 140725086468812, "filename": "\\Windows\\System32\\profapi.dll", "id": "region_4688", "name": "profapi.dll", "norm_filename": "c:\\windows\\system32\\profapi.dll", "region_type": "memory_mapped_file", "start_va": 140725086453760, "timestamp": "00:01:21.009", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1331200, "start_va": 140725129773056, "type": "region", "version": 1 }, "end_va": 140725131104255, "entry_point": 140725129845848, "filename": "\\Windows\\System32\\gdi32.dll", "id": "region_4689", "name": "gdi32.dll", "norm_filename": "c:\\windows\\system32\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 140725129773056, "timestamp": "00:01:21.012", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 40136540160, "type": "region", "version": 1 }, "end_va": 40138145791, "entry_point": 0, "filename": null, "id": "region_4717", "name": "pagefile_0x0000000958530000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 40136540160, "timestamp": "00:01:21.060", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 40138375168, "type": "region", "version": 1 }, "end_va": 40138440703, "entry_point": 0, "filename": null, "id": "region_4718", "name": "private_0x00000009586f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 40138375168, "timestamp": "00:01:21.060", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 212992, "start_va": 40138440704, "type": "region", "version": 1 }, "end_va": 40138653695, "entry_point": 40138444848, "filename": "\\Windows\\System32\\imm32.dll", "id": "region_4719", "name": "imm32.dll", "norm_filename": "c:\\windows\\system32\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 40138440704, "timestamp": "00:01:21.060", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 212992, "start_va": 140725095563264, "type": "region", "version": 1 }, "end_va": 140725095776255, "entry_point": 140725095567408, "filename": "\\Windows\\System32\\imm32.dll", "id": "region_4720", "name": "imm32.dll", "norm_filename": "c:\\windows\\system32\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 140725095563264, "timestamp": "00:01:21.061", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1277952, "start_va": 140725091762176, "type": "region", "version": 1 }, "end_va": 140725093040127, "entry_point": 140725091766288, "filename": "\\Windows\\System32\\msctf.dll", "id": "region_4721", "name": "msctf.dll", "norm_filename": "c:\\windows\\system32\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 140725091762176, "timestamp": "00:01:21.063", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 40138440704, "type": "region", "version": 1 }, "end_va": 40140017663, "entry_point": 0, "filename": null, "id": "region_4722", "name": "pagefile_0x0000000958700000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 40138440704, "timestamp": "00:01:21.065", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20971520, "start_va": 40140079104, "type": "region", "version": 1 }, "end_va": 40161050623, "entry_point": 0, "filename": null, "id": "region_4723", "name": "pagefile_0x0000000958890000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 40140079104, "timestamp": "00:01:21.065", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 12288, "start_va": 40138178560, "type": "region", "version": 1 }, "end_va": 40138190847, "entry_point": 0, "filename": null, "id": "region_4724", "name": "pagefile_0x00000009586c0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 40138178560, "timestamp": "00:01:21.069", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 40138244096, "type": "region", "version": 1 }, "end_va": 40138248191, "entry_point": 0, "filename": null, "id": "region_4725", "name": "pagefile_0x00000009586d0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 40138244096, "timestamp": "00:01:21.069", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 40138309632, "type": "region", "version": 1 }, "end_va": 40138313727, "entry_point": 0, "filename": null, "id": "region_4726", "name": "private_0x00000009586e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 40138309632, "timestamp": "00:01:21.069", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4169728, "start_va": 40161050624, "type": "region", "version": 1 }, "end_va": 40165220351, "entry_point": 0, "filename": null, "id": "region_4727", "name": "pagefile_0x0000000959c90000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 40161050624, "timestamp": "00:01:21.069", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 40165244928, "type": "region", "version": 1 }, "end_va": 40165249023, "entry_point": 0, "filename": null, "id": "region_4728", "name": "private_0x000000095a090000", "norm_filename": null, "region_type": "private_memory", "start_va": 40165244928, "timestamp": "00:01:21.069", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1187840, "start_va": 140725066858496, "type": "region", "version": 1 }, "end_va": 140725068046335, "entry_point": 140725066904644, "filename": "\\Windows\\System32\\uxtheme.dll", "id": "region_4729", "name": "uxtheme.dll", "norm_filename": "c:\\windows\\system32\\uxtheme.dll", "region_type": "memory_mapped_file", "start_va": 140725066858496, "timestamp": "00:01:21.069", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1929216, "start_va": 140725131149312, "type": "region", "version": 1 }, "end_va": 140725133078527, "entry_point": 140725131157344, "filename": "\\Windows\\System32\\combase.dll", "id": "region_4730", "name": "combase.dll", "norm_filename": "c:\\windows\\system32\\combase.dll", "region_type": "memory_mapped_file", "start_va": 140725131149312, "timestamp": "00:01:21.070", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1114112, "start_va": 40165310464, "type": "region", "version": 1 }, "end_va": 40166424575, "entry_point": 0, "filename": null, "id": "region_4731", "name": "private_0x000000095a0a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 40165310464, "timestamp": "00:01:21.073", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 40165310464, "type": "region", "version": 1 }, "end_va": 40165314559, "entry_point": 0, "filename": null, "id": "region_4734", "name": "pagefile_0x000000095a0a0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 40165310464, "timestamp": "00:01:21.100", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 40166359040, "type": "region", "version": 1 }, "end_va": 40166424575, "entry_point": 0, "filename": null, "id": "region_4735", "name": "private_0x000000095a1a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 40166359040, "timestamp": "00:01:21.100", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 983040, "start_va": 40165310464, "type": "region", "version": 1 }, "end_va": 40166293503, "entry_point": 0, "filename": null, "id": "region_4736", "name": "pagefile_0x000000095a0a0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 40165310464, "timestamp": "00:01:21.101", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 40166293504, "type": "region", "version": 1 }, "end_va": 40166309887, "entry_point": 0, "filename": null, "id": "region_4737", "name": "pagefile_0x000000095a190000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 40166293504, "timestamp": "00:01:21.101", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 28672, "start_va": 40166424576, "type": "region", "version": 1 }, "end_va": 40166453247, "entry_point": 0, "filename": null, "id": "region_4738", "name": "private_0x000000095a1b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 40166424576, "timestamp": "00:01:21.101", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 569344, "start_va": 140725066203136, "type": "region", "version": 1 }, "end_va": 140725066772479, "entry_point": 140725066207268, "filename": "\\Windows\\System32\\apphelp.dll", "id": "region_4791", "name": "apphelp.dll", "norm_filename": "c:\\windows\\system32\\apphelp.dll", "region_type": "memory_mapped_file", "start_va": 140725066203136, "timestamp": "00:01:21.272", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2318336, "start_va": 140695628414976, "type": "region", "version": 1 }, "end_va": 140695630733311, "entry_point": 140695628414976, "filename": "\\Windows\\explorer.exe", "id": "region_4792", "name": "explorer.exe", "norm_filename": "c:\\windows\\explorer.exe", "region_type": "memory_mapped_file", "start_va": 140695628414976, "timestamp": "00:01:21.273", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 409600, "start_va": 40166490112, "type": "region", "version": 1 }, "end_va": 40166899711, "entry_point": 40166490112, "filename": "\\Windows\\apppatch\\apppatch64\\sysmain.sdb", "id": "region_4817", "name": "sysmain.sdb", "norm_filename": "c:\\windows\\apppatch\\apppatch64\\sysmain.sdb", "region_type": "memory_mapped_file", "start_va": 40166490112, "timestamp": "00:01:21.359", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1929216, "start_va": 140725088026624, "type": "region", "version": 1 }, "end_va": 140725089955839, "entry_point": 140725088030884, "filename": "\\Windows\\System32\\crypt32.dll", "id": "region_6760", "name": "crypt32.dll", "norm_filename": "c:\\windows\\system32\\crypt32.dll", "region_type": "memory_mapped_file", "start_va": 140725088026624, "timestamp": "00:01:35.479", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 73728, "start_va": 140725087174656, "type": "region", "version": 1 }, "end_va": 140725087248383, "entry_point": 140725087178996, "filename": "\\Windows\\System32\\msasn1.dll", "id": "region_6761", "name": "msasn1.dll", "norm_filename": "c:\\windows\\system32\\msasn1.dll", "region_type": "memory_mapped_file", "start_va": 140725087174656, "timestamp": "00:01:35.480", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 36864, "start_va": 140725066792960, "type": "region", "version": 1 }, "end_va": 140725066829823, "entry_point": 140725066801752, "filename": "\\Windows\\System32\\dpapi.dll", "id": "region_6762", "name": "dpapi.dll", "norm_filename": "c:\\windows\\system32\\dpapi.dll", "region_type": "memory_mapped_file", "start_va": 140725066792960, "timestamp": "00:01:35.482", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 140725085208576, "type": "region", "version": 1 }, "end_va": 140725085249535, "entry_point": 140725085212688, "filename": "\\Windows\\System32\\cryptbase.dll", "id": "region_6763", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\system32\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 140725085208576, "timestamp": "00:01:35.484", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 385024, "start_va": 140725084815360, "type": "region", "version": 1 }, "end_va": 140725085200383, "entry_point": 140725084944032, "filename": "\\Windows\\System32\\bcryptprimitives.dll", "id": "region_6764", "name": "bcryptprimitives.dll", "norm_filename": "c:\\windows\\system32\\bcryptprimitives.dll", "region_type": "memory_mapped_file", "start_va": 140725084815360, "timestamp": "00:01:35.485", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "taskhost.exe ", "filename": "c:\\windows\\system32\\taskhost.exe", "id": "proc_53", "image_name": "taskhost.exe", "monitor_reason": "child_process", "monitored_id": 53, "origin_monitor_id": 46, "ref_parent_process": { "ref_id": "proc_46", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable" ], "ref_process_dump": null, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_4745", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:01:21.135", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 131072, "start_va": 834782363648, "type": "region", "version": 1 }, "end_va": 834782494719, "entry_point": 0, "filename": null, "id": "region_4746", "name": "private_0x000000c25ce80000", "norm_filename": null, "region_type": "private_memory", "start_va": 834782363648, "timestamp": "00:01:21.135", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 61440, "start_va": 834782494720, "type": "region", "version": 1 }, "end_va": 834782556159, "entry_point": 0, "filename": null, "id": "region_4747", "name": "pagefile_0x000000c25cea0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 834782494720, "timestamp": "00:01:21.135", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 834782560256, "type": "region", "version": 1 }, "end_va": 834783084543, "entry_point": 0, "filename": null, "id": "region_4748", "name": "private_0x000000c25ceb0000", "norm_filename": null, "region_type": "private_memory", "start_va": 834782560256, "timestamp": "00:01:21.135", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 834783084544, "type": "region", "version": 1 }, "end_va": 834783100927, "entry_point": 0, "filename": null, "id": "region_4749", "name": "pagefile_0x000000c25cf30000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 834783084544, "timestamp": "00:01:21.135", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 140702927880192, "type": "region", "version": 1 }, "end_va": 140702928023551, "entry_point": 0, "filename": null, "id": "region_4750", "name": "pagefile_0x00007ff7f4090000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 140702927880192, "timestamp": "00:01:21.135", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 140702928039936, "type": "region", "version": 1 }, "end_va": 140702928044031, "entry_point": 0, "filename": null, "id": "region_4751", "name": "private_0x00007ff7f40b7000", "norm_filename": null, "region_type": "private_memory", "start_va": 140702928039936, "timestamp": "00:01:21.135", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140702928068608, "type": "region", "version": 1 }, "end_va": 140702928076799, "entry_point": 0, "filename": null, "id": "region_4752", "name": "private_0x00007ff7f40be000", "norm_filename": null, "region_type": "private_memory", "start_va": 140702928068608, "timestamp": "00:01:21.135", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 90112, "start_va": 140702937907200, "type": "region", "version": 1 }, "end_va": 140702937997311, "entry_point": 140702937907200, "filename": "\\Windows\\System32\\taskhost.exe", "id": "region_4753", "name": "taskhost.exe", "norm_filename": "c:\\windows\\system32\\taskhost.exe", "region_type": "memory_mapped_file", "start_va": 140702937907200, "timestamp": "00:01:21.136", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 140725133115392, "type": "region", "version": 1 }, "end_va": 140725134856191, "entry_point": 140725133115392, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_4754", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 140725133115392, "timestamp": "00:01:21.142", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 834783150080, "type": "region", "version": 1 }, "end_va": 834783154175, "entry_point": 0, "filename": null, "id": "region_4757", "name": "pagefile_0x000000c25cf40000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 834783150080, "timestamp": "00:01:21.144", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 834783215616, "type": "region", "version": 1 }, "end_va": 834783223807, "entry_point": 0, "filename": null, "id": "region_4758", "name": "private_0x000000c25cf50000", "norm_filename": null, "region_type": "private_memory", "start_va": 834783215616, "timestamp": "00:01:21.145", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 834784002048, "type": "region", "version": 1 }, "end_va": 834785050623, "entry_point": 0, "filename": null, "id": "region_5853", "name": "private_0x000000c25d010000", "norm_filename": null, "region_type": "private_memory", "start_va": 834784002048, "timestamp": "00:01:26.648", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1105920, "start_va": 140725090648064, "type": "region", "version": 1 }, "end_va": 140725091753983, "entry_point": 140725090656928, "filename": "\\Windows\\System32\\KernelBase.dll", "id": "region_5854", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\system32\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 140725090648064, "timestamp": "00:01:26.649", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1282048, "start_va": 140725124988928, "type": "region", "version": 1 }, "end_va": 140725126270975, "entry_point": 140725125009460, "filename": "\\Windows\\System32\\kernel32.dll", "id": "region_5855", "name": "kernel32.dll", "norm_filename": "c:\\windows\\system32\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 140725124988928, "timestamp": "00:01:26.649", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 834782363648, "type": "region", "version": 1 }, "end_va": 834782429183, "entry_point": 0, "filename": null, "id": "region_5862", "name": "pagefile_0x000000c25ce80000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 834782363648, "timestamp": "00:01:26.665", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 140702926831616, "type": "region", "version": 1 }, "end_va": 140702927880191, "entry_point": 0, "filename": null, "id": "region_5863", "name": "pagefile_0x00007ff7f3f90000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 140702926831616, "timestamp": "00:01:26.665", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 516096, "start_va": 834783281152, "type": "region", "version": 1 }, "end_va": 834783797247, "entry_point": 834783281152, "filename": "\\Windows\\System32\\locale.nls", "id": "region_5864", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 834783281152, "timestamp": "00:01:26.667", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 684032, "start_va": 140725098577920, "type": "region", "version": 1 }, "end_va": 140725099261951, "entry_point": 140725098588204, "filename": "\\Windows\\System32\\msvcrt.dll", "id": "region_5865", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\system32\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 140725098577920, "timestamp": "00:01:26.667", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1269760, "start_va": 140725127806976, "type": "region", "version": 1 }, "end_va": 140725129076735, "entry_point": 140725127811408, "filename": "\\Windows\\System32\\rpcrt4.dll", "id": "region_5866", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\system32\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 140725127806976, "timestamp": "00:01:26.668", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1929216, "start_va": 140725131149312, "type": "region", "version": 1 }, "end_va": 140725133078527, "entry_point": 140725131157344, "filename": "\\Windows\\System32\\combase.dll", "id": "region_5867", "name": "combase.dll", "norm_filename": "c:\\windows\\system32\\combase.dll", "region_type": "memory_mapped_file", "start_va": 140725131149312, "timestamp": "00:01:26.669", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 749568, "start_va": 140725101002752, "type": "region", "version": 1 }, "end_va": 140725101752319, "entry_point": 140725101007136, "filename": "\\Windows\\System32\\oleaut32.dll", "id": "region_5868", "name": "oleaut32.dll", "norm_filename": "c:\\windows\\system32\\oleaut32.dll", "region_type": "memory_mapped_file", "start_va": 140725101002752, "timestamp": "00:01:26.670", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1900544, "start_va": 834785050624, "type": "region", "version": 1 }, "end_va": 834786951167, "entry_point": 0, "filename": null, "id": "region_5869", "name": "private_0x000000c25d110000", "norm_filename": null, "region_type": "private_memory", "start_va": 834785050624, "timestamp": "00:01:26.673", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 28672, "start_va": 834782429184, "type": "region", "version": 1 }, "end_va": 834782457855, "entry_point": 0, "filename": null, "id": "region_5870", "name": "private_0x000000c25ce90000", "norm_filename": null, "region_type": "private_memory", "start_va": 834782429184, "timestamp": "00:01:26.674", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1536000, "start_va": 834785050624, "type": "region", "version": 1 }, "end_va": 834786586623, "entry_point": 834785054900, "filename": "\\Windows\\System32\\ole32.dll", "id": "region_5871", "name": "ole32.dll", "norm_filename": "c:\\windows\\system32\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 834785050624, "timestamp": "00:01:26.676", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 834786885632, "type": "region", "version": 1 }, "end_va": 834786951167, "entry_point": 0, "filename": null, "id": "region_5872", "name": "private_0x000000c25d2d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 834786885632, "timestamp": "00:01:26.677", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 761856, "start_va": 834785050624, "type": "region", "version": 1 }, "end_va": 834785812479, "entry_point": 834785232744, "filename": "\\Windows\\System32\\rpcss.dll", "id": "region_5873", "name": "rpcss.dll", "norm_filename": "c:\\windows\\system32\\rpcss.dll", "region_type": "memory_mapped_file", "start_va": 834785050624, "timestamp": "00:01:26.678", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 140725068431360, "type": "region", "version": 1 }, "end_va": 140725068472319, "entry_point": 140725068437320, "filename": "\\Windows\\System32\\kernel.appcore.dll", "id": "region_5874", "name": "kernel.appcore.dll", "norm_filename": "c:\\windows\\system32\\kernel.appcore.dll", "region_type": "memory_mapped_file", "start_va": 140725068431360, "timestamp": "00:01:26.679", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 140725085208576, "type": "region", "version": 1 }, "end_va": 140725085249535, "entry_point": 140725085212688, "filename": "\\Windows\\System32\\cryptbase.dll", "id": "region_5875", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\system32\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 140725085208576, "timestamp": "00:01:26.681", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 385024, "start_va": 140725084815360, "type": "region", "version": 1 }, "end_va": 140725085200383, "entry_point": 140725084944032, "filename": "\\Windows\\System32\\bcryptprimitives.dll", "id": "region_5876", "name": "bcryptprimitives.dll", "norm_filename": "c:\\windows\\system32\\bcryptprimitives.dll", "region_type": "memory_mapped_file", "start_va": 140725084815360, "timestamp": "00:01:26.682", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 28672, "start_va": 834783805440, "type": "region", "version": 1 }, "end_va": 834783834111, "entry_point": 0, "filename": null, "id": "region_5877", "name": "private_0x000000c25cfe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 834783805440, "timestamp": "00:01:26.682", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1511424, "start_va": 140725093466112, "type": "region", "version": 1 }, "end_va": 140725094977535, "entry_point": 140725093620416, "filename": "\\Windows\\System32\\user32.dll", "id": "region_5878", "name": "user32.dll", "norm_filename": "c:\\windows\\system32\\user32.dll", "region_type": "memory_mapped_file", "start_va": 140725093466112, "timestamp": "00:01:26.684", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1331200, "start_va": 140725129773056, "type": "region", "version": 1 }, "end_va": 140725131104255, "entry_point": 140725129845848, "filename": "\\Windows\\System32\\gdi32.dll", "id": "region_5879", "name": "gdi32.dll", "norm_filename": "c:\\windows\\system32\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 140725129773056, "timestamp": "00:01:26.685", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 834785050624, "type": "region", "version": 1 }, "end_va": 834786656255, "entry_point": 0, "filename": null, "id": "region_5880", "name": "pagefile_0x000000c25d110000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 834785050624, "timestamp": "00:01:26.691", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 834786951168, "type": "region", "version": 1 }, "end_va": 834788528127, "entry_point": 0, "filename": null, "id": "region_5881", "name": "pagefile_0x000000c25d2e0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 834786951168, "timestamp": "00:01:26.692", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 786432, "start_va": 834788589568, "type": "region", "version": 1 }, "end_va": 834789375999, "entry_point": 0, "filename": null, "id": "region_5882", "name": "pagefile_0x000000c25d470000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 834788589568, "timestamp": "00:01:26.692", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 12288, "start_va": 834783870976, "type": "region", "version": 1 }, "end_va": 834783883263, "entry_point": 0, "filename": null, "id": "region_5883", "name": "pagefile_0x000000c25cff0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 834783870976, "timestamp": "00:01:26.693", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 834783936512, "type": "region", "version": 1 }, "end_va": 834783940607, "entry_point": 0, "filename": null, "id": "region_5884", "name": "pagefile_0x000000c25d000000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 834783936512, "timestamp": "00:01:26.693", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 834786689024, "type": "region", "version": 1 }, "end_va": 834786693119, "entry_point": 834786689024, "filename": "\\Windows\\System32\\en-US\\taskhost.exe.mui", "id": "region_5885", "name": "taskhost.exe.mui", "norm_filename": "c:\\windows\\system32\\en-us\\taskhost.exe.mui", "region_type": "memory_mapped_file", "start_va": 834786689024, "timestamp": "00:01:26.693", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 834786754560, "type": "region", "version": 1 }, "end_va": 834786758655, "entry_point": 0, "filename": null, "id": "region_6193", "name": "private_0x000000c25d2b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 834786754560, "timestamp": "00:01:31.904", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 834786820096, "type": "region", "version": 1 }, "end_va": 834786824191, "entry_point": 0, "filename": null, "id": "region_6194", "name": "private_0x000000c25d2c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 834786820096, "timestamp": "00:01:31.904", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 356352, "start_va": 140725098184704, "type": "region", "version": 1 }, "end_va": 140725098541055, "entry_point": 140725098194176, "filename": "\\Windows\\System32\\sechost.dll", "id": "region_7595", "name": "sechost.dll", "norm_filename": "c:\\windows\\system32\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 140725098184704, "timestamp": "00:01:41.414", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 834789376000, "type": "region", "version": 1 }, "end_va": 834789900287, "entry_point": 0, "filename": null, "id": "region_7631", "name": "private_0x000000c25d530000", "norm_filename": null, "region_type": "private_memory", "start_va": 834789376000, "timestamp": "00:01:41.733", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 834789900288, "type": "region", "version": 1 }, "end_va": 834790424575, "entry_point": 0, "filename": null, "id": "region_7632", "name": "private_0x000000c25d5b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 834789900288, "timestamp": "00:01:41.733", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 834790424576, "type": "region", "version": 1 }, "end_va": 834790948863, "entry_point": 0, "filename": null, "id": "region_7633", "name": "private_0x000000c25d630000", "norm_filename": null, "region_type": "private_memory", "start_va": 834790424576, "timestamp": "00:01:41.733", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 834790948864, "type": "region", "version": 1 }, "end_va": 834790952959, "entry_point": 0, "filename": null, "id": "region_7634", "name": "pagefile_0x000000c25d6b0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 834790948864, "timestamp": "00:01:41.733", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140702928044032, "type": "region", "version": 1 }, "end_va": 140702928052223, "entry_point": 0, "filename": null, "id": "region_7635", "name": "private_0x00007ff7f40b8000", "norm_filename": null, "region_type": "private_memory", "start_va": 140702928044032, "timestamp": "00:01:41.733", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140702928052224, "type": "region", "version": 1 }, "end_va": 140702928060415, "entry_point": 0, "filename": null, "id": "region_7636", "name": "private_0x00007ff7f40ba000", "norm_filename": null, "region_type": "private_memory", "start_va": 140702928052224, "timestamp": "00:01:41.733", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140702928060416, "type": "region", "version": 1 }, "end_va": 140702928068607, "entry_point": 0, "filename": null, "id": "region_7637", "name": "private_0x00007ff7f40bc000", "norm_filename": null, "region_type": "private_memory", "start_va": 140702928060416, "timestamp": "00:01:41.733", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 671744, "start_va": 140725095825408, "type": "region", "version": 1 }, "end_va": 140725096497151, "entry_point": 140725095829872, "filename": "\\Windows\\System32\\clbcatq.dll", "id": "region_7638", "name": "clbcatq.dll", "norm_filename": "c:\\windows\\system32\\clbcatq.dll", "region_type": "memory_mapped_file", "start_va": 140725095825408, "timestamp": "00:01:41.734", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 834791014400, "type": "region", "version": 1 }, "end_va": 834791018495, "entry_point": 0, "filename": null, "id": "region_7639", "name": "pagefile_0x000000c25d6c0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 834791014400, "timestamp": "00:01:41.736", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 499712, "start_va": 140724927660032, "type": "region", "version": 1 }, "end_va": 140724928159743, "entry_point": 140724927729068, "filename": "\\Windows\\System32\\netcfgx.dll", "id": "region_7640", "name": "netcfgx.dll", "norm_filename": "c:\\windows\\system32\\netcfgx.dll", "region_type": "memory_mapped_file", "start_va": 140724927660032, "timestamp": "00:01:41.737", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 36864, "start_va": 140725103886336, "type": "region", "version": 1 }, "end_va": 140725103923199, "entry_point": 140725103891456, "filename": "\\Windows\\System32\\nsi.dll", "id": "region_7641", "name": "nsi.dll", "norm_filename": "c:\\windows\\system32\\nsi.dll", "region_type": "memory_mapped_file", "start_va": 140725103886336, "timestamp": "00:01:41.738", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 675840, "start_va": 140725126299648, "type": "region", "version": 1 }, "end_va": 140725126975487, "entry_point": 140725126303760, "filename": "\\Windows\\System32\\advapi32.dll", "id": "region_7642", "name": "advapi32.dll", "norm_filename": "c:\\windows\\system32\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 140725126299648, "timestamp": "00:01:41.739", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 53248, "start_va": 140724902559744, "type": "region", "version": 1 }, "end_va": 140724902612991, "entry_point": 140724902580372, "filename": "\\Windows\\System32\\dimsjob.dll", "id": "region_7655", "name": "dimsjob.dll", "norm_filename": "c:\\windows\\system32\\dimsjob.dll", "region_type": "memory_mapped_file", "start_va": 140724902559744, "timestamp": "00:01:41.880", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1691648, "start_va": 140725023735808, "type": "region", "version": 1 }, "end_va": 140725025427455, "entry_point": 140725023740764, "filename": "\\Windows\\System32\\taskschd.dll", "id": "region_7657", "name": "taskschd.dll", "norm_filename": "c:\\windows\\system32\\taskschd.dll", "region_type": "memory_mapped_file", "start_va": 140725023735808, "timestamp": "00:01:42.251", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 176128, "start_va": 140725084618752, "type": "region", "version": 1 }, "end_va": 140725084794879, "entry_point": 140725084624016, "filename": "\\Windows\\System32\\sspicli.dll", "id": "region_7658", "name": "sspicli.dll", "norm_filename": "c:\\windows\\system32\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 140725084618752, "timestamp": "00:01:42.252", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 249856, "start_va": 140724958986240, "type": "region", "version": 1 }, "end_va": 140724959236095, "entry_point": 140724959009020, "filename": "\\Windows\\System32\\netprofm.dll", "id": "region_7659", "name": "netprofm.dll", "norm_filename": "c:\\windows\\system32\\netprofm.dll", "region_type": "memory_mapped_file", "start_va": 140724958986240, "timestamp": "00:01:42.264", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 122880, "start_va": 140725079769088, "type": "region", "version": 1 }, "end_va": 140725079891967, "entry_point": 140725079773640, "filename": "\\Windows\\System32\\cryptsp.dll", "id": "region_7660", "name": "cryptsp.dll", "norm_filename": "c:\\windows\\system32\\cryptsp.dll", "region_type": "memory_mapped_file", "start_va": 140725079769088, "timestamp": "00:01:42.267", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 217088, "start_va": 140725075443712, "type": "region", "version": 1 }, "end_va": 140725075660799, "entry_point": 140725075448792, "filename": "\\Windows\\System32\\rsaenh.dll", "id": "region_7661", "name": "rsaenh.dll", "norm_filename": "c:\\windows\\system32\\rsaenh.dll", "region_type": "memory_mapped_file", "start_va": 140725075443712, "timestamp": "00:01:42.268", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 155648, "start_va": 140725082062848, "type": "region", "version": 1 }, "end_va": 140725082218495, "entry_point": 140725082086248, "filename": "\\Windows\\System32\\bcrypt.dll", "id": "region_7662", "name": "bcrypt.dll", "norm_filename": "c:\\windows\\system32\\bcrypt.dll", "region_type": "memory_mapped_file", "start_va": 140725082062848, "timestamp": "00:01:42.269", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2969600, "start_va": 834791079936, "type": "region", "version": 1 }, "end_va": 834794049535, "entry_point": 834791079936, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_7663", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 834791079936, "timestamp": "00:01:42.272", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 834794094592, "type": "region", "version": 1 }, "end_va": 834794618879, "entry_point": 0, "filename": null, "id": "region_7666", "name": "private_0x000000c25d9b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 834794094592, "timestamp": "00:01:42.276", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140702928031744, "type": "region", "version": 1 }, "end_va": 140702928039935, "entry_point": 0, "filename": null, "id": "region_7667", "name": "private_0x00007ff7f40b5000", "norm_filename": null, "region_type": "private_memory", "start_va": 140702928031744, "timestamp": "00:01:42.276", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 57344, "start_va": 140724922286080, "type": "region", "version": 1 }, "end_va": 140724922343423, "entry_point": 140724922314740, "filename": "\\Windows\\System32\\npmproxy.dll", "id": "region_7668", "name": "npmproxy.dll", "norm_filename": "c:\\windows\\system32\\npmproxy.dll", "region_type": "memory_mapped_file", "start_va": 140724922286080, "timestamp": "00:01:42.280", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 77824, "start_va": 140724902232064, "type": "region", "version": 1 }, "end_va": 140724902309887, "entry_point": 140724902232064, "filename": "\\Windows\\System32\\pautoenr.dll", "id": "region_7677", "name": "pautoenr.dll", "norm_filename": "c:\\windows\\system32\\pautoenr.dll", "region_type": "memory_mapped_file", "start_va": 140724902232064, "timestamp": "00:01:42.488", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 12288, "start_va": 834794618880, "type": "region", "version": 1 }, "end_va": 834794631167, "entry_point": 0, "filename": null, "id": "region_7684", "name": "pagefile_0x000000c25da30000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 834794618880, "timestamp": "00:01:42.603", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 368640, "start_va": 140725127413760, "type": "region", "version": 1 }, "end_va": 140725127782399, "entry_point": 140725127418052, "filename": "\\Windows\\System32\\Wldap32.dll", "id": "region_7685", "name": "wldap32.dll", "norm_filename": "c:\\windows\\system32\\wldap32.dll", "region_type": "memory_mapped_file", "start_va": 140725127413760, "timestamp": "00:01:42.603", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 999424, "start_va": 140724901183488, "type": "region", "version": 1 }, "end_va": 140724902182911, "entry_point": 140724901183488, "filename": "\\Windows\\System32\\certca.dll", "id": "region_7686", "name": "certca.dll", "norm_filename": "c:\\windows\\system32\\certca.dll", "region_type": "memory_mapped_file", "start_va": 140724901183488, "timestamp": "00:01:42.620", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2494464, "start_va": 140724898627584, "type": "region", "version": 1 }, "end_va": 140724901122047, "entry_point": 140724898627584, "filename": "\\Windows\\System32\\CertEnroll.dll", "id": "region_7687", "name": "certenroll.dll", "norm_filename": "c:\\windows\\system32\\certenroll.dll", "region_type": "memory_mapped_file", "start_va": 140724898627584, "timestamp": "00:01:42.708", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1929216, "start_va": 140725088026624, "type": "region", "version": 1 }, "end_va": 140725089955839, "entry_point": 140725088030884, "filename": "\\Windows\\System32\\crypt32.dll", "id": "region_7840", "name": "crypt32.dll", "norm_filename": "c:\\windows\\system32\\crypt32.dll", "region_type": "memory_mapped_file", "start_va": 140725088026624, "timestamp": "00:01:46.572", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 73728, "start_va": 140725087174656, "type": "region", "version": 1 }, "end_va": 140725087248383, "entry_point": 140725087178996, "filename": "\\Windows\\System32\\msasn1.dll", "id": "region_7868", "name": "msasn1.dll", "norm_filename": "c:\\windows\\system32\\msasn1.dll", "region_type": "memory_mapped_file", "start_va": 140725087174656, "timestamp": "00:01:46.839", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 36864, "start_va": 140725066792960, "type": "region", "version": 1 }, "end_va": 140725066829823, "entry_point": 140725066801752, "filename": "\\Windows\\System32\\dpapi.dll", "id": "region_7881", "name": "dpapi.dll", "norm_filename": "c:\\windows\\system32\\dpapi.dll", "region_type": "memory_mapped_file", "start_va": 140725066792960, "timestamp": "00:01:47.197", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 36864, "start_va": 140725025570816, "type": "region", "version": 1 }, "end_va": 140725025607679, "entry_point": 140725025574956, "filename": "\\Windows\\System32\\dsrole.dll", "id": "region_7882", "name": "dsrole.dll", "norm_filename": "c:\\windows\\system32\\dsrole.dll", "region_type": "memory_mapped_file", "start_va": 140725025570816, "timestamp": "00:01:47.498", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 834794684416, "type": "region", "version": 1 }, "end_va": 834795208703, "entry_point": 0, "filename": null, "id": "region_7883", "name": "private_0x000000c25da40000", "norm_filename": null, "region_type": "private_memory", "start_va": 834794684416, "timestamp": "00:01:47.525", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140702928023552, "type": "region", "version": 1 }, "end_va": 140702928031743, "entry_point": 0, "filename": null, "id": "region_7884", "name": "private_0x00007ff7f40b3000", "norm_filename": null, "region_type": "private_memory", "start_va": 140702928023552, "timestamp": "00:01:47.525", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "C:\\Windows\\Explorer.EXE", "filename": "c:\\windows\\explorer.exe", "id": "proc_54", "image_name": "explorer.exe", "monitor_reason": "child_process", "monitored_id": 54, "origin_monitor_id": 52, "ref_parent_process": { "ref_id": "proc_52", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 131072, "start_va": 14155776, "type": "region", "version": 1 }, "end_va": 14286847, "entry_point": 0, "filename": null, "id": "region_4805", "name": "private_0x0000000000d80000", "norm_filename": null, "region_type": "private_memory", "start_va": 14155776, "timestamp": "00:01:21.310", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 61440, "start_va": 14286848, "type": "region", "version": 1 }, "end_va": 14348287, "entry_point": 0, "filename": null, "id": "region_4806", "name": "pagefile_0x0000000000da0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 14286848, "timestamp": "00:01:21.310", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 14352384, "type": "region", "version": 1 }, "end_va": 14876671, "entry_point": 0, "filename": null, "id": "region_4807", "name": "private_0x0000000000db0000", "norm_filename": null, "region_type": "private_memory", "start_va": 14352384, "timestamp": "00:01:21.310", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable" ], "ref_process_dump": null, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_4808", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:01:21.310", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 140695618387968, "type": "region", "version": 1 }, "end_va": 140695618531327, "entry_point": 0, "filename": null, "id": "region_4809", "name": "pagefile_0x00007ff6405b0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 140695618387968, "timestamp": "00:01:21.310", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140695618572288, "type": "region", "version": 1 }, "end_va": 140695618580479, "entry_point": 0, "filename": null, "id": "region_4810", "name": "private_0x00007ff6405dd000", "norm_filename": null, "region_type": "private_memory", "start_va": 140695618572288, "timestamp": "00:01:21.310", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 140695618580480, "type": "region", "version": 1 }, "end_va": 140695618584575, "entry_point": 0, "filename": null, "id": "region_4811", "name": "private_0x00007ff6405df000", "norm_filename": null, "region_type": "private_memory", "start_va": 140695618580480, "timestamp": "00:01:21.310", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2318336, "start_va": 140695628414976, "type": "region", "version": 1 }, "end_va": 140695630733311, "entry_point": 140695628543236, "filename": "\\Windows\\explorer.exe", "id": "region_4812", "name": "explorer.exe", "norm_filename": "c:\\windows\\explorer.exe", "region_type": "memory_mapped_file", "start_va": 140695628414976, "timestamp": "00:01:21.311", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 140725133115392, "type": "region", "version": 1 }, "end_va": 140725134856191, "entry_point": 140725133115392, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_4813", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 140725133115392, "timestamp": "00:01:21.315", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 14876672, "type": "region", "version": 1 }, "end_va": 14893055, "entry_point": 0, "filename": null, "id": "region_4818", "name": "pagefile_0x0000000000e30000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 14876672, "timestamp": "00:01:21.362", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 12288, "start_va": 14942208, "type": "region", "version": 1 }, "end_va": 14954495, "entry_point": 0, "filename": null, "id": "region_4821", "name": "pagefile_0x0000000000e40000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 14942208, "timestamp": "00:01:21.372", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 15007744, "type": "region", "version": 1 }, "end_va": 15015935, "entry_point": 0, "filename": null, "id": "region_4823", "name": "private_0x0000000000e50000", "norm_filename": null, "region_type": "private_memory", "start_va": 15007744, "timestamp": "00:01:21.373", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 15073280, "type": "region", "version": 1 }, "end_va": 16121855, "entry_point": 0, "filename": null, "id": "region_4845", "name": "private_0x0000000000e60000", "norm_filename": null, "region_type": "private_memory", "start_va": 15073280, "timestamp": "00:01:21.427", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1105920, "start_va": 140725090648064, "type": "region", "version": 1 }, "end_va": 140725091753983, "entry_point": 140725090656928, "filename": "\\Windows\\System32\\KernelBase.dll", "id": "region_4846", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\system32\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 140725090648064, "timestamp": "00:01:21.427", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1282048, "start_va": 140725124988928, "type": "region", "version": 1 }, "end_va": 140725126270975, "entry_point": 140725125009460, "filename": "\\Windows\\System32\\kernel32.dll", "id": "region_4847", "name": "kernel32.dll", "norm_filename": "c:\\windows\\system32\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 140725124988928, "timestamp": "00:01:21.428", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 14155776, "type": "region", "version": 1 }, "end_va": 14221311, "entry_point": 0, "filename": null, "id": "region_4848", "name": "pagefile_0x0000000000d80000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 14155776, "timestamp": "00:01:21.429", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 140695617339392, "type": "region", "version": 1 }, "end_va": 140695618387967, "entry_point": 0, "filename": null, "id": "region_4849", "name": "pagefile_0x00007ff6404b0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 140695617339392, "timestamp": "00:01:21.429", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 516096, "start_va": 16121856, "type": "region", "version": 1 }, "end_va": 16637951, "entry_point": 16121856, "filename": "\\Windows\\System32\\locale.nls", "id": "region_4850", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 16121856, "timestamp": "00:01:21.432", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 569344, "start_va": 140725066203136, "type": "region", "version": 1 }, "end_va": 140725066772479, "entry_point": 140725066207268, "filename": "\\Windows\\System32\\apphelp.dll", "id": "region_4851", "name": "apphelp.dll", "norm_filename": "c:\\windows\\system32\\apphelp.dll", "region_type": "memory_mapped_file", "start_va": 140725066203136, "timestamp": "00:01:21.432", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 409600, "start_va": 16646144, "type": "region", "version": 1 }, "end_va": 17055743, "entry_point": 16646144, "filename": "\\Windows\\apppatch\\apppatch64\\sysmain.sdb", "id": "region_4852", "name": "sysmain.sdb", "norm_filename": "c:\\windows\\apppatch\\apppatch64\\sysmain.sdb", "region_type": "memory_mapped_file", "start_va": 16646144, "timestamp": "00:01:21.435", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 684032, "start_va": 140725098577920, "type": "region", "version": 1 }, "end_va": 140725099261951, "entry_point": 140725098588204, "filename": "\\Windows\\System32\\msvcrt.dll", "id": "region_4853", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\system32\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 140725098577920, "timestamp": "00:01:21.440", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 749568, "start_va": 140725101002752, "type": "region", "version": 1 }, "end_va": 140725101752319, "entry_point": 140725101007136, "filename": "\\Windows\\System32\\oleaut32.dll", "id": "region_4854", "name": "oleaut32.dll", "norm_filename": "c:\\windows\\system32\\oleaut32.dll", "region_type": "memory_mapped_file", "start_va": 140725101002752, "timestamp": "00:01:21.441", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1929216, "start_va": 140725131149312, "type": "region", "version": 1 }, "end_va": 140725133078527, "entry_point": 140725131157344, "filename": "\\Windows\\System32\\combase.dll", "id": "region_4855", "name": "combase.dll", "norm_filename": "c:\\windows\\system32\\combase.dll", "region_type": "memory_mapped_file", "start_va": 140725131149312, "timestamp": "00:01:21.442", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 282624, "start_va": 140725086126080, "type": "region", "version": 1 }, "end_va": 140725086408703, "entry_point": 140725086130832, "filename": "\\Windows\\System32\\powrprof.dll", "id": "region_4856", "name": "powrprof.dll", "norm_filename": "c:\\windows\\system32\\powrprof.dll", "region_type": "memory_mapped_file", "start_va": 140725086126080, "timestamp": "00:01:21.442", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 28672, "start_va": 14221312, "type": "region", "version": 1 }, "end_va": 14249983, "entry_point": 0, "filename": null, "id": "region_4857", "name": "private_0x0000000000d90000", "norm_filename": null, "region_type": "private_memory", "start_va": 14221312, "timestamp": "00:01:21.443", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 675840, "start_va": 140725126299648, "type": "region", "version": 1 }, "end_va": 140725126975487, "entry_point": 140725126303760, "filename": "\\Windows\\System32\\advapi32.dll", "id": "region_4858", "name": "advapi32.dll", "norm_filename": "c:\\windows\\system32\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 140725126299648, "timestamp": "00:01:21.443", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1511424, "start_va": 140725093466112, "type": "region", "version": 1 }, "end_va": 140725094977535, "entry_point": 140725093620416, "filename": "\\Windows\\System32\\user32.dll", "id": "region_4859", "name": "user32.dll", "norm_filename": "c:\\windows\\system32\\user32.dll", "region_type": "memory_mapped_file", "start_va": 140725093466112, "timestamp": "00:01:21.444", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1331200, "start_va": 140725129773056, "type": "region", "version": 1 }, "end_va": 140725131104255, "entry_point": 140725129845848, "filename": "\\Windows\\System32\\gdi32.dll", "id": "region_4860", "name": "gdi32.dll", "norm_filename": "c:\\windows\\system32\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 140725129773056, "timestamp": "00:01:21.445", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 659456, "start_va": 140725060108288, "type": "region", "version": 1 }, "end_va": 140725060767743, "entry_point": 140725060112544, "filename": "\\Windows\\System32\\SHCore.dll", "id": "region_4861", "name": "shcore.dll", "norm_filename": "c:\\windows\\system32\\shcore.dll", "region_type": "memory_mapped_file", "start_va": 140725060108288, "timestamp": "00:01:21.445", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 331776, "start_va": 140725095038976, "type": "region", "version": 1 }, "end_va": 140725095370751, "entry_point": 140725095043776, "filename": "\\Windows\\System32\\shlwapi.dll", "id": "region_4862", "name": "shlwapi.dll", "norm_filename": "c:\\windows\\system32\\shlwapi.dll", "region_type": "memory_mapped_file", "start_va": 140725095038976, "timestamp": "00:01:21.446", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 21032960, "start_va": 140725103951872, "type": "region", "version": 1 }, "end_va": 140725124984831, "entry_point": 140725103956224, "filename": "\\Windows\\System32\\shell32.dll", "id": "region_4863", "name": "shell32.dll", "norm_filename": "c:\\windows\\system32\\shell32.dll", "region_type": "memory_mapped_file", "start_va": 140725103951872, "timestamp": "00:01:21.447", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1187840, "start_va": 140725066858496, "type": "region", "version": 1 }, "end_va": 140725068046335, "entry_point": 140725066904644, "filename": "\\Windows\\System32\\uxtheme.dll", "id": "region_4864", "name": "uxtheme.dll", "norm_filename": "c:\\windows\\system32\\uxtheme.dll", "region_type": "memory_mapped_file", "start_va": 140725066858496, "timestamp": "00:01:21.448", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 135168, "start_va": 140725058142208, "type": "region", "version": 1 }, "end_va": 140725058277375, "entry_point": 140725058146560, "filename": "\\Windows\\System32\\dwmapi.dll", "id": "region_4865", "name": "dwmapi.dll", "norm_filename": "c:\\windows\\system32\\dwmapi.dll", "region_type": "memory_mapped_file", "start_va": 140725058142208, "timestamp": "00:01:21.449", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 749568, "start_va": 140724997980160, "type": "region", "version": 1 }, "end_va": 140724998729727, "entry_point": 140724997980160, "filename": "\\Windows\\System32\\twinapi.dll", "id": "region_4867", "name": "twinapi.dll", "norm_filename": "c:\\windows\\system32\\twinapi.dll", "region_type": "memory_mapped_file", "start_va": 140724997980160, "timestamp": "00:01:21.474", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2129920, "start_va": 140725046935552, "type": "region", "version": 1 }, "end_va": 140725049065471, "entry_point": 140725047149852, "filename": "\\Windows\\System32\\d3d11.dll", "id": "region_4868", "name": "d3d11.dll", "norm_filename": "c:\\windows\\system32\\d3d11.dll", "region_type": "memory_mapped_file", "start_va": 140725046935552, "timestamp": "00:01:21.496", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 368640, "start_va": 140725043068928, "type": "region", "version": 1 }, "end_va": 140725043437567, "entry_point": 140725043073180, "filename": "\\Windows\\System32\\dcomp.dll", "id": "region_4869", "name": "dcomp.dll", "norm_filename": "c:\\windows\\system32\\dcomp.dll", "region_type": "memory_mapped_file", "start_va": 140725043068928, "timestamp": "00:01:21.497", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 176128, "start_va": 140725084618752, "type": "region", "version": 1 }, "end_va": 140725084794879, "entry_point": 140725084624016, "filename": "\\Windows\\System32\\sspicli.dll", "id": "region_4870", "name": "sspicli.dll", "norm_filename": "c:\\windows\\system32\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 140725084618752, "timestamp": "00:01:21.498", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 356352, "start_va": 140725098184704, "type": "region", "version": 1 }, "end_va": 140725098541055, "entry_point": 140725098194176, "filename": "\\Windows\\System32\\sechost.dll", "id": "region_4871", "name": "sechost.dll", "norm_filename": "c:\\windows\\system32\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 140725098184704, "timestamp": "00:01:21.499", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 126976, "start_va": 140725076557824, "type": "region", "version": 1 }, "end_va": 140725076684799, "entry_point": 140725076562672, "filename": "\\Windows\\System32\\userenv.dll", "id": "region_4872", "name": "userenv.dll", "norm_filename": "c:\\windows\\system32\\userenv.dll", "region_type": "memory_mapped_file", "start_va": 140725076557824, "timestamp": "00:01:21.499", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1458176, "start_va": 140725039202304, "type": "region", "version": 1 }, "end_va": 140725040660479, "entry_point": 140725039341808, "filename": "\\Windows\\System32\\propsys.dll", "id": "region_4873", "name": "propsys.dll", "norm_filename": "c:\\windows\\system32\\propsys.dll", "region_type": "memory_mapped_file", "start_va": 140725039202304, "timestamp": "00:01:21.504", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1269760, "start_va": 140725127806976, "type": "region", "version": 1 }, "end_va": 140725129076735, "entry_point": 140725127811408, "filename": "\\Windows\\System32\\rpcrt4.dll", "id": "region_4874", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\system32\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 140725127806976, "timestamp": "00:01:21.505", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 176128, "start_va": 140725054013440, "type": "region", "version": 1 }, "end_va": 140725054189567, "entry_point": 140725054048532, "filename": "\\Windows\\System32\\slc.dll", "id": "region_4875", "name": "slc.dll", "norm_filename": "c:\\windows\\system32\\slc.dll", "region_type": "memory_mapped_file", "start_va": 140725054013440, "timestamp": "00:01:21.506", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 81920, "start_va": 140725086453760, "type": "region", "version": 1 }, "end_va": 140725086535679, "entry_point": 140725086468812, "filename": "\\Windows\\System32\\profapi.dll", "id": "region_4876", "name": "profapi.dll", "norm_filename": "c:\\windows\\system32\\profapi.dll", "region_type": "memory_mapped_file", "start_va": 140725086453760, "timestamp": "00:01:21.506", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 520192, "start_va": 140725046411264, "type": "region", "version": 1 }, "end_va": 140725046931455, "entry_point": 140725046444784, "filename": "\\Windows\\System32\\dxgi.dll", "id": "region_4958", "name": "dxgi.dll", "norm_filename": "c:\\windows\\system32\\dxgi.dll", "region_type": "memory_mapped_file", "start_va": 140725046411264, "timestamp": "00:01:21.664", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 139264, "start_va": 140725053816832, "type": "region", "version": 1 }, "end_va": 140725053956095, "entry_point": 140725053842592, "filename": "\\Windows\\System32\\sppc.dll", "id": "region_4959", "name": "sppc.dll", "norm_filename": "c:\\windows\\system32\\sppc.dll", "region_type": "memory_mapped_file", "start_va": 140725053816832, "timestamp": "00:01:21.668", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1310720, "start_va": 16646144, "type": "region", "version": 1 }, "end_va": 17956863, "entry_point": 0, "filename": null, "id": "region_4974", "name": "private_0x0000000000fe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 16646144, "timestamp": "00:01:21.745", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 28672, "start_va": 16646144, "type": "region", "version": 1 }, "end_va": 16674815, "entry_point": 0, "filename": null, "id": "region_4975", "name": "private_0x0000000000fe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 16646144, "timestamp": "00:01:21.746", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 17891328, "type": "region", "version": 1 }, "end_va": 17956863, "entry_point": 0, "filename": null, "id": "region_4976", "name": "private_0x0000000001110000", "norm_filename": null, "region_type": "private_memory", "start_va": 17891328, "timestamp": "00:01:21.746", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1536000, "start_va": 17956864, "type": "region", "version": 1 }, "end_va": 19492863, "entry_point": 17961140, "filename": "\\Windows\\System32\\ole32.dll", "id": "region_5026", "name": "ole32.dll", "norm_filename": "c:\\windows\\system32\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 17956864, "timestamp": "00:01:21.841", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 212992, "start_va": 16711680, "type": "region", "version": 1 }, "end_va": 16924671, "entry_point": 16715824, "filename": "\\Windows\\System32\\imm32.dll", "id": "region_5027", "name": "imm32.dll", "norm_filename": "c:\\windows\\system32\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 16711680, "timestamp": "00:01:21.844", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 17956864, "type": "region", "version": 1 }, "end_va": 19562495, "entry_point": 0, "filename": null, "id": "region_5028", "name": "pagefile_0x0000000001120000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 17956864, "timestamp": "00:01:21.844", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 212992, "start_va": 140725095563264, "type": "region", "version": 1 }, "end_va": 140725095776255, "entry_point": 140725095567408, "filename": "\\Windows\\System32\\imm32.dll", "id": "region_5029", "name": "imm32.dll", "norm_filename": "c:\\windows\\system32\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 140725095563264, "timestamp": "00:01:21.845", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1277952, "start_va": 140725091762176, "type": "region", "version": 1 }, "end_va": 140725093040127, "entry_point": 140725091766288, "filename": "\\Windows\\System32\\msctf.dll", "id": "region_5030", "name": "msctf.dll", "norm_filename": "c:\\windows\\system32\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 140725091762176, "timestamp": "00:01:21.846", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 12288, "start_va": 16711680, "type": "region", "version": 1 }, "end_va": 16723967, "entry_point": 0, "filename": null, "id": "region_5031", "name": "pagefile_0x0000000000ff0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 16711680, "timestamp": "00:01:21.857", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 16777216, "type": "region", "version": 1 }, "end_va": 16781311, "entry_point": 0, "filename": null, "id": "region_5032", "name": "pagefile_0x0000000001000000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 16777216, "timestamp": "00:01:21.857", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 16842752, "type": "region", "version": 1 }, "end_va": 16846847, "entry_point": 0, "filename": null, "id": "region_5033", "name": "private_0x0000000001010000", "norm_filename": null, "region_type": "private_memory", "start_va": 16842752, "timestamp": "00:01:21.857", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 16908288, "type": "region", "version": 1 }, "end_va": 16912383, "entry_point": 0, "filename": null, "id": "region_5034", "name": "private_0x0000000001020000", "norm_filename": null, "region_type": "private_memory", "start_va": 16908288, "timestamp": "00:01:21.857", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 19595264, "type": "region", "version": 1 }, "end_va": 21172223, "entry_point": 0, "filename": null, "id": "region_5035", "name": "pagefile_0x00000000012b0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 19595264, "timestamp": "00:01:21.857", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20971520, "start_va": 21233664, "type": "region", "version": 1 }, "end_va": 42205183, "entry_point": 0, "filename": null, "id": "region_5036", "name": "pagefile_0x0000000001440000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 21233664, "timestamp": "00:01:21.857", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4169728, "start_va": 42205184, "type": "region", "version": 1 }, "end_va": 46374911, "entry_point": 0, "filename": null, "id": "region_5037", "name": "pagefile_0x0000000002840000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 42205184, "timestamp": "00:01:21.857", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 2031616, "start_va": 46399488, "type": "region", "version": 1 }, "end_va": 48431103, "entry_point": 0, "filename": null, "id": "region_5038", "name": "private_0x0000000002c40000", "norm_filename": null, "region_type": "private_memory", "start_va": 46399488, "timestamp": "00:01:21.858", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 16973824, "type": "region", "version": 1 }, "end_va": 16977919, "entry_point": 0, "filename": null, "id": "region_5040", "name": "pagefile_0x0000000001030000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 16973824, "timestamp": "00:01:21.874", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 983040, "start_va": 46399488, "type": "region", "version": 1 }, "end_va": 47382527, "entry_point": 0, "filename": null, "id": "region_5041", "name": "pagefile_0x0000000002c40000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 46399488, "timestamp": "00:01:21.874", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 48365568, "type": "region", "version": 1 }, "end_va": 48431103, "entry_point": 0, "filename": null, "id": "region_5042", "name": "private_0x0000000002e20000", "norm_filename": null, "region_type": "private_memory", "start_va": 48365568, "timestamp": "00:01:21.874", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 16973824, "type": "region", "version": 1 }, "end_va": 16990207, "entry_point": 0, "filename": null, "id": "region_5043", "name": "pagefile_0x0000000001030000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 16973824, "timestamp": "00:01:21.874", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 28672, "start_va": 17039360, "type": "region", "version": 1 }, "end_va": 17068031, "entry_point": 0, "filename": null, "id": "region_5044", "name": "private_0x0000000001040000", "norm_filename": null, "region_type": "private_memory", "start_va": 17039360, "timestamp": "00:01:21.877", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2969600, "start_va": 48431104, "type": "region", "version": 1 }, "end_va": 51400703, "entry_point": 48431104, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_5045", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 48431104, "timestamp": "00:01:21.879", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 761856, "start_va": 17104896, "type": "region", "version": 1 }, "end_va": 17866751, "entry_point": 17287016, "filename": "\\Windows\\System32\\rpcss.dll", "id": "region_5046", "name": "rpcss.dll", "norm_filename": "c:\\windows\\system32\\rpcss.dll", "region_type": "memory_mapped_file", "start_va": 17104896, "timestamp": "00:01:21.886", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 140725068431360, "type": "region", "version": 1 }, "end_va": 140725068472319, "entry_point": 140725068437320, "filename": "\\Windows\\System32\\kernel.appcore.dll", "id": "region_5047", "name": "kernel.appcore.dll", "norm_filename": "c:\\windows\\system32\\kernel.appcore.dll", "region_type": "memory_mapped_file", "start_va": 140725068431360, "timestamp": "00:01:21.888", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 140725085208576, "type": "region", "version": 1 }, "end_va": 140725085249535, "entry_point": 140725085212688, "filename": "\\Windows\\System32\\cryptbase.dll", "id": "region_5048", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\system32\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 140725085208576, "timestamp": "00:01:21.890", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 385024, "start_va": 140725084815360, "type": "region", "version": 1 }, "end_va": 140725085200383, "entry_point": 140725084944032, "filename": "\\Windows\\System32\\bcryptprimitives.dll", "id": "region_5049", "name": "bcryptprimitives.dll", "norm_filename": "c:\\windows\\system32\\bcryptprimitives.dll", "region_type": "memory_mapped_file", "start_va": 140725084815360, "timestamp": "00:01:21.892", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1531904, "start_va": 140725096546304, "type": "region", "version": 1 }, "end_va": 140725098078207, "entry_point": 140725096550580, "filename": "\\Windows\\System32\\ole32.dll", "id": "region_5050", "name": "ole32.dll", "norm_filename": "c:\\windows\\system32\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 140725096546304, "timestamp": "00:01:21.896", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 17104896, "type": "region", "version": 1 }, "end_va": 17108991, "entry_point": 0, "filename": null, "id": "region_5051", "name": "pagefile_0x0000000001050000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 17104896, "timestamp": "00:01:21.901", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 17170432, "type": "region", "version": 1 }, "end_va": 17174527, "entry_point": 0, "filename": null, "id": "region_5052", "name": "pagefile_0x0000000001060000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 17170432, "timestamp": "00:01:21.904", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 17235968, "type": "region", "version": 1 }, "end_va": 17240063, "entry_point": 0, "filename": null, "id": "region_5053", "name": "pagefile_0x0000000001070000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 17235968, "timestamp": "00:01:21.905", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 671744, "start_va": 140725095825408, "type": "region", "version": 1 }, "end_va": 140725096497151, "entry_point": 140725095829872, "filename": "\\Windows\\System32\\clbcatq.dll", "id": "region_5054", "name": "clbcatq.dll", "norm_filename": "c:\\windows\\system32\\clbcatq.dll", "region_type": "memory_mapped_file", "start_va": 140725095825408, "timestamp": "00:01:21.905", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 17301504, "type": "region", "version": 1 }, "end_va": 17305599, "entry_point": 0, "filename": null, "id": "region_5055", "name": "pagefile_0x0000000001080000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 17301504, "timestamp": "00:01:21.908", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 356352, "start_va": 140725078982656, "type": "region", "version": 1 }, "end_va": 140725079339007, "entry_point": 140725078989424, "filename": "\\Windows\\System32\\winsta.dll", "id": "region_5056", "name": "winsta.dll", "norm_filename": "c:\\windows\\system32\\winsta.dll", "region_type": "memory_mapped_file", "start_va": 140725078982656, "timestamp": "00:01:21.913", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 17367040, "type": "region", "version": 1 }, "end_va": 17383423, "entry_point": 17367040, "filename": "\\Users\\5JgHKoaOfdp\\AppData\\Local\\Microsoft\\Windows\\Caches\\cversions.1.db", "id": "region_5063", "name": "cversions.1.db", "norm_filename": "c:\\users\\5jghkoaofdp\\appdata\\local\\microsoft\\windows\\caches\\cversions.1.db", "region_type": "memory_mapped_file", "start_va": 17367040, "timestamp": "00:01:21.987", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable" ], "ref_process_dump": null, "size": 131072, "start_va": 17432576, "type": "region", "version": 1 }, "end_va": 17563647, "entry_point": 17432576, "filename": "\\Users\\5JgHKoaOfdp\\AppData\\Local\\Microsoft\\Windows\\Caches\\{3DA71D5A-20CC-432F-A115-DFE92379E91F}.1.ver0x000000000000002f.db", "id": "region_5064", "name": "{3da71d5a-20cc-432f-a115-dfe92379e91f}.1.ver0x000000000000002f.db", "norm_filename": "c:\\users\\5jghkoaofdp\\appdata\\local\\microsoft\\windows\\caches\\{3da71d5a-20cc-432f-a115-dfe92379e91f}.1.ver0x000000000000002f.db", "region_type": "memory_mapped_file", "start_va": 17432576, "timestamp": "00:01:21.989", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 385024, "start_va": 140725053423616, "type": "region", "version": 1 }, "end_va": 140725053808639, "entry_point": 140725053427828, "filename": "\\Windows\\System32\\BCP47Langs.dll", "id": "region_5065", "name": "bcp47langs.dll", "norm_filename": "c:\\windows\\system32\\bcp47langs.dll", "region_type": "memory_mapped_file", "start_va": 140725053423616, "timestamp": "00:01:21.992", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 17563648, "type": "region", "version": 1 }, "end_va": 17580031, "entry_point": 17563648, "filename": "\\Users\\5JgHKoaOfdp\\AppData\\Local\\Microsoft\\Windows\\Caches\\cversions.1.db", "id": "region_5066", "name": "cversions.1.db", "norm_filename": "c:\\users\\5jghkoaofdp\\appdata\\local\\microsoft\\windows\\caches\\cversions.1.db", "region_type": "memory_mapped_file", "start_va": 17563648, "timestamp": "00:01:21.998", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable" ], "ref_process_dump": null, "size": 94208, "start_va": 17629184, "type": "region", "version": 1 }, "end_va": 17723391, "entry_point": 17629184, "filename": "\\Users\\5JgHKoaOfdp\\AppData\\Local\\Microsoft\\Windows\\Caches\\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x000000000000001b.db", "id": "region_5067", "name": "{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x000000000000001b.db", "norm_filename": "c:\\users\\5jghkoaofdp\\appdata\\local\\microsoft\\windows\\caches\\{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x000000000000001b.db", "region_type": "memory_mapped_file", "start_va": 17629184, "timestamp": "00:01:22.000", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 17760256, "type": "region", "version": 1 }, "end_va": 17764351, "entry_point": 0, "filename": null, "id": "region_5068", "name": "pagefile_0x00000000010f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 17760256, "timestamp": "00:01:22.003", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 147456, "start_va": 140725019934720, "type": "region", "version": 1 }, "end_va": 140725020082175, "entry_point": 140725019938992, "filename": "\\Windows\\System32\\IDStore.dll", "id": "region_5069", "name": "idstore.dll", "norm_filename": "c:\\windows\\system32\\idstore.dll", "region_type": "memory_mapped_file", "start_va": 140725019934720, "timestamp": "00:01:22.040", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 122880, "start_va": 140725021573120, "type": "region", "version": 1 }, "end_va": 140725021695999, "entry_point": 140725021581404, "filename": "\\Windows\\System32\\samlib.dll", "id": "region_5070", "name": "samlib.dll", "norm_filename": "c:\\windows\\system32\\samlib.dll", "region_type": "memory_mapped_file", "start_va": 140725021573120, "timestamp": "00:01:22.044", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 47382528, "type": "region", "version": 1 }, "end_va": 47906815, "entry_point": 0, "filename": null, "id": "region_5071", "name": "private_0x0000000002d30000", "norm_filename": null, "region_type": "private_memory", "start_va": 47382528, "timestamp": "00:01:22.053", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140695618564096, "type": "region", "version": 1 }, "end_va": 140695618572287, "entry_point": 0, "filename": null, "id": "region_5072", "name": "private_0x00007ff6405db000", "norm_filename": null, "region_type": "private_memory", "start_va": 140695618564096, "timestamp": "00:01:22.053", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 53248, "start_va": 140724997193728, "type": "region", "version": 1 }, "end_va": 140724997246975, "entry_point": 140724997193728, "filename": "\\Windows\\System32\\SettingSyncPolicy.dll", "id": "region_5073", "name": "settingsyncpolicy.dll", "norm_filename": "c:\\windows\\system32\\settingsyncpolicy.dll", "region_type": "memory_mapped_file", "start_va": 140724997193728, "timestamp": "00:01:22.054", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 12288, "start_va": 17563648, "type": "region", "version": 1 }, "end_va": 17575935, "entry_point": 0, "filename": null, "id": "region_5078", "name": "pagefile_0x00000000010c0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 17563648, "timestamp": "00:01:22.074", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 17825792, "type": "region", "version": 1 }, "end_va": 17829887, "entry_point": 0, "filename": null, "id": "region_5079", "name": "private_0x0000000001100000", "norm_filename": null, "region_type": "private_memory", "start_va": 17825792, "timestamp": "00:01:22.077", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 17825792, "type": "region", "version": 1 }, "end_va": 17842175, "entry_point": 17825792, "filename": "\\Users\\5JgHKoaOfdp\\AppData\\Local\\Microsoft\\Windows\\Caches\\cversions.1.db", "id": "region_5080", "name": "cversions.1.db", "norm_filename": "c:\\users\\5jghkoaofdp\\appdata\\local\\microsoft\\windows\\caches\\cversions.1.db", "region_type": "memory_mapped_file", "start_va": 17825792, "timestamp": "00:01:22.082", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 47906816, "type": "region", "version": 1 }, "end_va": 47910911, "entry_point": 0, "filename": null, "id": "region_5081", "name": "private_0x0000000002db0000", "norm_filename": null, "region_type": "private_memory", "start_va": 47906816, "timestamp": "00:01:22.087", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 51445760, "type": "region", "version": 1 }, "end_va": 51970047, "entry_point": 0, "filename": null, "id": "region_5082", "name": "private_0x0000000003110000", "norm_filename": null, "region_type": "private_memory", "start_va": 51445760, "timestamp": "00:01:22.087", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140695618555904, "type": "region", "version": 1 }, "end_va": 140695618564095, "entry_point": 0, "filename": null, "id": "region_5083", "name": "private_0x00007ff6405d9000", "norm_filename": null, "region_type": "private_memory", "start_va": 140695618555904, "timestamp": "00:01:22.087", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 51970048, "type": "region", "version": 1 }, "end_va": 52494335, "entry_point": 0, "filename": null, "id": "region_5084", "name": "private_0x0000000003190000", "norm_filename": null, "region_type": "private_memory", "start_va": 51970048, "timestamp": "00:01:22.092", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 52494336, "type": "region", "version": 1 }, "end_va": 53018623, "entry_point": 0, "filename": null, "id": "region_5085", "name": "private_0x0000000003210000", "norm_filename": null, "region_type": "private_memory", "start_va": 52494336, "timestamp": "00:01:22.092", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 53018624, "type": "region", "version": 1 }, "end_va": 53542911, "entry_point": 0, "filename": null, "id": "region_5086", "name": "private_0x0000000003290000", "norm_filename": null, "region_type": "private_memory", "start_va": 53018624, "timestamp": "00:01:22.092", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140695618531328, "type": "region", "version": 1 }, "end_va": 140695618539519, "entry_point": 0, "filename": null, "id": "region_5087", "name": "private_0x00007ff6405d3000", "norm_filename": null, "region_type": "private_memory", "start_va": 140695618531328, "timestamp": "00:01:22.092", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140695618539520, "type": "region", "version": 1 }, "end_va": 140695618547711, "entry_point": 0, "filename": null, "id": "region_5088", "name": "private_0x00007ff6405d5000", "norm_filename": null, "region_type": "private_memory", "start_va": 140695618539520, "timestamp": "00:01:22.092", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140695618547712, "type": "region", "version": 1 }, "end_va": 140695618555903, "entry_point": 0, "filename": null, "id": "region_5089", "name": "private_0x00007ff6405d7000", "norm_filename": null, "region_type": "private_memory", "start_va": 140695618547712, "timestamp": "00:01:22.092", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 90112, "start_va": 140725025636352, "type": "region", "version": 1 }, "end_va": 140725025726463, "entry_point": 140725025640520, "filename": "\\Windows\\System32\\wkscli.dll", "id": "region_5090", "name": "wkscli.dll", "norm_filename": "c:\\windows\\system32\\wkscli.dll", "region_type": "memory_mapped_file", "start_va": 140725025636352, "timestamp": "00:01:22.092", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1748992, "start_va": 140725058338816, "type": "region", "version": 1 }, "end_va": 140725060087807, "entry_point": 140725058850788, "filename": "\\Windows\\System32\\dui70.dll", "id": "region_5091", "name": "dui70.dll", "norm_filename": "c:\\windows\\system32\\dui70.dll", "region_type": "memory_mapped_file", "start_va": 140725058338816, "timestamp": "00:01:22.097", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 47906816, "type": "region", "version": 1 }, "end_va": 47915007, "entry_point": 0, "filename": null, "id": "region_5092", "name": "pagefile_0x0000000002db0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 47906816, "timestamp": "00:01:22.098", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2465792, "start_va": 140725055651840, "type": "region", "version": 1 }, "end_va": 140725058117631, "entry_point": 140725055670080, "filename": "\\Windows\\WinSxS\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_62475f7becb72503\\comctl32.dll", "id": "region_5093", "name": "comctl32.dll", "norm_filename": "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_62475f7becb72503\\comctl32.dll", "region_type": "memory_mapped_file", "start_va": 140725055651840, "timestamp": "00:01:22.101", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 47972352, "type": "region", "version": 1 }, "end_va": 47976447, "entry_point": 47972352, "filename": "\\Windows\\WindowsShell.Manifest", "id": "region_5094", "name": "windowsshell.manifest", "norm_filename": "c:\\windows\\windowsshell.manifest", "region_type": "memory_mapped_file", "start_va": 47972352, "timestamp": "00:01:22.103", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 48037888, "type": "region", "version": 1 }, "end_va": 48046079, "entry_point": 0, "filename": null, "id": "region_5095", "name": "pagefile_0x0000000002dd0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 48037888, "timestamp": "00:01:22.103", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 659456, "start_va": 140725054930944, "type": "region", "version": 1 }, "end_va": 140725055590399, "entry_point": 140725055152160, "filename": "\\Windows\\System32\\duser.dll", "id": "region_5096", "name": "duser.dll", "norm_filename": "c:\\windows\\system32\\duser.dll", "region_type": "memory_mapped_file", "start_va": 140725054930944, "timestamp": "00:01:22.106", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 53542912, "type": "region", "version": 1 }, "end_va": 54067199, "entry_point": 0, "filename": null, "id": "region_5097", "name": "private_0x0000000003310000", "norm_filename": null, "region_type": "private_memory", "start_va": 53542912, "timestamp": "00:01:22.112", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140695617331200, "type": "region", "version": 1 }, "end_va": 140695617339391, "entry_point": 0, "filename": null, "id": "region_5098", "name": "private_0x00007ff6404ae000", "norm_filename": null, "region_type": "private_memory", "start_va": 140695617331200, "timestamp": "00:01:22.112", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 249856, "start_va": 140725054668800, "type": "region", "version": 1 }, "end_va": 140725054918655, "entry_point": 140725054693016, "filename": "\\Windows\\System32\\SndVolSSO.dll", "id": "region_5099", "name": "sndvolsso.dll", "norm_filename": "c:\\windows\\system32\\sndvolsso.dll", "region_type": "memory_mapped_file", "start_va": 140725054668800, "timestamp": "00:01:22.116", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 47972352, "type": "region", "version": 1 }, "end_va": 47980543, "entry_point": 0, "filename": null, "id": "region_5100", "name": "pagefile_0x0000000002dc0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 47972352, "timestamp": "00:01:22.118", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 53248, "start_va": 140725071970304, "type": "region", "version": 1 }, "end_va": 140725072023551, "entry_point": 140725071974524, "filename": "\\Windows\\System32\\hid.dll", "id": "region_5101", "name": "hid.dll", "norm_filename": "c:\\windows\\system32\\hid.dll", "region_type": "memory_mapped_file", "start_va": 140725071970304, "timestamp": "00:01:22.119", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 397312, "start_va": 140725054210048, "type": "region", "version": 1 }, "end_va": 140725054607359, "entry_point": 140725054288584, "filename": "\\Windows\\System32\\MMDevAPI.dll", "id": "region_5102", "name": "mmdevapi.dll", "norm_filename": "c:\\windows\\system32\\mmdevapi.dll", "region_type": "memory_mapped_file", "start_va": 140725054210048, "timestamp": "00:01:22.122", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 155648, "start_va": 140725068103680, "type": "region", "version": 1 }, "end_va": 140725068259327, "entry_point": 140725068109212, "filename": "\\Windows\\System32\\devobj.dll", "id": "region_5103", "name": "devobj.dll", "norm_filename": "c:\\windows\\system32\\devobj.dll", "region_type": "memory_mapped_file", "start_va": 140725068103680, "timestamp": "00:01:22.123", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 303104, "start_va": 140725090320384, "type": "region", "version": 1 }, "end_va": 140725090623487, "entry_point": 140725090325080, "filename": "\\Windows\\System32\\cfgmgr32.dll", "id": "region_5104", "name": "cfgmgr32.dll", "norm_filename": "c:\\windows\\system32\\cfgmgr32.dll", "region_type": "memory_mapped_file", "start_va": 140725090320384, "timestamp": "00:01:22.124", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 405504, "start_va": 140725049556992, "type": "region", "version": 1 }, "end_va": 140725049962495, "entry_point": 140725049585588, "filename": "\\Windows\\System32\\oleacc.dll", "id": "region_5105", "name": "oleacc.dll", "norm_filename": "c:\\windows\\system32\\oleacc.dll", "region_type": "memory_mapped_file", "start_va": 140725049556992, "timestamp": "00:01:22.131", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 48103424, "type": "region", "version": 1 }, "end_va": 48107519, "entry_point": 48103424, "filename": "\\Windows\\System32\\oleaccrc.dll", "id": "region_5106", "name": "oleaccrc.dll", "norm_filename": "c:\\windows\\system32\\oleaccrc.dll", "region_type": "memory_mapped_file", "start_va": 48103424, "timestamp": "00:01:22.133", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2412544, "start_va": 140725043986432, "type": "region", "version": 1 }, "end_va": 140725046398975, "entry_point": 140725044101364, "filename": "\\Windows\\System32\\d3d10warp.dll", "id": "region_5107", "name": "d3d10warp.dll", "norm_filename": "c:\\windows\\system32\\d3d10warp.dll", "region_type": "memory_mapped_file", "start_va": 140725043986432, "timestamp": "00:01:22.136", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 48168960, "type": "region", "version": 1 }, "end_va": 48173055, "entry_point": 0, "filename": null, "id": "region_5108", "name": "private_0x0000000002df0000", "norm_filename": null, "region_type": "private_memory", "start_va": 48168960, "timestamp": "00:01:22.143", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 48234496, "type": "region", "version": 1 }, "end_va": 48238591, "entry_point": 0, "filename": null, "id": "region_5109", "name": "private_0x0000000002e00000", "norm_filename": null, "region_type": "private_memory", "start_va": 48234496, "timestamp": "00:01:22.143", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 48300032, "type": "region", "version": 1 }, "end_va": 48304127, "entry_point": 0, "filename": null, "id": "region_5110", "name": "private_0x0000000002e10000", "norm_filename": null, "region_type": "private_memory", "start_va": 48300032, "timestamp": "00:01:22.143", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 54067200, "type": "region", "version": 1 }, "end_va": 54591487, "entry_point": 0, "filename": null, "id": "region_5111", "name": "private_0x0000000003390000", "norm_filename": null, "region_type": "private_memory", "start_va": 54067200, "timestamp": "00:01:22.144", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140695617323008, "type": "region", "version": 1 }, "end_va": 140695617331199, "entry_point": 0, "filename": null, "id": "region_5112", "name": "private_0x00007ff6404ac000", "norm_filename": null, "region_type": "private_memory", "start_va": 140695617323008, "timestamp": "00:01:22.144", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 54591488, "type": "region", "version": 1 }, "end_va": 54595583, "entry_point": 0, "filename": null, "id": "region_5113", "name": "private_0x0000000003410000", "norm_filename": null, "region_type": "private_memory", "start_va": 54591488, "timestamp": "00:01:22.149", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 13205504, "start_va": 140724983955456, "type": "region", "version": 1 }, "end_va": 140724997160959, "entry_point": 140724983955456, "filename": "\\Windows\\System32\\twinui.dll", "id": "region_5114", "name": "twinui.dll", "norm_filename": "c:\\windows\\system32\\twinui.dll", "region_type": "memory_mapped_file", "start_va": 140724983955456, "timestamp": "00:01:22.253", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 581632, "start_va": 140724983365632, "type": "region", "version": 1 }, "end_va": 140724983947263, "entry_point": 140724983365632, "filename": "\\Windows\\System32\\twinapi.appcore.dll", "id": "region_5115", "name": "twinapi.appcore.dll", "norm_filename": "c:\\windows\\system32\\twinapi.appcore.dll", "region_type": "memory_mapped_file", "start_va": 140724983365632, "timestamp": "00:01:22.303", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 229376, "start_va": 140725031206912, "type": "region", "version": 1 }, "end_va": 140725031436287, "entry_point": 140725031211060, "filename": "\\Windows\\System32\\xmllite.dll", "id": "region_5116", "name": "xmllite.dll", "norm_filename": "c:\\windows\\system32\\xmllite.dll", "region_type": "memory_mapped_file", "start_va": 140725031206912, "timestamp": "00:01:22.317", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1683456, "start_va": 140725017182208, "type": "region", "version": 1 }, "end_va": 140725018865663, "entry_point": 140725017186480, "filename": "\\Windows\\System32\\Windows.UI.Immersive.dll", "id": "region_5117", "name": "windows.ui.immersive.dll", "norm_filename": "c:\\windows\\system32\\windows.ui.immersive.dll", "region_type": "memory_mapped_file", "start_va": 140725017182208, "timestamp": "00:01:22.318", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 196608, "start_va": 140725028847616, "type": "region", "version": 1 }, "end_va": 140725029044223, "entry_point": 140725028871328, "filename": "\\Windows\\System32\\ntmarta.dll", "id": "region_5118", "name": "ntmarta.dll", "norm_filename": "c:\\windows\\system32\\ntmarta.dll", "region_type": "memory_mapped_file", "start_va": 140725028847616, "timestamp": "00:01:22.319", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 12288, "start_va": 54657024, "type": "region", "version": 1 }, "end_va": 54669311, "entry_point": 0, "filename": null, "id": "region_5119", "name": "pagefile_0x0000000003420000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 54657024, "timestamp": "00:01:22.322", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 122880, "start_va": 140725079769088, "type": "region", "version": 1 }, "end_va": 140725079891967, "entry_point": 140725079773640, "filename": "\\Windows\\System32\\cryptsp.dll", "id": "region_5121", "name": "cryptsp.dll", "norm_filename": "c:\\windows\\system32\\cryptsp.dll", "region_type": "memory_mapped_file", "start_va": 140725079769088, "timestamp": "00:01:22.352", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 217088, "start_va": 140725075443712, "type": "region", "version": 1 }, "end_va": 140725075660799, "entry_point": 140725075448792, "filename": "\\Windows\\System32\\rsaenh.dll", "id": "region_5122", "name": "rsaenh.dll", "norm_filename": "c:\\windows\\system32\\rsaenh.dll", "region_type": "memory_mapped_file", "start_va": 140725075443712, "timestamp": "00:01:22.354", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 155648, "start_va": 140725082062848, "type": "region", "version": 1 }, "end_va": 140725082218495, "entry_point": 140725082086248, "filename": "\\Windows\\System32\\bcrypt.dll", "id": "region_5123", "name": "bcrypt.dll", "norm_filename": "c:\\windows\\system32\\bcrypt.dll", "region_type": "memory_mapped_file", "start_va": 140725082062848, "timestamp": "00:01:22.356", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 54722560, "type": "region", "version": 1 }, "end_va": 55246847, "entry_point": 0, "filename": null, "id": "region_5124", "name": "private_0x0000000003430000", "norm_filename": null, "region_type": "private_memory", "start_va": 54722560, "timestamp": "00:01:22.364", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140695617314816, "type": "region", "version": 1 }, "end_va": 140695617323007, "entry_point": 0, "filename": null, "id": "region_5125", "name": "private_0x00007ff6404aa000", "norm_filename": null, "region_type": "private_memory", "start_va": 140695617314816, "timestamp": "00:01:22.364", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2813952, "start_va": 140724980547584, "type": "region", "version": 1 }, "end_va": 140724983361535, "entry_point": 140724980547584, "filename": "\\Windows\\System32\\actxprxy.dll", "id": "region_5143", "name": "actxprxy.dll", "norm_filename": "c:\\windows\\system32\\actxprxy.dll", "region_type": "memory_mapped_file", "start_va": 140724980547584, "timestamp": "00:01:22.428", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1650688, "start_va": 140725037039616, "type": "region", "version": 1 }, "end_va": 140725038690303, "entry_point": 140725037085936, "filename": "\\Windows\\System32\\WindowsCodecs.dll", "id": "region_5146", "name": "windowscodecs.dll", "norm_filename": "c:\\windows\\system32\\windowscodecs.dll", "region_type": "memory_mapped_file", "start_va": 140725037039616, "timestamp": "00:01:22.487", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 55246848, "type": "region", "version": 1 }, "end_va": 56295423, "entry_point": 0, "filename": null, "id": "region_5147", "name": "private_0x00000000034b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 55246848, "timestamp": "00:01:22.492", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 56295424, "type": "region", "version": 1 }, "end_va": 56303615, "entry_point": 0, "filename": null, "id": "region_5148", "name": "private_0x00000000035b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 56295424, "timestamp": "00:01:22.493", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 196608, "start_va": 56360960, "type": "region", "version": 1 }, "end_va": 56557567, "entry_point": 0, "filename": null, "id": "region_5149", "name": "private_0x00000000035c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 56360960, "timestamp": "00:01:22.493", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 56360960, "type": "region", "version": 1 }, "end_va": 56426495, "entry_point": 0, "filename": null, "id": "region_5150", "name": "pagefile_0x00000000035c0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 56360960, "timestamp": "00:01:22.493", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 56426496, "type": "region", "version": 1 }, "end_va": 56492031, "entry_point": 0, "filename": null, "id": "region_5151", "name": "pagefile_0x00000000035d0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 56426496, "timestamp": "00:01:22.493", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 56492032, "type": "region", "version": 1 }, "end_va": 56557567, "entry_point": 0, "filename": null, "id": "region_5152", "name": "pagefile_0x00000000035e0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 56492032, "timestamp": "00:01:22.493", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 56557568, "type": "region", "version": 1 }, "end_va": 56561663, "entry_point": 0, "filename": null, "id": "region_5153", "name": "private_0x00000000035f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 56557568, "timestamp": "00:01:22.507", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 56623104, "type": "region", "version": 1 }, "end_va": 56627199, "entry_point": 0, "filename": null, "id": "region_5154", "name": "private_0x0000000003600000", "norm_filename": null, "region_type": "private_memory", "start_va": 56623104, "timestamp": "00:01:22.507", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 56688640, "type": "region", "version": 1 }, "end_va": 56692735, "entry_point": 0, "filename": null, "id": "region_5155", "name": "private_0x0000000003610000", "norm_filename": null, "region_type": "private_memory", "start_va": 56688640, "timestamp": "00:01:22.507", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 56754176, "type": "region", "version": 1 }, "end_va": 56758271, "entry_point": 0, "filename": null, "id": "region_5156", "name": "private_0x0000000003620000", "norm_filename": null, "region_type": "private_memory", "start_va": 56754176, "timestamp": "00:01:22.507", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 15138816, "start_va": 56819712, "type": "region", "version": 1 }, "end_va": 71958527, "entry_point": 56819712, "filename": "\\Windows\\Fonts\\StaticCache.dat", "id": "region_5157", "name": "staticcache.dat", "norm_filename": "c:\\windows\\fonts\\staticcache.dat", "region_type": "memory_mapped_file", "start_va": 56819712, "timestamp": "00:01:22.518", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 12288, "start_va": 71958528, "type": "region", "version": 1 }, "end_va": 71970815, "entry_point": 71958528, "filename": "\\Windows\\WinSxS\\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.9600.16384_en-us_7852a861195d56f0\\comctl32.dll.mui", "id": "region_5158", "name": "comctl32.dll.mui", "norm_filename": "c:\\windows\\winsxs\\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.9600.16384_en-us_7852a861195d56f0\\comctl32.dll.mui", "region_type": "memory_mapped_file", "start_va": 71958528, "timestamp": "00:01:22.523", "type": "region", "version": 1 } ], "terminate_reason": "timeout", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "taskhostex.exe ", "filename": "c:\\windows\\system32\\taskhostex.exe", "id": "proc_55", "image_name": "taskhostex.exe", "monitor_reason": "child_process", "monitored_id": 55, "origin_monitor_id": 46, "ref_parent_process": { "ref_id": "proc_46", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable" ], "ref_process_dump": null, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_4793", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:01:21.296", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 131072, "start_va": 182208233472, "type": "region", "version": 1 }, "end_va": 182208364543, "entry_point": 0, "filename": null, "id": "region_4794", "name": "private_0x0000002a6c750000", "norm_filename": null, "region_type": "private_memory", "start_va": 182208233472, "timestamp": "00:01:21.296", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 61440, "start_va": 182208364544, "type": "region", "version": 1 }, "end_va": 182208425983, "entry_point": 0, "filename": null, "id": "region_4795", "name": "pagefile_0x0000002a6c770000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 182208364544, "timestamp": "00:01:21.296", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 182208430080, "type": "region", "version": 1 }, "end_va": 182208954367, "entry_point": 0, "filename": null, "id": "region_4796", "name": "private_0x0000002a6c780000", "norm_filename": null, "region_type": "private_memory", "start_va": 182208430080, "timestamp": "00:01:21.296", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 182208954368, "type": "region", "version": 1 }, "end_va": 182208970751, "entry_point": 0, "filename": null, "id": "region_4797", "name": "pagefile_0x0000002a6c800000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 182208954368, "timestamp": "00:01:21.296", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 140700265152512, "type": "region", "version": 1 }, "end_va": 140700265295871, "entry_point": 0, "filename": null, "id": "region_4798", "name": "pagefile_0x00007ff755530000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 140700265152512, "timestamp": "00:01:21.296", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 140700265332736, "type": "region", "version": 1 }, "end_va": 140700265336831, "entry_point": 0, "filename": null, "id": "region_4799", "name": "private_0x00007ff75555c000", "norm_filename": null, "region_type": "private_memory", "start_va": 140700265332736, "timestamp": "00:01:21.296", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140700265340928, "type": "region", "version": 1 }, "end_va": 140700265349119, "entry_point": 0, "filename": null, "id": "region_4800", "name": "private_0x00007ff75555e000", "norm_filename": null, "region_type": "private_memory", "start_va": 140700265340928, "timestamp": "00:01:21.296", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 86016, "start_va": 140700272361472, "type": "region", "version": 1 }, "end_va": 140700272447487, "entry_point": 140700272361472, "filename": "\\Windows\\System32\\taskhostex.exe", "id": "region_4801", "name": "taskhostex.exe", "norm_filename": "c:\\windows\\system32\\taskhostex.exe", "region_type": "memory_mapped_file", "start_va": 140700272361472, "timestamp": "00:01:21.296", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 140725133115392, "type": "region", "version": 1 }, "end_va": 140725134856191, "entry_point": 140725133115392, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_4802", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 140725133115392, "timestamp": "00:01:21.302", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 182209019904, "type": "region", "version": 1 }, "end_va": 182209023999, "entry_point": 0, "filename": null, "id": "region_4803", "name": "pagefile_0x0000002a6c810000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 182209019904, "timestamp": "00:01:21.304", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 182209085440, "type": "region", "version": 1 }, "end_va": 182209093631, "entry_point": 0, "filename": null, "id": "region_4804", "name": "private_0x0000002a6c820000", "norm_filename": null, "region_type": "private_memory", "start_va": 182209085440, "timestamp": "00:01:21.305", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 182210330624, "type": "region", "version": 1 }, "end_va": 182211379199, "entry_point": 0, "filename": null, "id": "region_4824", "name": "private_0x0000002a6c950000", "norm_filename": null, "region_type": "private_memory", "start_va": 182210330624, "timestamp": "00:01:21.378", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1105920, "start_va": 140725090648064, "type": "region", "version": 1 }, "end_va": 140725091753983, "entry_point": 140725090656928, "filename": "\\Windows\\System32\\KernelBase.dll", "id": "region_4825", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\system32\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 140725090648064, "timestamp": "00:01:21.378", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1282048, "start_va": 140725124988928, "type": "region", "version": 1 }, "end_va": 140725126270975, "entry_point": 140725125009460, "filename": "\\Windows\\System32\\kernel32.dll", "id": "region_4826", "name": "kernel32.dll", "norm_filename": "c:\\windows\\system32\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 140725124988928, "timestamp": "00:01:21.379", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 182208233472, "type": "region", "version": 1 }, "end_va": 182208299007, "entry_point": 0, "filename": null, "id": "region_4827", "name": "pagefile_0x0000002a6c750000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 182208233472, "timestamp": "00:01:21.380", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 140700264103936, "type": "region", "version": 1 }, "end_va": 140700265152511, "entry_point": 0, "filename": null, "id": "region_4828", "name": "pagefile_0x00007ff755430000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 140700264103936, "timestamp": "00:01:21.380", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 516096, "start_va": 182209150976, "type": "region", "version": 1 }, "end_va": 182209667071, "entry_point": 182209150976, "filename": "\\Windows\\System32\\locale.nls", "id": "region_4829", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 182209150976, "timestamp": "00:01:21.382", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 684032, "start_va": 140725098577920, "type": "region", "version": 1 }, "end_va": 140725099261951, "entry_point": 140725098588204, "filename": "\\Windows\\System32\\msvcrt.dll", "id": "region_4830", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\system32\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 140725098577920, "timestamp": "00:01:21.383", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1269760, "start_va": 140725127806976, "type": "region", "version": 1 }, "end_va": 140725129076735, "entry_point": 140725127811408, "filename": "\\Windows\\System32\\rpcrt4.dll", "id": "region_4831", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\system32\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 140725127806976, "timestamp": "00:01:21.383", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1929216, "start_va": 140725131149312, "type": "region", "version": 1 }, "end_va": 140725133078527, "entry_point": 140725131157344, "filename": "\\Windows\\System32\\combase.dll", "id": "region_4832", "name": "combase.dll", "norm_filename": "c:\\windows\\system32\\combase.dll", "region_type": "memory_mapped_file", "start_va": 140725131149312, "timestamp": "00:01:21.384", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 749568, "start_va": 140725101002752, "type": "region", "version": 1 }, "end_va": 140725101752319, "entry_point": 140725101007136, "filename": "\\Windows\\System32\\oleaut32.dll", "id": "region_4833", "name": "oleaut32.dll", "norm_filename": "c:\\windows\\system32\\oleaut32.dll", "region_type": "memory_mapped_file", "start_va": 140725101002752, "timestamp": "00:01:21.385", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1703936, "start_va": 182211379200, "type": "region", "version": 1 }, "end_va": 182213083135, "entry_point": 0, "filename": null, "id": "region_4834", "name": "private_0x0000002a6ca50000", "norm_filename": null, "region_type": "private_memory", "start_va": 182211379200, "timestamp": "00:01:21.388", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 28672, "start_va": 182208299008, "type": "region", "version": 1 }, "end_va": 182208327679, "entry_point": 0, "filename": null, "id": "region_4835", "name": "private_0x0000002a6c760000", "norm_filename": null, "region_type": "private_memory", "start_va": 182208299008, "timestamp": "00:01:21.389", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1536000, "start_va": 182211379200, "type": "region", "version": 1 }, "end_va": 182212915199, "entry_point": 182211383476, "filename": "\\Windows\\System32\\ole32.dll", "id": "region_4836", "name": "ole32.dll", "norm_filename": "c:\\windows\\system32\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 182211379200, "timestamp": "00:01:21.393", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 182213017600, "type": "region", "version": 1 }, "end_va": 182213083135, "entry_point": 0, "filename": null, "id": "region_4837", "name": "private_0x0000002a6cbe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 182213017600, "timestamp": "00:01:21.393", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 761856, "start_va": 182211379200, "type": "region", "version": 1 }, "end_va": 182212141055, "entry_point": 182211561320, "filename": "\\Windows\\System32\\rpcss.dll", "id": "region_4838", "name": "rpcss.dll", "norm_filename": "c:\\windows\\system32\\rpcss.dll", "region_type": "memory_mapped_file", "start_va": 182211379200, "timestamp": "00:01:21.395", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 140725068431360, "type": "region", "version": 1 }, "end_va": 140725068472319, "entry_point": 140725068437320, "filename": "\\Windows\\System32\\kernel.appcore.dll", "id": "region_4839", "name": "kernel.appcore.dll", "norm_filename": "c:\\windows\\system32\\kernel.appcore.dll", "region_type": "memory_mapped_file", "start_va": 140725068431360, "timestamp": "00:01:21.396", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 140725085208576, "type": "region", "version": 1 }, "end_va": 140725085249535, "entry_point": 140725085212688, "filename": "\\Windows\\System32\\cryptbase.dll", "id": "region_4840", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\system32\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 140725085208576, "timestamp": "00:01:21.398", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 385024, "start_va": 140725084815360, "type": "region", "version": 1 }, "end_va": 140725085200383, "entry_point": 140725084944032, "filename": "\\Windows\\System32\\bcryptprimitives.dll", "id": "region_4841", "name": "bcryptprimitives.dll", "norm_filename": "c:\\windows\\system32\\bcryptprimitives.dll", "region_type": "memory_mapped_file", "start_va": 140725084815360, "timestamp": "00:01:21.399", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 28672, "start_va": 182209675264, "type": "region", "version": 1 }, "end_va": 182209703935, "entry_point": 0, "filename": null, "id": "region_4842", "name": "private_0x0000002a6c8b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 182209675264, "timestamp": "00:01:21.400", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 356352, "start_va": 140725098184704, "type": "region", "version": 1 }, "end_va": 140725098541055, "entry_point": 140725098194176, "filename": "\\Windows\\System32\\sechost.dll", "id": "region_4866", "name": "sechost.dll", "norm_filename": "c:\\windows\\system32\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 140725098184704, "timestamp": "00:01:21.460", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 182209740800, "type": "region", "version": 1 }, "end_va": 182210265087, "entry_point": 0, "filename": null, "id": "region_4878", "name": "private_0x0000002a6c8c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 182209740800, "timestamp": "00:01:21.534", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140700265324544, "type": "region", "version": 1 }, "end_va": 140700265332735, "entry_point": 0, "filename": null, "id": "region_4879", "name": "private_0x00007ff75555a000", "norm_filename": null, "region_type": "private_memory", "start_va": 140700265324544, "timestamp": "00:01:21.534", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1511424, "start_va": 140725093466112, "type": "region", "version": 1 }, "end_va": 140725094977535, "entry_point": 140725093620416, "filename": "\\Windows\\System32\\user32.dll", "id": "region_4880", "name": "user32.dll", "norm_filename": "c:\\windows\\system32\\user32.dll", "region_type": "memory_mapped_file", "start_va": 140725093466112, "timestamp": "00:01:21.534", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1331200, "start_va": 140725129773056, "type": "region", "version": 1 }, "end_va": 140725131104255, "entry_point": 140725129845848, "filename": "\\Windows\\System32\\gdi32.dll", "id": "region_4881", "name": "gdi32.dll", "norm_filename": "c:\\windows\\system32\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 140725129773056, "timestamp": "00:01:21.536", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 182211379200, "type": "region", "version": 1 }, "end_va": 182212984831, "entry_point": 0, "filename": null, "id": "region_4882", "name": "pagefile_0x0000002a6ca50000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 182211379200, "timestamp": "00:01:21.539", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 212992, "start_va": 182213083136, "type": "region", "version": 1 }, "end_va": 182213296127, "entry_point": 182213087280, "filename": "\\Windows\\System32\\imm32.dll", "id": "region_4883", "name": "imm32.dll", "norm_filename": "c:\\windows\\system32\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 182213083136, "timestamp": "00:01:21.539", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 212992, "start_va": 140725095563264, "type": "region", "version": 1 }, "end_va": 140725095776255, "entry_point": 140725095567408, "filename": "\\Windows\\System32\\imm32.dll", "id": "region_4884", "name": "imm32.dll", "norm_filename": "c:\\windows\\system32\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 140725095563264, "timestamp": "00:01:21.541", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1277952, "start_va": 140725091762176, "type": "region", "version": 1 }, "end_va": 140725093040127, "entry_point": 140725091766288, "filename": "\\Windows\\System32\\msctf.dll", "id": "region_4885", "name": "msctf.dll", "norm_filename": "c:\\windows\\system32\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 140725091762176, "timestamp": "00:01:21.542", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 182213083136, "type": "region", "version": 1 }, "end_va": 182214660095, "entry_point": 0, "filename": null, "id": "region_4886", "name": "pagefile_0x0000002a6cbf0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 182213083136, "timestamp": "00:01:21.544", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20971520, "start_va": 182214721536, "type": "region", "version": 1 }, "end_va": 182235693055, "entry_point": 0, "filename": null, "id": "region_4887", "name": "pagefile_0x0000002a6cd80000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 182214721536, "timestamp": "00:01:21.544", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 12288, "start_va": 182210265088, "type": "region", "version": 1 }, "end_va": 182210277375, "entry_point": 0, "filename": null, "id": "region_4888", "name": "pagefile_0x0000002a6c940000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 182210265088, "timestamp": "00:01:21.546", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 182235693056, "type": "region", "version": 1 }, "end_va": 182235697151, "entry_point": 0, "filename": null, "id": "region_4889", "name": "pagefile_0x0000002a6e180000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 182235693056, "timestamp": "00:01:21.546", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 182235758592, "type": "region", "version": 1 }, "end_va": 182235762687, "entry_point": 182235758592, "filename": "\\Windows\\System32\\en-US\\taskhostex.exe.mui", "id": "region_4890", "name": "taskhostex.exe.mui", "norm_filename": "c:\\windows\\system32\\en-us\\taskhostex.exe.mui", "region_type": "memory_mapped_file", "start_va": 182235758592, "timestamp": "00:01:21.546", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 182235824128, "type": "region", "version": 1 }, "end_va": 182235828223, "entry_point": 0, "filename": null, "id": "region_4891", "name": "private_0x0000002a6e1a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 182235824128, "timestamp": "00:01:21.558", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 182235889664, "type": "region", "version": 1 }, "end_va": 182235893759, "entry_point": 0, "filename": null, "id": "region_4892", "name": "private_0x0000002a6e1b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 182235889664, "timestamp": "00:01:21.558", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1187840, "start_va": 140725066858496, "type": "region", "version": 1 }, "end_va": 140725068046335, "entry_point": 140725066904644, "filename": "\\Windows\\System32\\uxtheme.dll", "id": "region_4893", "name": "uxtheme.dll", "norm_filename": "c:\\windows\\system32\\uxtheme.dll", "region_type": "memory_mapped_file", "start_va": 140725066858496, "timestamp": "00:01:21.559", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 589824, "start_va": 182235955200, "type": "region", "version": 1 }, "end_va": 182236545023, "entry_point": 0, "filename": null, "id": "region_4894", "name": "private_0x0000002a6e1c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 182235955200, "timestamp": "00:01:21.560", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 182235955200, "type": "region", "version": 1 }, "end_va": 182235959295, "entry_point": 0, "filename": null, "id": "region_4950", "name": "pagefile_0x0000002a6e1c0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 182235955200, "timestamp": "00:01:21.651", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 182236479488, "type": "region", "version": 1 }, "end_va": 182236545023, "entry_point": 0, "filename": null, "id": "region_4951", "name": "private_0x0000002a6e240000", "norm_filename": null, "region_type": "private_memory", "start_va": 182236479488, "timestamp": "00:01:21.651", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 983040, "start_va": 182236545024, "type": "region", "version": 1 }, "end_va": 182237528063, "entry_point": 0, "filename": null, "id": "region_4952", "name": "pagefile_0x0000002a6e250000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 182236545024, "timestamp": "00:01:21.651", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 182235955200, "type": "region", "version": 1 }, "end_va": 182235971583, "entry_point": 0, "filename": null, "id": "region_4953", "name": "pagefile_0x0000002a6e1c0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 182235955200, "timestamp": "00:01:21.651", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 28672, "start_va": 182236020736, "type": "region", "version": 1 }, "end_va": 182236049407, "entry_point": 0, "filename": null, "id": "region_4954", "name": "private_0x0000002a6e1d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 182236020736, "timestamp": "00:01:21.652", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 135168, "start_va": 140725058142208, "type": "region", "version": 1 }, "end_va": 140725058277375, "entry_point": 140725058146560, "filename": "\\Windows\\System32\\dwmapi.dll", "id": "region_4955", "name": "dwmapi.dll", "norm_filename": "c:\\windows\\system32\\dwmapi.dll", "region_type": "memory_mapped_file", "start_va": 140725058142208, "timestamp": "00:01:21.656", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 182237528064, "type": "region", "version": 1 }, "end_va": 182238052351, "entry_point": 0, "filename": null, "id": "region_5011", "name": "private_0x0000002a6e340000", "norm_filename": null, "region_type": "private_memory", "start_va": 182237528064, "timestamp": "00:01:21.791", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140700265316352, "type": "region", "version": 1 }, "end_va": 140700265324543, "entry_point": 0, "filename": null, "id": "region_5012", "name": "private_0x00007ff755558000", "norm_filename": null, "region_type": "private_memory", "start_va": 140700265316352, "timestamp": "00:01:21.791", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 182238052352, "type": "region", "version": 1 }, "end_va": 182238576639, "entry_point": 0, "filename": null, "id": "region_5013", "name": "private_0x0000002a6e3c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 182238052352, "timestamp": "00:01:21.801", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 182238576640, "type": "region", "version": 1 }, "end_va": 182239100927, "entry_point": 0, "filename": null, "id": "region_5014", "name": "private_0x0000002a6e440000", "norm_filename": null, "region_type": "private_memory", "start_va": 182238576640, "timestamp": "00:01:21.801", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140700265299968, "type": "region", "version": 1 }, "end_va": 140700265308159, "entry_point": 0, "filename": null, "id": "region_5015", "name": "private_0x00007ff755554000", "norm_filename": null, "region_type": "private_memory", "start_va": 140700265299968, "timestamp": "00:01:21.801", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140700265308160, "type": "region", "version": 1 }, "end_va": 140700265316351, "entry_point": 0, "filename": null, "id": "region_5016", "name": "private_0x00007ff755556000", "norm_filename": null, "region_type": "private_memory", "start_va": 140700265308160, "timestamp": "00:01:21.801", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 182236086272, "type": "region", "version": 1 }, "end_va": 182236090367, "entry_point": 0, "filename": null, "id": "region_5017", "name": "pagefile_0x0000002a6e1e0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 182236086272, "timestamp": "00:01:21.802", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 671744, "start_va": 140725095825408, "type": "region", "version": 1 }, "end_va": 140725096497151, "entry_point": 140725095829872, "filename": "\\Windows\\System32\\clbcatq.dll", "id": "region_5018", "name": "clbcatq.dll", "norm_filename": "c:\\windows\\system32\\clbcatq.dll", "region_type": "memory_mapped_file", "start_va": 140725095825408, "timestamp": "00:01:21.802", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 182236151808, "type": "region", "version": 1 }, "end_va": 182236155903, "entry_point": 0, "filename": null, "id": "region_5019", "name": "pagefile_0x0000002a6e1f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 182236151808, "timestamp": "00:01:21.805", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2359296, "start_va": 140725005254656, "type": "region", "version": 1 }, "end_va": 140725007613951, "entry_point": 140725005259760, "filename": "\\Windows\\System32\\wininet.dll", "id": "region_5020", "name": "wininet.dll", "norm_filename": "c:\\windows\\system32\\wininet.dll", "region_type": "memory_mapped_file", "start_va": 140725005254656, "timestamp": "00:01:21.807", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2785280, "start_va": 140725002436608, "type": "region", "version": 1 }, "end_va": 140725005221887, "entry_point": 140725002493380, "filename": "\\Windows\\System32\\iertutil.dll", "id": "region_5021", "name": "iertutil.dll", "norm_filename": "c:\\windows\\system32\\iertutil.dll", "region_type": "memory_mapped_file", "start_va": 140725002436608, "timestamp": "00:01:21.808", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 182239100928, "type": "region", "version": 1 }, "end_va": 182239625215, "entry_point": 0, "filename": null, "id": "region_5022", "name": "private_0x0000002a6e4c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 182239100928, "timestamp": "00:01:21.816", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140700264095744, "type": "region", "version": 1 }, "end_va": 140700264103935, "entry_point": 0, "filename": null, "id": "region_5023", "name": "private_0x00007ff75542e000", "norm_filename": null, "region_type": "private_memory", "start_va": 140700264095744, "timestamp": "00:01:21.816", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 140724997849088, "type": "region", "version": 1 }, "end_va": 140724997951487, "entry_point": 140724997849088, "filename": "\\Windows\\System32\\PlaySndSrv.dll", "id": "region_5025", "name": "playsndsrv.dll", "norm_filename": "c:\\windows\\system32\\playsndsrv.dll", "region_type": "memory_mapped_file", "start_va": 140724997849088, "timestamp": "00:01:21.824", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 45056, "start_va": 140724997783552, "type": "region", "version": 1 }, "end_va": 140724997828607, "entry_point": 140724997783552, "filename": "\\Windows\\System32\\MsCtfMonitor.dll", "id": "region_5058", "name": "msctfmonitor.dll", "norm_filename": "c:\\windows\\system32\\msctfmonitor.dll", "region_type": "memory_mapped_file", "start_va": 140724997783552, "timestamp": "00:01:21.918", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 475136, "start_va": 140724997259264, "type": "region", "version": 1 }, "end_va": 140724997734399, "entry_point": 140724997259264, "filename": "\\Windows\\System32\\msutb.dll", "id": "region_5059", "name": "msutb.dll", "norm_filename": "c:\\windows\\system32\\msutb.dll", "region_type": "memory_mapped_file", "start_va": 140724997259264, "timestamp": "00:01:21.937", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 356352, "start_va": 140725078982656, "type": "region", "version": 1 }, "end_va": 140725079339007, "entry_point": 140725078989424, "filename": "\\Windows\\System32\\winsta.dll", "id": "region_5060", "name": "winsta.dll", "norm_filename": "c:\\windows\\system32\\winsta.dll", "region_type": "memory_mapped_file", "start_va": 140725078982656, "timestamp": "00:01:21.950", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 69632, "start_va": 140725039071232, "type": "region", "version": 1 }, "end_va": 140725039140863, "entry_point": 140725039075456, "filename": "\\Windows\\System32\\wtsapi32.dll", "id": "region_5061", "name": "wtsapi32.dll", "norm_filename": "c:\\windows\\system32\\wtsapi32.dll", "region_type": "memory_mapped_file", "start_va": 140725039071232, "timestamp": "00:01:21.951", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 182239625216, "type": "region", "version": 1 }, "end_va": 182240149503, "entry_point": 0, "filename": null, "id": "region_5923", "name": "private_0x0000002a6e540000", "norm_filename": null, "region_type": "private_memory", "start_va": 182239625216, "timestamp": "00:01:27.849", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140700264087552, "type": "region", "version": 1 }, "end_va": 140700264095743, "entry_point": 0, "filename": null, "id": "region_5924", "name": "private_0x00007ff75542c000", "norm_filename": null, "region_type": "private_memory", "start_va": 140700264087552, "timestamp": "00:01:27.849", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4169728, "start_va": 182240149504, "type": "region", "version": 1 }, "end_va": 182244319231, "entry_point": 0, "filename": null, "id": "region_5978", "name": "pagefile_0x0000002a6e5c0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 182240149504, "timestamp": "00:01:29.727", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 182244343808, "type": "region", "version": 1 }, "end_va": 182244868095, "entry_point": 0, "filename": null, "id": "region_5979", "name": "private_0x0000002a6e9c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 182244343808, "timestamp": "00:01:29.727", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 182244868096, "type": "region", "version": 1 }, "end_va": 182245392383, "entry_point": 0, "filename": null, "id": "region_5980", "name": "private_0x0000002a6ea40000", "norm_filename": null, "region_type": "private_memory", "start_va": 182244868096, "timestamp": "00:01:29.727", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140700264071168, "type": "region", "version": 1 }, "end_va": 140700264079359, "entry_point": 0, "filename": null, "id": "region_5981", "name": "private_0x00007ff755428000", "norm_filename": null, "region_type": "private_memory", "start_va": 140700264071168, "timestamp": "00:01:29.727", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140700264079360, "type": "region", "version": 1 }, "end_va": 140700264087551, "entry_point": 0, "filename": null, "id": "region_5982", "name": "private_0x00007ff75542a000", "norm_filename": null, "region_type": "private_memory", "start_va": 140700264079360, "timestamp": "00:01:29.727", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2822144, "start_va": 140724959313920, "type": "region", "version": 1 }, "end_va": 140724962136063, "entry_point": 140724959796204, "filename": "\\Windows\\System32\\esent.dll", "id": "region_5983", "name": "esent.dll", "norm_filename": "c:\\windows\\system32\\esent.dll", "region_type": "memory_mapped_file", "start_va": 140724959313920, "timestamp": "00:01:29.729", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 182245392384, "type": "region", "version": 1 }, "end_va": 182246440959, "entry_point": 0, "filename": null, "id": "region_5984", "name": "private_0x0000002a6eac0000", "norm_filename": null, "region_type": "private_memory", "start_va": 182245392384, "timestamp": "00:01:29.731", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 21032960, "start_va": 140725103951872, "type": "region", "version": 1 }, "end_va": 140725124984831, "entry_point": 140725103956224, "filename": "\\Windows\\System32\\shell32.dll", "id": "region_5985", "name": "shell32.dll", "norm_filename": "c:\\windows\\system32\\shell32.dll", "region_type": "memory_mapped_file", "start_va": 140725103951872, "timestamp": "00:01:29.734", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 331776, "start_va": 140725095038976, "type": "region", "version": 1 }, "end_va": 140725095370751, "entry_point": 140725095043776, "filename": "\\Windows\\System32\\shlwapi.dll", "id": "region_5986", "name": "shlwapi.dll", "norm_filename": "c:\\windows\\system32\\shlwapi.dll", "region_type": "memory_mapped_file", "start_va": 140725095038976, "timestamp": "00:01:29.736", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 659456, "start_va": 140725060108288, "type": "region", "version": 1 }, "end_va": 140725060767743, "entry_point": 140725060112544, "filename": "\\Windows\\System32\\SHCore.dll", "id": "region_5987", "name": "shcore.dll", "norm_filename": "c:\\windows\\system32\\shcore.dll", "region_type": "memory_mapped_file", "start_va": 140725060108288, "timestamp": "00:01:29.740", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 182236217344, "type": "region", "version": 1 }, "end_va": 182236221439, "entry_point": 0, "filename": null, "id": "region_5988", "name": "pagefile_0x0000002a6e200000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 182236217344, "timestamp": "00:01:29.742", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2969600, "start_va": 182246440960, "type": "region", "version": 1 }, "end_va": 182249410559, "entry_point": 182246440960, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_5989", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 182246440960, "timestamp": "00:01:29.743", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 81920, "start_va": 140725086453760, "type": "region", "version": 1 }, "end_va": 140725086535679, "entry_point": 140725086468812, "filename": "\\Windows\\System32\\profapi.dll", "id": "region_5990", "name": "profapi.dll", "norm_filename": "c:\\windows\\system32\\profapi.dll", "region_type": "memory_mapped_file", "start_va": 140725086453760, "timestamp": "00:01:29.744", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1531904, "start_va": 140725096546304, "type": "region", "version": 1 }, "end_va": 140725098078207, "entry_point": 140725096550580, "filename": "\\Windows\\System32\\ole32.dll", "id": "region_5992", "name": "ole32.dll", "norm_filename": "c:\\windows\\system32\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 140725096546304, "timestamp": "00:01:29.954", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 182236282880, "type": "region", "version": 1 }, "end_va": 182236286975, "entry_point": 0, "filename": null, "id": "region_6028", "name": "pagefile_0x0000002a6e210000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 182236282880, "timestamp": "00:01:30.149", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 126976, "start_va": 140724958724096, "type": "region", "version": 1 }, "end_va": 140724958851071, "entry_point": 140724958733304, "filename": "\\Windows\\System32\\winmm.dll", "id": "region_6185", "name": "winmm.dll", "norm_filename": "c:\\windows\\system32\\winmm.dll", "region_type": "memory_mapped_file", "start_va": 140724958724096, "timestamp": "00:01:31.839", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 172032, "start_va": 140725043789824, "type": "region", "version": 1 }, "end_va": 140725043961855, "entry_point": 140725043789824, "filename": "\\Windows\\System32\\winmmbase.dll", "id": "region_6264", "name": "winmmbase.dll", "norm_filename": "c:\\windows\\system32\\winmmbase.dll", "region_type": "memory_mapped_file", "start_va": 140725043789824, "timestamp": "00:01:32.479", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 303104, "start_va": 140725090320384, "type": "region", "version": 1 }, "end_va": 140725090623487, "entry_point": 140725090325080, "filename": "\\Windows\\System32\\cfgmgr32.dll", "id": "region_6284", "name": "cfgmgr32.dll", "norm_filename": "c:\\windows\\system32\\cfgmgr32.dll", "region_type": "memory_mapped_file", "start_va": 140725090320384, "timestamp": "00:01:32.698", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 155648, "start_va": 140725068103680, "type": "region", "version": 1 }, "end_va": 140725068259327, "entry_point": 140725068109212, "filename": "\\Windows\\System32\\devobj.dll", "id": "region_6285", "name": "devobj.dll", "norm_filename": "c:\\windows\\system32\\devobj.dll", "region_type": "memory_mapped_file", "start_va": 140725068103680, "timestamp": "00:01:32.699", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 397312, "start_va": 140725054210048, "type": "region", "version": 1 }, "end_va": 140725054607359, "entry_point": 140725054288584, "filename": "\\Windows\\System32\\MMDevAPI.dll", "id": "region_7886", "name": "mmdevapi.dll", "norm_filename": "c:\\windows\\system32\\mmdevapi.dll", "region_type": "memory_mapped_file", "start_va": 140725054210048, "timestamp": "00:01:52.446", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 182249455616, "type": "region", "version": 1 }, "end_va": 182250504191, "entry_point": 0, "filename": null, "id": "region_7887", "name": "private_0x0000002a6eea0000", "norm_filename": null, "region_type": "private_memory", "start_va": 182249455616, "timestamp": "00:01:52.465", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 245760, "start_va": 140724934934528, "type": "region", "version": 1 }, "end_va": 140724935180287, "entry_point": 140724934934528, "filename": "\\Windows\\System32\\wdmaud.drv", "id": "region_7888", "name": "wdmaud.drv", "norm_filename": "c:\\windows\\system32\\wdmaud.drv", "region_type": "memory_mapped_file", "start_va": 140724934934528, "timestamp": "00:01:52.472", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 140724934868992, "type": "region", "version": 1 }, "end_va": 140724934901759, "entry_point": 140724934868992, "filename": "\\Windows\\System32\\ksuser.dll", "id": "region_7889", "name": "ksuser.dll", "norm_filename": "c:\\windows\\system32\\ksuser.dll", "region_type": "memory_mapped_file", "start_va": 140724934868992, "timestamp": "00:01:52.492", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 45056, "start_va": 140725036974080, "type": "region", "version": 1 }, "end_va": 140725037019135, "entry_point": 140725036978192, "filename": "\\Windows\\System32\\avrt.dll", "id": "region_7890", "name": "avrt.dll", "norm_filename": "c:\\windows\\system32\\avrt.dll", "region_type": "memory_mapped_file", "start_va": 140725036974080, "timestamp": "00:01:52.508", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 182236348416, "type": "region", "version": 1 }, "end_va": 182236352511, "entry_point": 0, "filename": null, "id": "region_7891", "name": "private_0x0000002a6e220000", "norm_filename": null, "region_type": "private_memory", "start_va": 182236348416, "timestamp": "00:01:52.518", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 182236413952, "type": "region", "version": 1 }, "end_va": 182236418047, "entry_point": 0, "filename": null, "id": "region_7892", "name": "private_0x0000002a6e230000", "norm_filename": null, "region_type": "private_memory", "start_va": 182236413952, "timestamp": "00:01:52.518", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 182250504192, "type": "region", "version": 1 }, "end_va": 182250508287, "entry_point": 182250504192, "filename": "\\Windows\\System32\\en-US\\wdmaud.drv.mui", "id": "region_7893", "name": "wdmaud.drv.mui", "norm_filename": "c:\\windows\\system32\\en-us\\wdmaud.drv.mui", "region_type": "memory_mapped_file", "start_va": 182250504192, "timestamp": "00:01:52.521", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 131072, "start_va": 182250569728, "type": "region", "version": 1 }, "end_va": 182250700799, "entry_point": 182250569728, "filename": "\\Windows\\Inf\\hdaudio.PNF", "id": "region_7894", "name": "hdaudio.pnf", "norm_filename": "c:\\windows\\inf\\hdaudio.pnf", "region_type": "memory_mapped_file", "start_va": 182250569728, "timestamp": "00:01:52.532", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 182250569728, "type": "region", "version": 1 }, "end_va": 182250573823, "entry_point": 182250569728, "filename": "\\Windows\\System32\\en-US\\MMDevAPI.dll.mui", "id": "region_7895", "name": "mmdevapi.dll.mui", "norm_filename": "c:\\windows\\system32\\en-us\\mmdevapi.dll.mui", "region_type": "memory_mapped_file", "start_va": 182250569728, "timestamp": "00:01:52.534", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 483328, "start_va": 140724965212160, "type": "region", "version": 1 }, "end_va": 140724965695487, "entry_point": 140724965259184, "filename": "\\Windows\\System32\\AudioSes.dll", "id": "region_7896", "name": "audioses.dll", "norm_filename": "c:\\windows\\system32\\audioses.dll", "region_type": "memory_mapped_file", "start_va": 140724965212160, "timestamp": "00:01:52.542", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 282624, "start_va": 140725086126080, "type": "region", "version": 1 }, "end_va": 140725086408703, "entry_point": 140725086130832, "filename": "\\Windows\\System32\\powrprof.dll", "id": "region_7897", "name": "powrprof.dll", "norm_filename": "c:\\windows\\system32\\powrprof.dll", "region_type": "memory_mapped_file", "start_va": 140725086126080, "timestamp": "00:01:52.559", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 131072, "start_va": 182250635264, "type": "region", "version": 1 }, "end_va": 182250766335, "entry_point": 182250635264, "filename": "\\Windows\\Inf\\hdaudio.PNF", "id": "region_7898", "name": "hdaudio.pnf", "norm_filename": "c:\\windows\\inf\\hdaudio.pnf", "region_type": "memory_mapped_file", "start_va": 182250635264, "timestamp": "00:01:52.563", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 45056, "start_va": 140724934803456, "type": "region", "version": 1 }, "end_va": 140724934848511, "entry_point": 140724934803456, "filename": "\\Windows\\System32\\msacm32.drv", "id": "region_7899", "name": "msacm32.drv", "norm_filename": "c:\\windows\\system32\\msacm32.drv", "region_type": "memory_mapped_file", "start_va": 140724934803456, "timestamp": "00:01:52.580", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 110592, "start_va": 140724934672384, "type": "region", "version": 1 }, "end_va": 140724934782975, "entry_point": 140724934672384, "filename": "\\Windows\\System32\\msacm32.dll", "id": "region_7900", "name": "msacm32.dll", "norm_filename": "c:\\windows\\system32\\msacm32.dll", "region_type": "memory_mapped_file", "start_va": 140724934672384, "timestamp": "00:01:52.599", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 675840, "start_va": 140725126299648, "type": "region", "version": 1 }, "end_va": 140725126975487, "entry_point": 140725126303760, "filename": "\\Windows\\System32\\advapi32.dll", "id": "region_7901", "name": "advapi32.dll", "norm_filename": "c:\\windows\\system32\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 140725126299648, "timestamp": "00:01:52.614", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 140724934606848, "type": "region", "version": 1 }, "end_va": 140724934647807, "entry_point": 140724934606848, "filename": "\\Windows\\System32\\midimap.dll", "id": "region_7902", "name": "midimap.dll", "norm_filename": "c:\\windows\\system32\\midimap.dll", "region_type": "memory_mapped_file", "start_va": 140724934606848, "timestamp": "00:01:52.643", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 182250635264, "type": "region", "version": 1 }, "end_va": 182251159551, "entry_point": 0, "filename": null, "id": "region_8010", "name": "private_0x0000002a6efc0000", "norm_filename": null, "region_type": "private_memory", "start_va": 182250635264, "timestamp": "00:01:53.404", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 182251159552, "type": "region", "version": 1 }, "end_va": 182251167743, "entry_point": 0, "filename": null, "id": "region_8011", "name": "private_0x0000002a6f040000", "norm_filename": null, "region_type": "private_memory", "start_va": 182251159552, "timestamp": "00:01:53.404", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140700264062976, "type": "region", "version": 1 }, "end_va": 140700264071167, "entry_point": 0, "filename": null, "id": "region_8012", "name": "private_0x00007ff755426000", "norm_filename": null, "region_type": "private_memory", "start_va": 140700264062976, "timestamp": "00:01:53.404", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 40960, "start_va": 182251225088, "type": "region", "version": 1 }, "end_va": 182251266047, "entry_point": 0, "filename": null, "id": "region_8013", "name": "private_0x0000002a6f050000", "norm_filename": null, "region_type": "private_memory", "start_va": 182251225088, "timestamp": "00:01:53.404", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 182251290624, "type": "region", "version": 1 }, "end_va": 182251294719, "entry_point": 0, "filename": null, "id": "region_8014", "name": "pagefile_0x0000002a6f060000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 182251290624, "timestamp": "00:01:53.423", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 182251290624, "type": "region", "version": 1 }, "end_va": 182251298815, "entry_point": 0, "filename": null, "id": "region_8015", "name": "pagefile_0x0000002a6f060000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 182251290624, "timestamp": "00:01:53.423", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 182251356160, "type": "region", "version": 1 }, "end_va": 182251360255, "entry_point": 0, "filename": null, "id": "region_8016", "name": "private_0x0000002a6f070000", "norm_filename": null, "region_type": "private_memory", "start_va": 182251356160, "timestamp": "00:01:53.423", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 182250635264, "type": "region", "version": 1 }, "end_va": 182250639359, "entry_point": 0, "filename": null, "id": "region_10590", "name": "pagefile_0x0000002a6efc0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 182250635264, "timestamp": "00:02:42.213", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 182250635264, "type": "region", "version": 1 }, "end_va": 182250643455, "entry_point": 0, "filename": null, "id": "region_10592", "name": "pagefile_0x0000002a6efc0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 182250635264, "timestamp": "00:02:42.213", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 182250700800, "type": "region", "version": 1 }, "end_va": 182250704895, "entry_point": 0, "filename": null, "id": "region_10593", "name": "private_0x0000002a6efd0000", "norm_filename": null, "region_type": "private_memory", "start_va": 182250700800, "timestamp": "00:02:42.213", "type": "region", "version": 1 } ], "terminate_reason": "timeout", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "taskhost.exe USER", "filename": "c:\\windows\\system32\\taskhost.exe", "id": "proc_56", "image_name": "taskhost.exe", "monitor_reason": "child_process", "monitored_id": 56, "origin_monitor_id": 46, "ref_parent_process": { "ref_id": "proc_46", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable" ], "ref_process_dump": null, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_4895", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:01:21.565", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 131072, "start_va": 476244869120, "type": "region", "version": 1 }, "end_va": 476245000191, "entry_point": 0, "filename": null, "id": "region_4896", "name": "private_0x0000006ee2680000", "norm_filename": null, "region_type": "private_memory", "start_va": 476244869120, "timestamp": "00:01:21.565", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 61440, "start_va": 476245000192, "type": "region", "version": 1 }, "end_va": 476245061631, "entry_point": 0, "filename": null, "id": "region_4897", "name": "pagefile_0x0000006ee26a0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 476245000192, "timestamp": "00:01:21.565", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 476245065728, "type": "region", "version": 1 }, "end_va": 476245590015, "entry_point": 0, "filename": null, "id": "region_4898", "name": "private_0x0000006ee26b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 476245065728, "timestamp": "00:01:21.565", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 476245590016, "type": "region", "version": 1 }, "end_va": 476245606399, "entry_point": 0, "filename": null, "id": "region_4899", "name": "pagefile_0x0000006ee2730000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 476245590016, "timestamp": "00:01:21.565", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 140702935154688, "type": "region", "version": 1 }, "end_va": 140702935298047, "entry_point": 0, "filename": null, "id": "region_4900", "name": "pagefile_0x00007ff7f4780000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 140702935154688, "timestamp": "00:01:21.565", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 140702935322624, "type": "region", "version": 1 }, "end_va": 140702935326719, "entry_point": 0, "filename": null, "id": "region_4901", "name": "private_0x00007ff7f47a9000", "norm_filename": null, "region_type": "private_memory", "start_va": 140702935322624, "timestamp": "00:01:21.565", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140702935343104, "type": "region", "version": 1 }, "end_va": 140702935351295, "entry_point": 0, "filename": null, "id": "region_4902", "name": "private_0x00007ff7f47ae000", "norm_filename": null, "region_type": "private_memory", "start_va": 140702935343104, "timestamp": "00:01:21.565", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 90112, "start_va": 140702937907200, "type": "region", "version": 1 }, "end_va": 140702937997311, "entry_point": 140702937919644, "filename": "\\Windows\\System32\\taskhost.exe", "id": "region_4903", "name": "taskhost.exe", "norm_filename": "c:\\windows\\system32\\taskhost.exe", "region_type": "memory_mapped_file", "start_va": 140702937907200, "timestamp": "00:01:21.565", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 140725133115392, "type": "region", "version": 1 }, "end_va": 140725134856191, "entry_point": 140725133115392, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_4904", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 140725133115392, "timestamp": "00:01:21.566", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 476245655552, "type": "region", "version": 1 }, "end_va": 476245659647, "entry_point": 0, "filename": null, "id": "region_4905", "name": "pagefile_0x0000006ee2740000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 476245655552, "timestamp": "00:01:21.567", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 476245721088, "type": "region", "version": 1 }, "end_va": 476245729279, "entry_point": 0, "filename": null, "id": "region_4906", "name": "private_0x0000006ee2750000", "norm_filename": null, "region_type": "private_memory", "start_va": 476245721088, "timestamp": "00:01:21.567", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 476246638592, "type": "region", "version": 1 }, "end_va": 476247687167, "entry_point": 0, "filename": null, "id": "region_4977", "name": "private_0x0000006ee2830000", "norm_filename": null, "region_type": "private_memory", "start_va": 476246638592, "timestamp": "00:01:21.751", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1105920, "start_va": 140725090648064, "type": "region", "version": 1 }, "end_va": 140725091753983, "entry_point": 140725090656928, "filename": "\\Windows\\System32\\KernelBase.dll", "id": "region_4978", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\system32\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 140725090648064, "timestamp": "00:01:21.751", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1282048, "start_va": 140725124988928, "type": "region", "version": 1 }, "end_va": 140725126270975, "entry_point": 140725125009460, "filename": "\\Windows\\System32\\kernel32.dll", "id": "region_4979", "name": "kernel32.dll", "norm_filename": "c:\\windows\\system32\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 140725124988928, "timestamp": "00:01:21.752", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 476244869120, "type": "region", "version": 1 }, "end_va": 476244934655, "entry_point": 0, "filename": null, "id": "region_4980", "name": "pagefile_0x0000006ee2680000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 476244869120, "timestamp": "00:01:21.754", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 140702934106112, "type": "region", "version": 1 }, "end_va": 140702935154687, "entry_point": 0, "filename": null, "id": "region_4981", "name": "pagefile_0x00007ff7f4680000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 140702934106112, "timestamp": "00:01:21.754", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 516096, "start_va": 476245786624, "type": "region", "version": 1 }, "end_va": 476246302719, "entry_point": 476245786624, "filename": "\\Windows\\System32\\locale.nls", "id": "region_4982", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 476245786624, "timestamp": "00:01:21.756", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 684032, "start_va": 140725098577920, "type": "region", "version": 1 }, "end_va": 140725099261951, "entry_point": 140725098588204, "filename": "\\Windows\\System32\\msvcrt.dll", "id": "region_4983", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\system32\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 140725098577920, "timestamp": "00:01:21.756", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1269760, "start_va": 140725127806976, "type": "region", "version": 1 }, "end_va": 140725129076735, "entry_point": 140725127811408, "filename": "\\Windows\\System32\\rpcrt4.dll", "id": "region_4984", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\system32\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 140725127806976, "timestamp": "00:01:21.757", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1929216, "start_va": 140725131149312, "type": "region", "version": 1 }, "end_va": 140725133078527, "entry_point": 140725131157344, "filename": "\\Windows\\System32\\combase.dll", "id": "region_4985", "name": "combase.dll", "norm_filename": "c:\\windows\\system32\\combase.dll", "region_type": "memory_mapped_file", "start_va": 140725131149312, "timestamp": "00:01:21.758", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 749568, "start_va": 140725101002752, "type": "region", "version": 1 }, "end_va": 140725101752319, "entry_point": 140725101007136, "filename": "\\Windows\\System32\\oleaut32.dll", "id": "region_4986", "name": "oleaut32.dll", "norm_filename": "c:\\windows\\system32\\oleaut32.dll", "region_type": "memory_mapped_file", "start_va": 140725101002752, "timestamp": "00:01:21.758", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1310720, "start_va": 476247687168, "type": "region", "version": 1 }, "end_va": 476248997887, "entry_point": 0, "filename": null, "id": "region_4987", "name": "private_0x0000006ee2930000", "norm_filename": null, "region_type": "private_memory", "start_va": 476247687168, "timestamp": "00:01:21.761", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 28672, "start_va": 476244934656, "type": "region", "version": 1 }, "end_va": 476244963327, "entry_point": 0, "filename": null, "id": "region_4988", "name": "private_0x0000006ee2690000", "norm_filename": null, "region_type": "private_memory", "start_va": 476244934656, "timestamp": "00:01:21.763", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1536000, "start_va": 476248997888, "type": "region", "version": 1 }, "end_va": 476250533887, "entry_point": 476249002164, "filename": "\\Windows\\System32\\ole32.dll", "id": "region_4989", "name": "ole32.dll", "norm_filename": "c:\\windows\\system32\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 476248997888, "timestamp": "00:01:21.765", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 761856, "start_va": 476247687168, "type": "region", "version": 1 }, "end_va": 476248449023, "entry_point": 476247869288, "filename": "\\Windows\\System32\\rpcss.dll", "id": "region_5005", "name": "rpcss.dll", "norm_filename": "c:\\windows\\system32\\rpcss.dll", "region_type": "memory_mapped_file", "start_va": 476247687168, "timestamp": "00:01:21.783", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 476248932352, "type": "region", "version": 1 }, "end_va": 476248997887, "entry_point": 0, "filename": null, "id": "region_5006", "name": "private_0x0000006ee2a60000", "norm_filename": null, "region_type": "private_memory", "start_va": 476248932352, "timestamp": "00:01:21.783", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 140725068431360, "type": "region", "version": 1 }, "end_va": 140725068472319, "entry_point": 140725068437320, "filename": "\\Windows\\System32\\kernel.appcore.dll", "id": "region_5007", "name": "kernel.appcore.dll", "norm_filename": "c:\\windows\\system32\\kernel.appcore.dll", "region_type": "memory_mapped_file", "start_va": 140725068431360, "timestamp": "00:01:21.784", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 140725085208576, "type": "region", "version": 1 }, "end_va": 140725085249535, "entry_point": 140725085212688, "filename": "\\Windows\\System32\\cryptbase.dll", "id": "region_5008", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\system32\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 140725085208576, "timestamp": "00:01:21.786", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 385024, "start_va": 140725084815360, "type": "region", "version": 1 }, "end_va": 140725085200383, "entry_point": 140725084944032, "filename": "\\Windows\\System32\\bcryptprimitives.dll", "id": "region_5009", "name": "bcryptprimitives.dll", "norm_filename": "c:\\windows\\system32\\bcryptprimitives.dll", "region_type": "memory_mapped_file", "start_va": 140725084815360, "timestamp": "00:01:21.787", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 28672, "start_va": 476246310912, "type": "region", "version": 1 }, "end_va": 476246339583, "entry_point": 0, "filename": null, "id": "region_5010", "name": "private_0x0000006ee27e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 476246310912, "timestamp": "00:01:21.788", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 356352, "start_va": 140725098184704, "type": "region", "version": 1 }, "end_va": 140725098541055, "entry_point": 140725098194176, "filename": "\\Windows\\System32\\sechost.dll", "id": "region_5120", "name": "sechost.dll", "norm_filename": "c:\\windows\\system32\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 140725098184704, "timestamp": "00:01:22.343", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 476247687168, "type": "region", "version": 1 }, "end_va": 476248211455, "entry_point": 0, "filename": null, "id": "region_5126", "name": "private_0x0000006ee2930000", "norm_filename": null, "region_type": "private_memory", "start_va": 476247687168, "timestamp": "00:01:22.384", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140702935334912, "type": "region", "version": 1 }, "end_va": 140702935343103, "entry_point": 0, "filename": null, "id": "region_5127", "name": "private_0x00007ff7f47ac000", "norm_filename": null, "region_type": "private_memory", "start_va": 140702935334912, "timestamp": "00:01:22.384", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1511424, "start_va": 140725093466112, "type": "region", "version": 1 }, "end_va": 140725094977535, "entry_point": 140725093620416, "filename": "\\Windows\\System32\\user32.dll", "id": "region_5128", "name": "user32.dll", "norm_filename": "c:\\windows\\system32\\user32.dll", "region_type": "memory_mapped_file", "start_va": 140725093466112, "timestamp": "00:01:22.384", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1331200, "start_va": 140725129773056, "type": "region", "version": 1 }, "end_va": 140725131104255, "entry_point": 140725129845848, "filename": "\\Windows\\System32\\gdi32.dll", "id": "region_5129", "name": "gdi32.dll", "norm_filename": "c:\\windows\\system32\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 140725129773056, "timestamp": "00:01:22.387", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 212992, "start_va": 476246376448, "type": "region", "version": 1 }, "end_va": 476246589439, "entry_point": 476246380592, "filename": "\\Windows\\System32\\imm32.dll", "id": "region_5130", "name": "imm32.dll", "norm_filename": "c:\\windows\\system32\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 476246376448, "timestamp": "00:01:22.390", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 476248997888, "type": "region", "version": 1 }, "end_va": 476250603519, "entry_point": 0, "filename": null, "id": "region_5131", "name": "pagefile_0x0000006ee2a70000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 476248997888, "timestamp": "00:01:22.390", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 212992, "start_va": 140725095563264, "type": "region", "version": 1 }, "end_va": 140725095776255, "entry_point": 140725095567408, "filename": "\\Windows\\System32\\imm32.dll", "id": "region_5132", "name": "imm32.dll", "norm_filename": "c:\\windows\\system32\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 140725095563264, "timestamp": "00:01:22.392", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1277952, "start_va": 140725091762176, "type": "region", "version": 1 }, "end_va": 140725093040127, "entry_point": 140725091766288, "filename": "\\Windows\\System32\\msctf.dll", "id": "region_5133", "name": "msctf.dll", "norm_filename": "c:\\windows\\system32\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 140725091762176, "timestamp": "00:01:22.393", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 476250636288, "type": "region", "version": 1 }, "end_va": 476252213247, "entry_point": 0, "filename": null, "id": "region_5134", "name": "pagefile_0x0000006ee2c00000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 476250636288, "timestamp": "00:01:22.395", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20971520, "start_va": 476252274688, "type": "region", "version": 1 }, "end_va": 476273246207, "entry_point": 0, "filename": null, "id": "region_5135", "name": "pagefile_0x0000006ee2d90000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 476252274688, "timestamp": "00:01:22.395", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 12288, "start_va": 476246376448, "type": "region", "version": 1 }, "end_va": 476246388735, "entry_point": 0, "filename": null, "id": "region_5136", "name": "pagefile_0x0000006ee27f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 476246376448, "timestamp": "00:01:22.397", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 476246441984, "type": "region", "version": 1 }, "end_va": 476246446079, "entry_point": 0, "filename": null, "id": "region_5137", "name": "pagefile_0x0000006ee2800000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 476246441984, "timestamp": "00:01:22.397", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 476246507520, "type": "region", "version": 1 }, "end_va": 476246511615, "entry_point": 476246507520, "filename": "\\Windows\\System32\\en-US\\taskhost.exe.mui", "id": "region_5138", "name": "taskhost.exe.mui", "norm_filename": "c:\\windows\\system32\\en-us\\taskhost.exe.mui", "region_type": "memory_mapped_file", "start_va": 476246507520, "timestamp": "00:01:22.397", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 476246573056, "type": "region", "version": 1 }, "end_va": 476246577151, "entry_point": 0, "filename": null, "id": "region_5139", "name": "private_0x0000006ee2820000", "norm_filename": null, "region_type": "private_memory", "start_va": 476246573056, "timestamp": "00:01:22.411", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 476248211456, "type": "region", "version": 1 }, "end_va": 476248215551, "entry_point": 0, "filename": null, "id": "region_5140", "name": "private_0x0000006ee29b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 476248211456, "timestamp": "00:01:22.411", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1187840, "start_va": 140725066858496, "type": "region", "version": 1 }, "end_va": 140725068046335, "entry_point": 140725066904644, "filename": "\\Windows\\System32\\uxtheme.dll", "id": "region_5141", "name": "uxtheme.dll", "norm_filename": "c:\\windows\\system32\\uxtheme.dll", "region_type": "memory_mapped_file", "start_va": 140725066858496, "timestamp": "00:01:22.412", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 476248276992, "type": "region", "version": 1 }, "end_va": 476248342527, "entry_point": 0, "filename": null, "id": "region_5142", "name": "private_0x0000006ee29c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 476248276992, "timestamp": "00:01:22.413", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 476248342528, "type": "region", "version": 1 }, "end_va": 476248346623, "entry_point": 0, "filename": null, "id": "region_5165", "name": "pagefile_0x0000006ee29d0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 476248342528, "timestamp": "00:01:22.569", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 983040, "start_va": 476273246208, "type": "region", "version": 1 }, "end_va": 476274229247, "entry_point": 0, "filename": null, "id": "region_5166", "name": "pagefile_0x0000006ee4190000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 476273246208, "timestamp": "00:01:22.569", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 476248342528, "type": "region", "version": 1 }, "end_va": 476248358911, "entry_point": 0, "filename": null, "id": "region_5167", "name": "pagefile_0x0000006ee29d0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 476248342528, "timestamp": "00:01:22.569", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 28672, "start_va": 476248408064, "type": "region", "version": 1 }, "end_va": 476248436735, "entry_point": 0, "filename": null, "id": "region_5168", "name": "private_0x0000006ee29e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 476248408064, "timestamp": "00:01:22.570", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 135168, "start_va": 140725058142208, "type": "region", "version": 1 }, "end_va": 140725058277375, "entry_point": 140725058146560, "filename": "\\Windows\\System32\\dwmapi.dll", "id": "region_5191", "name": "dwmapi.dll", "norm_filename": "c:\\windows\\system32\\dwmapi.dll", "region_type": "memory_mapped_file", "start_va": 140725058142208, "timestamp": "00:01:22.787", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 476274229248, "type": "region", "version": 1 }, "end_va": 476274753535, "entry_point": 0, "filename": null, "id": "region_5197", "name": "private_0x0000006ee4280000", "norm_filename": null, "region_type": "private_memory", "start_va": 476274229248, "timestamp": "00:01:22.803", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140702935326720, "type": "region", "version": 1 }, "end_va": 140702935334911, "entry_point": 0, "filename": null, "id": "region_5198", "name": "private_0x00007ff7f47aa000", "norm_filename": null, "region_type": "private_memory", "start_va": 140702935326720, "timestamp": "00:01:22.803", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 476274753536, "type": "region", "version": 1 }, "end_va": 476275277823, "entry_point": 0, "filename": null, "id": "region_5199", "name": "private_0x0000006ee4300000", "norm_filename": null, "region_type": "private_memory", "start_va": 476274753536, "timestamp": "00:01:22.806", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140702935314432, "type": "region", "version": 1 }, "end_va": 140702935322623, "entry_point": 0, "filename": null, "id": "region_5200", "name": "private_0x00007ff7f47a7000", "norm_filename": null, "region_type": "private_memory", "start_va": 140702935314432, "timestamp": "00:01:22.806", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 476248473600, "type": "region", "version": 1 }, "end_va": 476248477695, "entry_point": 0, "filename": null, "id": "region_5216", "name": "pagefile_0x0000006ee29f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 476248473600, "timestamp": "00:01:22.910", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 671744, "start_va": 140725095825408, "type": "region", "version": 1 }, "end_va": 140725096497151, "entry_point": 140725095829872, "filename": "\\Windows\\System32\\clbcatq.dll", "id": "region_5217", "name": "clbcatq.dll", "norm_filename": "c:\\windows\\system32\\clbcatq.dll", "region_type": "memory_mapped_file", "start_va": 140725095825408, "timestamp": "00:01:22.910", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 476248539136, "type": "region", "version": 1 }, "end_va": 476248543231, "entry_point": 0, "filename": null, "id": "region_5218", "name": "pagefile_0x0000006ee2a00000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 476248539136, "timestamp": "00:01:22.913", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 53248, "start_va": 140724976549888, "type": "region", "version": 1 }, "end_va": 140724976603135, "entry_point": 140724976549888, "filename": "\\Windows\\System32\\dimsjob.dll", "id": "region_5219", "name": "dimsjob.dll", "norm_filename": "c:\\windows\\system32\\dimsjob.dll", "region_type": "memory_mapped_file", "start_va": 140724976549888, "timestamp": "00:01:22.918", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1691648, "start_va": 140725023735808, "type": "region", "version": 1 }, "end_va": 140725025427455, "entry_point": 140725023740764, "filename": "\\Windows\\System32\\taskschd.dll", "id": "region_5921", "name": "taskschd.dll", "norm_filename": "c:\\windows\\system32\\taskschd.dll", "region_type": "memory_mapped_file", "start_va": 140725023735808, "timestamp": "00:01:27.845", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 176128, "start_va": 140725084618752, "type": "region", "version": 1 }, "end_va": 140725084794879, "entry_point": 140725084624016, "filename": "\\Windows\\System32\\sspicli.dll", "id": "region_5922", "name": "sspicli.dll", "norm_filename": "c:\\windows\\system32\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 140725084618752, "timestamp": "00:01:27.847", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 249856, "start_va": 140724958986240, "type": "region", "version": 1 }, "end_va": 140724959236095, "entry_point": 140724959009020, "filename": "\\Windows\\System32\\netprofm.dll", "id": "region_6047", "name": "netprofm.dll", "norm_filename": "c:\\windows\\system32\\netprofm.dll", "region_type": "memory_mapped_file", "start_va": 140724958986240, "timestamp": "00:01:30.354", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 122880, "start_va": 140725079769088, "type": "region", "version": 1 }, "end_va": 140725079891967, "entry_point": 140725079773640, "filename": "\\Windows\\System32\\cryptsp.dll", "id": "region_6048", "name": "cryptsp.dll", "norm_filename": "c:\\windows\\system32\\cryptsp.dll", "region_type": "memory_mapped_file", "start_va": 140725079769088, "timestamp": "00:01:30.357", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 217088, "start_va": 140725075443712, "type": "region", "version": 1 }, "end_va": 140725075660799, "entry_point": 140725075448792, "filename": "\\Windows\\System32\\rsaenh.dll", "id": "region_6049", "name": "rsaenh.dll", "norm_filename": "c:\\windows\\system32\\rsaenh.dll", "region_type": "memory_mapped_file", "start_va": 140725075443712, "timestamp": "00:01:30.359", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 155648, "start_va": 140725082062848, "type": "region", "version": 1 }, "end_va": 140725082218495, "entry_point": 140725082086248, "filename": "\\Windows\\System32\\bcrypt.dll", "id": "region_6050", "name": "bcrypt.dll", "norm_filename": "c:\\windows\\system32\\bcrypt.dll", "region_type": "memory_mapped_file", "start_va": 140725082062848, "timestamp": "00:01:30.360", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2969600, "start_va": 476275277824, "type": "region", "version": 1 }, "end_va": 476278247423, "entry_point": 476275277824, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_6051", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 476275277824, "timestamp": "00:01:30.362", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 476278292480, "type": "region", "version": 1 }, "end_va": 476278816767, "entry_point": 0, "filename": null, "id": "region_6054", "name": "private_0x0000006ee4660000", "norm_filename": null, "region_type": "private_memory", "start_va": 476278292480, "timestamp": "00:01:30.680", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 476278816768, "type": "region", "version": 1 }, "end_va": 476279341055, "entry_point": 0, "filename": null, "id": "region_6055", "name": "private_0x0000006ee46e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 476278816768, "timestamp": "00:01:30.680", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140702935298048, "type": "region", "version": 1 }, "end_va": 140702935306239, "entry_point": 0, "filename": null, "id": "region_6056", "name": "private_0x00007ff7f47a3000", "norm_filename": null, "region_type": "private_memory", "start_va": 140702935298048, "timestamp": "00:01:30.680", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140702935306240, "type": "region", "version": 1 }, "end_va": 140702935314431, "entry_point": 0, "filename": null, "id": "region_6057", "name": "private_0x00007ff7f47a5000", "norm_filename": null, "region_type": "private_memory", "start_va": 140702935306240, "timestamp": "00:01:30.680", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 57344, "start_va": 140724922286080, "type": "region", "version": 1 }, "end_va": 140724922343423, "entry_point": 140724922314740, "filename": "\\Windows\\System32\\npmproxy.dll", "id": "region_6927", "name": "npmproxy.dll", "norm_filename": "c:\\windows\\system32\\npmproxy.dll", "region_type": "memory_mapped_file", "start_va": 140724922286080, "timestamp": "00:01:36.303", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "C:\\Windows\\system32\\svchost.exe -k LocalServiceNoNetwork", "filename": "c:\\windows\\system32\\svchost.exe", "id": "proc_57", "image_name": "svchost.exe", "monitor_reason": "child_process", "monitored_id": 57, "origin_monitor_id": 39, "ref_parent_process": { "ref_id": "proc_39", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable" ], "ref_process_dump": null, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_4907", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:01:21.583", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 131072, "start_va": 68681859072, "type": "region", "version": 1 }, "end_va": 68681990143, "entry_point": 0, "filename": null, "id": "region_4908", "name": "private_0x0000000ffdc20000", "norm_filename": null, "region_type": "private_memory", "start_va": 68681859072, "timestamp": "00:01:21.583", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 61440, "start_va": 68681990144, "type": "region", "version": 1 }, "end_va": 68682051583, "entry_point": 0, "filename": null, "id": "region_4909", "name": "pagefile_0x0000000ffdc40000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 68681990144, "timestamp": "00:01:21.583", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 68682055680, "type": "region", "version": 1 }, "end_va": 68682579967, "entry_point": 0, "filename": null, "id": "region_4910", "name": "private_0x0000000ffdc50000", "norm_filename": null, "region_type": "private_memory", "start_va": 68682055680, "timestamp": "00:01:21.583", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 68682579968, "type": "region", "version": 1 }, "end_va": 68682596351, "entry_point": 0, "filename": null, "id": "region_4911", "name": "pagefile_0x0000000ffdcd0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 68682579968, "timestamp": "00:01:21.583", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 140694943498240, "type": "region", "version": 1 }, "end_va": 140694943641599, "entry_point": 0, "filename": null, "id": "region_4912", "name": "pagefile_0x00007ff618210000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 140694943498240, "timestamp": "00:01:21.583", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 140694943670272, "type": "region", "version": 1 }, "end_va": 140694943674367, "entry_point": 0, "filename": null, "id": "region_4913", "name": "private_0x00007ff61823a000", "norm_filename": null, "region_type": "private_memory", "start_va": 140694943670272, "timestamp": "00:01:21.583", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140694943686656, "type": "region", "version": 1 }, "end_va": 140694943694847, "entry_point": 0, "filename": null, "id": "region_4914", "name": "private_0x00007ff61823e000", "norm_filename": null, "region_type": "private_memory", "start_va": 140694943686656, "timestamp": "00:01:21.583", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 140694944612352, "type": "region", "version": 1 }, "end_va": 140694944661503, "entry_point": 140694944620940, "filename": "\\Windows\\System32\\svchost.exe", "id": "region_4915", "name": "svchost.exe", "norm_filename": "c:\\windows\\system32\\svchost.exe", "region_type": "memory_mapped_file", "start_va": 140694944612352, "timestamp": "00:01:21.583", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 140725133115392, "type": "region", "version": 1 }, "end_va": 140725134856191, "entry_point": 140725133115392, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_4916", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 140725133115392, "timestamp": "00:01:21.585", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 68682645504, "type": "region", "version": 1 }, "end_va": 68682649599, "entry_point": 0, "filename": null, "id": "region_4917", "name": "pagefile_0x0000000ffdce0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 68682645504, "timestamp": "00:01:21.586", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 68682711040, "type": "region", "version": 1 }, "end_va": 68682719231, "entry_point": 0, "filename": null, "id": "region_4918", "name": "private_0x0000000ffdcf0000", "norm_filename": null, "region_type": "private_memory", "start_va": 68682711040, "timestamp": "00:01:21.586", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 68684021760, "type": "region", "version": 1 }, "end_va": 68685070335, "entry_point": 0, "filename": null, "id": "region_4920", "name": "private_0x0000000ffde30000", "norm_filename": null, "region_type": "private_memory", "start_va": 68684021760, "timestamp": "00:01:21.605", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1105920, "start_va": 140725090648064, "type": "region", "version": 1 }, "end_va": 140725091753983, "entry_point": 140725090656928, "filename": "\\Windows\\System32\\KernelBase.dll", "id": "region_4921", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\system32\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 140725090648064, "timestamp": "00:01:21.605", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1282048, "start_va": 140725124988928, "type": "region", "version": 1 }, "end_va": 140725126270975, "entry_point": 140725125009460, "filename": "\\Windows\\System32\\kernel32.dll", "id": "region_4922", "name": "kernel32.dll", "norm_filename": "c:\\windows\\system32\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 140725124988928, "timestamp": "00:01:21.607", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 68681859072, "type": "region", "version": 1 }, "end_va": 68681924607, "entry_point": 0, "filename": null, "id": "region_4923", "name": "pagefile_0x0000000ffdc20000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 68681859072, "timestamp": "00:01:21.608", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 140694942449664, "type": "region", "version": 1 }, "end_va": 140694943498239, "entry_point": 0, "filename": null, "id": "region_4924", "name": "pagefile_0x00007ff618110000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 140694942449664, "timestamp": "00:01:21.608", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 516096, "start_va": 68682776576, "type": "region", "version": 1 }, "end_va": 68683292671, "entry_point": 68682776576, "filename": "\\Windows\\System32\\locale.nls", "id": "region_4925", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 68682776576, "timestamp": "00:01:21.612", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 356352, "start_va": 140725098184704, "type": "region", "version": 1 }, "end_va": 140725098541055, "entry_point": 140725098194176, "filename": "\\Windows\\System32\\sechost.dll", "id": "region_4926", "name": "sechost.dll", "norm_filename": "c:\\windows\\system32\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 140725098184704, "timestamp": "00:01:21.612", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1269760, "start_va": 140725127806976, "type": "region", "version": 1 }, "end_va": 140725129076735, "entry_point": 140725127811408, "filename": "\\Windows\\System32\\rpcrt4.dll", "id": "region_4927", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\system32\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 140725127806976, "timestamp": "00:01:21.613", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1929216, "start_va": 140725131149312, "type": "region", "version": 1 }, "end_va": 140725133078527, "entry_point": 140725131157344, "filename": "\\Windows\\System32\\combase.dll", "id": "region_4928", "name": "combase.dll", "norm_filename": "c:\\windows\\system32\\combase.dll", "region_type": "memory_mapped_file", "start_va": 140725131149312, "timestamp": "00:01:21.616", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 684032, "start_va": 140725098577920, "type": "region", "version": 1 }, "end_va": 140725099261951, "entry_point": 140725098588204, "filename": "\\Windows\\System32\\msvcrt.dll", "id": "region_4929", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\system32\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 140725098577920, "timestamp": "00:01:21.617", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1835008, "start_va": 68685070336, "type": "region", "version": 1 }, "end_va": 68686905343, "entry_point": 0, "filename": null, "id": "region_4930", "name": "private_0x0000000ffdf30000", "norm_filename": null, "region_type": "private_memory", "start_va": 68685070336, "timestamp": "00:01:21.619", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 28672, "start_va": 68681924608, "type": "region", "version": 1 }, "end_va": 68681953279, "entry_point": 0, "filename": null, "id": "region_4931", "name": "private_0x0000000ffdc30000", "norm_filename": null, "region_type": "private_memory", "start_va": 68681924608, "timestamp": "00:01:21.619", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 761856, "start_va": 68685070336, "type": "region", "version": 1 }, "end_va": 68685832191, "entry_point": 68685252456, "filename": "\\Windows\\System32\\rpcss.dll", "id": "region_4932", "name": "rpcss.dll", "norm_filename": "c:\\windows\\system32\\rpcss.dll", "region_type": "memory_mapped_file", "start_va": 68685070336, "timestamp": "00:01:21.621", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 68686839808, "type": "region", "version": 1 }, "end_va": 68686905343, "entry_point": 0, "filename": null, "id": "region_4933", "name": "private_0x0000000ffe0e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 68686839808, "timestamp": "00:01:21.621", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 140725068431360, "type": "region", "version": 1 }, "end_va": 140725068472319, "entry_point": 140725068437320, "filename": "\\Windows\\System32\\kernel.appcore.dll", "id": "region_4934", "name": "kernel.appcore.dll", "norm_filename": "c:\\windows\\system32\\kernel.appcore.dll", "region_type": "memory_mapped_file", "start_va": 140725068431360, "timestamp": "00:01:21.622", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 140725085208576, "type": "region", "version": 1 }, "end_va": 140725085249535, "entry_point": 140725085212688, "filename": "\\Windows\\System32\\cryptbase.dll", "id": "region_4935", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\system32\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 140725085208576, "timestamp": "00:01:21.624", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 28672, "start_va": 68683300864, "type": "region", "version": 1 }, "end_va": 68683329535, "entry_point": 0, "filename": null, "id": "region_4936", "name": "private_0x0000000ffdd80000", "norm_filename": null, "region_type": "private_memory", "start_va": 68683300864, "timestamp": "00:01:21.625", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 385024, "start_va": 140725084815360, "type": "region", "version": 1 }, "end_va": 140725085200383, "entry_point": 140725084944032, "filename": "\\Windows\\System32\\bcryptprimitives.dll", "id": "region_4937", "name": "bcryptprimitives.dll", "norm_filename": "c:\\windows\\system32\\bcryptprimitives.dll", "region_type": "memory_mapped_file", "start_va": 140725084815360, "timestamp": "00:01:21.626", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1511424, "start_va": 140725093466112, "type": "region", "version": 1 }, "end_va": 140725094977535, "entry_point": 140725093620416, "filename": "\\Windows\\System32\\user32.dll", "id": "region_4938", "name": "user32.dll", "norm_filename": "c:\\windows\\system32\\user32.dll", "region_type": "memory_mapped_file", "start_va": 140725093466112, "timestamp": "00:01:21.628", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1331200, "start_va": 140725129773056, "type": "region", "version": 1 }, "end_va": 140725131104255, "entry_point": 140725129845848, "filename": "\\Windows\\System32\\gdi32.dll", "id": "region_4939", "name": "gdi32.dll", "norm_filename": "c:\\windows\\system32\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 140725129773056, "timestamp": "00:01:21.629", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 68685070336, "type": "region", "version": 1 }, "end_va": 68686675967, "entry_point": 0, "filename": null, "id": "region_4940", "name": "pagefile_0x0000000ffdf30000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 68685070336, "timestamp": "00:01:21.634", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 68686905344, "type": "region", "version": 1 }, "end_va": 68688482303, "entry_point": 0, "filename": null, "id": "region_4941", "name": "pagefile_0x0000000ffe0f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 68686905344, "timestamp": "00:01:21.634", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 786432, "start_va": 68688543744, "type": "region", "version": 1 }, "end_va": 68689330175, "entry_point": 0, "filename": null, "id": "region_4942", "name": "pagefile_0x0000000ffe280000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 68688543744, "timestamp": "00:01:21.634", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 12288, "start_va": 68683366400, "type": "region", "version": 1 }, "end_va": 68683378687, "entry_point": 0, "filename": null, "id": "region_4943", "name": "pagefile_0x0000000ffdd90000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 68683366400, "timestamp": "00:01:21.637", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 68683431936, "type": "region", "version": 1 }, "end_va": 68683436031, "entry_point": 0, "filename": null, "id": "region_4944", "name": "pagefile_0x0000000ffdda0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 68683431936, "timestamp": "00:01:21.637", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 68683497472, "type": "region", "version": 1 }, "end_va": 68683501567, "entry_point": 0, "filename": null, "id": "region_4945", "name": "private_0x0000000ffddb0000", "norm_filename": null, "region_type": "private_memory", "start_va": 68683497472, "timestamp": "00:01:21.637", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 68683563008, "type": "region", "version": 1 }, "end_va": 68683567103, "entry_point": 0, "filename": null, "id": "region_4946", "name": "private_0x0000000ffddc0000", "norm_filename": null, "region_type": "private_memory", "start_va": 68683563008, "timestamp": "00:01:21.637", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4169728, "start_va": 68689330176, "type": "region", "version": 1 }, "end_va": 68693499903, "entry_point": 0, "filename": null, "id": "region_4947", "name": "pagefile_0x0000000ffe340000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 68689330176, "timestamp": "00:01:21.637", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 68693524480, "type": "region", "version": 1 }, "end_va": 68694048767, "entry_point": 0, "filename": null, "id": "region_5192", "name": "private_0x0000000ffe740000", "norm_filename": null, "region_type": "private_memory", "start_va": 68693524480, "timestamp": "00:01:22.791", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 68694048768, "type": "region", "version": 1 }, "end_va": 68694573055, "entry_point": 0, "filename": null, "id": "region_5193", "name": "private_0x0000000ffe7c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 68694048768, "timestamp": "00:01:22.791", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140694943662080, "type": "region", "version": 1 }, "end_va": 140694943670271, "entry_point": 0, "filename": null, "id": "region_5194", "name": "private_0x00007ff618238000", "norm_filename": null, "region_type": "private_memory", "start_va": 140694943662080, "timestamp": "00:01:22.791", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140694943678464, "type": "region", "version": 1 }, "end_va": 140694943686655, "entry_point": 0, "filename": null, "id": "region_5195", "name": "private_0x00007ff61823c000", "norm_filename": null, "region_type": "private_memory", "start_va": 140694943678464, "timestamp": "00:01:22.791", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2969600, "start_va": 68694573056, "type": "region", "version": 1 }, "end_va": 68697542655, "entry_point": 68694573056, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_5196", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 68694573056, "timestamp": "00:01:22.792", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 851968, "start_va": 140724976680960, "type": "region", "version": 1 }, "end_va": 140724977532927, "entry_point": 140724976680960, "filename": "\\Windows\\System32\\BFE.DLL", "id": "region_5215", "name": "bfe.dll", "norm_filename": "c:\\windows\\system32\\bfe.dll", "region_type": "memory_mapped_file", "start_va": 140724976680960, "timestamp": "00:01:22.890", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 294912, "start_va": 140725072560128, "type": "region", "version": 1 }, "end_va": 140725072855039, "entry_point": 140725072564364, "filename": "\\Windows\\System32\\authz.dll", "id": "region_5220", "name": "authz.dll", "norm_filename": "c:\\windows\\system32\\authz.dll", "region_type": "memory_mapped_file", "start_va": 140725072560128, "timestamp": "00:01:22.932", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 360448, "start_va": 140725127020544, "type": "region", "version": 1 }, "end_va": 140725127380991, "entry_point": 140725127024796, "filename": "\\Windows\\System32\\ws2_32.dll", "id": "region_5221", "name": "ws2_32.dll", "norm_filename": "c:\\windows\\system32\\ws2_32.dll", "region_type": "memory_mapped_file", "start_va": 140725127020544, "timestamp": "00:01:22.933", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 667648, "start_va": 140725076951040, "type": "region", "version": 1 }, "end_va": 140725077618687, "entry_point": 140725077040104, "filename": "\\Windows\\System32\\dnsapi.dll", "id": "region_5222", "name": "dnsapi.dll", "norm_filename": "c:\\windows\\system32\\dnsapi.dll", "region_type": "memory_mapped_file", "start_va": 140725076951040, "timestamp": "00:01:22.934", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 36864, "start_va": 140725103886336, "type": "region", "version": 1 }, "end_va": 140725103923199, "entry_point": 140725103891456, "filename": "\\Windows\\System32\\nsi.dll", "id": "region_5223", "name": "nsi.dll", "norm_filename": "c:\\windows\\system32\\nsi.dll", "region_type": "memory_mapped_file", "start_va": 140725103886336, "timestamp": "00:01:22.935", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 68697587712, "type": "region", "version": 1 }, "end_va": 68698111999, "entry_point": 0, "filename": null, "id": "region_5235", "name": "private_0x0000000ffeb20000", "norm_filename": null, "region_type": "private_memory", "start_va": 68697587712, "timestamp": "00:01:23.150", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 68698112000, "type": "region", "version": 1 }, "end_va": 68698636287, "entry_point": 0, "filename": null, "id": "region_5236", "name": "private_0x0000000ffeba0000", "norm_filename": null, "region_type": "private_memory", "start_va": 68698112000, "timestamp": "00:01:23.155", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140694943653888, "type": "region", "version": 1 }, "end_va": 140694943662079, "entry_point": 0, "filename": null, "id": "region_5237", "name": "private_0x00007ff618236000", "norm_filename": null, "region_type": "private_memory", "start_va": 140694943653888, "timestamp": "00:01:23.155", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 28672, "start_va": 68683628544, "type": "region", "version": 1 }, "end_va": 68683657215, "entry_point": 0, "filename": null, "id": "region_5238", "name": "private_0x0000000ffddd0000", "norm_filename": null, "region_type": "private_memory", "start_va": 68683628544, "timestamp": "00:01:23.160", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 176128, "start_va": 140725084618752, "type": "region", "version": 1 }, "end_va": 140725084794879, "entry_point": 140725084624016, "filename": "\\Windows\\System32\\sspicli.dll", "id": "region_5239", "name": "sspicli.dll", "norm_filename": "c:\\windows\\system32\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 140725084618752, "timestamp": "00:01:23.160", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 68698636288, "type": "region", "version": 1 }, "end_va": 68699684863, "entry_point": 0, "filename": null, "id": "region_5240", "name": "private_0x0000000ffec20000", "norm_filename": null, "region_type": "private_memory", "start_va": 68698636288, "timestamp": "00:01:23.166", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 421888, "start_va": 140725029044224, "type": "region", "version": 1 }, "end_va": 140725029466111, "entry_point": 140725029048500, "filename": "\\Windows\\System32\\wevtapi.dll", "id": "region_5241", "name": "wevtapi.dll", "norm_filename": "c:\\windows\\system32\\wevtapi.dll", "region_type": "memory_mapped_file", "start_va": 140725029044224, "timestamp": "00:01:23.169", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 57344, "start_va": 140725072035840, "type": "region", "version": 1 }, "end_va": 140725072093183, "entry_point": 140725072048272, "filename": "\\Windows\\System32\\pcwum.dll", "id": "region_5305", "name": "pcwum.dll", "norm_filename": "c:\\windows\\system32\\pcwum.dll", "region_type": "memory_mapped_file", "start_va": 140725072035840, "timestamp": "00:01:23.751", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 68699684864, "type": "region", "version": 1 }, "end_va": 68700209151, "entry_point": 0, "filename": null, "id": "region_5309", "name": "private_0x0000000ffed20000", "norm_filename": null, "region_type": "private_memory", "start_va": 68699684864, "timestamp": "00:01:23.774", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140694943645696, "type": "region", "version": 1 }, "end_va": 140694943653887, "entry_point": 0, "filename": null, "id": "region_5310", "name": "private_0x00007ff618234000", "norm_filename": null, "region_type": "private_memory", "start_va": 140694943645696, "timestamp": "00:01:23.774", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 68700209152, "type": "region", "version": 1 }, "end_va": 68700733439, "entry_point": 0, "filename": null, "id": "region_5311", "name": "private_0x0000000ffeda0000", "norm_filename": null, "region_type": "private_memory", "start_va": 68700209152, "timestamp": "00:01:23.774", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140694942441472, "type": "region", "version": 1 }, "end_va": 140694942449663, "entry_point": 0, "filename": null, "id": "region_5312", "name": "private_0x00007ff61810e000", "norm_filename": null, "region_type": "private_memory", "start_va": 140694942441472, "timestamp": "00:01:23.774", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 68700733440, "type": "region", "version": 1 }, "end_va": 68701257727, "entry_point": 0, "filename": null, "id": "region_5313", "name": "private_0x0000000ffee20000", "norm_filename": null, "region_type": "private_memory", "start_va": 68700733440, "timestamp": "00:01:23.781", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140694942433280, "type": "region", "version": 1 }, "end_va": 140694942441471, "entry_point": 0, "filename": null, "id": "region_5314", "name": "private_0x00007ff61810c000", "norm_filename": null, "region_type": "private_memory", "start_va": 140694942433280, "timestamp": "00:01:23.781", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 888832, "start_va": 140724970586112, "type": "region", "version": 1 }, "end_va": 140724971474943, "entry_point": 140724970586112, "filename": "\\Windows\\System32\\MPSSVC.dll", "id": "region_5352", "name": "mpssvc.dll", "norm_filename": "c:\\windows\\system32\\mpssvc.dll", "region_type": "memory_mapped_file", "start_va": 140724970586112, "timestamp": "00:01:24.152", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 745472, "start_va": 140725068824576, "type": "region", "version": 1 }, "end_va": 140725069570047, "entry_point": 140725068901472, "filename": "\\Windows\\System32\\FirewallAPI.dll", "id": "region_5381", "name": "firewallapi.dll", "norm_filename": "c:\\windows\\system32\\firewallapi.dll", "region_type": "memory_mapped_file", "start_va": 140725068824576, "timestamp": "00:01:24.276", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 303104, "start_va": 140725090320384, "type": "region", "version": 1 }, "end_va": 140725090623487, "entry_point": 140725090325080, "filename": "\\Windows\\System32\\cfgmgr32.dll", "id": "region_5382", "name": "cfgmgr32.dll", "norm_filename": "c:\\windows\\system32\\cfgmgr32.dll", "region_type": "memory_mapped_file", "start_va": 140725090320384, "timestamp": "00:01:24.277", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 421888, "start_va": 140725008334848, "type": "region", "version": 1 }, "end_va": 140725008756735, "entry_point": 140725008342036, "filename": "\\Windows\\System32\\FWPUCLNT.DLL", "id": "region_5383", "name": "fwpuclnt.dll", "norm_filename": "c:\\windows\\system32\\fwpuclnt.dll", "region_type": "memory_mapped_file", "start_va": 140725008334848, "timestamp": "00:01:24.278", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 68701257728, "type": "region", "version": 1 }, "end_va": 68701782015, "entry_point": 0, "filename": null, "id": "region_5430", "name": "private_0x0000000ffeea0000", "norm_filename": null, "region_type": "private_memory", "start_va": 68701257728, "timestamp": "00:01:24.573", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140694942425088, "type": "region", "version": 1 }, "end_va": 140694942433279, "entry_point": 0, "filename": null, "id": "region_5431", "name": "private_0x00007ff61810a000", "norm_filename": null, "region_type": "private_memory", "start_va": 140694942425088, "timestamp": "00:01:24.573", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 68701782016, "type": "region", "version": 1 }, "end_va": 68702306303, "entry_point": 0, "filename": null, "id": "region_5433", "name": "private_0x0000000ffef20000", "norm_filename": null, "region_type": "private_memory", "start_va": 68701782016, "timestamp": "00:01:24.590", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140694942416896, "type": "region", "version": 1 }, "end_va": 140694942425087, "entry_point": 0, "filename": null, "id": "region_5434", "name": "private_0x00007ff618108000", "norm_filename": null, "region_type": "private_memory", "start_va": 140694942416896, "timestamp": "00:01:24.590", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 68702306304, "type": "region", "version": 1 }, "end_va": 68702830591, "entry_point": 0, "filename": null, "id": "region_5502", "name": "private_0x0000000ffefa0000", "norm_filename": null, "region_type": "private_memory", "start_va": 68702306304, "timestamp": "00:01:25.130", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140694942408704, "type": "region", "version": 1 }, "end_va": 140694942416895, "entry_point": 0, "filename": null, "id": "region_5503", "name": "private_0x00007ff618106000", "norm_filename": null, "region_type": "private_memory", "start_va": 140694942408704, "timestamp": "00:01:25.130", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 68683694080, "type": "region", "version": 1 }, "end_va": 68683698175, "entry_point": 0, "filename": null, "id": "region_5548", "name": "private_0x0000000ffdde0000", "norm_filename": null, "region_type": "private_memory", "start_va": 68683694080, "timestamp": "00:01:25.306", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 68702830592, "type": "region", "version": 1 }, "end_va": 68703354879, "entry_point": 0, "filename": null, "id": "region_5549", "name": "private_0x0000000fff020000", "norm_filename": null, "region_type": "private_memory", "start_va": 68702830592, "timestamp": "00:01:25.306", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140694942400512, "type": "region", "version": 1 }, "end_va": 140694942408703, "entry_point": 0, "filename": null, "id": "region_5550", "name": "private_0x00007ff618104000", "norm_filename": null, "region_type": "private_memory", "start_va": 140694942400512, "timestamp": "00:01:25.306", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 68703354880, "type": "region", "version": 1 }, "end_va": 68703879167, "entry_point": 0, "filename": null, "id": "region_5551", "name": "private_0x0000000fff0a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 68703354880, "timestamp": "00:01:25.308", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140694942392320, "type": "region", "version": 1 }, "end_va": 140694942400511, "entry_point": 0, "filename": null, "id": "region_5552", "name": "private_0x00007ff618102000", "norm_filename": null, "region_type": "private_memory", "start_va": 140694942392320, "timestamp": "00:01:25.308", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 68683694080, "type": "region", "version": 1 }, "end_va": 68683759615, "entry_point": 0, "filename": null, "id": "region_5554", "name": "private_0x0000000ffdde0000", "norm_filename": null, "region_type": "private_memory", "start_va": 68683694080, "timestamp": "00:01:25.308", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 68683759616, "type": "region", "version": 1 }, "end_va": 68683763711, "entry_point": 0, "filename": null, "id": "region_5606", "name": "private_0x0000000ffddf0000", "norm_filename": null, "region_type": "private_memory", "start_va": 68683759616, "timestamp": "00:01:25.473", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 68703879168, "type": "region", "version": 1 }, "end_va": 68704403455, "entry_point": 0, "filename": null, "id": "region_5617", "name": "private_0x0000000fff120000", "norm_filename": null, "region_type": "private_memory", "start_va": 68703879168, "timestamp": "00:01:25.483", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140694942384128, "type": "region", "version": 1 }, "end_va": 140694942392319, "entry_point": 0, "filename": null, "id": "region_5618", "name": "private_0x00007ff618100000", "norm_filename": null, "region_type": "private_memory", "start_va": 140694942384128, "timestamp": "00:01:25.483", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 140724965146624, "type": "region", "version": 1 }, "end_va": 140724965187583, "entry_point": 140724965146624, "filename": "\\Windows\\System32\\adhapi.dll", "id": "region_5619", "name": "adhapi.dll", "norm_filename": "c:\\windows\\system32\\adhapi.dll", "region_type": "memory_mapped_file", "start_va": 140724965146624, "timestamp": "00:01:25.488", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 143360, "start_va": 140725071773696, "type": "region", "version": 1 }, "end_va": 140725071917055, "entry_point": 140725071777952, "filename": "\\Windows\\System32\\gpapi.dll", "id": "region_5620", "name": "gpapi.dll", "norm_filename": "c:\\windows\\system32\\gpapi.dll", "region_type": "memory_mapped_file", "start_va": 140725071773696, "timestamp": "00:01:25.498", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 167936, "start_va": 140725016985600, "type": "region", "version": 1 }, "end_va": 140725017153535, "entry_point": 140725017016680, "filename": "\\Windows\\System32\\IPHLPAPI.DLL", "id": "region_5622", "name": "iphlpapi.dll", "norm_filename": "c:\\windows\\system32\\iphlpapi.dll", "region_type": "memory_mapped_file", "start_va": 140725016985600, "timestamp": "00:01:25.503", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 140725016920064, "type": "region", "version": 1 }, "end_va": 140725016961023, "entry_point": 140725016924356, "filename": "\\Windows\\System32\\winnsi.dll", "id": "region_5623", "name": "winnsi.dll", "norm_filename": "c:\\windows\\system32\\winnsi.dll", "region_type": "memory_mapped_file", "start_va": 140725016920064, "timestamp": "00:01:25.507", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 81920, "start_va": 140725007810560, "type": "region", "version": 1 }, "end_va": 140725007892479, "entry_point": 140725007816576, "filename": "\\Windows\\System32\\dhcpcsvc6.dll", "id": "region_5624", "name": "dhcpcsvc6.dll", "norm_filename": "c:\\windows\\system32\\dhcpcsvc6.dll", "region_type": "memory_mapped_file", "start_va": 140725007810560, "timestamp": "00:01:25.509", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 140725007679488, "type": "region", "version": 1 }, "end_va": 140725007781887, "entry_point": 140725007687116, "filename": "\\Windows\\System32\\dhcpcsvc.dll", "id": "region_5625", "name": "dhcpcsvc.dll", "norm_filename": "c:\\windows\\system32\\dhcpcsvc.dll", "region_type": "memory_mapped_file", "start_va": 140725007679488, "timestamp": "00:01:25.519", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 360448, "start_va": 140725079375872, "type": "region", "version": 1 }, "end_va": 140725079736319, "entry_point": 140725079379984, "filename": "\\Windows\\System32\\mswsock.dll", "id": "region_5628", "name": "mswsock.dll", "norm_filename": "c:\\windows\\system32\\mswsock.dll", "region_type": "memory_mapped_file", "start_va": 140725079375872, "timestamp": "00:01:25.565", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 68704403456, "type": "region", "version": 1 }, "end_va": 68704927743, "entry_point": 0, "filename": null, "id": "region_5633", "name": "private_0x0000000fff1a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 68704403456, "timestamp": "00:01:25.600", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140694942375936, "type": "region", "version": 1 }, "end_va": 140694942384127, "entry_point": 0, "filename": null, "id": "region_5634", "name": "private_0x00007ff6180fe000", "norm_filename": null, "region_type": "private_memory", "start_va": 140694942375936, "timestamp": "00:01:25.600", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 68704927744, "type": "region", "version": 1 }, "end_va": 68705452031, "entry_point": 0, "filename": null, "id": "region_5724", "name": "private_0x0000000fff220000", "norm_filename": null, "region_type": "private_memory", "start_va": 68704927744, "timestamp": "00:01:25.988", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 68705452032, "type": "region", "version": 1 }, "end_va": 68705976319, "entry_point": 0, "filename": null, "id": "region_5725", "name": "private_0x0000000fff2a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 68705452032, "timestamp": "00:01:25.988", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140694942359552, "type": "region", "version": 1 }, "end_va": 140694942367743, "entry_point": 0, "filename": null, "id": "region_5726", "name": "private_0x00007ff6180fa000", "norm_filename": null, "region_type": "private_memory", "start_va": 140694942359552, "timestamp": "00:01:25.988", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140694942367744, "type": "region", "version": 1 }, "end_va": 140694942375935, "entry_point": 0, "filename": null, "id": "region_5727", "name": "private_0x00007ff6180fc000", "norm_filename": null, "region_type": "private_memory", "start_va": 140694942367744, "timestamp": "00:01:25.988", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 140724959248384, "type": "region", "version": 1 }, "end_va": 140724959289343, "entry_point": 140724959248384, "filename": "\\Windows\\System32\\wfapigp.dll", "id": "region_5728", "name": "wfapigp.dll", "norm_filename": "c:\\windows\\system32\\wfapigp.dll", "region_type": "memory_mapped_file", "start_va": 140724959248384, "timestamp": "00:01:25.989", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 68705976320, "type": "region", "version": 1 }, "end_va": 68707024895, "entry_point": 0, "filename": null, "id": "region_6029", "name": "private_0x0000000fff320000", "norm_filename": null, "region_type": "private_memory", "start_va": 68705976320, "timestamp": "00:01:30.177", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 925696, "start_va": 140724955119616, "type": "region", "version": 1 }, "end_va": 140724956045311, "entry_point": 140724955119616, "filename": "\\Windows\\System32\\MrmCoreR.dll", "id": "region_6058", "name": "mrmcorer.dll", "norm_filename": "c:\\windows\\system32\\mrmcorer.dll", "region_type": "memory_mapped_file", "start_va": 140724955119616, "timestamp": "00:01:30.686", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 385024, "start_va": 140725053423616, "type": "region", "version": 1 }, "end_va": 140725053808639, "entry_point": 140725053427828, "filename": "\\Windows\\System32\\BCP47Langs.dll", "id": "region_6074", "name": "bcp47langs.dll", "norm_filename": "c:\\windows\\system32\\bcp47langs.dll", "region_type": "memory_mapped_file", "start_va": 140725053423616, "timestamp": "00:01:30.771", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1437696, "start_va": 140724962656256, "type": "region", "version": 1 }, "end_va": 140724964093951, "entry_point": 140724962661428, "filename": "\\Windows\\System32\\urlmon.dll", "id": "region_6164", "name": "urlmon.dll", "norm_filename": "c:\\windows\\system32\\urlmon.dll", "region_type": "memory_mapped_file", "start_va": 140724962656256, "timestamp": "00:01:31.697", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1531904, "start_va": 140725096546304, "type": "region", "version": 1 }, "end_va": 140725098078207, "entry_point": 140725096550580, "filename": "\\Windows\\System32\\ole32.dll", "id": "region_6171", "name": "ole32.dll", "norm_filename": "c:\\windows\\system32\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 140725096546304, "timestamp": "00:01:31.789", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 331776, "start_va": 140725095038976, "type": "region", "version": 1 }, "end_va": 140725095370751, "entry_point": 140725095043776, "filename": "\\Windows\\System32\\shlwapi.dll", "id": "region_6172", "name": "shlwapi.dll", "norm_filename": "c:\\windows\\system32\\shlwapi.dll", "region_type": "memory_mapped_file", "start_va": 140725095038976, "timestamp": "00:01:31.801", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2785280, "start_va": 140725002436608, "type": "region", "version": 1 }, "end_va": 140725005221887, "entry_point": 140725002493380, "filename": "\\Windows\\System32\\iertutil.dll", "id": "region_6175", "name": "iertutil.dll", "norm_filename": "c:\\windows\\system32\\iertutil.dll", "region_type": "memory_mapped_file", "start_va": 140725002436608, "timestamp": "00:01:31.816", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2359296, "start_va": 140725005254656, "type": "region", "version": 1 }, "end_va": 140725007613951, "entry_point": 140725005259760, "filename": "\\Windows\\System32\\wininet.dll", "id": "region_6179", "name": "wininet.dll", "norm_filename": "c:\\windows\\system32\\wininet.dll", "region_type": "memory_mapped_file", "start_va": 140725005254656, "timestamp": "00:01:31.832", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 745472, "start_va": 68707024896, "type": "region", "version": 1 }, "end_va": 68707770367, "entry_point": 68707029280, "filename": "\\Windows\\System32\\oleaut32.dll", "id": "region_6180", "name": "oleaut32.dll", "norm_filename": "c:\\windows\\system32\\oleaut32.dll", "region_type": "memory_mapped_file", "start_va": 68707024896, "timestamp": "00:01:31.836", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 675840, "start_va": 140725126299648, "type": "region", "version": 1 }, "end_va": 140725126975487, "entry_point": 140725126303760, "filename": "\\Windows\\System32\\advapi32.dll", "id": "region_6219", "name": "advapi32.dll", "norm_filename": "c:\\windows\\system32\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 140725126299648, "timestamp": "00:01:32.193", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 749568, "start_va": 140725101002752, "type": "region", "version": 1 }, "end_va": 140725101752319, "entry_point": 140725101007136, "filename": "\\Windows\\System32\\oleaut32.dll", "id": "region_6220", "name": "oleaut32.dll", "norm_filename": "c:\\windows\\system32\\oleaut32.dll", "region_type": "memory_mapped_file", "start_va": 140725101002752, "timestamp": "00:01:32.198", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 659456, "start_va": 140725060108288, "type": "region", "version": 1 }, "end_va": 140725060767743, "entry_point": 140725060112544, "filename": "\\Windows\\System32\\SHCore.dll", "id": "region_6228", "name": "shcore.dll", "norm_filename": "c:\\windows\\system32\\shcore.dll", "region_type": "memory_mapped_file", "start_va": 140725060108288, "timestamp": "00:01:32.302", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 12288, "start_va": 68683825152, "type": "region", "version": 1 }, "end_va": 68683837439, "entry_point": 68683825152, "filename": "\\Windows\\WinStore\\resources.pri", "id": "region_6268", "name": "resources.pri", "norm_filename": "c:\\windows\\winstore\\resources.pri", "region_type": "memory_mapped_file", "start_va": 68683825152, "timestamp": "00:01:32.552", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 68707024896, "type": "region", "version": 1 }, "end_va": 68707549183, "entry_point": 0, "filename": null, "id": "region_6279", "name": "private_0x0000000fff420000", "norm_filename": null, "region_type": "private_memory", "start_va": 68707024896, "timestamp": "00:01:32.686", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140694942351360, "type": "region", "version": 1 }, "end_va": 140694942359551, "entry_point": 0, "filename": null, "id": "region_6280", "name": "private_0x00007ff6180f8000", "norm_filename": null, "region_type": "private_memory", "start_va": 140694942351360, "timestamp": "00:01:32.686", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 184320, "start_va": 140725042872320, "type": "region", "version": 1 }, "end_va": 140725043056639, "entry_point": 140725042872320, "filename": "\\Windows\\System32\\dps.dll", "id": "region_6290", "name": "dps.dll", "norm_filename": "c:\\windows\\system32\\dps.dll", "region_type": "memory_mapped_file", "start_va": 140725042872320, "timestamp": "00:01:32.708", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 81920, "start_va": 140725086453760, "type": "region", "version": 1 }, "end_va": 140725086535679, "entry_point": 140725086468812, "filename": "\\Windows\\System32\\profapi.dll", "id": "region_6336", "name": "profapi.dll", "norm_filename": "c:\\windows\\system32\\profapi.dll", "region_type": "memory_mapped_file", "start_va": 140725086453760, "timestamp": "00:01:32.789", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 68683890688, "type": "region", "version": 1 }, "end_va": 68683894783, "entry_point": 0, "filename": null, "id": "region_6337", "name": "pagefile_0x0000000ffde10000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 68683890688, "timestamp": "00:01:32.795", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 671744, "start_va": 140725095825408, "type": "region", "version": 1 }, "end_va": 140725096497151, "entry_point": 140725095829872, "filename": "\\Windows\\System32\\clbcatq.dll", "id": "region_6338", "name": "clbcatq.dll", "norm_filename": "c:\\windows\\system32\\clbcatq.dll", "region_type": "memory_mapped_file", "start_va": 140725095825408, "timestamp": "00:01:32.796", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 68683956224, "type": "region", "version": 1 }, "end_va": 68683960319, "entry_point": 0, "filename": null, "id": "region_6339", "name": "pagefile_0x0000000ffde20000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 68683956224, "timestamp": "00:01:32.797", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1691648, "start_va": 140725023735808, "type": "region", "version": 1 }, "end_va": 140725025427455, "entry_point": 140725023740764, "filename": "\\Windows\\System32\\taskschd.dll", "id": "region_6340", "name": "taskschd.dll", "norm_filename": "c:\\windows\\system32\\taskschd.dll", "region_type": "memory_mapped_file", "start_va": 140725023735808, "timestamp": "00:01:32.799", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 68686708736, "type": "region", "version": 1 }, "end_va": 68686712831, "entry_point": 68686708736, "filename": "\\Windows\\rescache\\_merged\\3592120974\\754694702.pri", "id": "region_6344", "name": "754694702.pri", "norm_filename": "c:\\windows\\rescache\\_merged\\3592120974\\754694702.pri", "region_type": "memory_mapped_file", "start_va": 68686708736, "timestamp": "00:01:32.858", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 68707549184, "type": "region", "version": 1 }, "end_va": 68708073471, "entry_point": 0, "filename": null, "id": "region_6345", "name": "private_0x0000000fff4a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 68707549184, "timestamp": "00:01:32.858", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140694942343168, "type": "region", "version": 1 }, "end_va": 140694942351359, "entry_point": 0, "filename": null, "id": "region_6346", "name": "private_0x00007ff6180f6000", "norm_filename": null, "region_type": "private_memory", "start_va": 140694942343168, "timestamp": "00:01:32.858", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 68686774272, "type": "region", "version": 1 }, "end_va": 68686778367, "entry_point": 0, "filename": null, "id": "region_6347", "name": "private_0x0000000ffe0d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 68686774272, "timestamp": "00:01:32.859", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 32768, "start_va": 68686774272, "type": "region", "version": 1 }, "end_va": 68686807039, "entry_point": 0, "filename": null, "id": "region_6353", "name": "private_0x0000000ffe0d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 68686774272, "timestamp": "00:01:32.886", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 68697587712, "type": "region", "version": 1 }, "end_va": 68697591807, "entry_point": 0, "filename": null, "id": "region_6357", "name": "private_0x0000000ffeb20000", "norm_filename": null, "region_type": "private_memory", "start_va": 68697587712, "timestamp": "00:01:32.912", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 68697653248, "type": "region", "version": 1 }, "end_va": 68697657343, "entry_point": 0, "filename": null, "id": "region_6358", "name": "private_0x0000000ffeb30000", "norm_filename": null, "region_type": "private_memory", "start_va": 68697653248, "timestamp": "00:01:32.912", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 68697718784, "type": "region", "version": 1 }, "end_va": 68697722879, "entry_point": 0, "filename": null, "id": "region_6359", "name": "private_0x0000000ffeb40000", "norm_filename": null, "region_type": "private_memory", "start_va": 68697718784, "timestamp": "00:01:32.912", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 68697784320, "type": "region", "version": 1 }, "end_va": 68697788415, "entry_point": 0, "filename": null, "id": "region_6360", "name": "private_0x0000000ffeb50000", "norm_filename": null, "region_type": "private_memory", "start_va": 68697784320, "timestamp": "00:01:32.912", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 68697849856, "type": "region", "version": 1 }, "end_va": 68697858047, "entry_point": 0, "filename": null, "id": "region_6361", "name": "private_0x0000000ffeb60000", "norm_filename": null, "region_type": "private_memory", "start_va": 68697849856, "timestamp": "00:01:32.912", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 68697915392, "type": "region", "version": 1 }, "end_va": 68697919487, "entry_point": 0, "filename": null, "id": "region_6362", "name": "private_0x0000000ffeb70000", "norm_filename": null, "region_type": "private_memory", "start_va": 68697915392, "timestamp": "00:01:32.912", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 68697980928, "type": "region", "version": 1 }, "end_va": 68697985023, "entry_point": 0, "filename": null, "id": "region_6363", "name": "private_0x0000000ffeb80000", "norm_filename": null, "region_type": "private_memory", "start_va": 68697980928, "timestamp": "00:01:32.912", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 68698046464, "type": "region", "version": 1 }, "end_va": 68698111999, "entry_point": 0, "filename": null, "id": "region_6364", "name": "private_0x0000000ffeb90000", "norm_filename": null, "region_type": "private_memory", "start_va": 68698046464, "timestamp": "00:01:32.912", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 68708073472, "type": "region", "version": 1 }, "end_va": 68708077567, "entry_point": 0, "filename": null, "id": "region_6365", "name": "private_0x0000000fff520000", "norm_filename": null, "region_type": "private_memory", "start_va": 68708073472, "timestamp": "00:01:32.912", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 68708139008, "type": "region", "version": 1 }, "end_va": 68708143103, "entry_point": 0, "filename": null, "id": "region_6366", "name": "private_0x0000000fff530000", "norm_filename": null, "region_type": "private_memory", "start_va": 68708139008, "timestamp": "00:01:32.912", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 68708204544, "type": "region", "version": 1 }, "end_va": 68708216831, "entry_point": 0, "filename": null, "id": "region_6367", "name": "private_0x0000000fff540000", "norm_filename": null, "region_type": "private_memory", "start_va": 68708204544, "timestamp": "00:01:32.912", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 68708270080, "type": "region", "version": 1 }, "end_va": 68708274175, "entry_point": 0, "filename": null, "id": "region_6368", "name": "private_0x0000000fff550000", "norm_filename": null, "region_type": "private_memory", "start_va": 68708270080, "timestamp": "00:01:32.912", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 68708335616, "type": "region", "version": 1 }, "end_va": 68708343807, "entry_point": 0, "filename": null, "id": "region_6369", "name": "private_0x0000000fff560000", "norm_filename": null, "region_type": "private_memory", "start_va": 68708335616, "timestamp": "00:01:32.912", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 68708401152, "type": "region", "version": 1 }, "end_va": 68708409343, "entry_point": 0, "filename": null, "id": "region_6370", "name": "private_0x0000000fff570000", "norm_filename": null, "region_type": "private_memory", "start_va": 68708401152, "timestamp": "00:01:32.912", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 68708466688, "type": "region", "version": 1 }, "end_va": 68708470783, "entry_point": 0, "filename": null, "id": "region_6371", "name": "private_0x0000000fff580000", "norm_filename": null, "region_type": "private_memory", "start_va": 68708466688, "timestamp": "00:01:32.912", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 68708532224, "type": "region", "version": 1 }, "end_va": 68708536319, "entry_point": 68708532224, "filename": "\\Windows\\WinStore\\pris\\resources.en-US.pri", "id": "region_6372", "name": "resources.en-us.pri", "norm_filename": "c:\\windows\\winstore\\pris\\resources.en-us.pri", "region_type": "memory_mapped_file", "start_va": 68708532224, "timestamp": "00:01:32.913", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 68708532224, "type": "region", "version": 1 }, "end_va": 68709580799, "entry_point": 0, "filename": null, "id": "region_6395", "name": "private_0x0000000fff590000", "norm_filename": null, "region_type": "private_memory", "start_va": 68708532224, "timestamp": "00:01:33.059", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 68709580800, "type": "region", "version": 1 }, "end_va": 68709584895, "entry_point": 68709580800, "filename": "\\Windows\\WinStore\\pris\\resources.en-US.pri", "id": "region_6399", "name": "resources.en-us.pri", "norm_filename": "c:\\windows\\winstore\\pris\\resources.en-us.pri", "region_type": "memory_mapped_file", "start_va": 68709580800, "timestamp": "00:01:33.069", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 196608, "start_va": 140725028847616, "type": "region", "version": 1 }, "end_va": 140725029044223, "entry_point": 140725028871328, "filename": "\\Windows\\System32\\ntmarta.dll", "id": "region_6456", "name": "ntmarta.dll", "norm_filename": "c:\\windows\\system32\\ntmarta.dll", "region_type": "memory_mapped_file", "start_va": 140725028847616, "timestamp": "00:01:33.377", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "" ], "ref_process_dump": null, "size": 77824, "start_va": 68709580800, "type": "region", "version": 1 }, "end_va": 68709658623, "entry_point": 0, "filename": null, "id": "region_6457", "name": "private_0x0000000fff690000", "norm_filename": null, "region_type": "private_memory", "start_va": 68709580800, "timestamp": "00:01:33.383", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 68683825152, "type": "region", "version": 1 }, "end_va": 68683829247, "entry_point": 68683825152, "filename": "\\Windows\\System32\\en-US\\WiFiDisplay.dll.mui", "id": "region_6535", "name": "wifidisplay.dll.mui", "norm_filename": "c:\\windows\\system32\\en-us\\wifidisplay.dll.mui", "region_type": "memory_mapped_file", "start_va": 68683825152, "timestamp": "00:01:33.881", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 118784, "start_va": 68709580800, "type": "region", "version": 1 }, "end_va": 68709699583, "entry_point": 68709580800, "filename": "\\Windows\\System32\\WiFiDisplay.dll", "id": "region_6536", "name": "wifidisplay.dll", "norm_filename": "c:\\windows\\system32\\wifidisplay.dll", "region_type": "memory_mapped_file", "start_va": 68709580800, "timestamp": "00:01:33.888", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 68686708736, "type": "region", "version": 1 }, "end_va": 68686712831, "entry_point": 0, "filename": null, "id": "region_6540", "name": "private_0x0000000ffe0c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 68686708736, "timestamp": "00:01:33.909", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 118784, "start_va": 68709580800, "type": "region", "version": 1 }, "end_va": 68709699583, "entry_point": 68709653356, "filename": "\\Windows\\System32\\WiFiDisplay.dll", "id": "region_6542", "name": "wifidisplay.dll", "norm_filename": "c:\\windows\\system32\\wifidisplay.dll", "region_type": "memory_mapped_file", "start_va": 68709580800, "timestamp": "00:01:33.911", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 2097152, "start_va": 68709580800, "type": "region", "version": 1 }, "end_va": 68711677951, "entry_point": 0, "filename": null, "id": "region_6629", "name": "private_0x0000000fff690000", "norm_filename": null, "region_type": "private_memory", "start_va": 68709580800, "timestamp": "00:01:34.682", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 2097152, "start_va": 68711677952, "type": "region", "version": 1 }, "end_va": 68713775103, "entry_point": 0, "filename": null, "id": "region_6630", "name": "private_0x0000000fff890000", "norm_filename": null, "region_type": "private_memory", "start_va": 68711677952, "timestamp": "00:01:34.685", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "" ], "ref_process_dump": null, "size": 77824, "start_va": 68713775104, "type": "region", "version": 1 }, "end_va": 68713852927, "entry_point": 0, "filename": null, "id": "region_6638", "name": "private_0x0000000fffa90000", "norm_filename": null, "region_type": "private_memory", "start_va": 68713775104, "timestamp": "00:01:34.728", "type": "region", "version": 1 } ], "terminate_reason": "timeout", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "C:\\PROGRA~1\\COMMON~1\\WANACR~1.EXE ", "filename": "c:\\progra~1\\common~1\\wanacr~1.exe", "id": "proc_58", "image_name": "wanacr~1.exe", "monitor_reason": "child_process", "monitored_id": 58, "origin_monitor_id": 46, "ref_parent_process": { "ref_id": "proc_46", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable" ], "ref_process_dump": null, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_4990", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:01:21.767", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 131072, "start_va": 630451273728, "type": "region", "version": 1 }, "end_va": 630451404799, "entry_point": 0, "filename": null, "id": "region_4991", "name": "private_0x00000092c9d30000", "norm_filename": null, "region_type": "private_memory", "start_va": 630451273728, "timestamp": "00:01:21.767", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 61440, "start_va": 630451404800, "type": "region", "version": 1 }, "end_va": 630451466239, "entry_point": 0, "filename": null, "id": "region_4992", "name": "pagefile_0x00000092c9d50000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 630451404800, "timestamp": "00:01:21.767", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4194304, "start_va": 630451470336, "type": "region", "version": 1 }, "end_va": 630455664639, "entry_point": 0, "filename": null, "id": "region_4993", "name": "private_0x00000092c9d60000", "norm_filename": null, "region_type": "private_memory", "start_va": 630451470336, "timestamp": "00:01:21.767", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 140698002653184, "type": "region", "version": 1 }, "end_va": 140698002796543, "entry_point": 0, "filename": null, "id": "region_4994", "name": "pagefile_0x00007ff6ce780000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 140698002653184, "timestamp": "00:01:21.767", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140698002837504, "type": "region", "version": 1 }, "end_va": 140698002845695, "entry_point": 0, "filename": null, "id": "region_4995", "name": "private_0x00007ff6ce7ad000", "norm_filename": null, "region_type": "private_memory", "start_va": 140698002837504, "timestamp": "00:01:21.767", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 140698002845696, "type": "region", "version": 1 }, "end_va": 140698002849791, "entry_point": 0, "filename": null, "id": "region_4996", "name": "private_0x00007ff6ce7af000", "norm_filename": null, "region_type": "private_memory", "start_va": 140698002845696, "timestamp": "00:01:21.767", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1085440, "start_va": 140698014777344, "type": "region", "version": 1 }, "end_va": 140698015862783, "entry_point": 140698014972444, "filename": "\\PROGRA~1\\COMMON~1\\WANACR~1.EXE", "id": "region_4997", "name": "wanacr~1.exe", "norm_filename": "c:\\progra~1\\common~1\\wanacr~1.exe", "region_type": "memory_mapped_file", "start_va": 140698014777344, "timestamp": "00:01:21.767", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 140725133115392, "type": "region", "version": 1 }, "end_va": 140725134856191, "entry_point": 140725133115392, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_4998", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 140725133115392, "timestamp": "00:01:21.767", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 630455664640, "type": "region", "version": 1 }, "end_va": 630455681023, "entry_point": 0, "filename": null, "id": "region_5000", "name": "pagefile_0x00000092ca160000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 630455664640, "timestamp": "00:01:21.771", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 630455730176, "type": "region", "version": 1 }, "end_va": 630455738367, "entry_point": 0, "filename": null, "id": "region_5003", "name": "pagefile_0x00000092ca170000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 630455730176, "timestamp": "00:01:21.777", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 630455795712, "type": "region", "version": 1 }, "end_va": 630455803903, "entry_point": 0, "filename": null, "id": "region_5004", "name": "private_0x00000092ca180000", "norm_filename": null, "region_type": "private_memory", "start_va": 630455795712, "timestamp": "00:01:21.778", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4194304, "start_va": 630457630720, "type": "region", "version": 1 }, "end_va": 630461825023, "entry_point": 0, "filename": null, "id": "region_5856", "name": "private_0x00000092ca340000", "norm_filename": null, "region_type": "private_memory", "start_va": 630457630720, "timestamp": "00:01:26.654", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1105920, "start_va": 140725090648064, "type": "region", "version": 1 }, "end_va": 140725091753983, "entry_point": 140725090656928, "filename": "\\Windows\\System32\\KernelBase.dll", "id": "region_5857", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\system32\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 140725090648064, "timestamp": "00:01:26.654", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1282048, "start_va": 140725124988928, "type": "region", "version": 1 }, "end_va": 140725126270975, "entry_point": 140725125009460, "filename": "\\Windows\\System32\\kernel32.dll", "id": "region_5858", "name": "kernel32.dll", "norm_filename": "c:\\windows\\system32\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 140725124988928, "timestamp": "00:01:26.655", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 630451273728, "type": "region", "version": 1 }, "end_va": 630451339263, "entry_point": 0, "filename": null, "id": "region_5891", "name": "pagefile_0x00000092c9d30000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 630451273728, "timestamp": "00:01:26.725", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 140698001604608, "type": "region", "version": 1 }, "end_va": 140698002653183, "entry_point": 0, "filename": null, "id": "region_5892", "name": "pagefile_0x00007ff6ce680000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 140698001604608, "timestamp": "00:01:26.725", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 516096, "start_va": 630455861248, "type": "region", "version": 1 }, "end_va": 630456377343, "entry_point": 630455861248, "filename": "\\Windows\\System32\\locale.nls", "id": "region_5925", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 630455861248, "timestamp": "00:01:27.898", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 36864, "start_va": 140724958920704, "type": "region", "version": 1 }, "end_va": 140724958957567, "entry_point": 140724958920704, "filename": "\\Windows\\System32\\wsock32.dll", "id": "region_5926", "name": "wsock32.dll", "norm_filename": "c:\\windows\\system32\\wsock32.dll", "region_type": "memory_mapped_file", "start_va": 140724958920704, "timestamp": "00:01:27.904", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 140724958855168, "type": "region", "version": 1 }, "end_va": 140724958896127, "entry_point": 140724958855168, "filename": "\\Windows\\System32\\version.dll", "id": "region_5927", "name": "version.dll", "norm_filename": "c:\\windows\\system32\\version.dll", "region_type": "memory_mapped_file", "start_va": 140724958855168, "timestamp": "00:01:27.911", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 126976, "start_va": 140724958724096, "type": "region", "version": 1 }, "end_va": 140724958851071, "entry_point": 140724958724096, "filename": "\\Windows\\System32\\winmm.dll", "id": "region_5928", "name": "winmm.dll", "norm_filename": "c:\\windows\\system32\\winmm.dll", "region_type": "memory_mapped_file", "start_va": 140724958724096, "timestamp": "00:01:27.918", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2465792, "start_va": 140725055651840, "type": "region", "version": 1 }, "end_va": 140725058117631, "entry_point": 140725055670080, "filename": "\\Windows\\WinSxS\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_62475f7becb72503\\comctl32.dll", "id": "region_5929", "name": "comctl32.dll", "norm_filename": "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_62475f7becb72503\\comctl32.dll", "region_type": "memory_mapped_file", "start_va": 140725055651840, "timestamp": "00:01:27.924", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 110592, "start_va": 140724999946240, "type": "region", "version": 1 }, "end_va": 140725000056831, "entry_point": 140724999950416, "filename": "\\Windows\\System32\\mpr.dll", "id": "region_5930", "name": "mpr.dll", "norm_filename": "c:\\windows\\system32\\mpr.dll", "region_type": "memory_mapped_file", "start_va": 140724999946240, "timestamp": "00:01:27.925", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 28672, "start_va": 630451339264, "type": "region", "version": 1 }, "end_va": 630451367935, "entry_point": 0, "filename": null, "id": "region_5931", "name": "private_0x00000092c9d40000", "norm_filename": null, "region_type": "private_memory", "start_va": 630451339264, "timestamp": "00:01:27.925", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2359296, "start_va": 140725005254656, "type": "region", "version": 1 }, "end_va": 140725007613951, "entry_point": 140725005259760, "filename": "\\Windows\\System32\\wininet.dll", "id": "region_5932", "name": "wininet.dll", "norm_filename": "c:\\windows\\system32\\wininet.dll", "region_type": "memory_mapped_file", "start_va": 140725005254656, "timestamp": "00:01:27.926", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 28672, "start_va": 140725103820800, "type": "region", "version": 1 }, "end_va": 140725103849471, "entry_point": 140725103820800, "filename": "\\Windows\\System32\\psapi.dll", "id": "region_5933", "name": "psapi.dll", "norm_filename": "c:\\windows\\system32\\psapi.dll", "region_type": "memory_mapped_file", "start_va": 140725103820800, "timestamp": "00:01:27.927", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 167936, "start_va": 140725016985600, "type": "region", "version": 1 }, "end_va": 140725017153535, "entry_point": 140725017016680, "filename": "\\Windows\\System32\\IPHLPAPI.DLL", "id": "region_6404", "name": "iphlpapi.dll", "norm_filename": "c:\\windows\\system32\\iphlpapi.dll", "region_type": "memory_mapped_file", "start_va": 140725016985600, "timestamp": "00:01:33.087", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 126976, "start_va": 140725076557824, "type": "region", "version": 1 }, "end_va": 140725076684799, "entry_point": 140725076562672, "filename": "\\Windows\\System32\\userenv.dll", "id": "region_6405", "name": "userenv.dll", "norm_filename": "c:\\windows\\system32\\userenv.dll", "region_type": "memory_mapped_file", "start_va": 140725076557824, "timestamp": "00:01:33.089", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1187840, "start_va": 140725066858496, "type": "region", "version": 1 }, "end_va": 140725068046335, "entry_point": 140725066904644, "filename": "\\Windows\\System32\\uxtheme.dll", "id": "region_6406", "name": "uxtheme.dll", "norm_filename": "c:\\windows\\system32\\uxtheme.dll", "region_type": "memory_mapped_file", "start_va": 140725066858496, "timestamp": "00:01:33.090", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1511424, "start_va": 140725093466112, "type": "region", "version": 1 }, "end_va": 140725094977535, "entry_point": 140725093620416, "filename": "\\Windows\\System32\\user32.dll", "id": "region_6407", "name": "user32.dll", "norm_filename": "c:\\windows\\system32\\user32.dll", "region_type": "memory_mapped_file", "start_va": 140725093466112, "timestamp": "00:01:33.091", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1331200, "start_va": 140725129773056, "type": "region", "version": 1 }, "end_va": 140725131104255, "entry_point": 140725129845848, "filename": "\\Windows\\System32\\gdi32.dll", "id": "region_6408", "name": "gdi32.dll", "norm_filename": "c:\\windows\\system32\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 140725129773056, "timestamp": "00:01:33.091", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 630784, "start_va": 140725129117696, "type": "region", "version": 1 }, "end_va": 140725129748479, "entry_point": 140725129117696, "filename": "\\Windows\\System32\\comdlg32.dll", "id": "region_6409", "name": "comdlg32.dll", "norm_filename": "c:\\windows\\system32\\comdlg32.dll", "region_type": "memory_mapped_file", "start_va": 140725129117696, "timestamp": "00:01:33.094", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 675840, "start_va": 140725126299648, "type": "region", "version": 1 }, "end_va": 140725126975487, "entry_point": 140725126303760, "filename": "\\Windows\\System32\\advapi32.dll", "id": "region_6410", "name": "advapi32.dll", "norm_filename": "c:\\windows\\system32\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 140725126299648, "timestamp": "00:01:33.099", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 21032960, "start_va": 140725103951872, "type": "region", "version": 1 }, "end_va": 140725124984831, "entry_point": 140725103956224, "filename": "\\Windows\\System32\\shell32.dll", "id": "region_6411", "name": "shell32.dll", "norm_filename": "c:\\windows\\system32\\shell32.dll", "region_type": "memory_mapped_file", "start_va": 140725103951872, "timestamp": "00:01:33.100", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1531904, "start_va": 140725096546304, "type": "region", "version": 1 }, "end_va": 140725098078207, "entry_point": 140725096550580, "filename": "\\Windows\\System32\\ole32.dll", "id": "region_6412", "name": "ole32.dll", "norm_filename": "c:\\windows\\system32\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 140725096546304, "timestamp": "00:01:33.101", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 749568, "start_va": 140725101002752, "type": "region", "version": 1 }, "end_va": 140725101752319, "entry_point": 140725101007136, "filename": "\\Windows\\System32\\oleaut32.dll", "id": "region_6413", "name": "oleaut32.dll", "norm_filename": "c:\\windows\\system32\\oleaut32.dll", "region_type": "memory_mapped_file", "start_va": 140725101002752, "timestamp": "00:01:33.101", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 360448, "start_va": 140725127020544, "type": "region", "version": 1 }, "end_va": 140725127380991, "entry_point": 140725127024796, "filename": "\\Windows\\System32\\ws2_32.dll", "id": "region_6414", "name": "ws2_32.dll", "norm_filename": "c:\\windows\\system32\\ws2_32.dll", "region_type": "memory_mapped_file", "start_va": 140725127020544, "timestamp": "00:01:33.151", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 684032, "start_va": 140725098577920, "type": "region", "version": 1 }, "end_va": 140725099261951, "entry_point": 140725098588204, "filename": "\\Windows\\System32\\msvcrt.dll", "id": "region_6415", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\system32\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 140725098577920, "timestamp": "00:01:33.152", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 172032, "start_va": 140725043789824, "type": "region", "version": 1 }, "end_va": 140725043961855, "entry_point": 140725043832680, "filename": "\\Windows\\System32\\winmmbase.dll", "id": "region_6416", "name": "winmmbase.dll", "norm_filename": "c:\\windows\\system32\\winmmbase.dll", "region_type": "memory_mapped_file", "start_va": 140725043789824, "timestamp": "00:01:33.153", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1269760, "start_va": 140725127806976, "type": "region", "version": 1 }, "end_va": 140725129076735, "entry_point": 140725127811408, "filename": "\\Windows\\System32\\rpcrt4.dll", "id": "region_6417", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\system32\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 140725127806976, "timestamp": "00:01:33.155", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2785280, "start_va": 140725002436608, "type": "region", "version": 1 }, "end_va": 140725005221887, "entry_point": 140725002493380, "filename": "\\Windows\\System32\\iertutil.dll", "id": "region_6418", "name": "iertutil.dll", "norm_filename": "c:\\windows\\system32\\iertutil.dll", "region_type": "memory_mapped_file", "start_va": 140725002436608, "timestamp": "00:01:33.156", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 36864, "start_va": 140725103886336, "type": "region", "version": 1 }, "end_va": 140725103923199, "entry_point": 140725103891456, "filename": "\\Windows\\System32\\nsi.dll", "id": "region_6419", "name": "nsi.dll", "norm_filename": "c:\\windows\\system32\\nsi.dll", "region_type": "memory_mapped_file", "start_va": 140725103886336, "timestamp": "00:01:33.160", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 140725016920064, "type": "region", "version": 1 }, "end_va": 140725016961023, "entry_point": 140725016924356, "filename": "\\Windows\\System32\\winnsi.dll", "id": "region_6420", "name": "winnsi.dll", "norm_filename": "c:\\windows\\system32\\winnsi.dll", "region_type": "memory_mapped_file", "start_va": 140725016920064, "timestamp": "00:01:33.161", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 81920, "start_va": 140725086453760, "type": "region", "version": 1 }, "end_va": 140725086535679, "entry_point": 140725086468812, "filename": "\\Windows\\System32\\profapi.dll", "id": "region_6421", "name": "profapi.dll", "norm_filename": "c:\\windows\\system32\\profapi.dll", "region_type": "memory_mapped_file", "start_va": 140725086453760, "timestamp": "00:01:33.162", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1929216, "start_va": 140725131149312, "type": "region", "version": 1 }, "end_va": 140725133078527, "entry_point": 140725131157344, "filename": "\\Windows\\System32\\combase.dll", "id": "region_6422", "name": "combase.dll", "norm_filename": "c:\\windows\\system32\\combase.dll", "region_type": "memory_mapped_file", "start_va": 140725131149312, "timestamp": "00:01:33.165", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 331776, "start_va": 140725095038976, "type": "region", "version": 1 }, "end_va": 140725095370751, "entry_point": 140725095043776, "filename": "\\Windows\\System32\\shlwapi.dll", "id": "region_7251", "name": "shlwapi.dll", "norm_filename": "c:\\windows\\system32\\shlwapi.dll", "region_type": "memory_mapped_file", "start_va": 140725095038976, "timestamp": "00:01:39.037", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 356352, "start_va": 140725098184704, "type": "region", "version": 1 }, "end_va": 140725098541055, "entry_point": 140725098194176, "filename": "\\Windows\\System32\\sechost.dll", "id": "region_7252", "name": "sechost.dll", "norm_filename": "c:\\windows\\system32\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 140725098184704, "timestamp": "00:01:39.038", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 303104, "start_va": 140725090320384, "type": "region", "version": 1 }, "end_va": 140725090623487, "entry_point": 140725090325080, "filename": "\\Windows\\System32\\cfgmgr32.dll", "id": "region_7253", "name": "cfgmgr32.dll", "norm_filename": "c:\\windows\\system32\\cfgmgr32.dll", "region_type": "memory_mapped_file", "start_va": 140725090320384, "timestamp": "00:01:39.041", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 155648, "start_va": 140725068103680, "type": "region", "version": 1 }, "end_va": 140725068259327, "entry_point": 140725068109212, "filename": "\\Windows\\System32\\devobj.dll", "id": "region_7254", "name": "devobj.dll", "norm_filename": "c:\\windows\\system32\\devobj.dll", "region_type": "memory_mapped_file", "start_va": 140725068103680, "timestamp": "00:01:39.042", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 659456, "start_va": 140725060108288, "type": "region", "version": 1 }, "end_va": 140725060767743, "entry_point": 140725060112544, "filename": "\\Windows\\System32\\SHCore.dll", "id": "region_7255", "name": "shcore.dll", "norm_filename": "c:\\windows\\system32\\shcore.dll", "region_type": "memory_mapped_file", "start_va": 140725060108288, "timestamp": "00:01:39.051", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1900544, "start_va": 630461825024, "type": "region", "version": 1 }, "end_va": 630463725567, "entry_point": 0, "filename": null, "id": "region_7256", "name": "private_0x00000092ca740000", "norm_filename": null, "region_type": "private_memory", "start_va": 630461825024, "timestamp": "00:01:39.054", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 28672, "start_va": 630456385536, "type": "region", "version": 1 }, "end_va": 630456414207, "entry_point": 0, "filename": null, "id": "region_7257", "name": "private_0x00000092ca210000", "norm_filename": null, "region_type": "private_memory", "start_va": 630456385536, "timestamp": "00:01:39.056", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 212992, "start_va": 630456451072, "type": "region", "version": 1 }, "end_va": 630456664063, "entry_point": 630456455216, "filename": "\\Windows\\System32\\imm32.dll", "id": "region_7258", "name": "imm32.dll", "norm_filename": "c:\\windows\\system32\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 630456451072, "timestamp": "00:01:39.057", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 630461825024, "type": "region", "version": 1 }, "end_va": 630463430655, "entry_point": 0, "filename": null, "id": "region_7259", "name": "pagefile_0x00000092ca740000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 630461825024, "timestamp": "00:01:39.058", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 630463660032, "type": "region", "version": 1 }, "end_va": 630463725567, "entry_point": 0, "filename": null, "id": "region_7260", "name": "private_0x00000092ca900000", "norm_filename": null, "region_type": "private_memory", "start_va": 630463660032, "timestamp": "00:01:39.058", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 212992, "start_va": 140725095563264, "type": "region", "version": 1 }, "end_va": 140725095776255, "entry_point": 140725095567408, "filename": "\\Windows\\System32\\imm32.dll", "id": "region_7261", "name": "imm32.dll", "norm_filename": "c:\\windows\\system32\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 140725095563264, "timestamp": "00:01:39.059", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1277952, "start_va": 140725091762176, "type": "region", "version": 1 }, "end_va": 140725093040127, "entry_point": 140725091766288, "filename": "\\Windows\\System32\\msctf.dll", "id": "region_7262", "name": "msctf.dll", "norm_filename": "c:\\windows\\system32\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 140725091762176, "timestamp": "00:01:39.060", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 630463725568, "type": "region", "version": 1 }, "end_va": 630465302527, "entry_point": 0, "filename": null, "id": "region_7263", "name": "pagefile_0x00000092ca910000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 630463725568, "timestamp": "00:01:39.063", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20971520, "start_va": 630465363968, "type": "region", "version": 1 }, "end_va": 630486335487, "entry_point": 0, "filename": null, "id": "region_7264", "name": "pagefile_0x00000092caaa0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 630465363968, "timestamp": "00:01:39.063", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 630456451072, "type": "region", "version": 1 }, "end_va": 630456455167, "entry_point": 0, "filename": null, "id": "region_7612", "name": "private_0x00000092ca220000", "norm_filename": null, "region_type": "private_memory", "start_va": 630456451072, "timestamp": "00:01:41.606", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 630456516608, "type": "region", "version": 1 }, "end_va": 630456520703, "entry_point": 0, "filename": null, "id": "region_7613", "name": "private_0x00000092ca230000", "norm_filename": null, "region_type": "private_memory", "start_va": 630456516608, "timestamp": "00:01:41.606", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 630456582144, "type": "region", "version": 1 }, "end_va": 630456586239, "entry_point": 630456582144, "filename": "\\Windows\\WindowsShell.Manifest", "id": "region_7614", "name": "windowsshell.manifest", "norm_filename": "c:\\windows\\windowsshell.manifest", "region_type": "memory_mapped_file", "start_va": 630456582144, "timestamp": "00:01:41.606", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 630456647680, "type": "region", "version": 1 }, "end_va": 630456655871, "entry_point": 0, "filename": null, "id": "region_7615", "name": "pagefile_0x00000092ca250000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 630456647680, "timestamp": "00:01:41.607", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1703936, "start_va": 630486335488, "type": "region", "version": 1 }, "end_va": 630488039423, "entry_point": 0, "filename": null, "id": "region_7616", "name": "private_0x00000092cbea0000", "norm_filename": null, "region_type": "private_memory", "start_va": 630486335488, "timestamp": "00:01:41.611", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 761856, "start_va": 630456713216, "type": "region", "version": 1 }, "end_va": 630457475071, "entry_point": 630456895336, "filename": "\\Windows\\System32\\rpcss.dll", "id": "region_7673", "name": "rpcss.dll", "norm_filename": "c:\\windows\\system32\\rpcss.dll", "region_type": "memory_mapped_file", "start_va": 630456713216, "timestamp": "00:01:42.469", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 140725068431360, "type": "region", "version": 1 }, "end_va": 140725068472319, "entry_point": 140725068437320, "filename": "\\Windows\\System32\\kernel.appcore.dll", "id": "region_7674", "name": "kernel.appcore.dll", "norm_filename": "c:\\windows\\system32\\kernel.appcore.dll", "region_type": "memory_mapped_file", "start_va": 140725068431360, "timestamp": "00:01:42.472", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 140725085208576, "type": "region", "version": 1 }, "end_va": 140725085249535, "entry_point": 140725085212688, "filename": "\\Windows\\System32\\cryptbase.dll", "id": "region_7675", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\system32\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 140725085208576, "timestamp": "00:01:42.473", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 385024, "start_va": 140725084815360, "type": "region", "version": 1 }, "end_va": 140725085200383, "entry_point": 140725084944032, "filename": "\\Windows\\System32\\bcryptprimitives.dll", "id": "region_7676", "name": "bcryptprimitives.dll", "norm_filename": "c:\\windows\\system32\\bcryptprimitives.dll", "region_type": "memory_mapped_file", "start_va": 140725084815360, "timestamp": "00:01:42.474", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 630456582144, "type": "region", "version": 1 }, "end_va": 630456586239, "entry_point": 0, "filename": null, "id": "region_7679", "name": "pagefile_0x00000092ca240000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 630456582144, "timestamp": "00:01:42.499", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 983040, "start_va": 630486335488, "type": "region", "version": 1 }, "end_va": 630487318527, "entry_point": 0, "filename": null, "id": "region_7680", "name": "pagefile_0x00000092cbea0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 630486335488, "timestamp": "00:01:42.499", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 630487973888, "type": "region", "version": 1 }, "end_va": 630488039423, "entry_point": 0, "filename": null, "id": "region_7681", "name": "private_0x00000092cc030000", "norm_filename": null, "region_type": "private_memory", "start_va": 630487973888, "timestamp": "00:01:42.499", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 630456582144, "type": "region", "version": 1 }, "end_va": 630456598527, "entry_point": 0, "filename": null, "id": "region_7682", "name": "pagefile_0x00000092ca240000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 630456582144, "timestamp": "00:01:42.499", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 28672, "start_va": 630456713216, "type": "region", "version": 1 }, "end_va": 630456741887, "entry_point": 0, "filename": null, "id": "region_7683", "name": "private_0x00000092ca260000", "norm_filename": null, "region_type": "private_memory", "start_va": 630456713216, "timestamp": "00:01:42.500", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 630488039424, "type": "region", "version": 1 }, "end_va": 630489087999, "entry_point": 0, "filename": null, "id": "region_7718", "name": "private_0x00000092cc040000", "norm_filename": null, "region_type": "private_memory", "start_va": 630488039424, "timestamp": "00:01:42.847", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1052672, "start_va": 630489088000, "type": "region", "version": 1 }, "end_va": 630490140671, "entry_point": 630489088000, "filename": "\\Program Files\\Common Files\\wanacry6.malware.exe", "id": "region_7732", "name": "wanacry6.malware.exe", "norm_filename": "c:\\program files\\common files\\wanacry6.malware.exe", "region_type": "memory_mapped_file", "start_va": 630489088000, "timestamp": "00:01:42.948", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 630456778752, "type": "region", "version": 1 }, "end_va": 630456782847, "entry_point": 0, "filename": null, "id": "region_7735", "name": "private_0x00000092ca270000", "norm_filename": null, "region_type": "private_memory", "start_va": 630456778752, "timestamp": "00:01:43.010", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 135168, "start_va": 140725058142208, "type": "region", "version": 1 }, "end_va": 140725058277375, "entry_point": 140725058146560, "filename": "\\Windows\\System32\\dwmapi.dll", "id": "region_7736", "name": "dwmapi.dll", "norm_filename": "c:\\windows\\system32\\dwmapi.dll", "region_type": "memory_mapped_file", "start_va": 140725058142208, "timestamp": "00:01:43.011", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2969600, "start_va": 630489088000, "type": "region", "version": 1 }, "end_va": 630492057599, "entry_point": 630489088000, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_7737", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 630489088000, "timestamp": "00:01:43.013", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 12288, "start_va": 630456844288, "type": "region", "version": 1 }, "end_va": 630456856575, "entry_point": 0, "filename": null, "id": "region_7743", "name": "pagefile_0x00000092ca280000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 630456844288, "timestamp": "00:01:43.062", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 630456844288, "type": "region", "version": 1 }, "end_va": 630456848383, "entry_point": 0, "filename": null, "id": "region_7744", "name": "pagefile_0x00000092ca280000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 630456844288, "timestamp": "00:01:43.065", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 630456909824, "type": "region", "version": 1 }, "end_va": 630456913919, "entry_point": 0, "filename": null, "id": "region_7841", "name": "private_0x00000092ca290000", "norm_filename": null, "region_type": "private_memory", "start_va": 630456909824, "timestamp": "00:01:46.633", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 5185536, "start_va": 630492102656, "type": "region", "version": 1 }, "end_va": 630497288191, "entry_point": 0, "filename": null, "id": "region_7842", "name": "pagefile_0x00000092cc420000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 630492102656, "timestamp": "00:01:46.668", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 15138816, "start_va": 630497345536, "type": "region", "version": 1 }, "end_va": 630512484351, "entry_point": 630497345536, "filename": "\\Windows\\Fonts\\StaticCache.dat", "id": "region_7843", "name": "staticcache.dat", "norm_filename": "c:\\windows\\fonts\\staticcache.dat", "region_type": "memory_mapped_file", "start_va": 630497345536, "timestamp": "00:01:46.668", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 86016, "start_va": 140725025898496, "type": "region", "version": 1 }, "end_va": 140725025984511, "entry_point": 140725025902656, "filename": "\\Windows\\System32\\netapi32.dll", "id": "region_7844", "name": "netapi32.dll", "norm_filename": "c:\\windows\\system32\\netapi32.dll", "region_type": "memory_mapped_file", "start_va": 140725025898496, "timestamp": "00:01:46.749", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 140725072494592, "type": "region", "version": 1 }, "end_va": 140725072543743, "entry_point": 140725072499804, "filename": "\\Windows\\System32\\netutils.dll", "id": "region_7845", "name": "netutils.dll", "norm_filename": "c:\\windows\\system32\\netutils.dll", "region_type": "memory_mapped_file", "start_va": 140725072494592, "timestamp": "00:01:46.750", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 151552, "start_va": 140725073608704, "type": "region", "version": 1 }, "end_va": 140725073760255, "entry_point": 140725073612916, "filename": "\\Windows\\System32\\srvcli.dll", "id": "region_7846", "name": "srvcli.dll", "norm_filename": "c:\\windows\\system32\\srvcli.dll", "region_type": "memory_mapped_file", "start_va": 140725073608704, "timestamp": "00:01:46.751", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 90112, "start_va": 140725025636352, "type": "region", "version": 1 }, "end_va": 140725025726463, "entry_point": 140725025640520, "filename": "\\Windows\\System32\\wkscli.dll", "id": "region_7847", "name": "wkscli.dll", "norm_filename": "c:\\windows\\system32\\wkscli.dll", "region_type": "memory_mapped_file", "start_va": 140725025636352, "timestamp": "00:01:46.752", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 630456975360, "type": "region", "version": 1 }, "end_va": 630456979455, "entry_point": 0, "filename": null, "id": "region_7878", "name": "pagefile_0x00000092ca2a0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 630456975360, "timestamp": "00:01:47.061", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 2195456, "start_va": 630512484352, "type": "region", "version": 1 }, "end_va": 630514679807, "entry_point": 0, "filename": null, "id": "region_7879", "name": "pagefile_0x00000092cd790000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 630512484352, "timestamp": "00:01:47.061", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 12288, "start_va": 630456975360, "type": "region", "version": 1 }, "end_va": 630456987647, "entry_point": 0, "filename": null, "id": "region_8017", "name": "pagefile_0x00000092ca2a0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 630456975360, "timestamp": "00:01:53.533", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 630457040896, "type": "region", "version": 1 }, "end_va": 630457044991, "entry_point": 0, "filename": null, "id": "region_8018", "name": "pagefile_0x00000092ca2b0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 630457040896, "timestamp": "00:01:53.533", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20480, "start_va": 630457106432, "type": "region", "version": 1 }, "end_va": 630457126911, "entry_point": 630457106432, "filename": "\\Windows\\System32\\en-US\\user32.dll.mui", "id": "region_8019", "name": "user32.dll.mui", "norm_filename": "c:\\windows\\system32\\en-us\\user32.dll.mui", "region_type": "memory_mapped_file", "start_va": 630457106432, "timestamp": "00:01:53.533", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 278528, "start_va": 630457171968, "type": "region", "version": 1 }, "end_va": 630457450495, "entry_point": 0, "filename": null, "id": "region_8020", "name": "pagefile_0x00000092ca2d0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 630457171968, "timestamp": "00:01:53.534", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 48848896, "start_va": 630514712576, "type": "region", "version": 1 }, "end_va": 630563561471, "entry_point": 630514712576, "filename": "\\Windows\\System32\\imageres.dll", "id": "region_8022", "name": "imageres.dll", "norm_filename": "c:\\windows\\system32\\imageres.dll", "region_type": "memory_mapped_file", "start_va": 630514712576, "timestamp": "00:01:53.535", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4169728, "start_va": 630563602432, "type": "region", "version": 1 }, "end_va": 630567772159, "entry_point": 0, "filename": null, "id": "region_8023", "name": "pagefile_0x00000092d0850000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 630563602432, "timestamp": "00:01:53.535", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 122880, "start_va": 140725079769088, "type": "region", "version": 1 }, "end_va": 140725079891967, "entry_point": 140725079773640, "filename": "\\Windows\\System32\\cryptsp.dll", "id": "region_8024", "name": "cryptsp.dll", "norm_filename": "c:\\windows\\system32\\cryptsp.dll", "region_type": "memory_mapped_file", "start_va": 140725079769088, "timestamp": "00:01:53.536", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 217088, "start_va": 140725075443712, "type": "region", "version": 1 }, "end_va": 140725075660799, "entry_point": 140725075448792, "filename": "\\Windows\\System32\\rsaenh.dll", "id": "region_8025", "name": "rsaenh.dll", "norm_filename": "c:\\windows\\system32\\rsaenh.dll", "region_type": "memory_mapped_file", "start_va": 140725075443712, "timestamp": "00:01:53.539", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 155648, "start_va": 140725082062848, "type": "region", "version": 1 }, "end_va": 140725082218495, "entry_point": 140725082086248, "filename": "\\Windows\\System32\\bcrypt.dll", "id": "region_8026", "name": "bcrypt.dll", "norm_filename": "c:\\windows\\system32\\bcrypt.dll", "region_type": "memory_mapped_file", "start_va": 140725082062848, "timestamp": "00:01:53.541", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1105920, "start_va": 630567796736, "type": "region", "version": 1 }, "end_va": 630568902655, "entry_point": 0, "filename": null, "id": "region_8027", "name": "private_0x00000092d0c50000", "norm_filename": null, "region_type": "private_memory", "start_va": 630567796736, "timestamp": "00:01:53.548", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 151552, "start_va": 630463463424, "type": "region", "version": 1 }, "end_va": 630463614975, "entry_point": 0, "filename": null, "id": "region_8049", "name": "pagefile_0x00000092ca8d0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 630463463424, "timestamp": "00:01:53.938", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 569344, "start_va": 140725066203136, "type": "region", "version": 1 }, "end_va": 140725066772479, "entry_point": 140725066207268, "filename": "\\Windows\\System32\\apphelp.dll", "id": "region_8050", "name": "apphelp.dll", "norm_filename": "c:\\windows\\system32\\apphelp.dll", "region_type": "memory_mapped_file", "start_va": 140725066203136, "timestamp": "00:01:53.938", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 409600, "start_va": 630457171968, "type": "region", "version": 1 }, "end_va": 630457581567, "entry_point": 630457171968, "filename": "\\Windows\\apppatch\\apppatch64\\sysmain.sdb", "id": "region_8051", "name": "sysmain.sdb", "norm_filename": "c:\\windows\\apppatch\\apppatch64\\sysmain.sdb", "region_type": "memory_mapped_file", "start_va": 630457171968, "timestamp": "00:01:53.940", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1085440, "start_va": 630567796736, "type": "region", "version": 1 }, "end_va": 630568882175, "entry_point": 630567991836, "filename": "\\PROGRA~1\\COMMON~1\\WANACR~1.EXE", "id": "region_8052", "name": "wanacr~1.exe", "norm_filename": "c:\\progra~1\\common~1\\wanacr~1.exe", "region_type": "memory_mapped_file", "start_va": 630567796736, "timestamp": "00:01:53.946", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "\"C:\\Program Files\\Microsoft Office\\Office15\\msoia.exe\" scan upload", "filename": "c:\\program files\\microsoft office\\office15\\msoia.exe", "id": "proc_59", "image_name": "msoia.exe", "monitor_reason": "child_process", "monitored_id": 59, "origin_monitor_id": 46, "ref_parent_process": { "ref_id": "proc_46", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable" ], "ref_process_dump": null, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_4963", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:01:21.729", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 131072, "start_va": 594459820032, "type": "region", "version": 1 }, "end_va": 594459951103, "entry_point": 0, "filename": null, "id": "region_4964", "name": "private_0x0000008a68910000", "norm_filename": null, "region_type": "private_memory", "start_va": 594459820032, "timestamp": "00:01:21.729", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 61440, "start_va": 594459951104, "type": "region", "version": 1 }, "end_va": 594460012543, "entry_point": 0, "filename": null, "id": "region_4965", "name": "pagefile_0x0000008a68930000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 594459951104, "timestamp": "00:01:21.729", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 594460016640, "type": "region", "version": 1 }, "end_va": 594461065215, "entry_point": 0, "filename": null, "id": "region_4966", "name": "private_0x0000008a68940000", "norm_filename": null, "region_type": "private_memory", "start_va": 594460016640, "timestamp": "00:01:21.729", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 594461065216, "type": "region", "version": 1 }, "end_va": 594461081599, "entry_point": 0, "filename": null, "id": "region_4967", "name": "pagefile_0x0000008a68a40000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 594461065216, "timestamp": "00:01:21.729", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 140702266490880, "type": "region", "version": 1 }, "end_va": 140702266634239, "entry_point": 0, "filename": null, "id": "region_4968", "name": "pagefile_0x00007ff7cc9d0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 140702266490880, "timestamp": "00:01:21.729", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140702266675200, "type": "region", "version": 1 }, "end_va": 140702266683391, "entry_point": 0, "filename": null, "id": "region_4969", "name": "private_0x00007ff7cc9fd000", "norm_filename": null, "region_type": "private_memory", "start_va": 140702266675200, "timestamp": "00:01:21.729", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 140702266683392, "type": "region", "version": 1 }, "end_va": 140702266687487, "entry_point": 0, "filename": null, "id": "region_4970", "name": "private_0x00007ff7cc9ff000", "norm_filename": null, "region_type": "private_memory", "start_va": 140702266683392, "timestamp": "00:01:21.729", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 389120, "start_va": 140702269767680, "type": "region", "version": 1 }, "end_va": 140702270156799, "entry_point": 140702269767680, "filename": "\\Program Files\\Microsoft Office\\Office15\\msoia.exe", "id": "region_4971", "name": "msoia.exe", "norm_filename": "c:\\program files\\microsoft office\\office15\\msoia.exe", "region_type": "memory_mapped_file", "start_va": 140702269767680, "timestamp": "00:01:21.729", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 140725133115392, "type": "region", "version": 1 }, "end_va": 140725134856191, "entry_point": 140725133115392, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_4972", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 140725133115392, "timestamp": "00:01:21.736", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 594461130752, "type": "region", "version": 1 }, "end_va": 594461138943, "entry_point": 0, "filename": null, "id": "region_4973", "name": "private_0x0000008a68a50000", "norm_filename": null, "region_type": "private_memory", "start_va": 594461130752, "timestamp": "00:01:21.737", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 594462244864, "type": "region", "version": 1 }, "end_va": 594463293439, "entry_point": 0, "filename": null, "id": "region_5859", "name": "private_0x0000008a68b60000", "norm_filename": null, "region_type": "private_memory", "start_va": 594462244864, "timestamp": "00:01:26.663", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1105920, "start_va": 140725090648064, "type": "region", "version": 1 }, "end_va": 140725091753983, "entry_point": 140725090656928, "filename": "\\Windows\\System32\\KernelBase.dll", "id": "region_5860", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\system32\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 140725090648064, "timestamp": "00:01:26.663", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1282048, "start_va": 140725124988928, "type": "region", "version": 1 }, "end_va": 140725126270975, "entry_point": 140725125009460, "filename": "\\Windows\\System32\\kernel32.dll", "id": "region_5861", "name": "kernel32.dll", "norm_filename": "c:\\windows\\system32\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 140725124988928, "timestamp": "00:01:26.664", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 594459820032, "type": "region", "version": 1 }, "end_va": 594459885567, "entry_point": 0, "filename": null, "id": "region_5886", "name": "pagefile_0x0000008a68910000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 594459820032, "timestamp": "00:01:26.695", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 140702265442304, "type": "region", "version": 1 }, "end_va": 140702266490879, "entry_point": 0, "filename": null, "id": "region_5887", "name": "pagefile_0x00007ff7cc8d0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 140702265442304, "timestamp": "00:01:26.695", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 516096, "start_va": 594461196288, "type": "region", "version": 1 }, "end_va": 594461712383, "entry_point": 594461196288, "filename": "\\Windows\\System32\\locale.nls", "id": "region_5888", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 594461196288, "timestamp": "00:01:26.696", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 675840, "start_va": 140725126299648, "type": "region", "version": 1 }, "end_va": 140725126975487, "entry_point": 140725126303760, "filename": "\\Windows\\System32\\advapi32.dll", "id": "region_5889", "name": "advapi32.dll", "norm_filename": "c:\\windows\\system32\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 140725126299648, "timestamp": "00:01:26.698", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 860160, "start_va": 1584201728, "type": "region", "version": 1 }, "end_va": 1585061887, "entry_point": 1584201728, "filename": "\\Windows\\System32\\msvcr100.dll", "id": "region_5890", "name": "msvcr100.dll", "norm_filename": "c:\\windows\\system32\\msvcr100.dll", "region_type": "memory_mapped_file", "start_va": 1584201728, "timestamp": "00:01:26.707", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 622592, "start_va": 1583546368, "type": "region", "version": 1 }, "end_va": 1584168959, "entry_point": 1583837648, "filename": "\\Windows\\System32\\msvcp100.dll", "id": "region_6189", "name": "msvcp100.dll", "norm_filename": "c:\\windows\\system32\\msvcp100.dll", "region_type": "memory_mapped_file", "start_va": 1583546368, "timestamp": "00:01:31.900", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1531904, "start_va": 140725096546304, "type": "region", "version": 1 }, "end_va": 140725098078207, "entry_point": 140725096550580, "filename": "\\Windows\\System32\\ole32.dll", "id": "region_6190", "name": "ole32.dll", "norm_filename": "c:\\windows\\system32\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 140725096546304, "timestamp": "00:01:31.901", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 749568, "start_va": 140725101002752, "type": "region", "version": 1 }, "end_va": 140725101752319, "entry_point": 140725101007136, "filename": "\\Windows\\System32\\oleaut32.dll", "id": "region_6191", "name": "oleaut32.dll", "norm_filename": "c:\\windows\\system32\\oleaut32.dll", "region_type": "memory_mapped_file", "start_va": 140725101002752, "timestamp": "00:01:31.902", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 28672, "start_va": 594459885568, "type": "region", "version": 1 }, "end_va": 594459914239, "entry_point": 0, "filename": null, "id": "region_6192", "name": "private_0x0000008a68920000", "norm_filename": null, "region_type": "private_memory", "start_va": 594459885568, "timestamp": "00:01:31.902", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 140724958855168, "type": "region", "version": 1 }, "end_va": 140724958896127, "entry_point": 140724958859456, "filename": "\\Windows\\System32\\version.dll", "id": "region_7087", "name": "version.dll", "norm_filename": "c:\\windows\\system32\\version.dll", "region_type": "memory_mapped_file", "start_va": 140724958855168, "timestamp": "00:01:37.850", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 684032, "start_va": 140725098577920, "type": "region", "version": 1 }, "end_va": 140725099261951, "entry_point": 140725098588204, "filename": "\\Windows\\System32\\msvcrt.dll", "id": "region_7088", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\system32\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 140725098577920, "timestamp": "00:01:37.851", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 356352, "start_va": 140725098184704, "type": "region", "version": 1 }, "end_va": 140725098541055, "entry_point": 140725098194176, "filename": "\\Windows\\System32\\sechost.dll", "id": "region_7089", "name": "sechost.dll", "norm_filename": "c:\\windows\\system32\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 140725098184704, "timestamp": "00:01:37.852", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1269760, "start_va": 140725127806976, "type": "region", "version": 1 }, "end_va": 140725129076735, "entry_point": 140725127811408, "filename": "\\Windows\\System32\\rpcrt4.dll", "id": "region_7090", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\system32\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 140725127806976, "timestamp": "00:01:37.852", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1929216, "start_va": 140725131149312, "type": "region", "version": 1 }, "end_va": 140725133078527, "entry_point": 140725131157344, "filename": "\\Windows\\System32\\combase.dll", "id": "region_7091", "name": "combase.dll", "norm_filename": "c:\\windows\\system32\\combase.dll", "region_type": "memory_mapped_file", "start_va": 140725131149312, "timestamp": "00:01:37.854", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1331200, "start_va": 140725129773056, "type": "region", "version": 1 }, "end_va": 140725131104255, "entry_point": 140725129845848, "filename": "\\Windows\\System32\\gdi32.dll", "id": "region_7092", "name": "gdi32.dll", "norm_filename": "c:\\windows\\system32\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 140725129773056, "timestamp": "00:01:37.855", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1511424, "start_va": 140725093466112, "type": "region", "version": 1 }, "end_va": 140725094977535, "entry_point": 140725093620416, "filename": "\\Windows\\System32\\user32.dll", "id": "region_7093", "name": "user32.dll", "norm_filename": "c:\\windows\\system32\\user32.dll", "region_type": "memory_mapped_file", "start_va": 140725093466112, "timestamp": "00:01:37.856", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 851968, "start_va": 594463293440, "type": "region", "version": 1 }, "end_va": 594464145407, "entry_point": 0, "filename": null, "id": "region_7094", "name": "private_0x0000008a68c60000", "norm_filename": null, "region_type": "private_memory", "start_va": 594463293440, "timestamp": "00:01:37.862", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 28672, "start_va": 594461720576, "type": "region", "version": 1 }, "end_va": 594461749247, "entry_point": 0, "filename": null, "id": "region_7095", "name": "private_0x0000008a68ae0000", "norm_filename": null, "region_type": "private_memory", "start_va": 594461720576, "timestamp": "00:01:37.864", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 851968, "start_va": 594464145408, "type": "region", "version": 1 }, "end_va": 594464997375, "entry_point": 0, "filename": null, "id": "region_7096", "name": "private_0x0000008a68d30000", "norm_filename": null, "region_type": "private_memory", "start_va": 594464145408, "timestamp": "00:01:37.865", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 28672, "start_va": 594461786112, "type": "region", "version": 1 }, "end_va": 594461814783, "entry_point": 0, "filename": null, "id": "region_7097", "name": "private_0x0000008a68af0000", "norm_filename": null, "region_type": "private_memory", "start_va": 594461786112, "timestamp": "00:01:37.867", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 212992, "start_va": 594461851648, "type": "region", "version": 1 }, "end_va": 594462064639, "entry_point": 594461855792, "filename": "\\Windows\\System32\\imm32.dll", "id": "region_7098", "name": "imm32.dll", "norm_filename": "c:\\windows\\system32\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 594461851648, "timestamp": "00:01:37.912", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 594464997376, "type": "region", "version": 1 }, "end_va": 594466603007, "entry_point": 0, "filename": null, "id": "region_7099", "name": "pagefile_0x0000008a68e00000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 594464997376, "timestamp": "00:01:37.913", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 212992, "start_va": 140725095563264, "type": "region", "version": 1 }, "end_va": 140725095776255, "entry_point": 140725095567408, "filename": "\\Windows\\System32\\imm32.dll", "id": "region_7100", "name": "imm32.dll", "norm_filename": "c:\\windows\\system32\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 140725095563264, "timestamp": "00:01:37.913", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1277952, "start_va": 140725091762176, "type": "region", "version": 1 }, "end_va": 140725093040127, "entry_point": 140725091766288, "filename": "\\Windows\\System32\\msctf.dll", "id": "region_7101", "name": "msctf.dll", "norm_filename": "c:\\windows\\system32\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 140725091762176, "timestamp": "00:01:37.914", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 594466635776, "type": "region", "version": 1 }, "end_va": 594468212735, "entry_point": 0, "filename": null, "id": "region_7102", "name": "pagefile_0x0000008a68f90000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 594466635776, "timestamp": "00:01:37.917", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20971520, "start_va": 594468274176, "type": "region", "version": 1 }, "end_va": 594489245695, "entry_point": 0, "filename": null, "id": "region_7103", "name": "pagefile_0x0000008a69120000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 594468274176, "timestamp": "00:01:37.918", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 594461851648, "type": "region", "version": 1 }, "end_va": 594461855743, "entry_point": 0, "filename": null, "id": "region_7719", "name": "private_0x0000008a68b00000", "norm_filename": null, "region_type": "private_memory", "start_va": 594461851648, "timestamp": "00:01:42.860", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 594461917184, "type": "region", "version": 1 }, "end_va": 594461921279, "entry_point": 0, "filename": null, "id": "region_7720", "name": "private_0x0000008a68b10000", "norm_filename": null, "region_type": "private_memory", "start_va": 594461917184, "timestamp": "00:01:42.860", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 594461982720, "type": "region", "version": 1 }, "end_va": 594461986815, "entry_point": 0, "filename": null, "id": "region_7721", "name": "private_0x0000008a68b20000", "norm_filename": null, "region_type": "private_memory", "start_va": 594461982720, "timestamp": "00:01:42.860", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 594462048256, "type": "region", "version": 1 }, "end_va": 594462052351, "entry_point": 0, "filename": null, "id": "region_7722", "name": "private_0x0000008a68b30000", "norm_filename": null, "region_type": "private_memory", "start_va": 594462048256, "timestamp": "00:01:42.860", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "taskhost.exe TpmTasks", "filename": "c:\\windows\\system32\\taskhost.exe", "id": "proc_60", "image_name": "taskhost.exe", "monitor_reason": "child_process", "monitored_id": 60, "origin_monitor_id": 46, "ref_parent_process": { "ref_id": "proc_46", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable" ], "ref_process_dump": null, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_5258", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:01:23.247", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 131072, "start_va": 528012148736, "type": "region", "version": 1 }, "end_va": 528012279807, "entry_point": 0, "filename": null, "id": "region_5259", "name": "private_0x0000007aeffa0000", "norm_filename": null, "region_type": "private_memory", "start_va": 528012148736, "timestamp": "00:01:23.247", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 61440, "start_va": 528012279808, "type": "region", "version": 1 }, "end_va": 528012341247, "entry_point": 0, "filename": null, "id": "region_5260", "name": "pagefile_0x0000007aeffc0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 528012279808, "timestamp": "00:01:23.247", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 528012345344, "type": "region", "version": 1 }, "end_va": 528012869631, "entry_point": 0, "filename": null, "id": "region_5261", "name": "private_0x0000007aeffd0000", "norm_filename": null, "region_type": "private_memory", "start_va": 528012345344, "timestamp": "00:01:23.247", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 528012869632, "type": "region", "version": 1 }, "end_va": 528012886015, "entry_point": 0, "filename": null, "id": "region_5262", "name": "pagefile_0x0000007af0050000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 528012869632, "timestamp": "00:01:23.247", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 140702927552512, "type": "region", "version": 1 }, "end_va": 140702927695871, "entry_point": 0, "filename": null, "id": "region_5263", "name": "pagefile_0x00007ff7f4040000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 140702927552512, "timestamp": "00:01:23.247", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 140702927699968, "type": "region", "version": 1 }, "end_va": 140702927704063, "entry_point": 0, "filename": null, "id": "region_5264", "name": "private_0x00007ff7f4064000", "norm_filename": null, "region_type": "private_memory", "start_va": 140702927699968, "timestamp": "00:01:23.247", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140702927740928, "type": "region", "version": 1 }, "end_va": 140702927749119, "entry_point": 0, "filename": null, "id": "region_5265", "name": "private_0x00007ff7f406e000", "norm_filename": null, "region_type": "private_memory", "start_va": 140702927740928, "timestamp": "00:01:23.247", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 90112, "start_va": 140702937907200, "type": "region", "version": 1 }, "end_va": 140702937997311, "entry_point": 140702937919644, "filename": "\\Windows\\System32\\taskhost.exe", "id": "region_5266", "name": "taskhost.exe", "norm_filename": "c:\\windows\\system32\\taskhost.exe", "region_type": "memory_mapped_file", "start_va": 140702937907200, "timestamp": "00:01:23.247", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 140725133115392, "type": "region", "version": 1 }, "end_va": 140725134856191, "entry_point": 140725133115392, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_5267", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 140725133115392, "timestamp": "00:01:23.248", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 528012935168, "type": "region", "version": 1 }, "end_va": 528012939263, "entry_point": 0, "filename": null, "id": "region_5268", "name": "pagefile_0x0000007af0060000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 528012935168, "timestamp": "00:01:23.249", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 528013000704, "type": "region", "version": 1 }, "end_va": 528013008895, "entry_point": 0, "filename": null, "id": "region_5269", "name": "private_0x0000007af0070000", "norm_filename": null, "region_type": "private_memory", "start_va": 528013000704, "timestamp": "00:01:23.249", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1179648, "start_va": 528013066240, "type": "region", "version": 1 }, "end_va": 528014245887, "entry_point": 0, "filename": null, "id": "region_5945", "name": "private_0x0000007af0080000", "norm_filename": null, "region_type": "private_memory", "start_va": 528013066240, "timestamp": "00:01:29.586", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1282048, "start_va": 140725124988928, "type": "region", "version": 1 }, "end_va": 140725126270975, "entry_point": 140725125009460, "filename": "\\Windows\\System32\\kernel32.dll", "id": "region_5946", "name": "kernel32.dll", "norm_filename": "c:\\windows\\system32\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 140725124988928, "timestamp": "00:01:29.589", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1105920, "start_va": 140725090648064, "type": "region", "version": 1 }, "end_va": 140725091753983, "entry_point": 140725090656928, "filename": "\\Windows\\System32\\KernelBase.dll", "id": "region_5947", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\system32\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 140725090648064, "timestamp": "00:01:29.591", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 528012148736, "type": "region", "version": 1 }, "end_va": 528012214271, "entry_point": 0, "filename": null, "id": "region_5948", "name": "pagefile_0x0000007aeffa0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 528012148736, "timestamp": "00:01:29.595", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 140702926503936, "type": "region", "version": 1 }, "end_va": 140702927552511, "entry_point": 0, "filename": null, "id": "region_5949", "name": "pagefile_0x00007ff7f3f40000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 140702926503936, "timestamp": "00:01:29.595", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 516096, "start_va": 528014245888, "type": "region", "version": 1 }, "end_va": 528014761983, "entry_point": 528014245888, "filename": "\\Windows\\System32\\locale.nls", "id": "region_5950", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 528014245888, "timestamp": "00:01:29.597", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 684032, "start_va": 140725098577920, "type": "region", "version": 1 }, "end_va": 140725099261951, "entry_point": 140725098588204, "filename": "\\Windows\\System32\\msvcrt.dll", "id": "region_5951", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\system32\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 140725098577920, "timestamp": "00:01:29.598", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1269760, "start_va": 140725127806976, "type": "region", "version": 1 }, "end_va": 140725129076735, "entry_point": 140725127811408, "filename": "\\Windows\\System32\\rpcrt4.dll", "id": "region_5952", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\system32\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 140725127806976, "timestamp": "00:01:29.599", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1929216, "start_va": 140725131149312, "type": "region", "version": 1 }, "end_va": 140725133078527, "entry_point": 140725131157344, "filename": "\\Windows\\System32\\combase.dll", "id": "region_5953", "name": "combase.dll", "norm_filename": "c:\\windows\\system32\\combase.dll", "region_type": "memory_mapped_file", "start_va": 140725131149312, "timestamp": "00:01:29.600", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 749568, "start_va": 140725101002752, "type": "region", "version": 1 }, "end_va": 140725101752319, "entry_point": 140725101007136, "filename": "\\Windows\\System32\\oleaut32.dll", "id": "region_5954", "name": "oleaut32.dll", "norm_filename": "c:\\windows\\system32\\oleaut32.dll", "region_type": "memory_mapped_file", "start_va": 140725101002752, "timestamp": "00:01:29.600", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 528014770176, "type": "region", "version": 1 }, "end_va": 528015032319, "entry_point": 0, "filename": null, "id": "region_5955", "name": "private_0x0000007af0220000", "norm_filename": null, "region_type": "private_memory", "start_va": 528014770176, "timestamp": "00:01:29.604", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 28672, "start_va": 528012214272, "type": "region", "version": 1 }, "end_va": 528012242943, "entry_point": 0, "filename": null, "id": "region_5956", "name": "private_0x0000007aeffb0000", "norm_filename": null, "region_type": "private_memory", "start_va": 528012214272, "timestamp": "00:01:29.605", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1536000, "start_va": 528015032320, "type": "region", "version": 1 }, "end_va": 528016568319, "entry_point": 528015036596, "filename": "\\Windows\\System32\\ole32.dll", "id": "region_5957", "name": "ole32.dll", "norm_filename": "c:\\windows\\system32\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 528015032320, "timestamp": "00:01:29.607", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 761856, "start_va": 528015032320, "type": "region", "version": 1 }, "end_va": 528015794175, "entry_point": 528015214440, "filename": "\\Windows\\System32\\rpcss.dll", "id": "region_5958", "name": "rpcss.dll", "norm_filename": "c:\\windows\\system32\\rpcss.dll", "region_type": "memory_mapped_file", "start_va": 528015032320, "timestamp": "00:01:29.609", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 140725068431360, "type": "region", "version": 1 }, "end_va": 140725068472319, "entry_point": 140725068437320, "filename": "\\Windows\\System32\\kernel.appcore.dll", "id": "region_5959", "name": "kernel.appcore.dll", "norm_filename": "c:\\windows\\system32\\kernel.appcore.dll", "region_type": "memory_mapped_file", "start_va": 140725068431360, "timestamp": "00:01:29.611", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 140725085208576, "type": "region", "version": 1 }, "end_va": 140725085249535, "entry_point": 140725085212688, "filename": "\\Windows\\System32\\cryptbase.dll", "id": "region_5960", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\system32\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 140725085208576, "timestamp": "00:01:29.612", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 385024, "start_va": 140725084815360, "type": "region", "version": 1 }, "end_va": 140725085200383, "entry_point": 140725084944032, "filename": "\\Windows\\System32\\bcryptprimitives.dll", "id": "region_5961", "name": "bcryptprimitives.dll", "norm_filename": "c:\\windows\\system32\\bcryptprimitives.dll", "region_type": "memory_mapped_file", "start_va": 140725084815360, "timestamp": "00:01:29.613", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1511424, "start_va": 140725093466112, "type": "region", "version": 1 }, "end_va": 140725094977535, "entry_point": 140725093620416, "filename": "\\Windows\\System32\\user32.dll", "id": "region_5962", "name": "user32.dll", "norm_filename": "c:\\windows\\system32\\user32.dll", "region_type": "memory_mapped_file", "start_va": 140725093466112, "timestamp": "00:01:29.616", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 28672, "start_va": 528013066240, "type": "region", "version": 1 }, "end_va": 528013094911, "entry_point": 0, "filename": null, "id": "region_5963", "name": "private_0x0000007af0080000", "norm_filename": null, "region_type": "private_memory", "start_va": 528013066240, "timestamp": "00:01:29.617", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 528013197312, "type": "region", "version": 1 }, "end_va": 528014245887, "entry_point": 0, "filename": null, "id": "region_5964", "name": "private_0x0000007af00a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 528013197312, "timestamp": "00:01:29.617", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1331200, "start_va": 140725129773056, "type": "region", "version": 1 }, "end_va": 140725131104255, "entry_point": 140725129845848, "filename": "\\Windows\\System32\\gdi32.dll", "id": "region_5965", "name": "gdi32.dll", "norm_filename": "c:\\windows\\system32\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 140725129773056, "timestamp": "00:01:29.617", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 528015032320, "type": "region", "version": 1 }, "end_va": 528016637951, "entry_point": 0, "filename": null, "id": "region_5968", "name": "pagefile_0x0000007af0260000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 528015032320, "timestamp": "00:01:29.662", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 528016670720, "type": "region", "version": 1 }, "end_va": 528018247679, "entry_point": 0, "filename": null, "id": "region_5969", "name": "pagefile_0x0000007af03f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 528016670720, "timestamp": "00:01:29.662", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 786432, "start_va": 528018309120, "type": "region", "version": 1 }, "end_va": 528019095551, "entry_point": 0, "filename": null, "id": "region_5970", "name": "pagefile_0x0000007af0580000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 528018309120, "timestamp": "00:01:29.662", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 12288, "start_va": 528013131776, "type": "region", "version": 1 }, "end_va": 528013144063, "entry_point": 0, "filename": null, "id": "region_5971", "name": "pagefile_0x0000007af0090000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 528013131776, "timestamp": "00:01:29.664", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 528014770176, "type": "region", "version": 1 }, "end_va": 528014774271, "entry_point": 0, "filename": null, "id": "region_5972", "name": "pagefile_0x0000007af0220000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 528014770176, "timestamp": "00:01:29.664", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 528014835712, "type": "region", "version": 1 }, "end_va": 528014839807, "entry_point": 528014835712, "filename": "\\Windows\\System32\\en-US\\taskhost.exe.mui", "id": "region_5973", "name": "taskhost.exe.mui", "norm_filename": "c:\\windows\\system32\\en-us\\taskhost.exe.mui", "region_type": "memory_mapped_file", "start_va": 528014835712, "timestamp": "00:01:29.664", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 528014966784, "type": "region", "version": 1 }, "end_va": 528015032319, "entry_point": 0, "filename": null, "id": "region_5974", "name": "private_0x0000007af0250000", "norm_filename": null, "region_type": "private_memory", "start_va": 528014966784, "timestamp": "00:01:29.666", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 528014901248, "type": "region", "version": 1 }, "end_va": 528014905343, "entry_point": 0, "filename": null, "id": "region_5975", "name": "private_0x0000007af0240000", "norm_filename": null, "region_type": "private_memory", "start_va": 528014901248, "timestamp": "00:01:29.667", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 528019095552, "type": "region", "version": 1 }, "end_va": 528019099647, "entry_point": 0, "filename": null, "id": "region_5976", "name": "private_0x0000007af0640000", "norm_filename": null, "region_type": "private_memory", "start_va": 528019095552, "timestamp": "00:01:29.667", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 356352, "start_va": 140725098184704, "type": "region", "version": 1 }, "end_va": 140725098541055, "entry_point": 140725098194176, "filename": "\\Windows\\System32\\sechost.dll", "id": "region_7398", "name": "sechost.dll", "norm_filename": "c:\\windows\\system32\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 140725098184704, "timestamp": "00:01:40.226", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 528019161088, "type": "region", "version": 1 }, "end_va": 528019685375, "entry_point": 0, "filename": null, "id": "region_7604", "name": "private_0x0000007af0650000", "norm_filename": null, "region_type": "private_memory", "start_va": 528019161088, "timestamp": "00:01:41.584", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 528019685376, "type": "region", "version": 1 }, "end_va": 528020209663, "entry_point": 0, "filename": null, "id": "region_7605", "name": "private_0x0000007af06d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 528019685376, "timestamp": "00:01:41.584", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 528020209664, "type": "region", "version": 1 }, "end_va": 528020213759, "entry_point": 0, "filename": null, "id": "region_7606", "name": "pagefile_0x0000007af0750000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 528020209664, "timestamp": "00:01:41.584", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140702927724544, "type": "region", "version": 1 }, "end_va": 140702927732735, "entry_point": 0, "filename": null, "id": "region_7607", "name": "private_0x00007ff7f406a000", "norm_filename": null, "region_type": "private_memory", "start_va": 140702927724544, "timestamp": "00:01:41.584", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140702927732736, "type": "region", "version": 1 }, "end_va": 140702927740927, "entry_point": 0, "filename": null, "id": "region_7608", "name": "private_0x00007ff7f406c000", "norm_filename": null, "region_type": "private_memory", "start_va": 140702927732736, "timestamp": "00:01:41.584", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 671744, "start_va": 140725095825408, "type": "region", "version": 1 }, "end_va": 140725096497151, "entry_point": 140725095829872, "filename": "\\Windows\\System32\\clbcatq.dll", "id": "region_7609", "name": "clbcatq.dll", "norm_filename": "c:\\windows\\system32\\clbcatq.dll", "region_type": "memory_mapped_file", "start_va": 140725095825408, "timestamp": "00:01:41.585", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 528020275200, "type": "region", "version": 1 }, "end_va": 528020279295, "entry_point": 0, "filename": null, "id": "region_7611", "name": "pagefile_0x0000007af0760000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 528020275200, "timestamp": "00:01:41.603", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 184320, "start_va": 140724902363136, "type": "region", "version": 1 }, "end_va": 140724902547455, "entry_point": 140724902363136, "filename": "\\Windows\\System32\\TpmTasks.dll", "id": "region_7656", "name": "tpmtasks.dll", "norm_filename": "c:\\windows\\system32\\tpmtasks.dll", "region_type": "memory_mapped_file", "start_va": 140724902363136, "timestamp": "00:01:42.238", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 147456, "start_va": 140725081866240, "type": "region", "version": 1 }, "end_va": 140725082013695, "entry_point": 140725081897200, "filename": "\\Windows\\System32\\ncrypt.dll", "id": "region_7723", "name": "ncrypt.dll", "norm_filename": "c:\\windows\\system32\\ncrypt.dll", "region_type": "memory_mapped_file", "start_va": 140725081866240, "timestamp": "00:01:42.863", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 155648, "start_va": 140725082062848, "type": "region", "version": 1 }, "end_va": 140725082218495, "entry_point": 140725082086248, "filename": "\\Windows\\System32\\bcrypt.dll", "id": "region_7724", "name": "bcrypt.dll", "norm_filename": "c:\\windows\\system32\\bcrypt.dll", "region_type": "memory_mapped_file", "start_va": 140725082062848, "timestamp": "00:01:42.864", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1929216, "start_va": 140725088026624, "type": "region", "version": 1 }, "end_va": 140725089955839, "entry_point": 140725088030884, "filename": "\\Windows\\System32\\crypt32.dll", "id": "region_7725", "name": "crypt32.dll", "norm_filename": "c:\\windows\\system32\\crypt32.dll", "region_type": "memory_mapped_file", "start_va": 140725088026624, "timestamp": "00:01:42.865", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 45056, "start_va": 140724898562048, "type": "region", "version": 1 }, "end_va": 140724898607103, "entry_point": 140724898562048, "filename": "\\Windows\\System32\\tbs.dll", "id": "region_7726", "name": "tbs.dll", "norm_filename": "c:\\windows\\system32\\tbs.dll", "region_type": "memory_mapped_file", "start_va": 140724898562048, "timestamp": "00:01:42.869", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 421888, "start_va": 140725029044224, "type": "region", "version": 1 }, "end_va": 140725029466111, "entry_point": 140725029048500, "filename": "\\Windows\\System32\\wevtapi.dll", "id": "region_7727", "name": "wevtapi.dll", "norm_filename": "c:\\windows\\system32\\wevtapi.dll", "region_type": "memory_mapped_file", "start_va": 140725029044224, "timestamp": "00:01:42.939", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 114688, "start_va": 140725040906240, "type": "region", "version": 1 }, "end_va": 140725041020927, "entry_point": 140725040910476, "filename": "\\Windows\\System32\\aepic.dll", "id": "region_7728", "name": "aepic.dll", "norm_filename": "c:\\windows\\system32\\aepic.dll", "region_type": "memory_mapped_file", "start_va": 140725040906240, "timestamp": "00:01:42.939", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 675840, "start_va": 140725126299648, "type": "region", "version": 1 }, "end_va": 140725126975487, "entry_point": 140725126303760, "filename": "\\Windows\\System32\\advapi32.dll", "id": "region_7729", "name": "advapi32.dll", "norm_filename": "c:\\windows\\system32\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 140725126299648, "timestamp": "00:01:42.940", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 237568, "start_va": 140725081604096, "type": "region", "version": 1 }, "end_va": 140725081841663, "entry_point": 140725081759456, "filename": "\\Windows\\System32\\ntasn1.dll", "id": "region_7730", "name": "ntasn1.dll", "norm_filename": "c:\\windows\\system32\\ntasn1.dll", "region_type": "memory_mapped_file", "start_va": 140725081604096, "timestamp": "00:01:42.942", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 73728, "start_va": 140725087174656, "type": "region", "version": 1 }, "end_va": 140725087248383, "entry_point": 140725087178996, "filename": "\\Windows\\System32\\msasn1.dll", "id": "region_7731", "name": "msasn1.dll", "norm_filename": "c:\\windows\\system32\\msasn1.dll", "region_type": "memory_mapped_file", "start_va": 140725087174656, "timestamp": "00:01:42.946", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 65536, "start_va": 140725043462144, "type": "region", "version": 1 }, "end_va": 140725043527679, "entry_point": 140725043471648, "filename": "\\Windows\\System32\\sfc_os.dll", "id": "region_7733", "name": "sfc_os.dll", "norm_filename": "c:\\windows\\system32\\sfc_os.dll", "region_type": "memory_mapped_file", "start_va": 140725043462144, "timestamp": "00:01:42.968", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 140724958855168, "type": "region", "version": 1 }, "end_va": 140724958896127, "entry_point": 140724958859456, "filename": "\\Windows\\System32\\version.dll", "id": "region_7734", "name": "version.dll", "norm_filename": "c:\\windows\\system32\\version.dll", "region_type": "memory_mapped_file", "start_va": 140724958855168, "timestamp": "00:01:42.969", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 528020340736, "type": "region", "version": 1 }, "end_va": 528020865023, "entry_point": 0, "filename": null, "id": "region_7738", "name": "private_0x0000007af0770000", "norm_filename": null, "region_type": "private_memory", "start_va": 528020340736, "timestamp": "00:01:43.015", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 528020865024, "type": "region", "version": 1 }, "end_va": 528020869119, "entry_point": 0, "filename": null, "id": "region_7739", "name": "private_0x0000007af07f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 528020865024, "timestamp": "00:01:43.015", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140702927716352, "type": "region", "version": 1 }, "end_va": 140702927724543, "entry_point": 0, "filename": null, "id": "region_7740", "name": "private_0x00007ff7f4068000", "norm_filename": null, "region_type": "private_memory", "start_va": 140702927716352, "timestamp": "00:01:43.015", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "C:\\Windows\\system32\\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}", "filename": "c:\\windows\\system32\\dllhost.exe", "id": "proc_61", "image_name": "dllhost.exe", "monitor_reason": "child_process", "monitored_id": 61, "origin_monitor_id": 41, "ref_parent_process": { "ref_id": "proc_41", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable" ], "ref_process_dump": null, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_5504", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:01:25.148", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 131072, "start_va": 392060665856, "type": "region", "version": 1 }, "end_va": 392060796927, "entry_point": 0, "filename": null, "id": "region_5505", "name": "private_0x0000005b48a30000", "norm_filename": null, "region_type": "private_memory", "start_va": 392060665856, "timestamp": "00:01:25.148", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 61440, "start_va": 392060796928, "type": "region", "version": 1 }, "end_va": 392060858367, "entry_point": 0, "filename": null, "id": "region_5506", "name": "pagefile_0x0000005b48a50000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 392060796928, "timestamp": "00:01:25.148", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 392060862464, "type": "region", "version": 1 }, "end_va": 392061911039, "entry_point": 0, "filename": null, "id": "region_5507", "name": "private_0x0000005b48a60000", "norm_filename": null, "region_type": "private_memory", "start_va": 392060862464, "timestamp": "00:01:25.148", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 392061911040, "type": "region", "version": 1 }, "end_va": 392061927423, "entry_point": 0, "filename": null, "id": "region_5508", "name": "pagefile_0x0000005b48b60000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 392061911040, "timestamp": "00:01:25.148", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 140694732603392, "type": "region", "version": 1 }, "end_va": 140694732746751, "entry_point": 0, "filename": null, "id": "region_5509", "name": "pagefile_0x00007ff60b8f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 140694732603392, "timestamp": "00:01:25.148", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140694732787712, "type": "region", "version": 1 }, "end_va": 140694732795903, "entry_point": 0, "filename": null, "id": "region_5510", "name": "private_0x00007ff60b91d000", "norm_filename": null, "region_type": "private_memory", "start_va": 140694732787712, "timestamp": "00:01:25.148", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 140694732795904, "type": "region", "version": 1 }, "end_va": 140694732799999, "entry_point": 0, "filename": null, "id": "region_5511", "name": "private_0x00007ff60b91f000", "norm_filename": null, "region_type": "private_memory", "start_va": 140694732795904, "timestamp": "00:01:25.148", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 28672, "start_va": 140694737453056, "type": "region", "version": 1 }, "end_va": 140694737481727, "entry_point": 140694737457540, "filename": "\\Windows\\System32\\dllhost.exe", "id": "region_5512", "name": "dllhost.exe", "norm_filename": "c:\\windows\\system32\\dllhost.exe", "region_type": "memory_mapped_file", "start_va": 140694737453056, "timestamp": "00:01:25.149", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 140725133115392, "type": "region", "version": 1 }, "end_va": 140725134856191, "entry_point": 140725133115392, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_5513", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 140725133115392, "timestamp": "00:01:25.149", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 392061976576, "type": "region", "version": 1 }, "end_va": 392061984767, "entry_point": 0, "filename": null, "id": "region_5514", "name": "private_0x0000005b48b70000", "norm_filename": null, "region_type": "private_memory", "start_va": 392061976576, "timestamp": "00:01:25.151", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 392062107648, "type": "region", "version": 1 }, "end_va": 392063156223, "entry_point": 0, "filename": null, "id": "region_5520", "name": "private_0x0000005b48b90000", "norm_filename": null, "region_type": "private_memory", "start_va": 392062107648, "timestamp": "00:01:25.238", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1105920, "start_va": 140725090648064, "type": "region", "version": 1 }, "end_va": 140725091753983, "entry_point": 140725090656928, "filename": "\\Windows\\System32\\KernelBase.dll", "id": "region_5521", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\system32\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 140725090648064, "timestamp": "00:01:25.238", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1282048, "start_va": 140725124988928, "type": "region", "version": 1 }, "end_va": 140725126270975, "entry_point": 140725125009460, "filename": "\\Windows\\System32\\kernel32.dll", "id": "region_5522", "name": "kernel32.dll", "norm_filename": "c:\\windows\\system32\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 140725124988928, "timestamp": "00:01:25.239", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 392060665856, "type": "region", "version": 1 }, "end_va": 392060731391, "entry_point": 0, "filename": null, "id": "region_5523", "name": "pagefile_0x0000005b48a30000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 392060665856, "timestamp": "00:01:25.241", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 140694731554816, "type": "region", "version": 1 }, "end_va": 140694732603391, "entry_point": 0, "filename": null, "id": "region_5524", "name": "pagefile_0x00007ff60b7f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 140694731554816, "timestamp": "00:01:25.241", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 516096, "start_va": 392063156224, "type": "region", "version": 1 }, "end_va": 392063672319, "entry_point": 392063156224, "filename": "\\Windows\\System32\\locale.nls", "id": "region_5525", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 392063156224, "timestamp": "00:01:25.242", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 684032, "start_va": 140725098577920, "type": "region", "version": 1 }, "end_va": 140725099261951, "entry_point": 140725098588204, "filename": "\\Windows\\System32\\msvcrt.dll", "id": "region_5526", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\system32\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 140725098577920, "timestamp": "00:01:25.247", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1929216, "start_va": 140725131149312, "type": "region", "version": 1 }, "end_va": 140725133078527, "entry_point": 140725131157344, "filename": "\\Windows\\System32\\combase.dll", "id": "region_5527", "name": "combase.dll", "norm_filename": "c:\\windows\\system32\\combase.dll", "region_type": "memory_mapped_file", "start_va": 140725131149312, "timestamp": "00:01:25.248", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1269760, "start_va": 140725127806976, "type": "region", "version": 1 }, "end_va": 140725129076735, "entry_point": 140725127811408, "filename": "\\Windows\\System32\\rpcrt4.dll", "id": "region_5528", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\system32\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 140725127806976, "timestamp": "00:01:25.249", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1179648, "start_va": 392063680512, "type": "region", "version": 1 }, "end_va": 392064860159, "entry_point": 0, "filename": null, "id": "region_5529", "name": "private_0x0000005b48d10000", "norm_filename": null, "region_type": "private_memory", "start_va": 392063680512, "timestamp": "00:01:25.253", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 28672, "start_va": 392060731392, "type": "region", "version": 1 }, "end_va": 392060760063, "entry_point": 0, "filename": null, "id": "region_5530", "name": "private_0x0000005b48a40000", "norm_filename": null, "region_type": "private_memory", "start_va": 392060731392, "timestamp": "00:01:25.254", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 761856, "start_va": 392063680512, "type": "region", "version": 1 }, "end_va": 392064442367, "entry_point": 392063862632, "filename": "\\Windows\\System32\\rpcss.dll", "id": "region_5539", "name": "rpcss.dll", "norm_filename": "c:\\windows\\system32\\rpcss.dll", "region_type": "memory_mapped_file", "start_va": 392063680512, "timestamp": "00:01:25.292", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 392064794624, "type": "region", "version": 1 }, "end_va": 392064860159, "entry_point": 0, "filename": null, "id": "region_5540", "name": "private_0x0000005b48e20000", "norm_filename": null, "region_type": "private_memory", "start_va": 392064794624, "timestamp": "00:01:25.292", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 140725068431360, "type": "region", "version": 1 }, "end_va": 140725068472319, "entry_point": 140725068437320, "filename": "\\Windows\\System32\\kernel.appcore.dll", "id": "region_5541", "name": "kernel.appcore.dll", "norm_filename": "c:\\windows\\system32\\kernel.appcore.dll", "region_type": "memory_mapped_file", "start_va": 140725068431360, "timestamp": "00:01:25.293", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 140725085208576, "type": "region", "version": 1 }, "end_va": 140725085249535, "entry_point": 140725085212688, "filename": "\\Windows\\System32\\cryptbase.dll", "id": "region_5542", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\system32\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 140725085208576, "timestamp": "00:01:25.294", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 28672, "start_va": 392062042112, "type": "region", "version": 1 }, "end_va": 392062070783, "entry_point": 0, "filename": null, "id": "region_5543", "name": "private_0x0000005b48b80000", "norm_filename": null, "region_type": "private_memory", "start_va": 392062042112, "timestamp": "00:01:25.296", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 385024, "start_va": 140725084815360, "type": "region", "version": 1 }, "end_va": 140725085200383, "entry_point": 140725084944032, "filename": "\\Windows\\System32\\bcryptprimitives.dll", "id": "region_5544", "name": "bcryptprimitives.dll", "norm_filename": "c:\\windows\\system32\\bcryptprimitives.dll", "region_type": "memory_mapped_file", "start_va": 140725084815360, "timestamp": "00:01:25.296", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 392063680512, "type": "region", "version": 1 }, "end_va": 392063684607, "entry_point": 0, "filename": null, "id": "region_5545", "name": "pagefile_0x0000005b48d10000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 392063680512, "timestamp": "00:01:25.300", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 671744, "start_va": 140725095825408, "type": "region", "version": 1 }, "end_va": 140725096497151, "entry_point": 140725095829872, "filename": "\\Windows\\System32\\clbcatq.dll", "id": "region_5546", "name": "clbcatq.dll", "norm_filename": "c:\\windows\\system32\\clbcatq.dll", "region_type": "memory_mapped_file", "start_va": 140725095825408, "timestamp": "00:01:25.300", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 392063746048, "type": "region", "version": 1 }, "end_va": 392063750143, "entry_point": 0, "filename": null, "id": "region_5547", "name": "pagefile_0x0000005b48d20000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 392063746048, "timestamp": "00:01:25.302", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 356352, "start_va": 140725098184704, "type": "region", "version": 1 }, "end_va": 140725098541055, "entry_point": 140725098194176, "filename": "\\Windows\\System32\\sechost.dll", "id": "region_5559", "name": "sechost.dll", "norm_filename": "c:\\windows\\system32\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 140725098184704, "timestamp": "00:01:25.334", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 122880, "start_va": 140725079769088, "type": "region", "version": 1 }, "end_va": 140725079891967, "entry_point": 140725079773640, "filename": "\\Windows\\System32\\cryptsp.dll", "id": "region_5560", "name": "cryptsp.dll", "norm_filename": "c:\\windows\\system32\\cryptsp.dll", "region_type": "memory_mapped_file", "start_va": 140725079769088, "timestamp": "00:01:25.339", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 217088, "start_va": 140725075443712, "type": "region", "version": 1 }, "end_va": 140725075660799, "entry_point": 140725075448792, "filename": "\\Windows\\System32\\rsaenh.dll", "id": "region_5561", "name": "rsaenh.dll", "norm_filename": "c:\\windows\\system32\\rsaenh.dll", "region_type": "memory_mapped_file", "start_va": 140725075443712, "timestamp": "00:01:25.341", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 155648, "start_va": 140725082062848, "type": "region", "version": 1 }, "end_va": 140725082218495, "entry_point": 140725082086248, "filename": "\\Windows\\System32\\bcrypt.dll", "id": "region_5562", "name": "bcrypt.dll", "norm_filename": "c:\\windows\\system32\\bcrypt.dll", "region_type": "memory_mapped_file", "start_va": 140725082062848, "timestamp": "00:01:25.343", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2969600, "start_va": 392064860160, "type": "region", "version": 1 }, "end_va": 392067829759, "entry_point": 392064860160, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_5563", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 392064860160, "timestamp": "00:01:25.346", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 392067874816, "type": "region", "version": 1 }, "end_va": 392068923391, "entry_point": 0, "filename": null, "id": "region_5564", "name": "private_0x0000005b49110000", "norm_filename": null, "region_type": "private_memory", "start_va": 392067874816, "timestamp": "00:01:25.351", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 392068923392, "type": "region", "version": 1 }, "end_va": 392069971967, "entry_point": 0, "filename": null, "id": "region_5565", "name": "private_0x0000005b49210000", "norm_filename": null, "region_type": "private_memory", "start_va": 392068923392, "timestamp": "00:01:25.351", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140694732771328, "type": "region", "version": 1 }, "end_va": 140694732779519, "entry_point": 0, "filename": null, "id": "region_5566", "name": "private_0x00007ff60b919000", "norm_filename": null, "region_type": "private_memory", "start_va": 140694732771328, "timestamp": "00:01:25.351", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140694732779520, "type": "region", "version": 1 }, "end_va": 140694732787711, "entry_point": 0, "filename": null, "id": "region_5567", "name": "private_0x00007ff60b91b000", "norm_filename": null, "region_type": "private_memory", "start_va": 140694732779520, "timestamp": "00:01:25.351", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 392069971968, "type": "region", "version": 1 }, "end_va": 392071020543, "entry_point": 0, "filename": null, "id": "region_5568", "name": "private_0x0000005b49310000", "norm_filename": null, "region_type": "private_memory", "start_va": 392069971968, "timestamp": "00:01:25.353", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 392071020544, "type": "region", "version": 1 }, "end_va": 392072069119, "entry_point": 0, "filename": null, "id": "region_5569", "name": "private_0x0000005b49410000", "norm_filename": null, "region_type": "private_memory", "start_va": 392071020544, "timestamp": "00:01:25.353", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140694732754944, "type": "region", "version": 1 }, "end_va": 140694732763135, "entry_point": 0, "filename": null, "id": "region_5570", "name": "private_0x00007ff60b915000", "norm_filename": null, "region_type": "private_memory", "start_va": 140694732754944, "timestamp": "00:01:25.353", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140694732763136, "type": "region", "version": 1 }, "end_va": 140694732771327, "entry_point": 0, "filename": null, "id": "region_5571", "name": "private_0x00007ff60b917000", "norm_filename": null, "region_type": "private_memory", "start_va": 140694732763136, "timestamp": "00:01:25.353", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1511424, "start_va": 140725093466112, "type": "region", "version": 1 }, "end_va": 140725094977535, "entry_point": 140725093620416, "filename": "\\Windows\\System32\\user32.dll", "id": "region_5572", "name": "user32.dll", "norm_filename": "c:\\windows\\system32\\user32.dll", "region_type": "memory_mapped_file", "start_va": 140725093466112, "timestamp": "00:01:25.353", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1331200, "start_va": 140725129773056, "type": "region", "version": 1 }, "end_va": 140725131104255, "entry_point": 140725129845848, "filename": "\\Windows\\System32\\gdi32.dll", "id": "region_5573", "name": "gdi32.dll", "norm_filename": "c:\\windows\\system32\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 140725129773056, "timestamp": "00:01:25.354", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 212992, "start_va": 392063811584, "type": "region", "version": 1 }, "end_va": 392064024575, "entry_point": 392063815728, "filename": "\\Windows\\System32\\imm32.dll", "id": "region_5574", "name": "imm32.dll", "norm_filename": "c:\\windows\\system32\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 392063811584, "timestamp": "00:01:25.358", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 392072069120, "type": "region", "version": 1 }, "end_va": 392073674751, "entry_point": 0, "filename": null, "id": "region_5575", "name": "pagefile_0x0000005b49510000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 392072069120, "timestamp": "00:01:25.359", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 212992, "start_va": 140725095563264, "type": "region", "version": 1 }, "end_va": 140725095776255, "entry_point": 140725095567408, "filename": "\\Windows\\System32\\imm32.dll", "id": "region_5576", "name": "imm32.dll", "norm_filename": "c:\\windows\\system32\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 140725095563264, "timestamp": "00:01:25.360", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1277952, "start_va": 140725091762176, "type": "region", "version": 1 }, "end_va": 140725093040127, "entry_point": 140725091766288, "filename": "\\Windows\\System32\\msctf.dll", "id": "region_5577", "name": "msctf.dll", "norm_filename": "c:\\windows\\system32\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 140725091762176, "timestamp": "00:01:25.361", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 392073707520, "type": "region", "version": 1 }, "end_va": 392075284479, "entry_point": 0, "filename": null, "id": "region_5578", "name": "pagefile_0x0000005b496a0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 392073707520, "timestamp": "00:01:25.363", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20971520, "start_va": 392075345920, "type": "region", "version": 1 }, "end_va": 392096317439, "entry_point": 0, "filename": null, "id": "region_5579", "name": "pagefile_0x0000005b49830000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 392075345920, "timestamp": "00:01:25.364", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 392063811584, "type": "region", "version": 1 }, "end_va": 392063815679, "entry_point": 0, "filename": null, "id": "region_5580", "name": "private_0x0000005b48d30000", "norm_filename": null, "region_type": "private_memory", "start_va": 392063811584, "timestamp": "00:01:25.366", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 392063877120, "type": "region", "version": 1 }, "end_va": 392063881215, "entry_point": 0, "filename": null, "id": "region_5581", "name": "private_0x0000005b48d40000", "norm_filename": null, "region_type": "private_memory", "start_va": 392063877120, "timestamp": "00:01:25.366", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1187840, "start_va": 140725066858496, "type": "region", "version": 1 }, "end_va": 140725068046335, "entry_point": 140725066904644, "filename": "\\Windows\\System32\\uxtheme.dll", "id": "region_5582", "name": "uxtheme.dll", "norm_filename": "c:\\windows\\system32\\uxtheme.dll", "region_type": "memory_mapped_file", "start_va": 140725066858496, "timestamp": "00:01:25.366", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1245184, "start_va": 392096317440, "type": "region", "version": 1 }, "end_va": 392097562623, "entry_point": 0, "filename": null, "id": "region_5583", "name": "private_0x0000005b4ac30000", "norm_filename": null, "region_type": "private_memory", "start_va": 392096317440, "timestamp": "00:01:25.368", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 392063942656, "type": "region", "version": 1 }, "end_va": 392063946751, "entry_point": 0, "filename": null, "id": "region_5585", "name": "pagefile_0x0000005b48d50000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 392063942656, "timestamp": "00:01:25.371", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 983040, "start_va": 392096317440, "type": "region", "version": 1 }, "end_va": 392097300479, "entry_point": 0, "filename": null, "id": "region_5586", "name": "pagefile_0x0000005b4ac30000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 392096317440, "timestamp": "00:01:25.371", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 392097497088, "type": "region", "version": 1 }, "end_va": 392097562623, "entry_point": 0, "filename": null, "id": "region_5587", "name": "private_0x0000005b4ad50000", "norm_filename": null, "region_type": "private_memory", "start_va": 392097497088, "timestamp": "00:01:25.371", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 392063942656, "type": "region", "version": 1 }, "end_va": 392063959039, "entry_point": 0, "filename": null, "id": "region_5588", "name": "pagefile_0x0000005b48d50000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 392063942656, "timestamp": "00:01:25.371", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 28672, "start_va": 392064008192, "type": "region", "version": 1 }, "end_va": 392064036863, "entry_point": 0, "filename": null, "id": "region_5589", "name": "private_0x0000005b48d60000", "norm_filename": null, "region_type": "private_memory", "start_va": 392064008192, "timestamp": "00:01:25.372", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 392097562624, "type": "region", "version": 1 }, "end_va": 392098611199, "entry_point": 0, "filename": null, "id": "region_5590", "name": "private_0x0000005b4ad60000", "norm_filename": null, "region_type": "private_memory", "start_va": 392097562624, "timestamp": "00:01:25.381", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140694732746752, "type": "region", "version": 1 }, "end_va": 140694732754943, "entry_point": 0, "filename": null, "id": "region_5591", "name": "private_0x00007ff60b913000", "norm_filename": null, "region_type": "private_memory", "start_va": 140694732746752, "timestamp": "00:01:25.381", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2785280, "start_va": 140725002436608, "type": "region", "version": 1 }, "end_va": 140725005221887, "entry_point": 140725002493380, "filename": "\\Windows\\System32\\iertutil.dll", "id": "region_5592", "name": "iertutil.dll", "norm_filename": "c:\\windows\\system32\\iertutil.dll", "region_type": "memory_mapped_file", "start_va": 140725002436608, "timestamp": "00:01:25.381", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2359296, "start_va": 140725005254656, "type": "region", "version": 1 }, "end_va": 140725007613951, "entry_point": 140725005259760, "filename": "\\Windows\\System32\\wininet.dll", "id": "region_5593", "name": "wininet.dll", "norm_filename": "c:\\windows\\system32\\wininet.dll", "region_type": "memory_mapped_file", "start_va": 140725005254656, "timestamp": "00:01:25.382", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 331776, "start_va": 140725095038976, "type": "region", "version": 1 }, "end_va": 140725095370751, "entry_point": 140725095043776, "filename": "\\Windows\\System32\\shlwapi.dll", "id": "region_5626", "name": "shlwapi.dll", "norm_filename": "c:\\windows\\system32\\shlwapi.dll", "region_type": "memory_mapped_file", "start_va": 140725095038976, "timestamp": "00:01:25.530", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 21032960, "start_va": 140725103951872, "type": "region", "version": 1 }, "end_va": 140725124984831, "entry_point": 140725103956224, "filename": "\\Windows\\System32\\shell32.dll", "id": "region_5650", "name": "shell32.dll", "norm_filename": "c:\\windows\\system32\\shell32.dll", "region_type": "memory_mapped_file", "start_va": 140725103951872, "timestamp": "00:01:25.764", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 659456, "start_va": 140725060108288, "type": "region", "version": 1 }, "end_va": 140725060767743, "entry_point": 140725060112544, "filename": "\\Windows\\System32\\SHCore.dll", "id": "region_5651", "name": "shcore.dll", "norm_filename": "c:\\windows\\system32\\shcore.dll", "region_type": "memory_mapped_file", "start_va": 140725060108288, "timestamp": "00:01:25.770", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 392064073728, "type": "region", "version": 1 }, "end_va": 392064077823, "entry_point": 0, "filename": null, "id": "region_5652", "name": "pagefile_0x0000005b48d70000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 392064073728, "timestamp": "00:01:25.772", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 81920, "start_va": 140725086453760, "type": "region", "version": 1 }, "end_va": 140725086535679, "entry_point": 140725086468812, "filename": "\\Windows\\System32\\profapi.dll", "id": "region_5653", "name": "profapi.dll", "norm_filename": "c:\\windows\\system32\\profapi.dll", "region_type": "memory_mapped_file", "start_va": 140725086453760, "timestamp": "00:01:25.774", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 294912, "start_va": 140724962197504, "type": "region", "version": 1 }, "end_va": 140724962492415, "entry_point": 140724962197504, "filename": "\\Program Files\\Internet Explorer\\sqmapi.dll", "id": "region_5654", "name": "sqmapi.dll", "norm_filename": "c:\\program files\\internet explorer\\sqmapi.dll", "region_type": "memory_mapped_file", "start_va": 140724962197504, "timestamp": "00:01:25.778", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 675840, "start_va": 140725126299648, "type": "region", "version": 1 }, "end_va": 140725126975487, "entry_point": 140725126303760, "filename": "\\Windows\\System32\\advapi32.dll", "id": "region_5655", "name": "advapi32.dll", "norm_filename": "c:\\windows\\system32\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 140725126299648, "timestamp": "00:01:25.784", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2822144, "start_va": 140724959313920, "type": "region", "version": 1 }, "end_va": 140724962136063, "entry_point": 140724959313920, "filename": "\\Windows\\System32\\esent.dll", "id": "region_5656", "name": "esent.dll", "norm_filename": "c:\\windows\\system32\\esent.dll", "region_type": "memory_mapped_file", "start_va": 140724959313920, "timestamp": "00:01:25.787", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 392098611200, "type": "region", "version": 1 }, "end_va": 392099659775, "entry_point": 0, "filename": null, "id": "region_5657", "name": "private_0x0000005b4ae60000", "norm_filename": null, "region_type": "private_memory", "start_va": 392098611200, "timestamp": "00:01:25.795", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 392064139264, "type": "region", "version": 1 }, "end_va": 392064143359, "entry_point": 0, "filename": null, "id": "region_5666", "name": "private_0x0000005b48d80000", "norm_filename": null, "region_type": "private_memory", "start_va": 392064139264, "timestamp": "00:01:25.892", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 392064204800, "type": "region", "version": 1 }, "end_va": 392064208895, "entry_point": 0, "filename": null, "id": "region_5667", "name": "private_0x0000005b48d90000", "norm_filename": null, "region_type": "private_memory", "start_va": 392064204800, "timestamp": "00:01:25.893", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 393216, "start_va": 392064270336, "type": "region", "version": 1 }, "end_va": 392064663551, "entry_point": 0, "filename": null, "id": "region_5668", "name": "private_0x0000005b48da0000", "norm_filename": null, "region_type": "private_memory", "start_va": 392064270336, "timestamp": "00:01:25.893", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 392064270336, "type": "region", "version": 1 }, "end_va": 392064335871, "entry_point": 0, "filename": null, "id": "region_5669", "name": "pagefile_0x0000005b48da0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 392064270336, "timestamp": "00:01:25.893", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 392064335872, "type": "region", "version": 1 }, "end_va": 392064401407, "entry_point": 0, "filename": null, "id": "region_5670", "name": "pagefile_0x0000005b48db0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 392064335872, "timestamp": "00:01:25.893", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 392064401408, "type": "region", "version": 1 }, "end_va": 392064466943, "entry_point": 0, "filename": null, "id": "region_5671", "name": "pagefile_0x0000005b48dc0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 392064401408, "timestamp": "00:01:25.893", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 392064466944, "type": "region", "version": 1 }, "end_va": 392064532479, "entry_point": 0, "filename": null, "id": "region_5672", "name": "pagefile_0x0000005b48dd0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 392064466944, "timestamp": "00:01:25.893", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 392064532480, "type": "region", "version": 1 }, "end_va": 392064598015, "entry_point": 0, "filename": null, "id": "region_5673", "name": "pagefile_0x0000005b48de0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 392064532480, "timestamp": "00:01:25.893", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 392064598016, "type": "region", "version": 1 }, "end_va": 392064663551, "entry_point": 0, "filename": null, "id": "region_5674", "name": "pagefile_0x0000005b48df0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 392064598016, "timestamp": "00:01:25.893", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 393216, "start_va": 392099659776, "type": "region", "version": 1 }, "end_va": 392100052991, "entry_point": 0, "filename": null, "id": "region_5675", "name": "private_0x0000005b4af60000", "norm_filename": null, "region_type": "private_memory", "start_va": 392099659776, "timestamp": "00:01:25.894", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 392099659776, "type": "region", "version": 1 }, "end_va": 392099725311, "entry_point": 0, "filename": null, "id": "region_5676", "name": "pagefile_0x0000005b4af60000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 392099659776, "timestamp": "00:01:25.895", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 392099725312, "type": "region", "version": 1 }, "end_va": 392099790847, "entry_point": 0, "filename": null, "id": "region_5677", "name": "pagefile_0x0000005b4af70000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 392099725312, "timestamp": "00:01:25.895", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 392099790848, "type": "region", "version": 1 }, "end_va": 392099856383, "entry_point": 0, "filename": null, "id": "region_5678", "name": "pagefile_0x0000005b4af80000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 392099790848, "timestamp": "00:01:25.895", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 392099856384, "type": "region", "version": 1 }, "end_va": 392099921919, "entry_point": 0, "filename": null, "id": "region_5679", "name": "pagefile_0x0000005b4af90000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 392099856384, "timestamp": "00:01:25.895", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 392099921920, "type": "region", "version": 1 }, "end_va": 392099987455, "entry_point": 0, "filename": null, "id": "region_5680", "name": "pagefile_0x0000005b4afa0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 392099921920, "timestamp": "00:01:25.895", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 392099987456, "type": "region", "version": 1 }, "end_va": 392100052991, "entry_point": 0, "filename": null, "id": "region_5681", "name": "pagefile_0x0000005b4afb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 392099987456, "timestamp": "00:01:25.895", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 32768, "start_va": 392064663552, "type": "region", "version": 1 }, "end_va": 392064696319, "entry_point": 0, "filename": null, "id": "region_5682", "name": "private_0x0000005b48e00000", "norm_filename": null, "region_type": "private_memory", "start_va": 392064663552, "timestamp": "00:01:25.899", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 16777216, "start_va": 392100052992, "type": "region", "version": 1 }, "end_va": 392116830207, "entry_point": 0, "filename": null, "id": "region_5683", "name": "private_0x0000005b4afc0000", "norm_filename": null, "region_type": "private_memory", "start_va": 392100052992, "timestamp": "00:01:25.900", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 392064729088, "type": "region", "version": 1 }, "end_va": 392064733183, "entry_point": 0, "filename": null, "id": "region_5684", "name": "private_0x0000005b48e10000", "norm_filename": null, "region_type": "private_memory", "start_va": 392064729088, "timestamp": "00:01:25.901", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 392097300480, "type": "region", "version": 1 }, "end_va": 392097304575, "entry_point": 0, "filename": null, "id": "region_5685", "name": "private_0x0000005b4ad20000", "norm_filename": null, "region_type": "private_memory", "start_va": 392097300480, "timestamp": "00:01:25.901", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 16384, "start_va": 392097366016, "type": "region", "version": 1 }, "end_va": 392097382399, "entry_point": 0, "filename": null, "id": "region_5686", "name": "private_0x0000005b4ad30000", "norm_filename": null, "region_type": "private_memory", "start_va": 392097366016, "timestamp": "00:01:25.901", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 392097431552, "type": "region", "version": 1 }, "end_va": 392097439743, "entry_point": 0, "filename": null, "id": "region_5687", "name": "private_0x0000005b4ad40000", "norm_filename": null, "region_type": "private_memory", "start_va": 392097431552, "timestamp": "00:01:25.904", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 392116830208, "type": "region", "version": 1 }, "end_va": 392116834303, "entry_point": 0, "filename": null, "id": "region_5688", "name": "private_0x0000005b4bfc0000", "norm_filename": null, "region_type": "private_memory", "start_va": 392116830208, "timestamp": "00:01:25.904", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 589824, "start_va": 392116895744, "type": "region", "version": 1 }, "end_va": 392117485567, "entry_point": 0, "filename": null, "id": "region_5689", "name": "private_0x0000005b4bfd0000", "norm_filename": null, "region_type": "private_memory", "start_va": 392116895744, "timestamp": "00:01:25.909", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 392117485568, "type": "region", "version": 1 }, "end_va": 392117489663, "entry_point": 0, "filename": null, "id": "region_5690", "name": "private_0x0000005b4c060000", "norm_filename": null, "region_type": "private_memory", "start_va": 392117485568, "timestamp": "00:01:25.916", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 392117551104, "type": "region", "version": 1 }, "end_va": 392117555199, "entry_point": 0, "filename": null, "id": "region_5691", "name": "private_0x0000005b4c070000", "norm_filename": null, "region_type": "private_memory", "start_va": 392117551104, "timestamp": "00:01:25.916", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 392117616640, "type": "region", "version": 1 }, "end_va": 392117624831, "entry_point": 0, "filename": null, "id": "region_5692", "name": "private_0x0000005b4c080000", "norm_filename": null, "region_type": "private_memory", "start_va": 392117616640, "timestamp": "00:01:25.917", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 32768, "start_va": 392117616640, "type": "region", "version": 1 }, "end_va": 392117649407, "entry_point": 0, "filename": null, "id": "region_5693", "name": "private_0x0000005b4c080000", "norm_filename": null, "region_type": "private_memory", "start_va": 392117616640, "timestamp": "00:01:25.919", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 392117682176, "type": "region", "version": 1 }, "end_va": 392117747711, "entry_point": 0, "filename": null, "id": "region_5694", "name": "private_0x0000005b4c090000", "norm_filename": null, "region_type": "private_memory", "start_va": 392117682176, "timestamp": "00:01:25.919", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 67108864, "start_va": 392117682176, "type": "region", "version": 1 }, "end_va": 392184791039, "entry_point": 0, "filename": null, "id": "region_5695", "name": "private_0x0000005b4c090000", "norm_filename": null, "region_type": "private_memory", "start_va": 392117682176, "timestamp": "00:01:25.922", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 67108864, "start_va": 392184791040, "type": "region", "version": 1 }, "end_va": 392251899903, "entry_point": 0, "filename": null, "id": "region_5696", "name": "private_0x0000005b50090000", "norm_filename": null, "region_type": "private_memory", "start_va": 392184791040, "timestamp": "00:01:25.925", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 392251899904, "type": "region", "version": 1 }, "end_va": 392252948479, "entry_point": 0, "filename": null, "id": "region_5697", "name": "private_0x0000005b54090000", "norm_filename": null, "region_type": "private_memory", "start_va": 392251899904, "timestamp": "00:01:25.925", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable" ], "ref_process_dump": null, "size": 65536, "start_va": 392252948480, "type": "region", "version": 1 }, "end_va": 392253014015, "entry_point": 392252948480, "filename": "\\Users\\5JgHKoaOfdp\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat", "id": "region_5702", "name": "webcachev01.dat", "norm_filename": "c:\\users\\5jghkoaofdp\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat", "region_type": "memory_mapped_file", "start_va": 392252948480, "timestamp": "00:01:25.959", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable" ], "ref_process_dump": null, "size": 65536, "start_va": 392253014016, "type": "region", "version": 1 }, "end_va": 392253079551, "entry_point": 392253014016, "filename": "\\Users\\5JgHKoaOfdp\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat", "id": "region_5703", "name": "webcachev01.dat", "norm_filename": "c:\\users\\5jghkoaofdp\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat", "region_type": "memory_mapped_file", "start_va": 392253014016, "timestamp": "00:01:25.962", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable" ], "ref_process_dump": null, "size": 65536, "start_va": 392253079552, "type": "region", "version": 1 }, "end_va": 392253145087, "entry_point": 392253079552, "filename": "\\Users\\5JgHKoaOfdp\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat", "id": "region_5717", "name": "webcachev01.dat", "norm_filename": "c:\\users\\5jghkoaofdp\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat", "region_type": "memory_mapped_file", "start_va": 392253079552, "timestamp": "00:01:25.977", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable" ], "ref_process_dump": null, "size": 65536, "start_va": 392253145088, "type": "region", "version": 1 }, "end_va": 392253210623, "entry_point": 392253145088, "filename": "\\Users\\5JgHKoaOfdp\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat", "id": "region_5718", "name": "webcachev01.dat", "norm_filename": "c:\\users\\5jghkoaofdp\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat", "region_type": "memory_mapped_file", "start_va": 392253145088, "timestamp": "00:01:25.977", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 392253210624, "type": "region", "version": 1 }, "end_va": 392254259199, "entry_point": 0, "filename": null, "id": "region_5719", "name": "private_0x0000005b541d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 392253210624, "timestamp": "00:01:25.978", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 32768, "start_va": 392254259200, "type": "region", "version": 1 }, "end_va": 392254291967, "entry_point": 0, "filename": null, "id": "region_5720", "name": "private_0x0000005b542d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 392254259200, "timestamp": "00:01:25.978", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140694731546624, "type": "region", "version": 1 }, "end_va": 140694731554815, "entry_point": 0, "filename": null, "id": "region_5721", "name": "private_0x00007ff60b7ee000", "norm_filename": null, "region_type": "private_memory", "start_va": 140694731546624, "timestamp": "00:01:25.978", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 32768, "start_va": 392254324736, "type": "region", "version": 1 }, "end_va": 392254357503, "entry_point": 0, "filename": null, "id": "region_5723", "name": "private_0x0000005b542e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 392254324736, "timestamp": "00:01:25.983", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable" ], "ref_process_dump": null, "size": 65536, "start_va": 392254390272, "type": "region", "version": 1 }, "end_va": 392254455807, "entry_point": 392254390272, "filename": "\\Users\\5JgHKoaOfdp\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat", "id": "region_5778", "name": "webcachev01.dat", "norm_filename": "c:\\users\\5jghkoaofdp\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat", "region_type": "memory_mapped_file", "start_va": 392254390272, "timestamp": "00:01:26.121", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable" ], "ref_process_dump": null, "size": 65536, "start_va": 392254455808, "type": "region", "version": 1 }, "end_va": 392254521343, "entry_point": 392254455808, "filename": "\\Users\\5JgHKoaOfdp\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat", "id": "region_5779", "name": "webcachev01.dat", "norm_filename": "c:\\users\\5jghkoaofdp\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat", "region_type": "memory_mapped_file", "start_va": 392254455808, "timestamp": "00:01:26.123", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 392252948480, "type": "region", "version": 1 }, "end_va": 392252952575, "entry_point": 0, "filename": null, "id": "region_5827", "name": "private_0x0000005b54190000", "norm_filename": null, "region_type": "private_memory", "start_va": 392252948480, "timestamp": "00:01:26.386", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 32768, "start_va": 392253014016, "type": "region", "version": 1 }, "end_va": 392253046783, "entry_point": 0, "filename": null, "id": "region_5828", "name": "private_0x0000005b541a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 392253014016, "timestamp": "00:01:26.386", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 32768, "start_va": 392252948480, "type": "region", "version": 1 }, "end_va": 392252981247, "entry_point": 0, "filename": null, "id": "region_5912", "name": "private_0x0000005b54190000", "norm_filename": null, "region_type": "private_memory", "start_va": 392252948480, "timestamp": "00:01:27.505", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 392117485568, "type": "region", "version": 1 }, "end_va": 392117493759, "entry_point": 0, "filename": null, "id": "region_5936", "name": "private_0x0000005b4c060000", "norm_filename": null, "region_type": "private_memory", "start_va": 392117485568, "timestamp": "00:01:27.977", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 67108864, "start_va": 392117485568, "type": "region", "version": 1 }, "end_va": 392184594431, "entry_point": 0, "filename": null, "id": "region_5937", "name": "private_0x0000005b4c060000", "norm_filename": null, "region_type": "private_memory", "start_va": 392117485568, "timestamp": "00:01:27.979", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 67108864, "start_va": 392184594432, "type": "region", "version": 1 }, "end_va": 392251703295, "entry_point": 0, "filename": null, "id": "region_5938", "name": "private_0x0000005b50060000", "norm_filename": null, "region_type": "private_memory", "start_va": 392184594432, "timestamp": "00:01:27.981", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 32768, "start_va": 392251703296, "type": "region", "version": 1 }, "end_va": 392251736063, "entry_point": 0, "filename": null, "id": "region_5941", "name": "private_0x0000005b54060000", "norm_filename": null, "region_type": "private_memory", "start_va": 392251703296, "timestamp": "00:01:27.985", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 392251768832, "type": "region", "version": 1 }, "end_va": 392251834367, "entry_point": 0, "filename": null, "id": "region_5942", "name": "private_0x0000005b54070000", "norm_filename": null, "region_type": "private_memory", "start_va": 392251768832, "timestamp": "00:01:27.986", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 32768, "start_va": 392251768832, "type": "region", "version": 1 }, "end_va": 392251801599, "entry_point": 0, "filename": null, "id": "region_5943", "name": "private_0x0000005b54070000", "norm_filename": null, "region_type": "private_memory", "start_va": 392251768832, "timestamp": "00:01:27.987", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable" ], "ref_process_dump": null, "size": 65536, "start_va": 392251768832, "type": "region", "version": 1 }, "end_va": 392251834367, "entry_point": 392251768832, "filename": "\\Users\\5JgHKoaOfdp\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat", "id": "region_5999", "name": "webcachev01.dat", "norm_filename": "c:\\users\\5jghkoaofdp\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat", "region_type": "memory_mapped_file", "start_va": 392251768832, "timestamp": "00:01:29.965", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable" ], "ref_process_dump": null, "size": 65536, "start_va": 392251834368, "type": "region", "version": 1 }, "end_va": 392251899903, "entry_point": 392251834368, "filename": "\\Users\\5JgHKoaOfdp\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat", "id": "region_6000", "name": "webcachev01.dat", "norm_filename": "c:\\users\\5jghkoaofdp\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat", "region_type": "memory_mapped_file", "start_va": 392251834368, "timestamp": "00:01:29.965", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable" ], "ref_process_dump": null, "size": 65536, "start_va": 392254521344, "type": "region", "version": 1 }, "end_va": 392254586879, "entry_point": 392254521344, "filename": "\\Users\\5JgHKoaOfdp\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat", "id": "region_6001", "name": "webcachev01.dat", "norm_filename": "c:\\users\\5jghkoaofdp\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat", "region_type": "memory_mapped_file", "start_va": 392254521344, "timestamp": "00:01:29.966", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable" ], "ref_process_dump": null, "size": 65536, "start_va": 392254586880, "type": "region", "version": 1 }, "end_va": 392254652415, "entry_point": 392254586880, "filename": "\\Users\\5JgHKoaOfdp\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat", "id": "region_6002", "name": "webcachev01.dat", "norm_filename": "c:\\users\\5jghkoaofdp\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat", "region_type": "memory_mapped_file", "start_va": 392254586880, "timestamp": "00:01:29.966", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable" ], "ref_process_dump": null, "size": 65536, "start_va": 392254652416, "type": "region", "version": 1 }, "end_va": 392254717951, "entry_point": 392254652416, "filename": "\\Users\\5JgHKoaOfdp\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat", "id": "region_6003", "name": "webcachev01.dat", "norm_filename": "c:\\users\\5jghkoaofdp\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat", "region_type": "memory_mapped_file", "start_va": 392254652416, "timestamp": "00:01:29.967", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable" ], "ref_process_dump": null, "size": 65536, "start_va": 392254717952, "type": "region", "version": 1 }, "end_va": 392254783487, "entry_point": 392254717952, "filename": "\\Users\\5JgHKoaOfdp\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat", "id": "region_6004", "name": "webcachev01.dat", "norm_filename": "c:\\users\\5jghkoaofdp\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat", "region_type": "memory_mapped_file", "start_va": 392254717952, "timestamp": "00:01:29.967", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable" ], "ref_process_dump": null, "size": 65536, "start_va": 392254783488, "type": "region", "version": 1 }, "end_va": 392254849023, "entry_point": 392254783488, "filename": "\\Users\\5JgHKoaOfdp\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat", "id": "region_6005", "name": "webcachev01.dat", "norm_filename": "c:\\users\\5jghkoaofdp\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat", "region_type": "memory_mapped_file", "start_va": 392254783488, "timestamp": "00:01:29.968", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable" ], "ref_process_dump": null, "size": 65536, "start_va": 392254849024, "type": "region", "version": 1 }, "end_va": 392254914559, "entry_point": 392254849024, "filename": "\\Users\\5JgHKoaOfdp\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat", "id": "region_6006", "name": "webcachev01.dat", "norm_filename": "c:\\users\\5jghkoaofdp\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat", "region_type": "memory_mapped_file", "start_va": 392254849024, "timestamp": "00:01:29.968", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable" ], "ref_process_dump": null, "size": 65536, "start_va": 392254914560, "type": "region", "version": 1 }, "end_va": 392254980095, "entry_point": 392254914560, "filename": "\\Users\\5JgHKoaOfdp\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat", "id": "region_6007", "name": "webcachev01.dat", "norm_filename": "c:\\users\\5jghkoaofdp\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat", "region_type": "memory_mapped_file", "start_va": 392254914560, "timestamp": "00:01:29.969", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable" ], "ref_process_dump": null, "size": 65536, "start_va": 392254980096, "type": "region", "version": 1 }, "end_va": 392255045631, "entry_point": 392254980096, "filename": "\\Users\\5JgHKoaOfdp\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat", "id": "region_6008", "name": "webcachev01.dat", "norm_filename": "c:\\users\\5jghkoaofdp\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat", "region_type": "memory_mapped_file", "start_va": 392254980096, "timestamp": "00:01:29.970", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable" ], "ref_process_dump": null, "size": 65536, "start_va": 392255045632, "type": "region", "version": 1 }, "end_va": 392255111167, "entry_point": 392255045632, "filename": "\\Users\\5JgHKoaOfdp\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat", "id": "region_6009", "name": "webcachev01.dat", "norm_filename": "c:\\users\\5jghkoaofdp\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat", "region_type": "memory_mapped_file", "start_va": 392255045632, "timestamp": "00:01:29.978", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable" ], "ref_process_dump": null, "size": 65536, "start_va": 392255111168, "type": "region", "version": 1 }, "end_va": 392255176703, "entry_point": 392255111168, "filename": "\\Users\\5JgHKoaOfdp\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat", "id": "region_6010", "name": "webcachev01.dat", "norm_filename": "c:\\users\\5jghkoaofdp\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat", "region_type": "memory_mapped_file", "start_va": 392255111168, "timestamp": "00:01:29.980", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 282624, "start_va": 140725086126080, "type": "region", "version": 1 }, "end_va": 140725086408703, "entry_point": 140725086130832, "filename": "\\Windows\\System32\\powrprof.dll", "id": "region_6011", "name": "powrprof.dll", "norm_filename": "c:\\windows\\system32\\powrprof.dll", "region_type": "memory_mapped_file", "start_va": 140725086126080, "timestamp": "00:01:29.983", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable" ], "ref_process_dump": null, "size": 65536, "start_va": 392255176704, "type": "region", "version": 1 }, "end_va": 392255242239, "entry_point": 392255176704, "filename": "\\Users\\5JgHKoaOfdp\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat", "id": "region_6016", "name": "webcachev01.dat", "norm_filename": "c:\\users\\5jghkoaofdp\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat", "region_type": "memory_mapped_file", "start_va": 392255176704, "timestamp": "00:01:30.037", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable" ], "ref_process_dump": null, "size": 65536, "start_va": 392255242240, "type": "region", "version": 1 }, "end_va": 392255307775, "entry_point": 392255242240, "filename": "\\Users\\5JgHKoaOfdp\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat", "id": "region_6017", "name": "webcachev01.dat", "norm_filename": "c:\\users\\5jghkoaofdp\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat", "region_type": "memory_mapped_file", "start_va": 392255242240, "timestamp": "00:01:30.039", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable" ], "ref_process_dump": null, "size": 65536, "start_va": 392255307776, "type": "region", "version": 1 }, "end_va": 392255373311, "entry_point": 392255307776, "filename": "\\Users\\5JgHKoaOfdp\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat", "id": "region_6018", "name": "webcachev01.dat", "norm_filename": "c:\\users\\5jghkoaofdp\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat", "region_type": "memory_mapped_file", "start_va": 392255307776, "timestamp": "00:01:30.041", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 32768, "start_va": 392255242240, "type": "region", "version": 1 }, "end_va": 392255275007, "entry_point": 0, "filename": null, "id": "region_6725", "name": "private_0x0000005b543c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 392255242240, "timestamp": "00:01:35.402", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 392253014016, "type": "region", "version": 1 }, "end_va": 392253018111, "entry_point": 0, "filename": null, "id": "region_7216", "name": "private_0x0000005b541a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 392253014016, "timestamp": "00:01:38.425", "type": "region", "version": 1 } ], "terminate_reason": "timeout", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "C:\\Windows\\System32\\ThumbnailExtractionHost.exe -Embedding", "filename": "c:\\windows\\system32\\thumbnailextractionhost.exe", "id": "proc_62", "image_name": "thumbnailextractionhost.exe", "monitor_reason": "child_process", "monitored_id": 62, "origin_monitor_id": 41, "ref_parent_process": { "ref_id": "proc_41", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable" ], "ref_process_dump": null, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_5704", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:01:25.966", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 131072, "start_va": 435039174656, "type": "region", "version": 1 }, "end_va": 435039305727, "entry_point": 0, "filename": null, "id": "region_5705", "name": "private_0x000000654a5b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 435039174656, "timestamp": "00:01:25.966", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 61440, "start_va": 435039305728, "type": "region", "version": 1 }, "end_va": 435039367167, "entry_point": 0, "filename": null, "id": "region_5706", "name": "pagefile_0x000000654a5d0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 435039305728, "timestamp": "00:01:25.966", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 435039371264, "type": "region", "version": 1 }, "end_va": 435039895551, "entry_point": 0, "filename": null, "id": "region_5707", "name": "private_0x000000654a5e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 435039371264, "timestamp": "00:01:25.966", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 435039895552, "type": "region", "version": 1 }, "end_va": 435039911935, "entry_point": 0, "filename": null, "id": "region_5708", "name": "pagefile_0x000000654a660000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 435039895552, "timestamp": "00:01:25.966", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 140699787657216, "type": "region", "version": 1 }, "end_va": 140699787800575, "entry_point": 0, "filename": null, "id": "region_5709", "name": "pagefile_0x00007ff738dd0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 140699787657216, "timestamp": "00:01:25.966", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 140699787808768, "type": "region", "version": 1 }, "end_va": 140699787812863, "entry_point": 0, "filename": null, "id": "region_5710", "name": "private_0x00007ff738df5000", "norm_filename": null, "region_type": "private_memory", "start_va": 140699787808768, "timestamp": "00:01:25.966", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140699787845632, "type": "region", "version": 1 }, "end_va": 140699787853823, "entry_point": 0, "filename": null, "id": "region_5711", "name": "private_0x00007ff738dfe000", "norm_filename": null, "region_type": "private_memory", "start_va": 140699787845632, "timestamp": "00:01:25.966", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 140699788312576, "type": "region", "version": 1 }, "end_va": 140699788361727, "entry_point": 140699788332140, "filename": "\\Windows\\System32\\ThumbnailExtractionHost.exe", "id": "region_5712", "name": "thumbnailextractionhost.exe", "norm_filename": "c:\\windows\\system32\\thumbnailextractionhost.exe", "region_type": "memory_mapped_file", "start_va": 140699788312576, "timestamp": "00:01:25.966", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 140725133115392, "type": "region", "version": 1 }, "end_va": 140725134856191, "entry_point": 140725133115392, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_5713", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 140725133115392, "timestamp": "00:01:25.967", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 12288, "start_va": 435039961088, "type": "region", "version": 1 }, "end_va": 435039973375, "entry_point": 0, "filename": null, "id": "region_5715", "name": "pagefile_0x000000654a670000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 435039961088, "timestamp": "00:01:25.975", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 435040026624, "type": "region", "version": 1 }, "end_va": 435040034815, "entry_point": 0, "filename": null, "id": "region_5716", "name": "private_0x000000654a680000", "norm_filename": null, "region_type": "private_memory", "start_va": 435040026624, "timestamp": "00:01:25.975", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 435040616448, "type": "region", "version": 1 }, "end_va": 435041665023, "entry_point": 0, "filename": null, "id": "region_5732", "name": "private_0x000000654a710000", "norm_filename": null, "region_type": "private_memory", "start_va": 435040616448, "timestamp": "00:01:26.021", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1105920, "start_va": 140725090648064, "type": "region", "version": 1 }, "end_va": 140725091753983, "entry_point": 140725090656928, "filename": "\\Windows\\System32\\KernelBase.dll", "id": "region_5733", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\system32\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 140725090648064, "timestamp": "00:01:26.021", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1282048, "start_va": 140725124988928, "type": "region", "version": 1 }, "end_va": 140725126270975, "entry_point": 140725125009460, "filename": "\\Windows\\System32\\kernel32.dll", "id": "region_5734", "name": "kernel32.dll", "norm_filename": "c:\\windows\\system32\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 140725124988928, "timestamp": "00:01:26.022", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 435039174656, "type": "region", "version": 1 }, "end_va": 435039240191, "entry_point": 0, "filename": null, "id": "region_5735", "name": "pagefile_0x000000654a5b0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 435039174656, "timestamp": "00:01:26.024", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 140699786608640, "type": "region", "version": 1 }, "end_va": 140699787657215, "entry_point": 0, "filename": null, "id": "region_5736", "name": "pagefile_0x00007ff738cd0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 140699786608640, "timestamp": "00:01:26.024", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 516096, "start_va": 435040092160, "type": "region", "version": 1 }, "end_va": 435040608255, "entry_point": 435040092160, "filename": "\\Windows\\System32\\locale.nls", "id": "region_5737", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 435040092160, "timestamp": "00:01:26.025", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1511424, "start_va": 140725093466112, "type": "region", "version": 1 }, "end_va": 140725094977535, "entry_point": 140725093620416, "filename": "\\Windows\\System32\\user32.dll", "id": "region_5738", "name": "user32.dll", "norm_filename": "c:\\windows\\system32\\user32.dll", "region_type": "memory_mapped_file", "start_va": 140725093466112, "timestamp": "00:01:26.028", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 684032, "start_va": 140725098577920, "type": "region", "version": 1 }, "end_va": 140725099261951, "entry_point": 140725098588204, "filename": "\\Windows\\System32\\msvcrt.dll", "id": "region_5739", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\system32\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 140725098577920, "timestamp": "00:01:26.029", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 331776, "start_va": 140725095038976, "type": "region", "version": 1 }, "end_va": 140725095370751, "entry_point": 140725095043776, "filename": "\\Windows\\System32\\shlwapi.dll", "id": "region_5740", "name": "shlwapi.dll", "norm_filename": "c:\\windows\\system32\\shlwapi.dll", "region_type": "memory_mapped_file", "start_va": 140725095038976, "timestamp": "00:01:26.029", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 749568, "start_va": 140725101002752, "type": "region", "version": 1 }, "end_va": 140725101752319, "entry_point": 140725101007136, "filename": "\\Windows\\System32\\oleaut32.dll", "id": "region_5741", "name": "oleaut32.dll", "norm_filename": "c:\\windows\\system32\\oleaut32.dll", "region_type": "memory_mapped_file", "start_va": 140725101002752, "timestamp": "00:01:26.030", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1331200, "start_va": 140725129773056, "type": "region", "version": 1 }, "end_va": 140725131104255, "entry_point": 140725129845848, "filename": "\\Windows\\System32\\gdi32.dll", "id": "region_5742", "name": "gdi32.dll", "norm_filename": "c:\\windows\\system32\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 140725129773056, "timestamp": "00:01:26.033", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 28672, "start_va": 435039240192, "type": "region", "version": 1 }, "end_va": 435039268863, "entry_point": 0, "filename": null, "id": "region_5743", "name": "private_0x000000654a5c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 435039240192, "timestamp": "00:01:26.034", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1929216, "start_va": 140725131149312, "type": "region", "version": 1 }, "end_va": 140725133078527, "entry_point": 140725131157344, "filename": "\\Windows\\System32\\combase.dll", "id": "region_5744", "name": "combase.dll", "norm_filename": "c:\\windows\\system32\\combase.dll", "region_type": "memory_mapped_file", "start_va": 140725131149312, "timestamp": "00:01:26.035", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1269760, "start_va": 140725127806976, "type": "region", "version": 1 }, "end_va": 140725129076735, "entry_point": 140725127811408, "filename": "\\Windows\\System32\\rpcrt4.dll", "id": "region_5745", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\system32\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 140725127806976, "timestamp": "00:01:26.036", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 435041665024, "type": "region", "version": 1 }, "end_va": 435043270655, "entry_point": 0, "filename": null, "id": "region_5746", "name": "pagefile_0x000000654a810000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 435041665024, "timestamp": "00:01:26.041", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 212992, "start_va": 435043303424, "type": "region", "version": 1 }, "end_va": 435043516415, "entry_point": 435043307568, "filename": "\\Windows\\System32\\imm32.dll", "id": "region_5747", "name": "imm32.dll", "norm_filename": "c:\\windows\\system32\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 435043303424, "timestamp": "00:01:26.041", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 212992, "start_va": 140725095563264, "type": "region", "version": 1 }, "end_va": 140725095776255, "entry_point": 140725095567408, "filename": "\\Windows\\System32\\imm32.dll", "id": "region_5748", "name": "imm32.dll", "norm_filename": "c:\\windows\\system32\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 140725095563264, "timestamp": "00:01:26.042", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1277952, "start_va": 140725091762176, "type": "region", "version": 1 }, "end_va": 140725093040127, "entry_point": 140725091766288, "filename": "\\Windows\\System32\\msctf.dll", "id": "region_5749", "name": "msctf.dll", "norm_filename": "c:\\windows\\system32\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 140725091762176, "timestamp": "00:01:26.043", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1966080, "start_va": 435043303424, "type": "region", "version": 1 }, "end_va": 435045269503, "entry_point": 0, "filename": null, "id": "region_5750", "name": "private_0x000000654a9a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 435043303424, "timestamp": "00:01:26.044", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 28672, "start_va": 435043303424, "type": "region", "version": 1 }, "end_va": 435043332095, "entry_point": 0, "filename": null, "id": "region_5751", "name": "private_0x000000654a9a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 435043303424, "timestamp": "00:01:26.045", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 435045203968, "type": "region", "version": 1 }, "end_va": 435045269503, "entry_point": 0, "filename": null, "id": "region_5752", "name": "private_0x000000654ab70000", "norm_filename": null, "region_type": "private_memory", "start_va": 435045203968, "timestamp": "00:01:26.045", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 435043368960, "type": "region", "version": 1 }, "end_va": 435044945919, "entry_point": 0, "filename": null, "id": "region_5753", "name": "pagefile_0x000000654a9b0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 435043368960, "timestamp": "00:01:26.048", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20971520, "start_va": 435045269504, "type": "region", "version": 1 }, "end_va": 435066241023, "entry_point": 0, "filename": null, "id": "region_5754", "name": "pagefile_0x000000654ab80000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 435045269504, "timestamp": "00:01:26.048", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 435045007360, "type": "region", "version": 1 }, "end_va": 435045011455, "entry_point": 0, "filename": null, "id": "region_5755", "name": "private_0x000000654ab40000", "norm_filename": null, "region_type": "private_memory", "start_va": 435045007360, "timestamp": "00:01:26.052", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 435045072896, "type": "region", "version": 1 }, "end_va": 435045076991, "entry_point": 0, "filename": null, "id": "region_5756", "name": "private_0x000000654ab50000", "norm_filename": null, "region_type": "private_memory", "start_va": 435045072896, "timestamp": "00:01:26.052", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1536000, "start_va": 435066241024, "type": "region", "version": 1 }, "end_va": 435067777023, "entry_point": 435066245300, "filename": "\\Windows\\System32\\ole32.dll", "id": "region_5757", "name": "ole32.dll", "norm_filename": "c:\\windows\\system32\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 435066241024, "timestamp": "00:01:26.052", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1531904, "start_va": 140725096546304, "type": "region", "version": 1 }, "end_va": 140725098078207, "entry_point": 140725096550580, "filename": "\\Windows\\System32\\ole32.dll", "id": "region_5758", "name": "ole32.dll", "norm_filename": "c:\\windows\\system32\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 140725096546304, "timestamp": "00:01:26.054", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 356352, "start_va": 140725098184704, "type": "region", "version": 1 }, "end_va": 140725098541055, "entry_point": 140725098194176, "filename": "\\Windows\\System32\\sechost.dll", "id": "region_5759", "name": "sechost.dll", "norm_filename": "c:\\windows\\system32\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 140725098184704, "timestamp": "00:01:26.055", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 761856, "start_va": 435066241024, "type": "region", "version": 1 }, "end_va": 435067002879, "entry_point": 435066423144, "filename": "\\Windows\\System32\\rpcss.dll", "id": "region_5760", "name": "rpcss.dll", "norm_filename": "c:\\windows\\system32\\rpcss.dll", "region_type": "memory_mapped_file", "start_va": 435066241024, "timestamp": "00:01:26.057", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 140725068431360, "type": "region", "version": 1 }, "end_va": 140725068472319, "entry_point": 140725068437320, "filename": "\\Windows\\System32\\kernel.appcore.dll", "id": "region_5761", "name": "kernel.appcore.dll", "norm_filename": "c:\\windows\\system32\\kernel.appcore.dll", "region_type": "memory_mapped_file", "start_va": 140725068431360, "timestamp": "00:01:26.059", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 140725085208576, "type": "region", "version": 1 }, "end_va": 140725085249535, "entry_point": 140725085212688, "filename": "\\Windows\\System32\\cryptbase.dll", "id": "region_5762", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\system32\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 140725085208576, "timestamp": "00:01:26.060", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 385024, "start_va": 140725084815360, "type": "region", "version": 1 }, "end_va": 140725085200383, "entry_point": 140725084944032, "filename": "\\Windows\\System32\\bcryptprimitives.dll", "id": "region_5763", "name": "bcryptprimitives.dll", "norm_filename": "c:\\windows\\system32\\bcryptprimitives.dll", "region_type": "memory_mapped_file", "start_va": 140725084815360, "timestamp": "00:01:26.061", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1187840, "start_va": 140725066858496, "type": "region", "version": 1 }, "end_va": 140725068046335, "entry_point": 140725066904644, "filename": "\\Windows\\System32\\uxtheme.dll", "id": "region_5764", "name": "uxtheme.dll", "norm_filename": "c:\\windows\\system32\\uxtheme.dll", "region_type": "memory_mapped_file", "start_va": 140725066858496, "timestamp": "00:01:26.064", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1114112, "start_va": 435066241024, "type": "region", "version": 1 }, "end_va": 435067355135, "entry_point": 0, "filename": null, "id": "region_5765", "name": "private_0x000000654bf80000", "norm_filename": null, "region_type": "private_memory", "start_va": 435066241024, "timestamp": "00:01:26.066", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 435045138432, "type": "region", "version": 1 }, "end_va": 435045142527, "entry_point": 0, "filename": null, "id": "region_5767", "name": "pagefile_0x000000654ab60000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 435045138432, "timestamp": "00:01:26.083", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 983040, "start_va": 435066241024, "type": "region", "version": 1 }, "end_va": 435067224063, "entry_point": 0, "filename": null, "id": "region_5768", "name": "pagefile_0x000000654bf80000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 435066241024, "timestamp": "00:01:26.083", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 435067289600, "type": "region", "version": 1 }, "end_va": 435067355135, "entry_point": 0, "filename": null, "id": "region_5769", "name": "private_0x000000654c080000", "norm_filename": null, "region_type": "private_memory", "start_va": 435067289600, "timestamp": "00:01:26.083", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 435045138432, "type": "region", "version": 1 }, "end_va": 435045154815, "entry_point": 0, "filename": null, "id": "region_5770", "name": "pagefile_0x000000654ab60000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 435045138432, "timestamp": "00:01:26.083", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 28672, "start_va": 435067224064, "type": "region", "version": 1 }, "end_va": 435067252735, "entry_point": 0, "filename": null, "id": "region_5771", "name": "private_0x000000654c070000", "norm_filename": null, "region_type": "private_memory", "start_va": 435067224064, "timestamp": "00:01:26.084", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 435067355136, "type": "region", "version": 1 }, "end_va": 435067359231, "entry_point": 0, "filename": null, "id": "region_5772", "name": "pagefile_0x000000654c090000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 435067355136, "timestamp": "00:01:26.089", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 671744, "start_va": 140725095825408, "type": "region", "version": 1 }, "end_va": 140725096497151, "entry_point": 140725095829872, "filename": "\\Windows\\System32\\clbcatq.dll", "id": "region_5773", "name": "clbcatq.dll", "norm_filename": "c:\\windows\\system32\\clbcatq.dll", "region_type": "memory_mapped_file", "start_va": 140725095825408, "timestamp": "00:01:26.090", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 122880, "start_va": 140725079769088, "type": "region", "version": 1 }, "end_va": 140725079891967, "entry_point": 140725079773640, "filename": "\\Windows\\System32\\cryptsp.dll", "id": "region_5774", "name": "cryptsp.dll", "norm_filename": "c:\\windows\\system32\\cryptsp.dll", "region_type": "memory_mapped_file", "start_va": 140725079769088, "timestamp": "00:01:26.103", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 217088, "start_va": 140725075443712, "type": "region", "version": 1 }, "end_va": 140725075660799, "entry_point": 140725075448792, "filename": "\\Windows\\System32\\rsaenh.dll", "id": "region_5775", "name": "rsaenh.dll", "norm_filename": "c:\\windows\\system32\\rsaenh.dll", "region_type": "memory_mapped_file", "start_va": 140725075443712, "timestamp": "00:01:26.105", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 155648, "start_va": 140725082062848, "type": "region", "version": 1 }, "end_va": 140725082218495, "entry_point": 140725082086248, "filename": "\\Windows\\System32\\bcrypt.dll", "id": "region_5776", "name": "bcrypt.dll", "norm_filename": "c:\\windows\\system32\\bcrypt.dll", "region_type": "memory_mapped_file", "start_va": 140725082062848, "timestamp": "00:01:26.107", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2969600, "start_va": 435067420672, "type": "region", "version": 1 }, "end_va": 435070390271, "entry_point": 435067420672, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_5777", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 435067420672, "timestamp": "00:01:26.108", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 435070435328, "type": "region", "version": 1 }, "end_va": 435070959615, "entry_point": 0, "filename": null, "id": "region_5786", "name": "private_0x000000654c380000", "norm_filename": null, "region_type": "private_memory", "start_va": 435070435328, "timestamp": "00:01:26.135", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 435070959616, "type": "region", "version": 1 }, "end_va": 435071483903, "entry_point": 0, "filename": null, "id": "region_5787", "name": "private_0x000000654c400000", "norm_filename": null, "region_type": "private_memory", "start_va": 435070959616, "timestamp": "00:01:26.135", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 435071483904, "type": "region", "version": 1 }, "end_va": 435072008191, "entry_point": 0, "filename": null, "id": "region_5788", "name": "private_0x000000654c480000", "norm_filename": null, "region_type": "private_memory", "start_va": 435071483904, "timestamp": "00:01:26.135", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140699787821056, "type": "region", "version": 1 }, "end_va": 140699787829247, "entry_point": 0, "filename": null, "id": "region_5789", "name": "private_0x00007ff738df8000", "norm_filename": null, "region_type": "private_memory", "start_va": 140699787821056, "timestamp": "00:01:26.136", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140699787829248, "type": "region", "version": 1 }, "end_va": 140699787837439, "entry_point": 0, "filename": null, "id": "region_5790", "name": "private_0x00007ff738dfa000", "norm_filename": null, "region_type": "private_memory", "start_va": 140699787829248, "timestamp": "00:01:26.136", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140699787837440, "type": "region", "version": 1 }, "end_va": 140699787845631, "entry_point": 0, "filename": null, "id": "region_5791", "name": "private_0x00007ff738dfc000", "norm_filename": null, "region_type": "private_memory", "start_va": 140699787837440, "timestamp": "00:01:26.136", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 435072008192, "type": "region", "version": 1 }, "end_va": 435072532479, "entry_point": 0, "filename": null, "id": "region_5830", "name": "private_0x000000654c500000", "norm_filename": null, "region_type": "private_memory", "start_va": 435072008192, "timestamp": "00:01:26.415", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 435072532480, "type": "region", "version": 1 }, "end_va": 435073056767, "entry_point": 0, "filename": null, "id": "region_5831", "name": "private_0x000000654c580000", "norm_filename": null, "region_type": "private_memory", "start_va": 435072532480, "timestamp": "00:01:26.415", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140699786600448, "type": "region", "version": 1 }, "end_va": 140699786608639, "entry_point": 0, "filename": null, "id": "region_5832", "name": "private_0x00007ff738cce000", "norm_filename": null, "region_type": "private_memory", "start_va": 140699786600448, "timestamp": "00:01:26.415", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140699787812864, "type": "region", "version": 1 }, "end_va": 140699787821055, "entry_point": 0, "filename": null, "id": "region_5833", "name": "private_0x00007ff738df6000", "norm_filename": null, "region_type": "private_memory", "start_va": 140699787812864, "timestamp": "00:01:26.415", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1458176, "start_va": 140725039202304, "type": "region", "version": 1 }, "end_va": 140725040660479, "entry_point": 140725039341808, "filename": "\\Windows\\System32\\propsys.dll", "id": "region_5834", "name": "propsys.dll", "norm_filename": "c:\\windows\\system32\\propsys.dll", "region_type": "memory_mapped_file", "start_va": 140725039202304, "timestamp": "00:01:26.417", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "\"C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\armsvc.exe\"", "filename": "c:\\program files (x86)\\common files\\adobe\\arm\\1.0\\armsvc.exe", "id": "proc_63", "image_name": "armsvc.exe", "monitor_reason": "child_process", "monitored_id": 63, "origin_monitor_id": 39, "ref_parent_process": { "ref_id": "proc_39", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 131072, "start_va": 2752512, "type": "region", "version": 1 }, "end_va": 2883583, "entry_point": 0, "filename": null, "id": "region_5797", "name": "private_0x00000000002a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2752512, "timestamp": "00:01:26.227", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2883584, "type": "region", "version": 1 }, "end_va": 2887679, "entry_point": 0, "filename": null, "id": "region_5798", "name": "private_0x00000000002c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2883584, "timestamp": "00:01:26.227", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 61440, "start_va": 2949120, "type": "region", "version": 1 }, "end_va": 3010559, "entry_point": 0, "filename": null, "id": "region_5799", "name": "pagefile_0x00000000002d0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2949120, "timestamp": "00:01:26.227", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 3014656, "type": "region", "version": 1 }, "end_va": 3276799, "entry_point": 0, "filename": null, "id": "region_5800", "name": "private_0x00000000002e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 3014656, "timestamp": "00:01:26.227", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 3276800, "type": "region", "version": 1 }, "end_va": 4325375, "entry_point": 0, "filename": null, "id": "region_5801", "name": "private_0x0000000000320000", "norm_filename": null, "region_type": "private_memory", "start_va": 3276800, "timestamp": "00:01:26.227", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 4325376, "type": "region", "version": 1 }, "end_va": 4341759, "entry_point": 0, "filename": null, "id": "region_5802", "name": "pagefile_0x0000000000420000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 4325376, "timestamp": "00:01:26.227", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 86016, "start_va": 20578304, "type": "region", "version": 1 }, "end_va": 20664319, "entry_point": 20609984, "filename": "\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\armsvc.exe", "id": "region_5803", "name": "armsvc.exe", "norm_filename": "c:\\program files (x86)\\common files\\adobe\\arm\\1.0\\armsvc.exe", "region_type": "memory_mapped_file", "start_va": 20578304, "timestamp": "00:01:26.227", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1474560, "start_va": 2001338368, "type": "region", "version": 1 }, "end_va": 2002812927, "entry_point": 2001338368, "filename": "\\Windows\\SysWOW64\\ntdll.dll", "id": "region_5804", "name": "ntdll.dll", "norm_filename": "c:\\windows\\syswow64\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2001338368, "timestamp": "00:01:26.228", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 2131230720, "type": "region", "version": 1 }, "end_va": 2131374079, "entry_point": 0, "filename": null, "id": "region_5805", "name": "pagefile_0x000000007f080000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2131230720, "timestamp": "00:01:26.309", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2131394560, "type": "region", "version": 1 }, "end_va": 2131398655, "entry_point": 0, "filename": null, "id": "region_5806", "name": "private_0x000000007f0a8000", "norm_filename": null, "region_type": "private_memory", "start_va": 2131394560, "timestamp": "00:01:26.309", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2131402752, "type": "region", "version": 1 }, "end_va": 2131406847, "entry_point": 0, "filename": null, "id": "region_5807", "name": "private_0x000000007f0aa000", "norm_filename": null, "region_type": "private_memory", "start_va": 2131402752, "timestamp": "00:01:26.309", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2131415040, "type": "region", "version": 1 }, "end_va": 2131427327, "entry_point": 0, "filename": null, "id": "region_5808", "name": "private_0x000000007f0ad000", "norm_filename": null, "region_type": "private_memory", "start_va": 2131415040, "timestamp": "00:01:26.309", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable" ], "ref_process_dump": null, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_5809", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:01:26.309", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "ignored_region" ], "info": "No dump was created because this is an ignored region", "permissions": [ "readable" ], "ref_process_dump": null, "size": 140722985697280, "start_va": 2147418112, "type": "region", "version": 1 }, "end_va": 140725133115391, "entry_point": 0, "filename": null, "id": "region_5810", "name": "private_0x000000007fff0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147418112, "timestamp": "00:01:26.309", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 140725133115392, "type": "region", "version": 1 }, "end_va": 140725134856191, "entry_point": 140725133115392, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_5811", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 140725133115392, "timestamp": "00:01:26.309", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "ignored_region" ], "info": "No dump was created because this is an ignored region", "permissions": [ "readable" ], "ref_process_dump": null, "size": 12353433600, "start_va": 140725134856192, "type": "region", "version": 1 }, "end_va": 140737488289791, "entry_point": 0, "filename": null, "id": "region_5812", "name": "private_0x00007ffd1fac9000", "norm_filename": null, "region_type": "private_memory", "start_va": 140725134856192, "timestamp": "00:01:26.309", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 4390912, "type": "region", "version": 1 }, "end_va": 4395007, "entry_point": 0, "filename": null, "id": "region_5822", "name": "pagefile_0x0000000000430000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 4390912, "timestamp": "00:01:26.377", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 4456448, "type": "region", "version": 1 }, "end_va": 4464639, "entry_point": 0, "filename": null, "id": "region_5824", "name": "private_0x0000000000440000", "norm_filename": null, "region_type": "private_memory", "start_va": 4456448, "timestamp": "00:01:26.378", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 6160384, "type": "region", "version": 1 }, "end_va": 6225919, "entry_point": 0, "filename": null, "id": "region_5849", "name": "private_0x00000000005e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 6160384, "timestamp": "00:01:26.611", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 36864, "start_va": 2000486400, "type": "region", "version": 1 }, "end_va": 2000523263, "entry_point": 2000486400, "filename": "\\Windows\\System32\\wow64cpu.dll", "id": "region_5850", "name": "wow64cpu.dll", "norm_filename": "c:\\windows\\system32\\wow64cpu.dll", "region_type": "memory_mapped_file", "start_va": 2000486400, "timestamp": "00:01:26.611", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 425984, "start_va": 2000551936, "type": "region", "version": 1 }, "end_va": 2000977919, "entry_point": 2000551936, "filename": "\\Windows\\System32\\wow64win.dll", "id": "region_5851", "name": "wow64win.dll", "norm_filename": "c:\\windows\\system32\\wow64win.dll", "region_type": "memory_mapped_file", "start_va": 2000551936, "timestamp": "00:01:26.621", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 299008, "start_va": 2001010688, "type": "region", "version": 1 }, "end_va": 2001309695, "entry_point": 2001010688, "filename": "\\Windows\\System32\\wow64.dll", "id": "region_5852", "name": "wow64.dll", "norm_filename": "c:\\windows\\system32\\wow64.dll", "region_type": "memory_mapped_file", "start_va": 2001010688, "timestamp": "00:01:26.629", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1310720, "start_va": 1975320576, "type": "region", "version": 1 }, "end_va": 1976631295, "entry_point": 1975320576, "filename": "\\Windows\\SysWOW64\\kernel32.dll", "id": "region_5893", "name": "kernel32.dll", "norm_filename": "c:\\windows\\syswow64\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1975320576, "timestamp": "00:01:26.872", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1310720, "start_va": 4521984, "type": "region", "version": 1 }, "end_va": 5832703, "entry_point": 0, "filename": null, "id": "region_5909", "name": "private_0x0000000000450000", "norm_filename": null, "region_type": "private_memory", "start_va": 4521984, "timestamp": "00:01:27.399", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1310720, "start_va": 1975320576, "type": "region", "version": 1 }, "end_va": 1976631295, "entry_point": 1975405006, "filename": "\\Windows\\SysWOW64\\kernel32.dll", "id": "region_5910", "name": "kernel32.dll", "norm_filename": "c:\\windows\\syswow64\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1975320576, "timestamp": "00:01:27.400", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 847872, "start_va": 1965555712, "type": "region", "version": 1 }, "end_va": 1966403583, "entry_point": 1965555712, "filename": "\\Windows\\SysWOW64\\KernelBase.dll", "id": "region_5911", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\syswow64\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 1965555712, "timestamp": "00:01:27.402", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 2752512, "type": "region", "version": 1 }, "end_va": 2818047, "entry_point": 0, "filename": null, "id": "region_5915", "name": "pagefile_0x00000000002a0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2752512, "timestamp": "00:01:27.649", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2130182144, "type": "region", "version": 1 }, "end_va": 2131230719, "entry_point": 0, "filename": null, "id": "region_5916", "name": "pagefile_0x000000007ef80000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130182144, "timestamp": "00:01:27.649", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 516096, "start_va": 6225920, "type": "region", "version": 1 }, "end_va": 6742015, "entry_point": 6225920, "filename": "\\Windows\\System32\\locale.nls", "id": "region_5917", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 6225920, "timestamp": "00:01:27.651", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1376256, "start_va": 1967128576, "type": "region", "version": 1 }, "end_va": 1968504831, "entry_point": 1967128576, "filename": "\\Windows\\SysWOW64\\user32.dll", "id": "region_5918", "name": "user32.dll", "norm_filename": "c:\\windows\\syswow64\\user32.dll", "region_type": "memory_mapped_file", "start_va": 1967128576, "timestamp": "00:01:27.652", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 487424, "start_va": 1978269696, "type": "region", "version": 1 }, "end_va": 1978757119, "entry_point": 1978269696, "filename": "\\Windows\\SysWOW64\\advapi32.dll", "id": "region_5920", "name": "advapi32.dll", "norm_filename": "c:\\windows\\syswow64\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 1978269696, "timestamp": "00:01:27.787", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 18493440, "start_va": 1979121664, "type": "region", "version": 1 }, "end_va": 1997615103, "entry_point": 1979121664, "filename": "\\Windows\\SysWOW64\\shell32.dll", "id": "region_5944", "name": "shell32.dll", "norm_filename": "c:\\windows\\syswow64\\shell32.dll", "region_type": "memory_mapped_file", "start_va": 1979121664, "timestamp": "00:01:28.095", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1093632, "start_va": 1973551104, "type": "region", "version": 1 }, "end_va": 1974644735, "entry_point": 1973551104, "filename": "\\Windows\\SysWOW64\\ole32.dll", "id": "region_5991", "name": "ole32.dll", "norm_filename": "c:\\windows\\syswow64\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 1973551104, "timestamp": "00:01:29.800", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 552960, "start_va": 1974665216, "type": "region", "version": 1 }, "end_va": 1975218175, "entry_point": 1974665216, "filename": "\\Windows\\SysWOW64\\oleaut32.dll", "id": "region_6012", "name": "oleaut32.dll", "norm_filename": "c:\\windows\\syswow64\\oleaut32.dll", "region_type": "memory_mapped_file", "start_va": 1974665216, "timestamp": "00:01:29.990", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 16384, "start_va": 2818048, "type": "region", "version": 1 }, "end_va": 2834431, "entry_point": 0, "filename": null, "id": "region_6013", "name": "private_0x00000000002b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2818048, "timestamp": "00:01:30.003", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1568768, "start_va": 1968504832, "type": "region", "version": 1 }, "end_va": 1970073599, "entry_point": 1968504832, "filename": "\\Windows\\SysWOW64\\crypt32.dll", "id": "region_6014", "name": "crypt32.dll", "norm_filename": "c:\\windows\\syswow64\\crypt32.dll", "region_type": "memory_mapped_file", "start_va": 1968504832, "timestamp": "00:01:30.004", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 233472, "start_va": 1976631296, "type": "region", "version": 1 }, "end_va": 1976864767, "entry_point": 1976631296, "filename": "\\Windows\\SysWOW64\\wintrust.dll", "id": "region_6015", "name": "wintrust.dll", "norm_filename": "c:\\windows\\syswow64\\wintrust.dll", "region_type": "memory_mapped_file", "start_va": 1976631296, "timestamp": "00:01:30.021", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 667648, "start_va": 1960509440, "type": "region", "version": 1 }, "end_va": 1961177087, "entry_point": 1960509440, "filename": "\\Windows\\WinSxS\\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.8387_none_5094ca96bcb6b2bb\\msvcr90.dll", "id": "region_6026", "name": "msvcr90.dll", "norm_filename": "c:\\windows\\winsxs\\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.8387_none_5094ca96bcb6b2bb\\msvcr90.dll", "region_type": "memory_mapped_file", "start_va": 1960509440, "timestamp": "00:01:30.072", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1081344, "start_va": 1999110144, "type": "region", "version": 1 }, "end_va": 2000191487, "entry_point": 1999110144, "filename": "\\Windows\\SysWOW64\\gdi32.dll", "id": "region_6027", "name": "gdi32.dll", "norm_filename": "c:\\windows\\syswow64\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 1999110144, "timestamp": "00:01:30.090", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 778240, "start_va": 1976893440, "type": "region", "version": 1 }, "end_va": 1977671679, "entry_point": 1976893440, "filename": "\\Windows\\SysWOW64\\msvcrt.dll", "id": "region_6044", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\syswow64\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 1976893440, "timestamp": "00:01:30.286", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 253952, "start_va": 1973288960, "type": "region", "version": 1 }, "end_va": 1973542911, "entry_point": 1973288960, "filename": "\\Windows\\SysWOW64\\sechost.dll", "id": "region_6045", "name": "sechost.dll", "norm_filename": "c:\\windows\\syswow64\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 1973288960, "timestamp": "00:01:30.305", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 724992, "start_va": 1998323712, "type": "region", "version": 1 }, "end_va": 1999048703, "entry_point": 1998323712, "filename": "\\Windows\\SysWOW64\\rpcrt4.dll", "id": "region_6046", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\syswow64\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 1998323712, "timestamp": "00:01:30.317", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1368064, "start_va": 1963589632, "type": "region", "version": 1 }, "end_va": 1964957695, "entry_point": 1963589632, "filename": "\\Windows\\SysWOW64\\combase.dll", "id": "region_6052", "name": "combase.dll", "norm_filename": "c:\\windows\\syswow64\\combase.dll", "region_type": "memory_mapped_file", "start_va": 1963589632, "timestamp": "00:01:30.371", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 266240, "start_va": 1978793984, "type": "region", "version": 1 }, "end_va": 1979060223, "entry_point": 1978793984, "filename": "\\Windows\\SysWOW64\\shlwapi.dll", "id": "region_6053", "name": "shlwapi.dll", "norm_filename": "c:\\windows\\syswow64\\shlwapi.dll", "region_type": "memory_mapped_file", "start_va": 1978793984, "timestamp": "00:01:30.620", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 57344, "start_va": 1965096960, "type": "region", "version": 1 }, "end_va": 1965154303, "entry_point": 1965096960, "filename": "\\Windows\\SysWOW64\\msasn1.dll", "id": "region_6059", "name": "msasn1.dll", "norm_filename": "c:\\windows\\syswow64\\msasn1.dll", "region_type": "memory_mapped_file", "start_va": 1965096960, "timestamp": "00:01:30.703", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 118784, "start_va": 1961689088, "type": "region", "version": 1 }, "end_va": 1961807871, "entry_point": 1961689088, "filename": "\\Windows\\SysWOW64\\sspicli.dll", "id": "region_6060", "name": "sspicli.dll", "norm_filename": "c:\\windows\\syswow64\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 1961689088, "timestamp": "00:01:30.717", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 36864, "start_va": 1961623552, "type": "region", "version": 1 }, "end_va": 1961660415, "entry_point": 1961623552, "filename": "\\Windows\\SysWOW64\\cryptbase.dll", "id": "region_6061", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\syswow64\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 1961623552, "timestamp": "00:01:30.733", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 331776, "start_va": 1961230336, "type": "region", "version": 1 }, "end_va": 1961562111, "entry_point": 1961230336, "filename": "\\Windows\\SysWOW64\\bcryptprimitives.dll", "id": "region_6062", "name": "bcryptprimitives.dll", "norm_filename": "c:\\windows\\syswow64\\bcryptprimitives.dll", "region_type": "memory_mapped_file", "start_va": 1961230336, "timestamp": "00:01:30.742", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 6750208, "type": "region", "version": 1 }, "end_va": 8355839, "entry_point": 0, "filename": null, "id": "region_6065", "name": "pagefile_0x0000000000670000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 6750208, "timestamp": "00:01:30.757", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 8388608, "type": "region", "version": 1 }, "end_va": 9965567, "entry_point": 0, "filename": null, "id": "region_6066", "name": "pagefile_0x0000000000800000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 8388608, "timestamp": "00:01:30.757", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 786432, "start_va": 10027008, "type": "region", "version": 1 }, "end_va": 10813439, "entry_point": 0, "filename": null, "id": "region_6067", "name": "pagefile_0x0000000000990000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 10027008, "timestamp": "00:01:30.757", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 4521984, "type": "region", "version": 1 }, "end_va": 4526079, "entry_point": 0, "filename": null, "id": "region_6069", "name": "private_0x0000000000450000", "norm_filename": null, "region_type": "private_memory", "start_va": 4521984, "timestamp": "00:01:30.759", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 4784128, "type": "region", "version": 1 }, "end_va": 5832703, "entry_point": 0, "filename": null, "id": "region_6070", "name": "private_0x0000000000490000", "norm_filename": null, "region_type": "private_memory", "start_va": 4784128, "timestamp": "00:01:30.759", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1638400, "start_va": 10813440, "type": "region", "version": 1 }, "end_va": 12451839, "entry_point": 0, "filename": null, "id": "region_6071", "name": "private_0x0000000000a50000", "norm_filename": null, "region_type": "private_memory", "start_va": 10813440, "timestamp": "00:01:30.759", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 458752, "start_va": 10813440, "type": "region", "version": 1 }, "end_va": 11272191, "entry_point": 0, "filename": null, "id": "region_6072", "name": "private_0x0000000000a50000", "norm_filename": null, "region_type": "private_memory", "start_va": 10813440, "timestamp": "00:01:30.763", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 12386304, "type": "region", "version": 1 }, "end_va": 12451839, "entry_point": 0, "filename": null, "id": "region_6073", "name": "private_0x0000000000bd0000", "norm_filename": null, "region_type": "private_memory", "start_va": 12386304, "timestamp": "00:01:30.763", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 5832704, "type": "region", "version": 1 }, "end_va": 6094847, "entry_point": 0, "filename": null, "id": "region_6154", "name": "private_0x0000000000590000", "norm_filename": null, "region_type": "private_memory", "start_va": 5832704, "timestamp": "00:01:31.598", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 11272192, "type": "region", "version": 1 }, "end_va": 12320767, "entry_point": 0, "filename": null, "id": "region_6155", "name": "private_0x0000000000ac0000", "norm_filename": null, "region_type": "private_memory", "start_va": 11272192, "timestamp": "00:01:31.598", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2131382272, "type": "region", "version": 1 }, "end_va": 2131394559, "entry_point": 0, "filename": null, "id": "region_6156", "name": "private_0x000000007f0a5000", "norm_filename": null, "region_type": "private_memory", "start_va": 2131382272, "timestamp": "00:01:31.598", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 10813440, "type": "region", "version": 1 }, "end_va": 11075583, "entry_point": 0, "filename": null, "id": "region_6181", "name": "private_0x0000000000a50000", "norm_filename": null, "region_type": "private_memory", "start_va": 10813440, "timestamp": "00:01:31.837", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 11206656, "type": "region", "version": 1 }, "end_va": 11272191, "entry_point": 0, "filename": null, "id": "region_6182", "name": "private_0x0000000000ab0000", "norm_filename": null, "region_type": "private_memory", "start_va": 11206656, "timestamp": "00:01:31.837", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 12451840, "type": "region", "version": 1 }, "end_va": 13500415, "entry_point": 0, "filename": null, "id": "region_6183", "name": "private_0x0000000000be0000", "norm_filename": null, "region_type": "private_memory", "start_va": 12451840, "timestamp": "00:01:31.837", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130169856, "type": "region", "version": 1 }, "end_va": 2130182143, "entry_point": 0, "filename": null, "id": "region_6184", "name": "private_0x000000007ef7d000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130169856, "timestamp": "00:01:31.837", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 36864, "start_va": 1960443904, "type": "region", "version": 1 }, "end_va": 1960480767, "entry_point": 1960443904, "filename": "\\Windows\\SysWOW64\\kernel.appcore.dll", "id": "region_6226", "name": "kernel.appcore.dll", "norm_filename": "c:\\windows\\syswow64\\kernel.appcore.dll", "region_type": "memory_mapped_file", "start_va": 1960443904, "timestamp": "00:01:32.276", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 13500416, "type": "region", "version": 1 }, "end_va": 14024703, "entry_point": 0, "filename": null, "id": "region_6227", "name": "private_0x0000000000ce0000", "norm_filename": null, "region_type": "private_memory", "start_va": 13500416, "timestamp": "00:01:32.299", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 14024704, "type": "region", "version": 1 }, "end_va": 14286847, "entry_point": 0, "filename": null, "id": "region_8597", "name": "private_0x0000000000d60000", "norm_filename": null, "region_type": "private_memory", "start_va": 14024704, "timestamp": "00:02:02.293", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 14286848, "type": "region", "version": 1 }, "end_va": 15335423, "entry_point": 0, "filename": null, "id": "region_8598", "name": "private_0x0000000000da0000", "norm_filename": null, "region_type": "private_memory", "start_va": 14286848, "timestamp": "00:02:02.293", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130157568, "type": "region", "version": 1 }, "end_va": 2130169855, "entry_point": 0, "filename": null, "id": "region_8599", "name": "private_0x000000007ef7a000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130157568, "timestamp": "00:02:02.293", "type": "region", "version": 1 } ], "terminate_reason": "timeout", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "C:\\Windows\\system32\\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}", "filename": "c:\\windows\\system32\\dllhost.exe", "id": "proc_64", "image_name": "dllhost.exe", "monitor_reason": "child_process", "monitored_id": 64, "origin_monitor_id": 41, "ref_parent_process": { "ref_id": "proc_41", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable" ], "ref_process_dump": null, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_6233", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:01:32.350", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 131072, "start_va": 538283737088, "type": "region", "version": 1 }, "end_va": 538283868159, "entry_point": 0, "filename": null, "id": "region_6234", "name": "private_0x0000007d54360000", "norm_filename": null, "region_type": "private_memory", "start_va": 538283737088, "timestamp": "00:01:32.350", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 61440, "start_va": 538283868160, "type": "region", "version": 1 }, "end_va": 538283929599, "entry_point": 0, "filename": null, "id": "region_6235", "name": "pagefile_0x0000007d54380000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 538283868160, "timestamp": "00:01:32.350", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 538283933696, "type": "region", "version": 1 }, "end_va": 538284982271, "entry_point": 0, "filename": null, "id": "region_6236", "name": "private_0x0000007d54390000", "norm_filename": null, "region_type": "private_memory", "start_va": 538283933696, "timestamp": "00:01:32.350", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 538284982272, "type": "region", "version": 1 }, "end_va": 538284998655, "entry_point": 0, "filename": null, "id": "region_6237", "name": "pagefile_0x0000007d54490000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 538284982272, "timestamp": "00:01:32.350", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 140694736142336, "type": "region", "version": 1 }, "end_va": 140694736285695, "entry_point": 0, "filename": null, "id": "region_6238", "name": "pagefile_0x00007ff60bc50000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 140694736142336, "timestamp": "00:01:32.350", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 140694736306176, "type": "region", "version": 1 }, "end_va": 140694736310271, "entry_point": 0, "filename": null, "id": "region_6239", "name": "private_0x00007ff60bc78000", "norm_filename": null, "region_type": "private_memory", "start_va": 140694736306176, "timestamp": "00:01:32.350", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140694736330752, "type": "region", "version": 1 }, "end_va": 140694736338943, "entry_point": 0, "filename": null, "id": "region_6240", "name": "private_0x00007ff60bc7e000", "norm_filename": null, "region_type": "private_memory", "start_va": 140694736330752, "timestamp": "00:01:32.350", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 28672, "start_va": 140694737453056, "type": "region", "version": 1 }, "end_va": 140694737481727, "entry_point": 140694737457540, "filename": "\\Windows\\System32\\dllhost.exe", "id": "region_6241", "name": "dllhost.exe", "norm_filename": "c:\\windows\\system32\\dllhost.exe", "region_type": "memory_mapped_file", "start_va": 140694737453056, "timestamp": "00:01:32.350", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 140725133115392, "type": "region", "version": 1 }, "end_va": 140725134856191, "entry_point": 140725133115392, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_6242", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 140725133115392, "timestamp": "00:01:32.351", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 538285047808, "type": "region", "version": 1 }, "end_va": 538285055999, "entry_point": 0, "filename": null, "id": "region_6243", "name": "private_0x0000007d544a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 538285047808, "timestamp": "00:01:32.352", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1572864, "start_va": 538285113344, "type": "region", "version": 1 }, "end_va": 538286686207, "entry_point": 0, "filename": null, "id": "region_6246", "name": "private_0x0000007d544b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 538285113344, "timestamp": "00:01:32.404", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1282048, "start_va": 140725124988928, "type": "region", "version": 1 }, "end_va": 140725126270975, "entry_point": 140725125009460, "filename": "\\Windows\\System32\\kernel32.dll", "id": "region_6247", "name": "kernel32.dll", "norm_filename": "c:\\windows\\system32\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 140725124988928, "timestamp": "00:01:32.406", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1105920, "start_va": 140725090648064, "type": "region", "version": 1 }, "end_va": 140725091753983, "entry_point": 140725090656928, "filename": "\\Windows\\System32\\KernelBase.dll", "id": "region_6248", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\system32\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 140725090648064, "timestamp": "00:01:32.407", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 538283737088, "type": "region", "version": 1 }, "end_va": 538283802623, "entry_point": 0, "filename": null, "id": "region_6249", "name": "pagefile_0x0000007d54360000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 538283737088, "timestamp": "00:01:32.411", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 140694735093760, "type": "region", "version": 1 }, "end_va": 140694736142335, "entry_point": 0, "filename": null, "id": "region_6250", "name": "pagefile_0x00007ff60bb50000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 140694735093760, "timestamp": "00:01:32.411", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 516096, "start_va": 538285113344, "type": "region", "version": 1 }, "end_va": 538285629439, "entry_point": 538285113344, "filename": "\\Windows\\System32\\locale.nls", "id": "region_6251", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 538285113344, "timestamp": "00:01:32.412", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 538285637632, "type": "region", "version": 1 }, "end_va": 538286686207, "entry_point": 0, "filename": null, "id": "region_6252", "name": "private_0x0000007d54530000", "norm_filename": null, "region_type": "private_memory", "start_va": 538285637632, "timestamp": "00:01:32.412", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 684032, "start_va": 140725098577920, "type": "region", "version": 1 }, "end_va": 140725099261951, "entry_point": 140725098588204, "filename": "\\Windows\\System32\\msvcrt.dll", "id": "region_6253", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\system32\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 140725098577920, "timestamp": "00:01:32.414", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1929216, "start_va": 140725131149312, "type": "region", "version": 1 }, "end_va": 140725133078527, "entry_point": 140725131157344, "filename": "\\Windows\\System32\\combase.dll", "id": "region_6254", "name": "combase.dll", "norm_filename": "c:\\windows\\system32\\combase.dll", "region_type": "memory_mapped_file", "start_va": 140725131149312, "timestamp": "00:01:32.414", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1269760, "start_va": 140725127806976, "type": "region", "version": 1 }, "end_va": 140725129076735, "entry_point": 140725127811408, "filename": "\\Windows\\System32\\rpcrt4.dll", "id": "region_6255", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\system32\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 140725127806976, "timestamp": "00:01:32.416", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 786432, "start_va": 538286686208, "type": "region", "version": 1 }, "end_va": 538287472639, "entry_point": 0, "filename": null, "id": "region_6256", "name": "private_0x0000007d54630000", "norm_filename": null, "region_type": "private_memory", "start_va": 538286686208, "timestamp": "00:01:32.418", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 28672, "start_va": 538283802624, "type": "region", "version": 1 }, "end_va": 538283831295, "entry_point": 0, "filename": null, "id": "region_6257", "name": "private_0x0000007d54370000", "norm_filename": null, "region_type": "private_memory", "start_va": 538283802624, "timestamp": "00:01:32.419", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 761856, "start_va": 538287472640, "type": "region", "version": 1 }, "end_va": 538288234495, "entry_point": 538287654760, "filename": "\\Windows\\System32\\rpcss.dll", "id": "region_6258", "name": "rpcss.dll", "norm_filename": "c:\\windows\\system32\\rpcss.dll", "region_type": "memory_mapped_file", "start_va": 538287472640, "timestamp": "00:01:32.421", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 140725068431360, "type": "region", "version": 1 }, "end_va": 140725068472319, "entry_point": 140725068437320, "filename": "\\Windows\\System32\\kernel.appcore.dll", "id": "region_6259", "name": "kernel.appcore.dll", "norm_filename": "c:\\windows\\system32\\kernel.appcore.dll", "region_type": "memory_mapped_file", "start_va": 140725068431360, "timestamp": "00:01:32.426", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 140725085208576, "type": "region", "version": 1 }, "end_va": 140725085249535, "entry_point": 140725085212688, "filename": "\\Windows\\System32\\cryptbase.dll", "id": "region_6260", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\system32\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 140725085208576, "timestamp": "00:01:32.428", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 28672, "start_va": 538286686208, "type": "region", "version": 1 }, "end_va": 538286714879, "entry_point": 0, "filename": null, "id": "region_6261", "name": "private_0x0000007d54630000", "norm_filename": null, "region_type": "private_memory", "start_va": 538286686208, "timestamp": "00:01:32.429", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 538287407104, "type": "region", "version": 1 }, "end_va": 538287472639, "entry_point": 0, "filename": null, "id": "region_6262", "name": "private_0x0000007d546e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 538287407104, "timestamp": "00:01:32.429", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 385024, "start_va": 140725084815360, "type": "region", "version": 1 }, "end_va": 140725085200383, "entry_point": 140725084944032, "filename": "\\Windows\\System32\\bcryptprimitives.dll", "id": "region_6263", "name": "bcryptprimitives.dll", "norm_filename": "c:\\windows\\system32\\bcryptprimitives.dll", "region_type": "memory_mapped_file", "start_va": 140725084815360, "timestamp": "00:01:32.429", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 538286751744, "type": "region", "version": 1 }, "end_va": 538286755839, "entry_point": 0, "filename": null, "id": "region_6265", "name": "pagefile_0x0000007d54640000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 538286751744, "timestamp": "00:01:32.488", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 671744, "start_va": 140725095825408, "type": "region", "version": 1 }, "end_va": 140725096497151, "entry_point": 140725095829872, "filename": "\\Windows\\System32\\clbcatq.dll", "id": "region_6266", "name": "clbcatq.dll", "norm_filename": "c:\\windows\\system32\\clbcatq.dll", "region_type": "memory_mapped_file", "start_va": 140725095825408, "timestamp": "00:01:32.489", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 538286817280, "type": "region", "version": 1 }, "end_va": 538286821375, "entry_point": 0, "filename": null, "id": "region_6267", "name": "pagefile_0x0000007d54650000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 538286817280, "timestamp": "00:01:32.491", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 356352, "start_va": 140725098184704, "type": "region", "version": 1 }, "end_va": 140725098541055, "entry_point": 140725098194176, "filename": "\\Windows\\System32\\sechost.dll", "id": "region_6275", "name": "sechost.dll", "norm_filename": "c:\\windows\\system32\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 140725098184704, "timestamp": "00:01:32.610", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 122880, "start_va": 140725079769088, "type": "region", "version": 1 }, "end_va": 140725079891967, "entry_point": 140725079773640, "filename": "\\Windows\\System32\\cryptsp.dll", "id": "region_6276", "name": "cryptsp.dll", "norm_filename": "c:\\windows\\system32\\cryptsp.dll", "region_type": "memory_mapped_file", "start_va": 140725079769088, "timestamp": "00:01:32.615", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 217088, "start_va": 140725075443712, "type": "region", "version": 1 }, "end_va": 140725075660799, "entry_point": 140725075448792, "filename": "\\Windows\\System32\\rsaenh.dll", "id": "region_6281", "name": "rsaenh.dll", "norm_filename": "c:\\windows\\system32\\rsaenh.dll", "region_type": "memory_mapped_file", "start_va": 140725075443712, "timestamp": "00:01:32.687", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 155648, "start_va": 140725082062848, "type": "region", "version": 1 }, "end_va": 140725082218495, "entry_point": 140725082086248, "filename": "\\Windows\\System32\\bcrypt.dll", "id": "region_6282", "name": "bcrypt.dll", "norm_filename": "c:\\windows\\system32\\bcrypt.dll", "region_type": "memory_mapped_file", "start_va": 140725082062848, "timestamp": "00:01:32.688", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2969600, "start_va": 538287472640, "type": "region", "version": 1 }, "end_va": 538290442239, "entry_point": 538287472640, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_6283", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 538287472640, "timestamp": "00:01:32.693", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 538290487296, "type": "region", "version": 1 }, "end_va": 538291535871, "entry_point": 0, "filename": null, "id": "region_6291", "name": "private_0x0000007d549d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 538290487296, "timestamp": "00:01:32.720", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 538291535872, "type": "region", "version": 1 }, "end_va": 538292584447, "entry_point": 0, "filename": null, "id": "region_6292", "name": "private_0x0000007d54ad0000", "norm_filename": null, "region_type": "private_memory", "start_va": 538291535872, "timestamp": "00:01:32.720", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140694736314368, "type": "region", "version": 1 }, "end_va": 140694736322559, "entry_point": 0, "filename": null, "id": "region_6293", "name": "private_0x00007ff60bc7a000", "norm_filename": null, "region_type": "private_memory", "start_va": 140694736314368, "timestamp": "00:01:32.720", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140694736322560, "type": "region", "version": 1 }, "end_va": 140694736330751, "entry_point": 0, "filename": null, "id": "region_6294", "name": "private_0x00007ff60bc7c000", "norm_filename": null, "region_type": "private_memory", "start_va": 140694736322560, "timestamp": "00:01:32.720", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 538292584448, "type": "region", "version": 1 }, "end_va": 538293633023, "entry_point": 0, "filename": null, "id": "region_6295", "name": "private_0x0000007d54bd0000", "norm_filename": null, "region_type": "private_memory", "start_va": 538292584448, "timestamp": "00:01:32.723", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 538293633024, "type": "region", "version": 1 }, "end_va": 538294681599, "entry_point": 0, "filename": null, "id": "region_6296", "name": "private_0x0000007d54cd0000", "norm_filename": null, "region_type": "private_memory", "start_va": 538293633024, "timestamp": "00:01:32.723", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140694736289792, "type": "region", "version": 1 }, "end_va": 140694736297983, "entry_point": 0, "filename": null, "id": "region_6297", "name": "private_0x00007ff60bc74000", "norm_filename": null, "region_type": "private_memory", "start_va": 140694736289792, "timestamp": "00:01:32.723", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140694736297984, "type": "region", "version": 1 }, "end_va": 140694736306175, "entry_point": 0, "filename": null, "id": "region_6298", "name": "private_0x00007ff60bc76000", "norm_filename": null, "region_type": "private_memory", "start_va": 140694736297984, "timestamp": "00:01:32.723", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1511424, "start_va": 140725093466112, "type": "region", "version": 1 }, "end_va": 140725094977535, "entry_point": 140725093620416, "filename": "\\Windows\\System32\\user32.dll", "id": "region_6299", "name": "user32.dll", "norm_filename": "c:\\windows\\system32\\user32.dll", "region_type": "memory_mapped_file", "start_va": 140725093466112, "timestamp": "00:01:32.723", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1331200, "start_va": 140725129773056, "type": "region", "version": 1 }, "end_va": 140725131104255, "entry_point": 140725129845848, "filename": "\\Windows\\System32\\gdi32.dll", "id": "region_6300", "name": "gdi32.dll", "norm_filename": "c:\\windows\\system32\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 140725129773056, "timestamp": "00:01:32.724", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 212992, "start_va": 538286882816, "type": "region", "version": 1 }, "end_va": 538287095807, "entry_point": 538286886960, "filename": "\\Windows\\System32\\imm32.dll", "id": "region_6301", "name": "imm32.dll", "norm_filename": "c:\\windows\\system32\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 538286882816, "timestamp": "00:01:32.727", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 538294681600, "type": "region", "version": 1 }, "end_va": 538296287231, "entry_point": 0, "filename": null, "id": "region_6302", "name": "pagefile_0x0000007d54dd0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 538294681600, "timestamp": "00:01:32.728", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 212992, "start_va": 140725095563264, "type": "region", "version": 1 }, "end_va": 140725095776255, "entry_point": 140725095567408, "filename": "\\Windows\\System32\\imm32.dll", "id": "region_6303", "name": "imm32.dll", "norm_filename": "c:\\windows\\system32\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 140725095563264, "timestamp": "00:01:32.728", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1277952, "start_va": 140725091762176, "type": "region", "version": 1 }, "end_va": 140725093040127, "entry_point": 140725091766288, "filename": "\\Windows\\System32\\msctf.dll", "id": "region_6304", "name": "msctf.dll", "norm_filename": "c:\\windows\\system32\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 140725091762176, "timestamp": "00:01:32.729", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 538296320000, "type": "region", "version": 1 }, "end_va": 538297896959, "entry_point": 0, "filename": null, "id": "region_6305", "name": "pagefile_0x0000007d54f60000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 538296320000, "timestamp": "00:01:32.732", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20971520, "start_va": 538297958400, "type": "region", "version": 1 }, "end_va": 538318929919, "entry_point": 0, "filename": null, "id": "region_6306", "name": "pagefile_0x0000007d550f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 538297958400, "timestamp": "00:01:32.733", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 538286882816, "type": "region", "version": 1 }, "end_va": 538286886911, "entry_point": 0, "filename": null, "id": "region_6309", "name": "private_0x0000007d54660000", "norm_filename": null, "region_type": "private_memory", "start_va": 538286882816, "timestamp": "00:01:32.742", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 538286948352, "type": "region", "version": 1 }, "end_va": 538286952447, "entry_point": 0, "filename": null, "id": "region_6310", "name": "private_0x0000007d54670000", "norm_filename": null, "region_type": "private_memory", "start_va": 538286948352, "timestamp": "00:01:32.742", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1187840, "start_va": 140725066858496, "type": "region", "version": 1 }, "end_va": 140725068046335, "entry_point": 140725066904644, "filename": "\\Windows\\System32\\uxtheme.dll", "id": "region_6311", "name": "uxtheme.dll", "norm_filename": "c:\\windows\\system32\\uxtheme.dll", "region_type": "memory_mapped_file", "start_va": 140725066858496, "timestamp": "00:01:32.742", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1507328, "start_va": 538318929920, "type": "region", "version": 1 }, "end_va": 538320437247, "entry_point": 0, "filename": null, "id": "region_6312", "name": "private_0x0000007d564f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 538318929920, "timestamp": "00:01:32.743", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 538287013888, "type": "region", "version": 1 }, "end_va": 538287017983, "entry_point": 0, "filename": null, "id": "region_6314", "name": "pagefile_0x0000007d54680000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 538287013888, "timestamp": "00:01:32.749", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 983040, "start_va": 538318929920, "type": "region", "version": 1 }, "end_va": 538319912959, "entry_point": 0, "filename": null, "id": "region_6315", "name": "pagefile_0x0000007d564f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 538318929920, "timestamp": "00:01:32.749", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 538320371712, "type": "region", "version": 1 }, "end_va": 538320437247, "entry_point": 0, "filename": null, "id": "region_6316", "name": "private_0x0000007d56650000", "norm_filename": null, "region_type": "private_memory", "start_va": 538320371712, "timestamp": "00:01:32.749", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 538287013888, "type": "region", "version": 1 }, "end_va": 538287030271, "entry_point": 0, "filename": null, "id": "region_6317", "name": "pagefile_0x0000007d54680000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 538287013888, "timestamp": "00:01:32.749", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 28672, "start_va": 538287079424, "type": "region", "version": 1 }, "end_va": 538287108095, "entry_point": 0, "filename": null, "id": "region_6318", "name": "private_0x0000007d54690000", "norm_filename": null, "region_type": "private_memory", "start_va": 538287079424, "timestamp": "00:01:32.750", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 538320437248, "type": "region", "version": 1 }, "end_va": 538321485823, "entry_point": 0, "filename": null, "id": "region_6323", "name": "private_0x0000007d56660000", "norm_filename": null, "region_type": "private_memory", "start_va": 538320437248, "timestamp": "00:01:32.762", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140694735085568, "type": "region", "version": 1 }, "end_va": 140694735093759, "entry_point": 0, "filename": null, "id": "region_6324", "name": "private_0x00007ff60bb4e000", "norm_filename": null, "region_type": "private_memory", "start_va": 140694735085568, "timestamp": "00:01:32.762", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 172032, "start_va": 140724969930752, "type": "region", "version": 1 }, "end_va": 140724970102783, "entry_point": 140724969979796, "filename": "\\Windows\\System32\\thumbcache.dll", "id": "region_6325", "name": "thumbcache.dll", "norm_filename": "c:\\windows\\system32\\thumbcache.dll", "region_type": "memory_mapped_file", "start_va": 140724969930752, "timestamp": "00:01:32.764", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 749568, "start_va": 140725101002752, "type": "region", "version": 1 }, "end_va": 140725101752319, "entry_point": 140725101007136, "filename": "\\Windows\\System32\\oleaut32.dll", "id": "region_6326", "name": "oleaut32.dll", "norm_filename": "c:\\windows\\system32\\oleaut32.dll", "region_type": "memory_mapped_file", "start_va": 140725101002752, "timestamp": "00:01:32.765", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 659456, "start_va": 140725060108288, "type": "region", "version": 1 }, "end_va": 140725060767743, "entry_point": 140725060112544, "filename": "\\Windows\\System32\\SHCore.dll", "id": "region_6327", "name": "shcore.dll", "norm_filename": "c:\\windows\\system32\\shcore.dll", "region_type": "memory_mapped_file", "start_va": 140725060108288, "timestamp": "00:01:32.766", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 21032960, "start_va": 140725103951872, "type": "region", "version": 1 }, "end_va": 140725124984831, "entry_point": 140725103956224, "filename": "\\Windows\\System32\\shell32.dll", "id": "region_6328", "name": "shell32.dll", "norm_filename": "c:\\windows\\system32\\shell32.dll", "region_type": "memory_mapped_file", "start_va": 140725103951872, "timestamp": "00:01:32.770", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1458176, "start_va": 140725039202304, "type": "region", "version": 1 }, "end_va": 140725040660479, "entry_point": 140725039341808, "filename": "\\Windows\\System32\\propsys.dll", "id": "region_6329", "name": "propsys.dll", "norm_filename": "c:\\windows\\system32\\propsys.dll", "region_type": "memory_mapped_file", "start_va": 140725039202304, "timestamp": "00:01:32.770", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 331776, "start_va": 140725095038976, "type": "region", "version": 1 }, "end_va": 140725095370751, "entry_point": 140725095043776, "filename": "\\Windows\\System32\\shlwapi.dll", "id": "region_6330", "name": "shlwapi.dll", "norm_filename": "c:\\windows\\system32\\shlwapi.dll", "region_type": "memory_mapped_file", "start_va": 140725095038976, "timestamp": "00:01:32.773", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1536000, "start_va": 538321485824, "type": "region", "version": 1 }, "end_va": 538323021823, "entry_point": 538321490100, "filename": "\\Windows\\System32\\ole32.dll", "id": "region_6331", "name": "ole32.dll", "norm_filename": "c:\\windows\\system32\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 538321485824, "timestamp": "00:01:32.777", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 12288, "start_va": 538287144960, "type": "region", "version": 1 }, "end_va": 538287157247, "entry_point": 0, "filename": null, "id": "region_6332", "name": "pagefile_0x0000007d546a0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 538287144960, "timestamp": "00:01:32.780", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2465792, "start_va": 140725055651840, "type": "region", "version": 1 }, "end_va": 140725058117631, "entry_point": 140725055670080, "filename": "\\Windows\\WinSxS\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_62475f7becb72503\\comctl32.dll", "id": "region_6333", "name": "comctl32.dll", "norm_filename": "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_62475f7becb72503\\comctl32.dll", "region_type": "memory_mapped_file", "start_va": 140725055651840, "timestamp": "00:01:32.781", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 538287210496, "type": "region", "version": 1 }, "end_va": 538287214591, "entry_point": 538287210496, "filename": "\\Windows\\WindowsShell.Manifest", "id": "region_6334", "name": "windowsshell.manifest", "norm_filename": "c:\\windows\\windowsshell.manifest", "region_type": "memory_mapped_file", "start_va": 538287210496, "timestamp": "00:01:32.783", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 538287276032, "type": "region", "version": 1 }, "end_va": 538287284223, "entry_point": 0, "filename": null, "id": "region_6335", "name": "pagefile_0x0000007d546c0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 538287276032, "timestamp": "00:01:32.783", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 458752, "start_va": 140724973207552, "type": "region", "version": 1 }, "end_va": 140724973666303, "entry_point": 140724973218676, "filename": "\\Windows\\System32\\PhotoMetadataHandler.dll", "id": "region_6341", "name": "photometadatahandler.dll", "norm_filename": "c:\\windows\\system32\\photometadatahandler.dll", "region_type": "memory_mapped_file", "start_va": 140724973207552, "timestamp": "00:01:32.837", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1650688, "start_va": 140725037039616, "type": "region", "version": 1 }, "end_va": 140725038690303, "entry_point": 140725037085936, "filename": "\\Windows\\System32\\WindowsCodecs.dll", "id": "region_6342", "name": "windowscodecs.dll", "norm_filename": "c:\\windows\\system32\\windowscodecs.dll", "region_type": "memory_mapped_file", "start_va": 140725037039616, "timestamp": "00:01:32.838", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2813952, "start_va": 140724980547584, "type": "region", "version": 1 }, "end_va": 140724983361535, "entry_point": 140724980555492, "filename": "\\Windows\\System32\\actxprxy.dll", "id": "region_6343", "name": "actxprxy.dll", "norm_filename": "c:\\windows\\system32\\actxprxy.dll", "region_type": "memory_mapped_file", "start_va": 140724980547584, "timestamp": "00:01:32.844", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable" ], "ref_process_dump": null, "size": 57344, "start_va": 538287210496, "type": "region", "version": 1 }, "end_va": 538287267839, "entry_point": 538287210496, "filename": "\\Users\\5JgHKoaOfdp\\Desktop\\4GhbRlq-JKTwUq.encrypted.bmp", "id": "region_6397", "name": "4ghbrlq-jktwuq.encrypted.bmp", "norm_filename": "c:\\users\\5jghkoaofdp\\desktop\\4ghbrlq-jktwuq.encrypted.bmp", "region_type": "memory_mapped_file", "start_va": 538287210496, "timestamp": "00:01:33.067", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable" ], "ref_process_dump": null, "size": 24576, "start_va": 538287210496, "type": "region", "version": 1 }, "end_va": 538287235071, "entry_point": 538287210496, "filename": "\\Users\\5JgHKoaOfdp\\Desktop\\7tLy.encrypted.png", "id": "region_6450", "name": "7tly.encrypted.png", "norm_filename": "c:\\users\\5jghkoaofdp\\desktop\\7tly.encrypted.png", "region_type": "memory_mapped_file", "start_va": 538287210496, "timestamp": "00:01:33.335", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable" ], "ref_process_dump": null, "size": 40960, "start_va": 538287210496, "type": "region", "version": 1 }, "end_va": 538287251455, "entry_point": 538287210496, "filename": "\\Users\\5JgHKoaOfdp\\Desktop\\b1DrBF6BJiH2t5R.encrypted.bmp", "id": "region_6493", "name": "b1drbf6bjih2t5r.encrypted.bmp", "norm_filename": "c:\\users\\5jghkoaofdp\\desktop\\b1drbf6bjih2t5r.encrypted.bmp", "region_type": "memory_mapped_file", "start_va": 538287210496, "timestamp": "00:01:33.529", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable" ], "ref_process_dump": null, "size": 98304, "start_va": 538319912960, "type": "region", "version": 1 }, "end_va": 538320011263, "entry_point": 538319912960, "filename": "\\Users\\5JgHKoaOfdp\\Desktop\\DjG5LKzHA.encrypted.bmp", "id": "region_6511", "name": "djg5lkzha.encrypted.bmp", "norm_filename": "c:\\users\\5jghkoaofdp\\desktop\\djg5lkzha.encrypted.bmp", "region_type": "memory_mapped_file", "start_va": 538319912960, "timestamp": "00:01:33.621", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 538287210496, "type": "region", "version": 1 }, "end_va": 538287214591, "entry_point": 0, "filename": null, "id": "region_6522", "name": "pagefile_0x0000007d546b0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 538287210496, "timestamp": "00:01:33.830", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1531904, "start_va": 140725096546304, "type": "region", "version": 1 }, "end_va": 140725098078207, "entry_point": 140725096550580, "filename": "\\Windows\\System32\\ole32.dll", "id": "region_6523", "name": "ole32.dll", "norm_filename": "c:\\windows\\system32\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 140725096546304, "timestamp": "00:01:33.834", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 675840, "start_va": 140725126299648, "type": "region", "version": 1 }, "end_va": 140725126975487, "entry_point": 140725126303760, "filename": "\\Windows\\System32\\advapi32.dll", "id": "region_6524", "name": "advapi32.dll", "norm_filename": "c:\\windows\\system32\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 140725126299648, "timestamp": "00:01:33.839", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 538287341568, "type": "region", "version": 1 }, "end_va": 538287357951, "entry_point": 538287341568, "filename": "\\Users\\5JgHKoaOfdp\\AppData\\Local\\Microsoft\\Windows\\Caches\\cversions.1.db", "id": "region_6525", "name": "cversions.1.db", "norm_filename": "c:\\users\\5jghkoaofdp\\appdata\\local\\microsoft\\windows\\caches\\cversions.1.db", "region_type": "memory_mapped_file", "start_va": 538287341568, "timestamp": "00:01:33.842", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable" ], "ref_process_dump": null, "size": 94208, "start_va": 538319912960, "type": "region", "version": 1 }, "end_va": 538320007167, "entry_point": 538319912960, "filename": "\\Users\\5JgHKoaOfdp\\AppData\\Local\\Microsoft\\Windows\\Caches\\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x000000000000001b.db", "id": "region_6526", "name": "{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x000000000000001b.db", "norm_filename": "c:\\users\\5jghkoaofdp\\appdata\\local\\microsoft\\windows\\caches\\{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x000000000000001b.db", "region_type": "memory_mapped_file", "start_va": 538319912960, "timestamp": "00:01:33.843", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 538320044032, "type": "region", "version": 1 }, "end_va": 538320048127, "entry_point": 0, "filename": null, "id": "region_6527", "name": "pagefile_0x0000007d56600000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 538320044032, "timestamp": "00:01:33.844", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 569344, "start_va": 140725066203136, "type": "region", "version": 1 }, "end_va": 140725066772479, "entry_point": 140725066207268, "filename": "\\Windows\\System32\\apphelp.dll", "id": "region_6528", "name": "apphelp.dll", "norm_filename": "c:\\windows\\system32\\apphelp.dll", "region_type": "memory_mapped_file", "start_va": 140725066203136, "timestamp": "00:01:33.848", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1925120, "start_va": 140725101789184, "type": "region", "version": 1 }, "end_va": 140725103714303, "entry_point": 140725101793472, "filename": "\\Windows\\System32\\setupapi.dll", "id": "region_6529", "name": "setupapi.dll", "norm_filename": "c:\\windows\\system32\\setupapi.dll", "region_type": "memory_mapped_file", "start_va": 140725101789184, "timestamp": "00:01:33.850", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 303104, "start_va": 140725090320384, "type": "region", "version": 1 }, "end_va": 140725090623487, "entry_point": 140725090325080, "filename": "\\Windows\\System32\\cfgmgr32.dll", "id": "region_6530", "name": "cfgmgr32.dll", "norm_filename": "c:\\windows\\system32\\cfgmgr32.dll", "region_type": "memory_mapped_file", "start_va": 140725090320384, "timestamp": "00:01:33.852", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 12288, "start_va": 538287341568, "type": "region", "version": 1 }, "end_va": 538287353855, "entry_point": 0, "filename": null, "id": "region_6531", "name": "pagefile_0x0000007d546d0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 538287341568, "timestamp": "00:01:33.862", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 538320109568, "type": "region", "version": 1 }, "end_va": 538320113663, "entry_point": 0, "filename": null, "id": "region_6532", "name": "pagefile_0x0000007d56610000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 538320109568, "timestamp": "00:01:33.862", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4169728, "start_va": 538321485824, "type": "region", "version": 1 }, "end_va": 538325655551, "entry_point": 0, "filename": null, "id": "region_6533", "name": "pagefile_0x0000007d56760000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 538321485824, "timestamp": "00:01:33.862", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 811008, "start_va": 140724934344704, "type": "region", "version": 1 }, "end_va": 140724935155711, "entry_point": 140724934344704, "filename": "\\Windows\\System32\\mfmp4srcsnk.dll", "id": "region_6534", "name": "mfmp4srcsnk.dll", "norm_filename": "c:\\windows\\system32\\mfmp4srcsnk.dll", "region_type": "memory_mapped_file", "start_va": 140724934344704, "timestamp": "00:01:33.862", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable" ], "ref_process_dump": null, "size": 94208, "start_va": 538320175104, "type": "region", "version": 1 }, "end_va": 538320269311, "entry_point": 538320175104, "filename": "\\Users\\5JgHKoaOfdp\\Desktop\\FrZbOJgkVA5C6MyJ.encrypted.mp4", "id": "region_6571", "name": "frzbojgkva5c6myj.encrypted.mp4", "norm_filename": "c:\\users\\5jghkoaofdp\\desktop\\frzbojgkva5c6myj.encrypted.mp4", "region_type": "memory_mapped_file", "start_va": 538320175104, "timestamp": "00:01:34.027", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 868352, "start_va": 140724933427200, "type": "region", "version": 1 }, "end_va": 140724934295551, "entry_point": 140724933427200, "filename": "\\Windows\\System32\\mfplat.dll", "id": "region_6580", "name": "mfplat.dll", "norm_filename": "c:\\windows\\system32\\mfplat.dll", "region_type": "memory_mapped_file", "start_va": 140724933427200, "timestamp": "00:01:34.165", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 147456, "start_va": 140724932706304, "type": "region", "version": 1 }, "end_va": 140724932853759, "entry_point": 140724932706304, "filename": "\\Windows\\System32\\RTWorkQ.dll", "id": "region_6585", "name": "rtworkq.dll", "norm_filename": "c:\\windows\\system32\\rtworkq.dll", "region_type": "memory_mapped_file", "start_va": 140724932706304, "timestamp": "00:01:34.241", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 45056, "start_va": 140725036974080, "type": "region", "version": 1 }, "end_va": 140725037019135, "entry_point": 140725036978192, "filename": "\\Windows\\System32\\avrt.dll", "id": "region_6586", "name": "avrt.dll", "norm_filename": "c:\\windows\\system32\\avrt.dll", "region_type": "memory_mapped_file", "start_va": 140725036974080, "timestamp": "00:01:34.278", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable" ], "ref_process_dump": null, "size": 94208, "start_va": 538320175104, "type": "region", "version": 1 }, "end_va": 538320269311, "entry_point": 538320175104, "filename": "\\Users\\5JgHKoaOfdp\\Desktop\\k9uoo8fW7r.encrypted.jpg", "id": "region_6590", "name": "k9uoo8fw7r.encrypted.jpg", "norm_filename": "c:\\users\\5jghkoaofdp\\desktop\\k9uoo8fw7r.encrypted.jpg", "region_type": "memory_mapped_file", "start_va": 538320175104, "timestamp": "00:01:34.371", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable" ], "ref_process_dump": null, "size": 90112, "start_va": 538320175104, "type": "region", "version": 1 }, "end_va": 538320265215, "entry_point": 538320175104, "filename": "\\Users\\5JgHKoaOfdp\\Desktop\\kQG5XtNI4DupERo o1m.encrypted.jpg", "id": "region_6592", "name": "kqg5xtni4dupero o1m.encrypted.jpg", "norm_filename": "c:\\users\\5jghkoaofdp\\desktop\\kqg5xtni4dupero o1m.encrypted.jpg", "region_type": "memory_mapped_file", "start_va": 538320175104, "timestamp": "00:01:34.394", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 937984, "start_va": 140724930347008, "type": "region", "version": 1 }, "end_va": 140724931284991, "entry_point": 140724930347008, "filename": "\\Windows\\System32\\mfsrcsnk.dll", "id": "region_6604", "name": "mfsrcsnk.dll", "norm_filename": "c:\\windows\\system32\\mfsrcsnk.dll", "region_type": "memory_mapped_file", "start_va": 140724930347008, "timestamp": "00:01:34.480", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 538320175104, "type": "region", "version": 1 }, "end_va": 538320191487, "entry_point": 538320175104, "filename": "\\Users\\5JgHKoaOfdp\\Desktop\\n0ie6V_g.encrypted.avi", "id": "region_6631", "name": "n0ie6v_g.encrypted.avi", "norm_filename": "c:\\users\\5jghkoaofdp\\desktop\\n0ie6v_g.encrypted.avi", "region_type": "memory_mapped_file", "start_va": 538320175104, "timestamp": "00:01:34.689", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 538325680128, "type": "region", "version": 1 }, "end_va": 538326728703, "entry_point": 0, "filename": null, "id": "region_6632", "name": "private_0x0000007d56b60000", "norm_filename": null, "region_type": "private_memory", "start_va": 538325680128, "timestamp": "00:01:34.711", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 538320175104, "type": "region", "version": 1 }, "end_va": 538320191487, "entry_point": 538320175104, "filename": "\\Users\\5JgHKoaOfdp\\Desktop\\osTre2ekexRLOM6.encrypted.jpg", "id": "region_6679", "name": "ostre2ekexrlom6.encrypted.jpg", "norm_filename": "c:\\users\\5jghkoaofdp\\desktop\\ostre2ekexrlom6.encrypted.jpg", "region_type": "memory_mapped_file", "start_va": 538320175104, "timestamp": "00:01:34.882", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable" ], "ref_process_dump": null, "size": 28672, "start_va": 538320175104, "type": "region", "version": 1 }, "end_va": 538320203775, "entry_point": 538320175104, "filename": "\\Users\\5JgHKoaOfdp\\Desktop\\uK 6Ek_gE.encrypted.png", "id": "region_6692", "name": "uk 6ek_ge.encrypted.png", "norm_filename": "c:\\users\\5jghkoaofdp\\desktop\\uk 6ek_ge.encrypted.png", "region_type": "memory_mapped_file", "start_va": 538320175104, "timestamp": "00:01:35.073", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable" ], "ref_process_dump": null, "size": 65536, "start_va": 538320175104, "type": "region", "version": 1 }, "end_va": 538320240639, "entry_point": 538320175104, "filename": "\\Users\\5JgHKoaOfdp\\Desktop\\Ur9w.encrypted.mp3", "id": "region_6696", "name": "ur9w.encrypted.mp3", "norm_filename": "c:\\users\\5jghkoaofdp\\desktop\\ur9w.encrypted.mp3", "region_type": "memory_mapped_file", "start_va": 538320175104, "timestamp": "00:01:35.097", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable" ], "ref_process_dump": null, "size": 32768, "start_va": 538320175104, "type": "region", "version": 1 }, "end_va": 538320207871, "entry_point": 538320175104, "filename": "\\Users\\5JgHKoaOfdp\\Desktop\\xE_1J.encrypted.avi", "id": "region_6698", "name": "xe_1j.encrypted.avi", "norm_filename": "c:\\users\\5jghkoaofdp\\desktop\\xe_1j.encrypted.avi", "region_type": "memory_mapped_file", "start_va": 538320175104, "timestamp": "00:01:35.116", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable" ], "ref_process_dump": null, "size": 81920, "start_va": 538320175104, "type": "region", "version": 1 }, "end_va": 538320257023, "entry_point": 538320175104, "filename": "\\Users\\5JgHKoaOfdp\\Desktop\\YPMyrW0Yu.encrypted.mp3", "id": "region_6699", "name": "ypmyrw0yu.encrypted.mp3", "norm_filename": "c:\\users\\5jghkoaofdp\\desktop\\ypmyrw0yu.encrypted.mp3", "region_type": "memory_mapped_file", "start_va": 538320175104, "timestamp": "00:01:35.129", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable" ], "ref_process_dump": null, "size": 24576, "start_va": 538320175104, "type": "region", "version": 1 }, "end_va": 538320199679, "entry_point": 538320175104, "filename": "\\Users\\5JgHKoaOfdp\\Desktop\\Zpipq.encrypted.avi", "id": "region_6706", "name": "zpipq.encrypted.avi", "norm_filename": "c:\\users\\5jghkoaofdp\\desktop\\zpipq.encrypted.avi", "region_type": "memory_mapped_file", "start_va": 538320175104, "timestamp": "00:01:35.201", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable" ], "ref_process_dump": null, "size": 57344, "start_va": 538320175104, "type": "region", "version": 1 }, "end_va": 538320232447, "entry_point": 538320175104, "filename": "\\Users\\5JgHKoaOfdp\\Desktop\\4GhbRlq-JKTwUq.encrypted.bmp", "id": "region_7036", "name": "4ghbrlq-jktwuq.encrypted.bmp", "norm_filename": "c:\\users\\5jghkoaofdp\\desktop\\4ghbrlq-jktwuq.encrypted.bmp", "region_type": "memory_mapped_file", "start_va": 538320175104, "timestamp": "00:01:37.614", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable" ], "ref_process_dump": null, "size": 24576, "start_va": 538320175104, "type": "region", "version": 1 }, "end_va": 538320199679, "entry_point": 538320175104, "filename": "\\Users\\5JgHKoaOfdp\\Desktop\\7tLy.encrypted.png", "id": "region_7202", "name": "7tly.encrypted.png", "norm_filename": "c:\\users\\5jghkoaofdp\\desktop\\7tly.encrypted.png", "region_type": "memory_mapped_file", "start_va": 538320175104, "timestamp": "00:01:38.281", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable" ], "ref_process_dump": null, "size": 40960, "start_va": 538320175104, "type": "region", "version": 1 }, "end_va": 538320216063, "entry_point": 538320175104, "filename": "\\Users\\5JgHKoaOfdp\\Desktop\\b1DrBF6BJiH2t5R.encrypted.bmp", "id": "region_7222", "name": "b1drbf6bjih2t5r.encrypted.bmp", "norm_filename": "c:\\users\\5jghkoaofdp\\desktop\\b1drbf6bjih2t5r.encrypted.bmp", "region_type": "memory_mapped_file", "start_va": 538320175104, "timestamp": "00:01:38.481", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable" ], "ref_process_dump": null, "size": 98304, "start_va": 538320175104, "type": "region", "version": 1 }, "end_va": 538320273407, "entry_point": 538320175104, "filename": "\\Users\\5JgHKoaOfdp\\Desktop\\DjG5LKzHA.encrypted.bmp", "id": "region_7226", "name": "djg5lkzha.encrypted.bmp", "norm_filename": "c:\\users\\5jghkoaofdp\\desktop\\djg5lkzha.encrypted.bmp", "region_type": "memory_mapped_file", "start_va": 538320175104, "timestamp": "00:01:38.592", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 538320175104, "type": "region", "version": 1 }, "end_va": 538320183295, "entry_point": 538320175104, "filename": "\\Users\\5JgHKoaOfdp\\Desktop\\cChNLI nseUI.encrypted.mp3", "id": "region_7813", "name": "cchnli nseui.encrypted.mp3", "norm_filename": "c:\\users\\5jghkoaofdp\\desktop\\cchnli nseui.encrypted.mp3", "region_type": "memory_mapped_file", "start_va": 538320175104, "timestamp": "00:01:44.260", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 538320175104, "type": "region", "version": 1 }, "end_va": 538320179199, "entry_point": 538320175104, "filename": "\\Users\\5JgHKoaOfdp\\Desktop\\JMyoN8-H.mp3", "id": "region_7824", "name": "jmyon8-h.mp3", "norm_filename": "c:\\users\\5jghkoaofdp\\desktop\\jmyon8-h.mp3", "region_type": "memory_mapped_file", "start_va": 538320175104, "timestamp": "00:01:44.365", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "C:\\Windows\\system32\\svchost.exe -k LocalServiceAndNoImpersonation", "filename": "c:\\windows\\system32\\svchost.exe", "id": "proc_65", "image_name": "svchost.exe", "monitor_reason": "child_process", "monitored_id": 65, "origin_monitor_id": 39, "ref_parent_process": { "ref_id": "proc_39", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable" ], "ref_process_dump": null, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_6782", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:01:35.727", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 131072, "start_va": 427445977088, "type": "region", "version": 1 }, "end_va": 427446108159, "entry_point": 0, "filename": null, "id": "region_6783", "name": "private_0x0000006385c40000", "norm_filename": null, "region_type": "private_memory", "start_va": 427445977088, "timestamp": "00:01:35.727", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 61440, "start_va": 427446108160, "type": "region", "version": 1 }, "end_va": 427446169599, "entry_point": 0, "filename": null, "id": "region_6784", "name": "pagefile_0x0000006385c60000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 427446108160, "timestamp": "00:01:35.727", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 427446173696, "type": "region", "version": 1 }, "end_va": 427446697983, "entry_point": 0, "filename": null, "id": "region_6785", "name": "private_0x0000006385c70000", "norm_filename": null, "region_type": "private_memory", "start_va": 427446173696, "timestamp": "00:01:35.727", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 427446697984, "type": "region", "version": 1 }, "end_va": 427446714367, "entry_point": 0, "filename": null, "id": "region_6786", "name": "pagefile_0x0000006385cf0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 427446697984, "timestamp": "00:01:35.727", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 140694935437312, "type": "region", "version": 1 }, "end_va": 140694935580671, "entry_point": 0, "filename": null, "id": "region_6787", "name": "pagefile_0x00007ff617a60000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 140694935437312, "timestamp": "00:01:35.727", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140694935617536, "type": "region", "version": 1 }, "end_va": 140694935625727, "entry_point": 0, "filename": null, "id": "region_6788", "name": "private_0x00007ff617a8c000", "norm_filename": null, "region_type": "private_memory", "start_va": 140694935617536, "timestamp": "00:01:35.727", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 140694935625728, "type": "region", "version": 1 }, "end_va": 140694935629823, "entry_point": 0, "filename": null, "id": "region_6789", "name": "private_0x00007ff617a8e000", "norm_filename": null, "region_type": "private_memory", "start_va": 140694935625728, "timestamp": "00:01:35.727", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 140694944612352, "type": "region", "version": 1 }, "end_va": 140694944661503, "entry_point": 140694944620940, "filename": "\\Windows\\System32\\svchost.exe", "id": "region_6790", "name": "svchost.exe", "norm_filename": "c:\\windows\\system32\\svchost.exe", "region_type": "memory_mapped_file", "start_va": 140694944612352, "timestamp": "00:01:35.727", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 140725133115392, "type": "region", "version": 1 }, "end_va": 140725134856191, "entry_point": 140725133115392, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_6791", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 140725133115392, "timestamp": "00:01:35.728", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 427446763520, "type": "region", "version": 1 }, "end_va": 427446767615, "entry_point": 0, "filename": null, "id": "region_6792", "name": "pagefile_0x0000006385d00000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 427446763520, "timestamp": "00:01:35.730", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 427446829056, "type": "region", "version": 1 }, "end_va": 427446837247, "entry_point": 0, "filename": null, "id": "region_6793", "name": "private_0x0000006385d10000", "norm_filename": null, "region_type": "private_memory", "start_va": 427446829056, "timestamp": "00:01:35.730", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1376256, "start_va": 427446894592, "type": "region", "version": 1 }, "end_va": 427448270847, "entry_point": 0, "filename": null, "id": "region_6806", "name": "private_0x0000006385d20000", "norm_filename": null, "region_type": "private_memory", "start_va": 427446894592, "timestamp": "00:01:35.791", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1282048, "start_va": 140725124988928, "type": "region", "version": 1 }, "end_va": 140725126270975, "entry_point": 140725125009460, "filename": "\\Windows\\System32\\kernel32.dll", "id": "region_6807", "name": "kernel32.dll", "norm_filename": "c:\\windows\\system32\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 140725124988928, "timestamp": "00:01:35.794", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1105920, "start_va": 140725090648064, "type": "region", "version": 1 }, "end_va": 140725091753983, "entry_point": 140725090656928, "filename": "\\Windows\\System32\\KernelBase.dll", "id": "region_6808", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\system32\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 140725090648064, "timestamp": "00:01:35.795", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 427445977088, "type": "region", "version": 1 }, "end_va": 427446042623, "entry_point": 0, "filename": null, "id": "region_6809", "name": "pagefile_0x0000006385c40000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 427445977088, "timestamp": "00:01:35.799", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 140694934388736, "type": "region", "version": 1 }, "end_va": 140694935437311, "entry_point": 0, "filename": null, "id": "region_6810", "name": "pagefile_0x00007ff617960000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 140694934388736, "timestamp": "00:01:35.799", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 516096, "start_va": 427448270848, "type": "region", "version": 1 }, "end_va": 427448786943, "entry_point": 427448270848, "filename": "\\Windows\\System32\\locale.nls", "id": "region_6811", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 427448270848, "timestamp": "00:01:35.800", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 356352, "start_va": 140725098184704, "type": "region", "version": 1 }, "end_va": 140725098541055, "entry_point": 140725098194176, "filename": "\\Windows\\System32\\sechost.dll", "id": "region_6812", "name": "sechost.dll", "norm_filename": "c:\\windows\\system32\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 140725098184704, "timestamp": "00:01:35.802", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1269760, "start_va": 140725127806976, "type": "region", "version": 1 }, "end_va": 140725129076735, "entry_point": 140725127811408, "filename": "\\Windows\\System32\\rpcrt4.dll", "id": "region_6813", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\system32\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 140725127806976, "timestamp": "00:01:35.802", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1929216, "start_va": 140725131149312, "type": "region", "version": 1 }, "end_va": 140725133078527, "entry_point": 140725131157344, "filename": "\\Windows\\System32\\combase.dll", "id": "region_6814", "name": "combase.dll", "norm_filename": "c:\\windows\\system32\\combase.dll", "region_type": "memory_mapped_file", "start_va": 140725131149312, "timestamp": "00:01:35.806", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 684032, "start_va": 140725098577920, "type": "region", "version": 1 }, "end_va": 140725099261951, "entry_point": 140725098588204, "filename": "\\Windows\\System32\\msvcrt.dll", "id": "region_6815", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\system32\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 140725098577920, "timestamp": "00:01:35.807", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 196608, "start_va": 427446894592, "type": "region", "version": 1 }, "end_va": 427447091199, "entry_point": 0, "filename": null, "id": "region_6816", "name": "private_0x0000006385d20000", "norm_filename": null, "region_type": "private_memory", "start_va": 427446894592, "timestamp": "00:01:35.808", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 427447222272, "type": "region", "version": 1 }, "end_va": 427448270847, "entry_point": 0, "filename": null, "id": "region_6817", "name": "private_0x0000006385d70000", "norm_filename": null, "region_type": "private_memory", "start_va": 427447222272, "timestamp": "00:01:35.808", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 28672, "start_va": 427446042624, "type": "region", "version": 1 }, "end_va": 427446071295, "entry_point": 0, "filename": null, "id": "region_6818", "name": "private_0x0000006385c50000", "norm_filename": null, "region_type": "private_memory", "start_va": 427446042624, "timestamp": "00:01:35.809", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 761856, "start_va": 427448795136, "type": "region", "version": 1 }, "end_va": 427449556991, "entry_point": 427448977256, "filename": "\\Windows\\System32\\rpcss.dll", "id": "region_6819", "name": "rpcss.dll", "norm_filename": "c:\\windows\\system32\\rpcss.dll", "region_type": "memory_mapped_file", "start_va": 427448795136, "timestamp": "00:01:35.811", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 140725068431360, "type": "region", "version": 1 }, "end_va": 140725068472319, "entry_point": 140725068437320, "filename": "\\Windows\\System32\\kernel.appcore.dll", "id": "region_6820", "name": "kernel.appcore.dll", "norm_filename": "c:\\windows\\system32\\kernel.appcore.dll", "region_type": "memory_mapped_file", "start_va": 140725068431360, "timestamp": "00:01:35.812", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 140725085208576, "type": "region", "version": 1 }, "end_va": 140725085249535, "entry_point": 140725085212688, "filename": "\\Windows\\System32\\cryptbase.dll", "id": "region_6821", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\system32\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 140725085208576, "timestamp": "00:01:35.814", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 28672, "start_va": 427446894592, "type": "region", "version": 1 }, "end_va": 427446923263, "entry_point": 0, "filename": null, "id": "region_6822", "name": "private_0x0000006385d20000", "norm_filename": null, "region_type": "private_memory", "start_va": 427446894592, "timestamp": "00:01:35.815", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 427447025664, "type": "region", "version": 1 }, "end_va": 427447091199, "entry_point": 0, "filename": null, "id": "region_6823", "name": "private_0x0000006385d40000", "norm_filename": null, "region_type": "private_memory", "start_va": 427447025664, "timestamp": "00:01:35.815", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 385024, "start_va": 140725084815360, "type": "region", "version": 1 }, "end_va": 140725085200383, "entry_point": 140725084944032, "filename": "\\Windows\\System32\\bcryptprimitives.dll", "id": "region_6824", "name": "bcryptprimitives.dll", "norm_filename": "c:\\windows\\system32\\bcryptprimitives.dll", "region_type": "memory_mapped_file", "start_va": 140725084815360, "timestamp": "00:01:35.815", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1511424, "start_va": 140725093466112, "type": "region", "version": 1 }, "end_va": 140725094977535, "entry_point": 140725093620416, "filename": "\\Windows\\System32\\user32.dll", "id": "region_6825", "name": "user32.dll", "norm_filename": "c:\\windows\\system32\\user32.dll", "region_type": "memory_mapped_file", "start_va": 140725093466112, "timestamp": "00:01:35.817", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1331200, "start_va": 140725129773056, "type": "region", "version": 1 }, "end_va": 140725131104255, "entry_point": 140725129845848, "filename": "\\Windows\\System32\\gdi32.dll", "id": "region_6826", "name": "gdi32.dll", "norm_filename": "c:\\windows\\system32\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 140725129773056, "timestamp": "00:01:35.818", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 427448795136, "type": "region", "version": 1 }, "end_va": 427450400767, "entry_point": 0, "filename": null, "id": "region_6827", "name": "pagefile_0x0000006385ef0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 427448795136, "timestamp": "00:01:35.822", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 427450433536, "type": "region", "version": 1 }, "end_va": 427452010495, "entry_point": 0, "filename": null, "id": "region_6828", "name": "pagefile_0x0000006386080000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 427450433536, "timestamp": "00:01:35.822", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 786432, "start_va": 427452071936, "type": "region", "version": 1 }, "end_va": 427452858367, "entry_point": 0, "filename": null, "id": "region_6829", "name": "pagefile_0x0000006386210000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 427452071936, "timestamp": "00:01:35.822", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 12288, "start_va": 427446960128, "type": "region", "version": 1 }, "end_va": 427446972415, "entry_point": 0, "filename": null, "id": "region_6830", "name": "pagefile_0x0000006385d30000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 427446960128, "timestamp": "00:01:35.824", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 427447091200, "type": "region", "version": 1 }, "end_va": 427447095295, "entry_point": 0, "filename": null, "id": "region_6831", "name": "pagefile_0x0000006385d50000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 427447091200, "timestamp": "00:01:35.824", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 427447156736, "type": "region", "version": 1 }, "end_va": 427447160831, "entry_point": 0, "filename": null, "id": "region_6832", "name": "private_0x0000006385d60000", "norm_filename": null, "region_type": "private_memory", "start_va": 427447156736, "timestamp": "00:01:35.824", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4169728, "start_va": 427452858368, "type": "region", "version": 1 }, "end_va": 427457028095, "entry_point": 0, "filename": null, "id": "region_6833", "name": "pagefile_0x00000063862d0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 427452858368, "timestamp": "00:01:35.824", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 427457052672, "type": "region", "version": 1 }, "end_va": 427457056767, "entry_point": 0, "filename": null, "id": "region_6834", "name": "private_0x00000063866d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 427457052672, "timestamp": "00:01:35.824", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 427457118208, "type": "region", "version": 1 }, "end_va": 427457642495, "entry_point": 0, "filename": null, "id": "region_6850", "name": "private_0x00000063866e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 427457118208, "timestamp": "00:01:35.976", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 427457642496, "type": "region", "version": 1 }, "end_va": 427458166783, "entry_point": 0, "filename": null, "id": "region_6851", "name": "private_0x0000006386760000", "norm_filename": null, "region_type": "private_memory", "start_va": 427457642496, "timestamp": "00:01:35.976", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140694935601152, "type": "region", "version": 1 }, "end_va": 140694935609343, "entry_point": 0, "filename": null, "id": "region_6852", "name": "private_0x00007ff617a88000", "norm_filename": null, "region_type": "private_memory", "start_va": 140694935601152, "timestamp": "00:01:35.976", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140694935609344, "type": "region", "version": 1 }, "end_va": 140694935617535, "entry_point": 0, "filename": null, "id": "region_6853", "name": "private_0x00007ff617a8a000", "norm_filename": null, "region_type": "private_memory", "start_va": 140694935609344, "timestamp": "00:01:35.976", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2969600, "start_va": 427458166784, "type": "region", "version": 1 }, "end_va": 427461136383, "entry_point": 427458166784, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_6854", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 427458166784, "timestamp": "00:01:35.976", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 258048, "start_va": 140724923924480, "type": "region", "version": 1 }, "end_va": 140724924182527, "entry_point": 140724923924480, "filename": "\\Windows\\System32\\TimeBrokerServer.dll", "id": "region_6855", "name": "timebrokerserver.dll", "norm_filename": "c:\\windows\\system32\\timebrokerserver.dll", "region_type": "memory_mapped_file", "start_va": 140724923924480, "timestamp": "00:01:35.978", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 282624, "start_va": 140725086126080, "type": "region", "version": 1 }, "end_va": 140725086408703, "entry_point": 140725086130832, "filename": "\\Windows\\System32\\powrprof.dll", "id": "region_6856", "name": "powrprof.dll", "norm_filename": "c:\\windows\\system32\\powrprof.dll", "region_type": "memory_mapped_file", "start_va": 140725086126080, "timestamp": "00:01:35.989", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 45056, "start_va": 140725038874624, "type": "region", "version": 1 }, "end_va": 140725038919679, "entry_point": 140725038890336, "filename": "\\Windows\\System32\\bi.dll", "id": "region_6857", "name": "bi.dll", "norm_filename": "c:\\windows\\system32\\bi.dll", "region_type": "memory_mapped_file", "start_va": 140725038874624, "timestamp": "00:01:35.990", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 427461181440, "type": "region", "version": 1 }, "end_va": 427461705727, "entry_point": 0, "filename": null, "id": "region_6871", "name": "private_0x0000006386ac0000", "norm_filename": null, "region_type": "private_memory", "start_va": 427461181440, "timestamp": "00:01:36.040", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140694935592960, "type": "region", "version": 1 }, "end_va": 140694935601151, "entry_point": 0, "filename": null, "id": "region_6872", "name": "private_0x00007ff617a86000", "norm_filename": null, "region_type": "private_memory", "start_va": 140694935592960, "timestamp": "00:01:36.040", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 427461705728, "type": "region", "version": 1 }, "end_va": 427461709823, "entry_point": 0, "filename": null, "id": "region_6873", "name": "pagefile_0x0000006386b40000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 427461705728, "timestamp": "00:01:36.043", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 671744, "start_va": 140725095825408, "type": "region", "version": 1 }, "end_va": 140725096497151, "entry_point": 140725095829872, "filename": "\\Windows\\System32\\clbcatq.dll", "id": "region_6874", "name": "clbcatq.dll", "norm_filename": "c:\\windows\\system32\\clbcatq.dll", "region_type": "memory_mapped_file", "start_va": 140725095825408, "timestamp": "00:01:36.044", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 427461771264, "type": "region", "version": 1 }, "end_va": 427461775359, "entry_point": 0, "filename": null, "id": "region_6875", "name": "pagefile_0x0000006386b50000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 427461771264, "timestamp": "00:01:36.048", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 749568, "start_va": 140724997980160, "type": "region", "version": 1 }, "end_va": 140724998729727, "entry_point": 140724997984424, "filename": "\\Windows\\System32\\twinapi.dll", "id": "region_6876", "name": "twinapi.dll", "norm_filename": "c:\\windows\\system32\\twinapi.dll", "region_type": "memory_mapped_file", "start_va": 140724997980160, "timestamp": "00:01:36.049", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 659456, "start_va": 140725060108288, "type": "region", "version": 1 }, "end_va": 140725060767743, "entry_point": 140725060112544, "filename": "\\Windows\\System32\\SHCore.dll", "id": "region_6877", "name": "shcore.dll", "norm_filename": "c:\\windows\\system32\\shcore.dll", "region_type": "memory_mapped_file", "start_va": 140725060108288, "timestamp": "00:01:36.051", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 258048, "start_va": 140724908457984, "type": "region", "version": 1 }, "end_va": 140724908716031, "entry_point": 140724908457984, "filename": "\\Windows\\System32\\ssdpsrv.dll", "id": "region_7330", "name": "ssdpsrv.dll", "norm_filename": "c:\\windows\\system32\\ssdpsrv.dll", "region_type": "memory_mapped_file", "start_va": 140724908457984, "timestamp": "00:01:39.921", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 360448, "start_va": 140725127020544, "type": "region", "version": 1 }, "end_va": 140725127380991, "entry_point": 140725127024796, "filename": "\\Windows\\System32\\ws2_32.dll", "id": "region_7385", "name": "ws2_32.dll", "norm_filename": "c:\\windows\\system32\\ws2_32.dll", "region_type": "memory_mapped_file", "start_va": 140725127020544, "timestamp": "00:01:40.090", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 36864, "start_va": 140725103886336, "type": "region", "version": 1 }, "end_va": 140725103923199, "entry_point": 140725103891456, "filename": "\\Windows\\System32\\nsi.dll", "id": "region_7386", "name": "nsi.dll", "norm_filename": "c:\\windows\\system32\\nsi.dll", "region_type": "memory_mapped_file", "start_va": 140725103886336, "timestamp": "00:01:40.091", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 745472, "start_va": 140725068824576, "type": "region", "version": 1 }, "end_va": 140725069570047, "entry_point": 140725068901472, "filename": "\\Windows\\System32\\FirewallAPI.dll", "id": "region_7387", "name": "firewallapi.dll", "norm_filename": "c:\\windows\\system32\\firewallapi.dll", "region_type": "memory_mapped_file", "start_va": 140725068824576, "timestamp": "00:01:40.092", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 427461836800, "type": "region", "version": 1 }, "end_va": 427462361087, "entry_point": 0, "filename": null, "id": "region_7406", "name": "private_0x0000006386b60000", "norm_filename": null, "region_type": "private_memory", "start_va": 427461836800, "timestamp": "00:01:40.381", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140694935584768, "type": "region", "version": 1 }, "end_va": 140694935592959, "entry_point": 0, "filename": null, "id": "region_7407", "name": "private_0x00007ff617a84000", "norm_filename": null, "region_type": "private_memory", "start_va": 140694935584768, "timestamp": "00:01:40.381", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 427462361088, "type": "region", "version": 1 }, "end_va": 427463409663, "entry_point": 0, "filename": null, "id": "region_7408", "name": "private_0x0000006386be0000", "norm_filename": null, "region_type": "private_memory", "start_va": 427462361088, "timestamp": "00:01:40.381", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 167936, "start_va": 140725016985600, "type": "region", "version": 1 }, "end_va": 140725017153535, "entry_point": 140725017016680, "filename": "\\Windows\\System32\\IPHLPAPI.DLL", "id": "region_7409", "name": "iphlpapi.dll", "norm_filename": "c:\\windows\\system32\\iphlpapi.dll", "region_type": "memory_mapped_file", "start_va": 140725016985600, "timestamp": "00:01:40.382", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 140725016920064, "type": "region", "version": 1 }, "end_va": 140725016961023, "entry_point": 140725016924356, "filename": "\\Windows\\System32\\winnsi.dll", "id": "region_7410", "name": "winnsi.dll", "norm_filename": "c:\\windows\\system32\\winnsi.dll", "region_type": "memory_mapped_file", "start_va": 140725016920064, "timestamp": "00:01:40.383", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 81920, "start_va": 140725007810560, "type": "region", "version": 1 }, "end_va": 140725007892479, "entry_point": 140725007816576, "filename": "\\Windows\\System32\\dhcpcsvc6.dll", "id": "region_7411", "name": "dhcpcsvc6.dll", "norm_filename": "c:\\windows\\system32\\dhcpcsvc6.dll", "region_type": "memory_mapped_file", "start_va": 140725007810560, "timestamp": "00:01:40.386", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 140725007679488, "type": "region", "version": 1 }, "end_va": 140725007781887, "entry_point": 140725007687116, "filename": "\\Windows\\System32\\dhcpcsvc.dll", "id": "region_7413", "name": "dhcpcsvc.dll", "norm_filename": "c:\\windows\\system32\\dhcpcsvc.dll", "region_type": "memory_mapped_file", "start_va": 140725007679488, "timestamp": "00:01:40.423", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 122880, "start_va": 140725079769088, "type": "region", "version": 1 }, "end_va": 140725079891967, "entry_point": 140725079773640, "filename": "\\Windows\\System32\\cryptsp.dll", "id": "region_7416", "name": "cryptsp.dll", "norm_filename": "c:\\windows\\system32\\cryptsp.dll", "region_type": "memory_mapped_file", "start_va": 140725079769088, "timestamp": "00:01:40.472", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 217088, "start_va": 140725075443712, "type": "region", "version": 1 }, "end_va": 140725075660799, "entry_point": 140725075448792, "filename": "\\Windows\\System32\\rsaenh.dll", "id": "region_7417", "name": "rsaenh.dll", "norm_filename": "c:\\windows\\system32\\rsaenh.dll", "region_type": "memory_mapped_file", "start_va": 140725075443712, "timestamp": "00:01:40.474", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 155648, "start_va": 140725082062848, "type": "region", "version": 1 }, "end_va": 140725082218495, "entry_point": 140725082086248, "filename": "\\Windows\\System32\\bcrypt.dll", "id": "region_7418", "name": "bcrypt.dll", "norm_filename": "c:\\windows\\system32\\bcrypt.dll", "region_type": "memory_mapped_file", "start_va": 140725082062848, "timestamp": "00:01:40.485", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 360448, "start_va": 140725079375872, "type": "region", "version": 1 }, "end_va": 140725079736319, "entry_point": 140725079379984, "filename": "\\Windows\\System32\\mswsock.dll", "id": "region_7419", "name": "mswsock.dll", "norm_filename": "c:\\windows\\system32\\mswsock.dll", "region_type": "memory_mapped_file", "start_va": 140725079375872, "timestamp": "00:01:40.488", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 427463409664, "type": "region", "version": 1 }, "end_va": 427463933951, "entry_point": 0, "filename": null, "id": "region_7433", "name": "private_0x0000006386ce0000", "norm_filename": null, "region_type": "private_memory", "start_va": 427463409664, "timestamp": "00:01:40.525", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140694934380544, "type": "region", "version": 1 }, "end_va": 140694934388735, "entry_point": 0, "filename": null, "id": "region_7434", "name": "private_0x00007ff61795e000", "norm_filename": null, "region_type": "private_memory", "start_va": 140694934380544, "timestamp": "00:01:40.525", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 176128, "start_va": 140725084618752, "type": "region", "version": 1 }, "end_va": 140725084794879, "entry_point": 140725084624016, "filename": "\\Windows\\System32\\sspicli.dll", "id": "region_7435", "name": "sspicli.dll", "norm_filename": "c:\\windows\\system32\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 140725084618752, "timestamp": "00:01:40.525", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 427463933952, "type": "region", "version": 1 }, "end_va": 427463938047, "entry_point": 0, "filename": null, "id": "region_7436", "name": "private_0x0000006386d60000", "norm_filename": null, "region_type": "private_memory", "start_va": 427463933952, "timestamp": "00:01:40.528", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 427463933952, "type": "region", "version": 1 }, "end_va": 427464458239, "entry_point": 0, "filename": null, "id": "region_7446", "name": "private_0x0000006386d60000", "norm_filename": null, "region_type": "private_memory", "start_va": 427463933952, "timestamp": "00:01:40.533", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140694934372352, "type": "region", "version": 1 }, "end_va": 140694934380543, "entry_point": 0, "filename": null, "id": "region_7447", "name": "private_0x00007ff61795c000", "norm_filename": null, "region_type": "private_memory", "start_va": 140694934372352, "timestamp": "00:01:40.533", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 427464458240, "type": "region", "version": 1 }, "end_va": 427464982527, "entry_point": 0, "filename": null, "id": "region_7556", "name": "private_0x0000006386de0000", "norm_filename": null, "region_type": "private_memory", "start_va": 427464458240, "timestamp": "00:01:41.025", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140694934364160, "type": "region", "version": 1 }, "end_va": 140694934372351, "entry_point": 0, "filename": null, "id": "region_7557", "name": "private_0x00007ff61795a000", "norm_filename": null, "region_type": "private_memory", "start_va": 140694934364160, "timestamp": "00:01:41.025", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 427464982528, "type": "region", "version": 1 }, "end_va": 427465506815, "entry_point": 0, "filename": null, "id": "region_7573", "name": "private_0x0000006386e60000", "norm_filename": null, "region_type": "private_memory", "start_va": 427464982528, "timestamp": "00:01:41.121", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140694934355968, "type": "region", "version": 1 }, "end_va": 140694934364159, "entry_point": 0, "filename": null, "id": "region_7574", "name": "private_0x00007ff617958000", "norm_filename": null, "region_type": "private_memory", "start_va": 140694934355968, "timestamp": "00:01:41.121", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 427465506816, "type": "region", "version": 1 }, "end_va": 427466031103, "entry_point": 0, "filename": null, "id": "region_7575", "name": "private_0x0000006386ee0000", "norm_filename": null, "region_type": "private_memory", "start_va": 427465506816, "timestamp": "00:01:41.122", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140694934347776, "type": "region", "version": 1 }, "end_va": 140694934355967, "entry_point": 0, "filename": null, "id": "region_7576", "name": "private_0x00007ff617956000", "norm_filename": null, "region_type": "private_memory", "start_va": 140694934347776, "timestamp": "00:01:41.122", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 427466031104, "type": "region", "version": 1 }, "end_va": 427466555391, "entry_point": 0, "filename": null, "id": "region_7588", "name": "private_0x0000006386f60000", "norm_filename": null, "region_type": "private_memory", "start_va": 427466031104, "timestamp": "00:01:41.337", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140694934339584, "type": "region", "version": 1 }, "end_va": 140694934347775, "entry_point": 0, "filename": null, "id": "region_7589", "name": "private_0x00007ff617954000", "norm_filename": null, "region_type": "private_memory", "start_va": 140694934339584, "timestamp": "00:01:41.337", "type": "region", "version": 1 } ], "terminate_reason": "timeout", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "taskhost.exe ", "filename": "c:\\windows\\system32\\taskhost.exe", "id": "proc_66", "image_name": "taskhost.exe", "monitor_reason": "child_process", "monitored_id": 66, "origin_monitor_id": 46, "ref_parent_process": { "ref_id": "proc_46", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable" ], "ref_process_dump": null, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_7011", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:01:37.231", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 131072, "start_va": 844250349568, "type": "region", "version": 1 }, "end_va": 844250480639, "entry_point": 0, "filename": null, "id": "region_7012", "name": "private_0x000000c4913e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 844250349568, "timestamp": "00:01:37.231", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 61440, "start_va": 844250480640, "type": "region", "version": 1 }, "end_va": 844250542079, "entry_point": 0, "filename": null, "id": "region_7013", "name": "pagefile_0x000000c491400000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 844250480640, "timestamp": "00:01:37.231", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 844250546176, "type": "region", "version": 1 }, "end_va": 844251070463, "entry_point": 0, "filename": null, "id": "region_7014", "name": "private_0x000000c491410000", "norm_filename": null, "region_type": "private_memory", "start_va": 844250546176, "timestamp": "00:01:37.231", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 844251070464, "type": "region", "version": 1 }, "end_va": 844251086847, "entry_point": 0, "filename": null, "id": "region_7015", "name": "pagefile_0x000000c491490000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 844251070464, "timestamp": "00:01:37.231", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 140702924668928, "type": "region", "version": 1 }, "end_va": 140702924812287, "entry_point": 0, "filename": null, "id": "region_7016", "name": "pagefile_0x00007ff7f3d80000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 140702924668928, "timestamp": "00:01:37.231", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 140702924849152, "type": "region", "version": 1 }, "end_va": 140702924853247, "entry_point": 0, "filename": null, "id": "region_7017", "name": "private_0x00007ff7f3dac000", "norm_filename": null, "region_type": "private_memory", "start_va": 140702924849152, "timestamp": "00:01:37.231", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140702924857344, "type": "region", "version": 1 }, "end_va": 140702924865535, "entry_point": 0, "filename": null, "id": "region_7018", "name": "private_0x00007ff7f3dae000", "norm_filename": null, "region_type": "private_memory", "start_va": 140702924857344, "timestamp": "00:01:37.231", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 90112, "start_va": 140702937907200, "type": "region", "version": 1 }, "end_va": 140702937997311, "entry_point": 140702937919644, "filename": "\\Windows\\System32\\taskhost.exe", "id": "region_7019", "name": "taskhost.exe", "norm_filename": "c:\\windows\\system32\\taskhost.exe", "region_type": "memory_mapped_file", "start_va": 140702937907200, "timestamp": "00:01:37.231", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 140725133115392, "type": "region", "version": 1 }, "end_va": 140725134856191, "entry_point": 140725133115392, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_7020", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 140725133115392, "timestamp": "00:01:37.232", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 844251136000, "type": "region", "version": 1 }, "end_va": 844251140095, "entry_point": 0, "filename": null, "id": "region_7021", "name": "pagefile_0x000000c4914a0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 844251136000, "timestamp": "00:01:37.233", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 844251201536, "type": "region", "version": 1 }, "end_va": 844251209727, "entry_point": 0, "filename": null, "id": "region_7022", "name": "private_0x000000c4914b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 844251201536, "timestamp": "00:01:37.233", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 844253233152, "type": "region", "version": 1 }, "end_va": 844254281727, "entry_point": 0, "filename": null, "id": "region_7040", "name": "private_0x000000c4916a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 844253233152, "timestamp": "00:01:37.718", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1105920, "start_va": 140725090648064, "type": "region", "version": 1 }, "end_va": 140725091753983, "entry_point": 140725090656928, "filename": "\\Windows\\System32\\KernelBase.dll", "id": "region_7041", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\system32\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 140725090648064, "timestamp": "00:01:37.718", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1282048, "start_va": 140725124988928, "type": "region", "version": 1 }, "end_va": 140725126270975, "entry_point": 140725125009460, "filename": "\\Windows\\System32\\kernel32.dll", "id": "region_7042", "name": "kernel32.dll", "norm_filename": "c:\\windows\\system32\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 140725124988928, "timestamp": "00:01:37.719", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 844250349568, "type": "region", "version": 1 }, "end_va": 844250415103, "entry_point": 0, "filename": null, "id": "region_7046", "name": "pagefile_0x000000c4913e0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 844250349568, "timestamp": "00:01:37.747", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 140702923620352, "type": "region", "version": 1 }, "end_va": 140702924668927, "entry_point": 0, "filename": null, "id": "region_7047", "name": "pagefile_0x00007ff7f3c80000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 140702923620352, "timestamp": "00:01:37.747", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 516096, "start_va": 844251267072, "type": "region", "version": 1 }, "end_va": 844251783167, "entry_point": 844251267072, "filename": "\\Windows\\System32\\locale.nls", "id": "region_7048", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 844251267072, "timestamp": "00:01:37.750", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 684032, "start_va": 140725098577920, "type": "region", "version": 1 }, "end_va": 140725099261951, "entry_point": 140725098588204, "filename": "\\Windows\\System32\\msvcrt.dll", "id": "region_7049", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\system32\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 140725098577920, "timestamp": "00:01:37.750", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1269760, "start_va": 140725127806976, "type": "region", "version": 1 }, "end_va": 140725129076735, "entry_point": 140725127811408, "filename": "\\Windows\\System32\\rpcrt4.dll", "id": "region_7056", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\system32\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 140725127806976, "timestamp": "00:01:37.807", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1929216, "start_va": 140725131149312, "type": "region", "version": 1 }, "end_va": 140725133078527, "entry_point": 140725131157344, "filename": "\\Windows\\System32\\combase.dll", "id": "region_7057", "name": "combase.dll", "norm_filename": "c:\\windows\\system32\\combase.dll", "region_type": "memory_mapped_file", "start_va": 140725131149312, "timestamp": "00:01:37.809", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 749568, "start_va": 140725101002752, "type": "region", "version": 1 }, "end_va": 140725101752319, "entry_point": 140725101007136, "filename": "\\Windows\\System32\\oleaut32.dll", "id": "region_7058", "name": "oleaut32.dll", "norm_filename": "c:\\windows\\system32\\oleaut32.dll", "region_type": "memory_mapped_file", "start_va": 140725101002752, "timestamp": "00:01:37.810", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1572864, "start_va": 844254281728, "type": "region", "version": 1 }, "end_va": 844255854591, "entry_point": 0, "filename": null, "id": "region_7059", "name": "private_0x000000c4917a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 844254281728, "timestamp": "00:01:37.813", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 28672, "start_va": 844250415104, "type": "region", "version": 1 }, "end_va": 844250443775, "entry_point": 0, "filename": null, "id": "region_7060", "name": "private_0x000000c4913f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 844250415104, "timestamp": "00:01:37.814", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1536000, "start_va": 844255854592, "type": "region", "version": 1 }, "end_va": 844257390591, "entry_point": 844255858868, "filename": "\\Windows\\System32\\ole32.dll", "id": "region_7061", "name": "ole32.dll", "norm_filename": "c:\\windows\\system32\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 844255854592, "timestamp": "00:01:37.816", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 761856, "start_va": 844251791360, "type": "region", "version": 1 }, "end_va": 844252553215, "entry_point": 844251973480, "filename": "\\Windows\\System32\\rpcss.dll", "id": "region_7062", "name": "rpcss.dll", "norm_filename": "c:\\windows\\system32\\rpcss.dll", "region_type": "memory_mapped_file", "start_va": 844251791360, "timestamp": "00:01:37.818", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 140725068431360, "type": "region", "version": 1 }, "end_va": 140725068472319, "entry_point": 140725068437320, "filename": "\\Windows\\System32\\kernel.appcore.dll", "id": "region_7063", "name": "kernel.appcore.dll", "norm_filename": "c:\\windows\\system32\\kernel.appcore.dll", "region_type": "memory_mapped_file", "start_va": 140725068431360, "timestamp": "00:01:37.823", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 140725085208576, "type": "region", "version": 1 }, "end_va": 140725085249535, "entry_point": 140725085212688, "filename": "\\Windows\\System32\\cryptbase.dll", "id": "region_7064", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\system32\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 140725085208576, "timestamp": "00:01:37.825", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 385024, "start_va": 140725084815360, "type": "region", "version": 1 }, "end_va": 140725085200383, "entry_point": 140725084944032, "filename": "\\Windows\\System32\\bcryptprimitives.dll", "id": "region_7065", "name": "bcryptprimitives.dll", "norm_filename": "c:\\windows\\system32\\bcryptprimitives.dll", "region_type": "memory_mapped_file", "start_va": 140725084815360, "timestamp": "00:01:37.826", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 28672, "start_va": 844251791360, "type": "region", "version": 1 }, "end_va": 844251820031, "entry_point": 0, "filename": null, "id": "region_7066", "name": "private_0x000000c491540000", "norm_filename": null, "region_type": "private_memory", "start_va": 844251791360, "timestamp": "00:01:37.827", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 356352, "start_va": 140725098184704, "type": "region", "version": 1 }, "end_va": 140725098541055, "entry_point": 140725098194176, "filename": "\\Windows\\System32\\sechost.dll", "id": "region_7150", "name": "sechost.dll", "norm_filename": "c:\\windows\\system32\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 140725098184704, "timestamp": "00:01:38.132", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 844251856896, "type": "region", "version": 1 }, "end_va": 844252381183, "entry_point": 0, "filename": null, "id": "region_7154", "name": "private_0x000000c491550000", "norm_filename": null, "region_type": "private_memory", "start_va": 844251856896, "timestamp": "00:01:38.157", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140702924840960, "type": "region", "version": 1 }, "end_va": 140702924849151, "entry_point": 0, "filename": null, "id": "region_7155", "name": "private_0x00007ff7f3daa000", "norm_filename": null, "region_type": "private_memory", "start_va": 140702924840960, "timestamp": "00:01:38.157", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1511424, "start_va": 140725093466112, "type": "region", "version": 1 }, "end_va": 140725094977535, "entry_point": 140725093620416, "filename": "\\Windows\\System32\\user32.dll", "id": "region_7156", "name": "user32.dll", "norm_filename": "c:\\windows\\system32\\user32.dll", "region_type": "memory_mapped_file", "start_va": 140725093466112, "timestamp": "00:01:38.158", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1331200, "start_va": 140725129773056, "type": "region", "version": 1 }, "end_va": 140725131104255, "entry_point": 140725129845848, "filename": "\\Windows\\System32\\gdi32.dll", "id": "region_7157", "name": "gdi32.dll", "norm_filename": "c:\\windows\\system32\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 140725129773056, "timestamp": "00:01:38.159", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 212992, "start_va": 844252381184, "type": "region", "version": 1 }, "end_va": 844252594175, "entry_point": 844252385328, "filename": "\\Windows\\System32\\imm32.dll", "id": "region_7158", "name": "imm32.dll", "norm_filename": "c:\\windows\\system32\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 844252381184, "timestamp": "00:01:38.162", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 844255854592, "type": "region", "version": 1 }, "end_va": 844257460223, "entry_point": 0, "filename": null, "id": "region_7159", "name": "pagefile_0x000000c491920000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 844255854592, "timestamp": "00:01:38.162", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 212992, "start_va": 140725095563264, "type": "region", "version": 1 }, "end_va": 140725095776255, "entry_point": 140725095567408, "filename": "\\Windows\\System32\\imm32.dll", "id": "region_7160", "name": "imm32.dll", "norm_filename": "c:\\windows\\system32\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 140725095563264, "timestamp": "00:01:38.163", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1277952, "start_va": 140725091762176, "type": "region", "version": 1 }, "end_va": 140725093040127, "entry_point": 140725091766288, "filename": "\\Windows\\System32\\msctf.dll", "id": "region_7161", "name": "msctf.dll", "norm_filename": "c:\\windows\\system32\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 140725091762176, "timestamp": "00:01:38.164", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 844257492992, "type": "region", "version": 1 }, "end_va": 844259069951, "entry_point": 0, "filename": null, "id": "region_7162", "name": "pagefile_0x000000c491ab0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 844257492992, "timestamp": "00:01:38.166", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20971520, "start_va": 844259131392, "type": "region", "version": 1 }, "end_va": 844280102911, "entry_point": 0, "filename": null, "id": "region_7163", "name": "pagefile_0x000000c491c40000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 844259131392, "timestamp": "00:01:38.166", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 12288, "start_va": 844252381184, "type": "region", "version": 1 }, "end_va": 844252393471, "entry_point": 0, "filename": null, "id": "region_7164", "name": "pagefile_0x000000c4915d0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 844252381184, "timestamp": "00:01:38.168", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 844252446720, "type": "region", "version": 1 }, "end_va": 844252450815, "entry_point": 0, "filename": null, "id": "region_7165", "name": "pagefile_0x000000c4915e0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 844252446720, "timestamp": "00:01:38.168", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 844252512256, "type": "region", "version": 1 }, "end_va": 844252516351, "entry_point": 844252512256, "filename": "\\Windows\\System32\\en-US\\taskhost.exe.mui", "id": "region_7166", "name": "taskhost.exe.mui", "norm_filename": "c:\\windows\\system32\\en-us\\taskhost.exe.mui", "region_type": "memory_mapped_file", "start_va": 844252512256, "timestamp": "00:01:38.168", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 844252577792, "type": "region", "version": 1 }, "end_va": 844252581887, "entry_point": 0, "filename": null, "id": "region_7167", "name": "private_0x000000c491600000", "norm_filename": null, "region_type": "private_memory", "start_va": 844252577792, "timestamp": "00:01:38.172", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 844252643328, "type": "region", "version": 1 }, "end_va": 844252647423, "entry_point": 0, "filename": null, "id": "region_7168", "name": "private_0x000000c491610000", "norm_filename": null, "region_type": "private_memory", "start_va": 844252643328, "timestamp": "00:01:38.172", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1187840, "start_va": 140725066858496, "type": "region", "version": 1 }, "end_va": 140725068046335, "entry_point": 140725066904644, "filename": "\\Windows\\System32\\uxtheme.dll", "id": "region_7169", "name": "uxtheme.dll", "norm_filename": "c:\\windows\\system32\\uxtheme.dll", "region_type": "memory_mapped_file", "start_va": 140725066858496, "timestamp": "00:01:38.172", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 2031616, "start_va": 844280102912, "type": "region", "version": 1 }, "end_va": 844282134527, "entry_point": 0, "filename": null, "id": "region_7170", "name": "private_0x000000c493040000", "norm_filename": null, "region_type": "private_memory", "start_va": 844280102912, "timestamp": "00:01:38.173", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 844252708864, "type": "region", "version": 1 }, "end_va": 844252712959, "entry_point": 0, "filename": null, "id": "region_7172", "name": "pagefile_0x000000c491620000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 844252708864, "timestamp": "00:01:38.179", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 983040, "start_va": 844254281728, "type": "region", "version": 1 }, "end_va": 844255264767, "entry_point": 0, "filename": null, "id": "region_7173", "name": "pagefile_0x000000c4917a0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 844254281728, "timestamp": "00:01:38.179", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 844255789056, "type": "region", "version": 1 }, "end_va": 844255854591, "entry_point": 0, "filename": null, "id": "region_7174", "name": "private_0x000000c491910000", "norm_filename": null, "region_type": "private_memory", "start_va": 844255789056, "timestamp": "00:01:38.179", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 844252708864, "type": "region", "version": 1 }, "end_va": 844252725247, "entry_point": 0, "filename": null, "id": "region_7175", "name": "pagefile_0x000000c491620000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 844252708864, "timestamp": "00:01:38.179", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 28672, "start_va": 844252774400, "type": "region", "version": 1 }, "end_va": 844252803071, "entry_point": 0, "filename": null, "id": "region_7176", "name": "private_0x000000c491630000", "norm_filename": null, "region_type": "private_memory", "start_va": 844252774400, "timestamp": "00:01:38.180", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 135168, "start_va": 140725058142208, "type": "region", "version": 1 }, "end_va": 140725058277375, "entry_point": 140725058146560, "filename": "\\Windows\\System32\\dwmapi.dll", "id": "region_7177", "name": "dwmapi.dll", "norm_filename": "c:\\windows\\system32\\dwmapi.dll", "region_type": "memory_mapped_file", "start_va": 140725058142208, "timestamp": "00:01:38.184", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 844255264768, "type": "region", "version": 1 }, "end_va": 844255789055, "entry_point": 0, "filename": null, "id": "region_7178", "name": "private_0x000000c491890000", "norm_filename": null, "region_type": "private_memory", "start_va": 844255264768, "timestamp": "00:01:38.193", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 844280102912, "type": "region", "version": 1 }, "end_va": 844280627199, "entry_point": 0, "filename": null, "id": "region_7179", "name": "private_0x000000c493040000", "norm_filename": null, "region_type": "private_memory", "start_va": 844280102912, "timestamp": "00:01:38.193", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 844282068992, "type": "region", "version": 1 }, "end_va": 844282134527, "entry_point": 0, "filename": null, "id": "region_7180", "name": "private_0x000000c493220000", "norm_filename": null, "region_type": "private_memory", "start_va": 844282068992, "timestamp": "00:01:38.193", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140702924824576, "type": "region", "version": 1 }, "end_va": 140702924832767, "entry_point": 0, "filename": null, "id": "region_7181", "name": "private_0x00007ff7f3da6000", "norm_filename": null, "region_type": "private_memory", "start_va": 140702924824576, "timestamp": "00:01:38.193", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140702924832768, "type": "region", "version": 1 }, "end_va": 140702924840959, "entry_point": 0, "filename": null, "id": "region_7182", "name": "private_0x00007ff7f3da8000", "norm_filename": null, "region_type": "private_memory", "start_va": 140702924832768, "timestamp": "00:01:38.193", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 844252839936, "type": "region", "version": 1 }, "end_va": 844252844031, "entry_point": 0, "filename": null, "id": "region_7183", "name": "pagefile_0x000000c491640000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 844252839936, "timestamp": "00:01:38.193", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 671744, "start_va": 140725095825408, "type": "region", "version": 1 }, "end_va": 140725096497151, "entry_point": 140725095829872, "filename": "\\Windows\\System32\\clbcatq.dll", "id": "region_7184", "name": "clbcatq.dll", "norm_filename": "c:\\windows\\system32\\clbcatq.dll", "region_type": "memory_mapped_file", "start_va": 140725095825408, "timestamp": "00:01:38.194", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 844252905472, "type": "region", "version": 1 }, "end_va": 844252909567, "entry_point": 0, "filename": null, "id": "region_7185", "name": "pagefile_0x000000c491650000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 844252905472, "timestamp": "00:01:38.196", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 770048, "start_va": 140725008793600, "type": "region", "version": 1 }, "end_va": 140725009563647, "entry_point": 140725009003868, "filename": "\\Windows\\System32\\SettingSyncCore.dll", "id": "region_7186", "name": "settingsynccore.dll", "norm_filename": "c:\\windows\\system32\\settingsynccore.dll", "region_type": "memory_mapped_file", "start_va": 140725008793600, "timestamp": "00:01:38.197", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 12288, "start_va": 844252971008, "type": "region", "version": 1 }, "end_va": 844252983295, "entry_point": 0, "filename": null, "id": "region_7187", "name": "pagefile_0x000000c491660000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 844252971008, "timestamp": "00:01:38.201", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 659456, "start_va": 140725060108288, "type": "region", "version": 1 }, "end_va": 140725060767743, "entry_point": 140725060112544, "filename": "\\Windows\\System32\\SHCore.dll", "id": "region_7188", "name": "shcore.dll", "norm_filename": "c:\\windows\\system32\\shcore.dll", "region_type": "memory_mapped_file", "start_va": 140725060108288, "timestamp": "00:01:38.202", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 282624, "start_va": 140725086126080, "type": "region", "version": 1 }, "end_va": 140725086408703, "entry_point": 140725086130832, "filename": "\\Windows\\System32\\powrprof.dll", "id": "region_7189", "name": "powrprof.dll", "norm_filename": "c:\\windows\\system32\\powrprof.dll", "region_type": "memory_mapped_file", "start_va": 140725086126080, "timestamp": "00:01:38.203", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 176128, "start_va": 140725084618752, "type": "region", "version": 1 }, "end_va": 140725084794879, "entry_point": 140725084624016, "filename": "\\Windows\\System32\\sspicli.dll", "id": "region_7190", "name": "sspicli.dll", "norm_filename": "c:\\windows\\system32\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 140725084618752, "timestamp": "00:01:38.204", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 81920, "start_va": 140725086453760, "type": "region", "version": 1 }, "end_va": 140725086535679, "entry_point": 140725086468812, "filename": "\\Windows\\System32\\profapi.dll", "id": "region_7191", "name": "profapi.dll", "norm_filename": "c:\\windows\\system32\\profapi.dll", "region_type": "memory_mapped_file", "start_va": 140725086453760, "timestamp": "00:01:38.205", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 122880, "start_va": 140725079769088, "type": "region", "version": 1 }, "end_va": 140725079891967, "entry_point": 140725079773640, "filename": "\\Windows\\System32\\cryptsp.dll", "id": "region_7192", "name": "cryptsp.dll", "norm_filename": "c:\\windows\\system32\\cryptsp.dll", "region_type": "memory_mapped_file", "start_va": 140725079769088, "timestamp": "00:01:38.207", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 147456, "start_va": 140725019934720, "type": "region", "version": 1 }, "end_va": 140725020082175, "entry_point": 140725019938992, "filename": "\\Windows\\System32\\IDStore.dll", "id": "region_7193", "name": "idstore.dll", "norm_filename": "c:\\windows\\system32\\idstore.dll", "region_type": "memory_mapped_file", "start_va": 140725019934720, "timestamp": "00:01:38.213", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 675840, "start_va": 140725126299648, "type": "region", "version": 1 }, "end_va": 140725126975487, "entry_point": 140725126303760, "filename": "\\Windows\\System32\\advapi32.dll", "id": "region_7194", "name": "advapi32.dll", "norm_filename": "c:\\windows\\system32\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 140725126299648, "timestamp": "00:01:38.214", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 122880, "start_va": 140725021573120, "type": "region", "version": 1 }, "end_va": 140725021695999, "entry_point": 140725021581404, "filename": "\\Windows\\System32\\samlib.dll", "id": "region_7195", "name": "samlib.dll", "norm_filename": "c:\\windows\\system32\\samlib.dll", "region_type": "memory_mapped_file", "start_va": 140725021573120, "timestamp": "00:01:38.218", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "C:\\Windows\\System32\\mobsync.exe -Embedding", "filename": "c:\\windows\\system32\\mobsync.exe", "id": "proc_67", "image_name": "mobsync.exe", "monitor_reason": "child_process", "monitored_id": 67, "origin_monitor_id": 41, "ref_parent_process": { "ref_id": "proc_41", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable" ], "ref_process_dump": null, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_7420", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:01:40.502", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 131072, "start_va": 1054380261376, "type": "region", "version": 1 }, "end_va": 1054380392447, "entry_point": 0, "filename": null, "id": "region_7421", "name": "private_0x000000f57df60000", "norm_filename": null, "region_type": "private_memory", "start_va": 1054380261376, "timestamp": "00:01:40.502", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 61440, "start_va": 1054380392448, "type": "region", "version": 1 }, "end_va": 1054380453887, "entry_point": 0, "filename": null, "id": "region_7422", "name": "pagefile_0x000000f57df80000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1054380392448, "timestamp": "00:01:40.502", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 1054380457984, "type": "region", "version": 1 }, "end_va": 1054380982271, "entry_point": 0, "filename": null, "id": "region_7423", "name": "private_0x000000f57df90000", "norm_filename": null, "region_type": "private_memory", "start_va": 1054380457984, "timestamp": "00:01:40.502", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 1054380982272, "type": "region", "version": 1 }, "end_va": 1054380998655, "entry_point": 0, "filename": null, "id": "region_7424", "name": "pagefile_0x000000f57e010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1054380982272, "timestamp": "00:01:40.502", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 140695514841088, "type": "region", "version": 1 }, "end_va": 140695514984447, "entry_point": 0, "filename": null, "id": "region_7425", "name": "pagefile_0x00007ff63a2f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 140695514841088, "timestamp": "00:01:40.502", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140695515025408, "type": "region", "version": 1 }, "end_va": 140695515033599, "entry_point": 0, "filename": null, "id": "region_7426", "name": "private_0x00007ff63a31d000", "norm_filename": null, "region_type": "private_memory", "start_va": 140695515025408, "timestamp": "00:01:40.502", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 140695515033600, "type": "region", "version": 1 }, "end_va": 140695515037695, "entry_point": 0, "filename": null, "id": "region_7427", "name": "private_0x00007ff63a31f000", "norm_filename": null, "region_type": "private_memory", "start_va": 140695515033600, "timestamp": "00:01:40.502", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 106496, "start_va": 140695517659136, "type": "region", "version": 1 }, "end_va": 140695517765631, "entry_point": 140695517670508, "filename": "\\Windows\\System32\\mobsync.exe", "id": "region_7428", "name": "mobsync.exe", "norm_filename": "c:\\windows\\system32\\mobsync.exe", "region_type": "memory_mapped_file", "start_va": 140695517659136, "timestamp": "00:01:40.502", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 140725133115392, "type": "region", "version": 1 }, "end_va": 140725134856191, "entry_point": 140725133115392, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_7429", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 140725133115392, "timestamp": "00:01:40.503", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 12288, "start_va": 1054381047808, "type": "region", "version": 1 }, "end_va": 1054381060095, "entry_point": 0, "filename": null, "id": "region_7431", "name": "pagefile_0x000000f57e020000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1054381047808, "timestamp": "00:01:40.509", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 1054381113344, "type": "region", "version": 1 }, "end_va": 1054381121535, "entry_point": 0, "filename": null, "id": "region_7432", "name": "private_0x000000f57e030000", "norm_filename": null, "region_type": "private_memory", "start_va": 1054381113344, "timestamp": "00:01:40.509", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 1054383144960, "type": "region", "version": 1 }, "end_va": 1054384193535, "entry_point": 0, "filename": null, "id": "region_7448", "name": "private_0x000000f57e220000", "norm_filename": null, "region_type": "private_memory", "start_va": 1054383144960, "timestamp": "00:01:40.643", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1105920, "start_va": 140725090648064, "type": "region", "version": 1 }, "end_va": 140725091753983, "entry_point": 140725090656928, "filename": "\\Windows\\System32\\KernelBase.dll", "id": "region_7449", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\system32\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 140725090648064, "timestamp": "00:01:40.643", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1282048, "start_va": 140725124988928, "type": "region", "version": 1 }, "end_va": 140725126270975, "entry_point": 140725125009460, "filename": "\\Windows\\System32\\kernel32.dll", "id": "region_7450", "name": "kernel32.dll", "norm_filename": "c:\\windows\\system32\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 140725124988928, "timestamp": "00:01:40.645", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 1054380261376, "type": "region", "version": 1 }, "end_va": 1054380326911, "entry_point": 0, "filename": null, "id": "region_7451", "name": "pagefile_0x000000f57df60000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1054380261376, "timestamp": "00:01:40.653", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 140695513792512, "type": "region", "version": 1 }, "end_va": 140695514841087, "entry_point": 0, "filename": null, "id": "region_7452", "name": "pagefile_0x00007ff63a1f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 140695513792512, "timestamp": "00:01:40.653", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 516096, "start_va": 1054381178880, "type": "region", "version": 1 }, "end_va": 1054381694975, "entry_point": 1054381178880, "filename": "\\Windows\\System32\\locale.nls", "id": "region_7453", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 1054381178880, "timestamp": "00:01:40.655", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 675840, "start_va": 140725126299648, "type": "region", "version": 1 }, "end_va": 140725126975487, "entry_point": 140725126303760, "filename": "\\Windows\\System32\\advapi32.dll", "id": "region_7454", "name": "advapi32.dll", "norm_filename": "c:\\windows\\system32\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 140725126299648, "timestamp": "00:01:40.657", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1511424, "start_va": 140725093466112, "type": "region", "version": 1 }, "end_va": 140725094977535, "entry_point": 140725093620416, "filename": "\\Windows\\System32\\user32.dll", "id": "region_7455", "name": "user32.dll", "norm_filename": "c:\\windows\\system32\\user32.dll", "region_type": "memory_mapped_file", "start_va": 140725093466112, "timestamp": "00:01:40.657", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 684032, "start_va": 140725098577920, "type": "region", "version": 1 }, "end_va": 140725099261951, "entry_point": 140725098588204, "filename": "\\Windows\\System32\\msvcrt.dll", "id": "region_7456", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\system32\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 140725098577920, "timestamp": "00:01:40.658", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1531904, "start_va": 140725096546304, "type": "region", "version": 1 }, "end_va": 140725098078207, "entry_point": 140725096550580, "filename": "\\Windows\\System32\\ole32.dll", "id": "region_7457", "name": "ole32.dll", "norm_filename": "c:\\windows\\system32\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 140725096546304, "timestamp": "00:01:40.659", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 21032960, "start_va": 140725103951872, "type": "region", "version": 1 }, "end_va": 140725124984831, "entry_point": 140725103956224, "filename": "\\Windows\\System32\\shell32.dll", "id": "region_7458", "name": "shell32.dll", "norm_filename": "c:\\windows\\system32\\shell32.dll", "region_type": "memory_mapped_file", "start_va": 140725103951872, "timestamp": "00:01:40.660", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 28672, "start_va": 1054380326912, "type": "region", "version": 1 }, "end_va": 1054380355583, "entry_point": 0, "filename": null, "id": "region_7459", "name": "private_0x000000f57df70000", "norm_filename": null, "region_type": "private_memory", "start_va": 1054380326912, "timestamp": "00:01:40.661", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 356352, "start_va": 140725098184704, "type": "region", "version": 1 }, "end_va": 140725098541055, "entry_point": 140725098194176, "filename": "\\Windows\\System32\\sechost.dll", "id": "region_7460", "name": "sechost.dll", "norm_filename": "c:\\windows\\system32\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 140725098184704, "timestamp": "00:01:40.662", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1269760, "start_va": 140725127806976, "type": "region", "version": 1 }, "end_va": 140725129076735, "entry_point": 140725127811408, "filename": "\\Windows\\System32\\rpcrt4.dll", "id": "region_7461", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\system32\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 140725127806976, "timestamp": "00:01:40.663", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1331200, "start_va": 140725129773056, "type": "region", "version": 1 }, "end_va": 140725131104255, "entry_point": 140725129845848, "filename": "\\Windows\\System32\\gdi32.dll", "id": "region_7462", "name": "gdi32.dll", "norm_filename": "c:\\windows\\system32\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 140725129773056, "timestamp": "00:01:40.664", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1929216, "start_va": 140725131149312, "type": "region", "version": 1 }, "end_va": 140725133078527, "entry_point": 140725131157344, "filename": "\\Windows\\System32\\combase.dll", "id": "region_7463", "name": "combase.dll", "norm_filename": "c:\\windows\\system32\\combase.dll", "region_type": "memory_mapped_file", "start_va": 140725131149312, "timestamp": "00:01:40.666", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 331776, "start_va": 140725095038976, "type": "region", "version": 1 }, "end_va": 140725095370751, "entry_point": 140725095043776, "filename": "\\Windows\\System32\\shlwapi.dll", "id": "region_7464", "name": "shlwapi.dll", "norm_filename": "c:\\windows\\system32\\shlwapi.dll", "region_type": "memory_mapped_file", "start_va": 140725095038976, "timestamp": "00:01:40.667", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1376256, "start_va": 1054381703168, "type": "region", "version": 1 }, "end_va": 1054383079423, "entry_point": 0, "filename": null, "id": "region_7465", "name": "private_0x000000f57e0c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1054381703168, "timestamp": "00:01:40.673", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 28672, "start_va": 1054381703168, "type": "region", "version": 1 }, "end_va": 1054381731839, "entry_point": 0, "filename": null, "id": "region_7466", "name": "private_0x000000f57e0c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1054381703168, "timestamp": "00:01:40.674", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 1054383013888, "type": "region", "version": 1 }, "end_va": 1054383079423, "entry_point": 0, "filename": null, "id": "region_7467", "name": "private_0x000000f57e200000", "norm_filename": null, "region_type": "private_memory", "start_va": 1054383013888, "timestamp": "00:01:40.674", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 212992, "start_va": 1054381768704, "type": "region", "version": 1 }, "end_va": 1054381981695, "entry_point": 1054381772848, "filename": "\\Windows\\System32\\imm32.dll", "id": "region_7468", "name": "imm32.dll", "norm_filename": "c:\\windows\\system32\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 1054381768704, "timestamp": "00:01:40.680", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 1054384193536, "type": "region", "version": 1 }, "end_va": 1054385799167, "entry_point": 0, "filename": null, "id": "region_7469", "name": "pagefile_0x000000f57e320000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1054384193536, "timestamp": "00:01:40.681", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 212992, "start_va": 140725095563264, "type": "region", "version": 1 }, "end_va": 140725095776255, "entry_point": 140725095567408, "filename": "\\Windows\\System32\\imm32.dll", "id": "region_7470", "name": "imm32.dll", "norm_filename": "c:\\windows\\system32\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 140725095563264, "timestamp": "00:01:40.682", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1277952, "start_va": 140725091762176, "type": "region", "version": 1 }, "end_va": 140725093040127, "entry_point": 140725091766288, "filename": "\\Windows\\System32\\msctf.dll", "id": "region_7471", "name": "msctf.dll", "norm_filename": "c:\\windows\\system32\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 140725091762176, "timestamp": "00:01:40.683", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 1054385831936, "type": "region", "version": 1 }, "end_va": 1054387408895, "entry_point": 0, "filename": null, "id": "region_7472", "name": "pagefile_0x000000f57e4b0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1054385831936, "timestamp": "00:01:40.685", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20971520, "start_va": 1054387470336, "type": "region", "version": 1 }, "end_va": 1054408441855, "entry_point": 0, "filename": null, "id": "region_7473", "name": "pagefile_0x000000f57e640000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1054387470336, "timestamp": "00:01:40.686", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 1054381768704, "type": "region", "version": 1 }, "end_va": 1054381772799, "entry_point": 0, "filename": null, "id": "region_7481", "name": "private_0x000000f57e0d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1054381768704, "timestamp": "00:01:40.762", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 1054381834240, "type": "region", "version": 1 }, "end_va": 1054381838335, "entry_point": 0, "filename": null, "id": "region_7482", "name": "private_0x000000f57e0e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1054381834240, "timestamp": "00:01:40.762", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 745472, "start_va": 1054381899776, "type": "region", "version": 1 }, "end_va": 1054382645247, "entry_point": 1054381904160, "filename": "\\Windows\\System32\\oleaut32.dll", "id": "region_7483", "name": "oleaut32.dll", "norm_filename": "c:\\windows\\system32\\oleaut32.dll", "region_type": "memory_mapped_file", "start_va": 1054381899776, "timestamp": "00:01:40.762", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 659456, "start_va": 140725060108288, "type": "region", "version": 1 }, "end_va": 140725060767743, "entry_point": 140725060112544, "filename": "\\Windows\\System32\\SHCore.dll", "id": "region_7484", "name": "shcore.dll", "norm_filename": "c:\\windows\\system32\\shcore.dll", "region_type": "memory_mapped_file", "start_va": 140725060108288, "timestamp": "00:01:40.769", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 761856, "start_va": 1054381899776, "type": "region", "version": 1 }, "end_va": 1054382661631, "entry_point": 1054382081896, "filename": "\\Windows\\System32\\rpcss.dll", "id": "region_7485", "name": "rpcss.dll", "norm_filename": "c:\\windows\\system32\\rpcss.dll", "region_type": "memory_mapped_file", "start_va": 1054381899776, "timestamp": "00:01:40.771", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 140725068431360, "type": "region", "version": 1 }, "end_va": 140725068472319, "entry_point": 140725068437320, "filename": "\\Windows\\System32\\kernel.appcore.dll", "id": "region_7486", "name": "kernel.appcore.dll", "norm_filename": "c:\\windows\\system32\\kernel.appcore.dll", "region_type": "memory_mapped_file", "start_va": 140725068431360, "timestamp": "00:01:40.773", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 140725085208576, "type": "region", "version": 1 }, "end_va": 140725085249535, "entry_point": 140725085212688, "filename": "\\Windows\\System32\\cryptbase.dll", "id": "region_7487", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\system32\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 140725085208576, "timestamp": "00:01:40.774", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 385024, "start_va": 140725084815360, "type": "region", "version": 1 }, "end_va": 140725085200383, "entry_point": 140725084944032, "filename": "\\Windows\\System32\\bcryptprimitives.dll", "id": "region_7488", "name": "bcryptprimitives.dll", "norm_filename": "c:\\windows\\system32\\bcryptprimitives.dll", "region_type": "memory_mapped_file", "start_va": 140725084815360, "timestamp": "00:01:40.775", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 1054381899776, "type": "region", "version": 1 }, "end_va": 1054381903871, "entry_point": 0, "filename": null, "id": "region_7489", "name": "pagefile_0x000000f57e0f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1054381899776, "timestamp": "00:01:40.777", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 671744, "start_va": 140725095825408, "type": "region", "version": 1 }, "end_va": 140725096497151, "entry_point": 140725095829872, "filename": "\\Windows\\System32\\clbcatq.dll", "id": "region_7490", "name": "clbcatq.dll", "norm_filename": "c:\\windows\\system32\\clbcatq.dll", "region_type": "memory_mapped_file", "start_va": 140725095825408, "timestamp": "00:01:40.778", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 1054381965312, "type": "region", "version": 1 }, "end_va": 1054381969407, "entry_point": 0, "filename": null, "id": "region_7491", "name": "pagefile_0x000000f57e100000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1054381965312, "timestamp": "00:01:40.780", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 122880, "start_va": 140725079769088, "type": "region", "version": 1 }, "end_va": 140725079891967, "entry_point": 140725079773640, "filename": "\\Windows\\System32\\cryptsp.dll", "id": "region_7492", "name": "cryptsp.dll", "norm_filename": "c:\\windows\\system32\\cryptsp.dll", "region_type": "memory_mapped_file", "start_va": 140725079769088, "timestamp": "00:01:40.798", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 217088, "start_va": 140725075443712, "type": "region", "version": 1 }, "end_va": 140725075660799, "entry_point": 140725075448792, "filename": "\\Windows\\System32\\rsaenh.dll", "id": "region_7493", "name": "rsaenh.dll", "norm_filename": "c:\\windows\\system32\\rsaenh.dll", "region_type": "memory_mapped_file", "start_va": 140725075443712, "timestamp": "00:01:40.799", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 155648, "start_va": 140725082062848, "type": "region", "version": 1 }, "end_va": 140725082218495, "entry_point": 140725082086248, "filename": "\\Windows\\System32\\bcrypt.dll", "id": "region_7494", "name": "bcrypt.dll", "norm_filename": "c:\\windows\\system32\\bcrypt.dll", "region_type": "memory_mapped_file", "start_va": 140725082062848, "timestamp": "00:01:40.801", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2969600, "start_va": 1054408441856, "type": "region", "version": 1 }, "end_va": 1054411411455, "entry_point": 1054408441856, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_7495", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 1054408441856, "timestamp": "00:01:40.803", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 1054382030848, "type": "region", "version": 1 }, "end_va": 1054382555135, "entry_point": 0, "filename": null, "id": "region_7497", "name": "private_0x000000f57e110000", "norm_filename": null, "region_type": "private_memory", "start_va": 1054382030848, "timestamp": "00:01:40.810", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 1054411456512, "type": "region", "version": 1 }, "end_va": 1054411980799, "entry_point": 0, "filename": null, "id": "region_7498", "name": "private_0x000000f57fd20000", "norm_filename": null, "region_type": "private_memory", "start_va": 1054411456512, "timestamp": "00:01:40.810", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 1054411980800, "type": "region", "version": 1 }, "end_va": 1054412505087, "entry_point": 0, "filename": null, "id": "region_7499", "name": "private_0x000000f57fda0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1054411980800, "timestamp": "00:01:40.810", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140695515000832, "type": "region", "version": 1 }, "end_va": 140695515009023, "entry_point": 0, "filename": null, "id": "region_7500", "name": "private_0x00007ff63a317000", "norm_filename": null, "region_type": "private_memory", "start_va": 140695515000832, "timestamp": "00:01:40.810", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140695515009024, "type": "region", "version": 1 }, "end_va": 140695515017215, "entry_point": 0, "filename": null, "id": "region_7501", "name": "private_0x00007ff63a319000", "norm_filename": null, "region_type": "private_memory", "start_va": 140695515009024, "timestamp": "00:01:40.810", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140695515017216, "type": "region", "version": 1 }, "end_va": 140695515025407, "entry_point": 0, "filename": null, "id": "region_7502", "name": "private_0x00007ff63a31b000", "norm_filename": null, "region_type": "private_memory", "start_va": 140695515017216, "timestamp": "00:01:40.810", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2301952, "start_va": 140724914028544, "type": "region", "version": 1 }, "end_va": 140724916330495, "entry_point": 140724914034952, "filename": "\\Windows\\System32\\SyncCenter.dll", "id": "region_7503", "name": "synccenter.dll", "norm_filename": "c:\\windows\\system32\\synccenter.dll", "region_type": "memory_mapped_file", "start_va": 140724914028544, "timestamp": "00:01:40.812", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 12288, "start_va": 1054382555136, "type": "region", "version": 1 }, "end_va": 1054382567423, "entry_point": 0, "filename": null, "id": "region_7504", "name": "pagefile_0x000000f57e190000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1054382555136, "timestamp": "00:01:40.815", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2465792, "start_va": 140725055651840, "type": "region", "version": 1 }, "end_va": 140725058117631, "entry_point": 140725055670080, "filename": "\\Windows\\WinSxS\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_62475f7becb72503\\comctl32.dll", "id": "region_7505", "name": "comctl32.dll", "norm_filename": "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_62475f7becb72503\\comctl32.dll", "region_type": "memory_mapped_file", "start_va": 140725055651840, "timestamp": "00:01:40.816", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 1054382620672, "type": "region", "version": 1 }, "end_va": 1054382624767, "entry_point": 1054382620672, "filename": "\\Windows\\WindowsShell.Manifest", "id": "region_7506", "name": "windowsshell.manifest", "norm_filename": "c:\\windows\\windowsshell.manifest", "region_type": "memory_mapped_file", "start_va": 1054382620672, "timestamp": "00:01:40.818", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 1054382686208, "type": "region", "version": 1 }, "end_va": 1054382694399, "entry_point": 0, "filename": null, "id": "region_7507", "name": "pagefile_0x000000f57e1b0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1054382686208, "timestamp": "00:01:40.819", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2813952, "start_va": 140724980547584, "type": "region", "version": 1 }, "end_va": 140724983361535, "entry_point": 140724980555492, "filename": "\\Windows\\System32\\actxprxy.dll", "id": "region_7508", "name": "actxprxy.dll", "norm_filename": "c:\\windows\\system32\\actxprxy.dll", "region_type": "memory_mapped_file", "start_va": 140724980547584, "timestamp": "00:01:40.822", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 1054412505088, "type": "region", "version": 1 }, "end_va": 1054413029375, "entry_point": 0, "filename": null, "id": "region_7509", "name": "private_0x000000f57fe20000", "norm_filename": null, "region_type": "private_memory", "start_va": 1054412505088, "timestamp": "00:01:40.855", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 1054413029376, "type": "region", "version": 1 }, "end_va": 1054413553663, "entry_point": 0, "filename": null, "id": "region_7510", "name": "private_0x000000f57fea0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1054413029376, "timestamp": "00:01:40.855", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140695514984448, "type": "region", "version": 1 }, "end_va": 140695514992639, "entry_point": 0, "filename": null, "id": "region_7511", "name": "private_0x00007ff63a313000", "norm_filename": null, "region_type": "private_memory", "start_va": 140695514984448, "timestamp": "00:01:40.855", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140695514992640, "type": "region", "version": 1 }, "end_va": 140695515000831, "entry_point": 0, "filename": null, "id": "region_7512", "name": "private_0x00007ff63a315000", "norm_filename": null, "region_type": "private_memory", "start_va": 140695514992640, "timestamp": "00:01:40.855", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1187840, "start_va": 140725066858496, "type": "region", "version": 1 }, "end_va": 140725068046335, "entry_point": 140725066904644, "filename": "\\Windows\\System32\\uxtheme.dll", "id": "region_7513", "name": "uxtheme.dll", "norm_filename": "c:\\windows\\system32\\uxtheme.dll", "region_type": "memory_mapped_file", "start_va": 140725066858496, "timestamp": "00:01:40.855", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1507328, "start_va": 1052266987520, "type": "region", "version": 1 }, "end_va": 1052268494847, "entry_point": 0, "filename": null, "id": "region_7514", "name": "private_0x000000f500000000", "norm_filename": null, "region_type": "private_memory", "start_va": 1052266987520, "timestamp": "00:01:40.858", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 1052266987520, "type": "region", "version": 1 }, "end_va": 1052266991615, "entry_point": 0, "filename": null, "id": "region_7520", "name": "pagefile_0x000000f500000000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1052266987520, "timestamp": "00:01:40.862", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 1052268429312, "type": "region", "version": 1 }, "end_va": 1052268494847, "entry_point": 0, "filename": null, "id": "region_7521", "name": "private_0x000000f500160000", "norm_filename": null, "region_type": "private_memory", "start_va": 1052268429312, "timestamp": "00:01:40.862", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 983040, "start_va": 1052266987520, "type": "region", "version": 1 }, "end_va": 1052267970559, "entry_point": 0, "filename": null, "id": "region_7522", "name": "pagefile_0x000000f500000000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1052266987520, "timestamp": "00:01:40.862", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 1052267970560, "type": "region", "version": 1 }, "end_va": 1052267986943, "entry_point": 0, "filename": null, "id": "region_7523", "name": "pagefile_0x000000f5000f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1052267970560, "timestamp": "00:01:40.862", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 28672, "start_va": 1052268036096, "type": "region", "version": 1 }, "end_va": 1052268064767, "entry_point": 0, "filename": null, "id": "region_7524", "name": "private_0x000000f500100000", "norm_filename": null, "region_type": "private_memory", "start_va": 1052268036096, "timestamp": "00:01:40.863", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 1052268494848, "type": "region", "version": 1 }, "end_va": 1052269019135, "entry_point": 0, "filename": null, "id": "region_7525", "name": "private_0x000000f500170000", "norm_filename": null, "region_type": "private_memory", "start_va": 1052268494848, "timestamp": "00:01:40.868", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140695513784320, "type": "region", "version": 1 }, "end_va": 140695513792511, "entry_point": 0, "filename": null, "id": "region_7526", "name": "private_0x00007ff63a1ee000", "norm_filename": null, "region_type": "private_memory", "start_va": 140695513784320, "timestamp": "00:01:40.868", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 1052269019136, "type": "region", "version": 1 }, "end_va": 1052269543423, "entry_point": 0, "filename": null, "id": "region_7529", "name": "private_0x000000f5001f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1052269019136, "timestamp": "00:01:40.890", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140695513776128, "type": "region", "version": 1 }, "end_va": 140695513784319, "entry_point": 0, "filename": null, "id": "region_7530", "name": "private_0x00007ff63a1ec000", "norm_filename": null, "region_type": "private_memory", "start_va": 140695513776128, "timestamp": "00:01:40.890", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 671744, "start_va": 140725050015744, "type": "region", "version": 1 }, "end_va": 140725050687487, "entry_point": 140725050027444, "filename": "\\Windows\\System32\\cscui.dll", "id": "region_7531", "name": "cscui.dll", "norm_filename": "c:\\windows\\system32\\cscui.dll", "region_type": "memory_mapped_file", "start_va": 140725050015744, "timestamp": "00:01:40.890", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1458176, "start_va": 140725039202304, "type": "region", "version": 1 }, "end_va": 140725040660479, "entry_point": 140725039341808, "filename": "\\Windows\\System32\\propsys.dll", "id": "region_7532", "name": "propsys.dll", "norm_filename": "c:\\windows\\system32\\propsys.dll", "region_type": "memory_mapped_file", "start_va": 140725039202304, "timestamp": "00:01:40.891", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 140725049491456, "type": "region", "version": 1 }, "end_va": 140725049540607, "entry_point": 140725049495712, "filename": "\\Windows\\System32\\cscdll.dll", "id": "region_7533", "name": "cscdll.dll", "norm_filename": "c:\\windows\\system32\\cscdll.dll", "region_type": "memory_mapped_file", "start_va": 140725049491456, "timestamp": "00:01:40.892", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 749568, "start_va": 140725101002752, "type": "region", "version": 1 }, "end_va": 140725101752319, "entry_point": 140725101007136, "filename": "\\Windows\\System32\\oleaut32.dll", "id": "region_7534", "name": "oleaut32.dll", "norm_filename": "c:\\windows\\system32\\oleaut32.dll", "region_type": "memory_mapped_file", "start_va": 140725101002752, "timestamp": "00:01:40.893", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 1052268101632, "type": "region", "version": 1 }, "end_va": 1052268109823, "entry_point": 0, "filename": null, "id": "region_7536", "name": "pagefile_0x000000f500110000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1052268101632, "timestamp": "00:01:40.910", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 12288, "start_va": 1052268167168, "type": "region", "version": 1 }, "end_va": 1052268179455, "entry_point": 0, "filename": null, "id": "region_7537", "name": "pagefile_0x000000f500120000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1052268167168, "timestamp": "00:01:40.911", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 1052268232704, "type": "region", "version": 1 }, "end_va": 1052268236799, "entry_point": 0, "filename": null, "id": "region_7538", "name": "pagefile_0x000000f500130000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1052268232704, "timestamp": "00:01:40.911", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 36864, "start_va": 1052268298240, "type": "region", "version": 1 }, "end_va": 1052268335103, "entry_point": 1052268298240, "filename": "\\Windows\\System32\\en-US\\cscui.dll.mui", "id": "region_7539", "name": "cscui.dll.mui", "norm_filename": "c:\\windows\\system32\\en-us\\cscui.dll.mui", "region_type": "memory_mapped_file", "start_va": 1052268298240, "timestamp": "00:01:40.912", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 65536, "start_va": 140724958658560, "type": "region", "version": 1 }, "end_va": 140724958724095, "entry_point": 140724958662816, "filename": "\\Windows\\System32\\cscapi.dll", "id": "region_7540", "name": "cscapi.dll", "norm_filename": "c:\\windows\\system32\\cscapi.dll", "region_type": "memory_mapped_file", "start_va": 140724958658560, "timestamp": "00:01:40.924", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 135168, "start_va": 140725058142208, "type": "region", "version": 1 }, "end_va": 140725058277375, "entry_point": 140725058146560, "filename": "\\Windows\\System32\\dwmapi.dll", "id": "region_7542", "name": "dwmapi.dll", "norm_filename": "c:\\windows\\system32\\dwmapi.dll", "region_type": "memory_mapped_file", "start_va": 140725058142208, "timestamp": "00:01:40.947", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 401408, "start_va": 140724905705472, "type": "region", "version": 1 }, "end_va": 140724906106879, "entry_point": 140724905705472, "filename": "\\Windows\\System32\\SyncInfrastructure.dll", "id": "region_7543", "name": "syncinfrastructure.dll", "norm_filename": "c:\\windows\\system32\\syncinfrastructure.dll", "region_type": "memory_mapped_file", "start_va": 140724905705472, "timestamp": "00:01:40.950", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1929216, "start_va": 140725088026624, "type": "region", "version": 1 }, "end_va": 140725089955839, "entry_point": 140725088030884, "filename": "\\Windows\\System32\\crypt32.dll", "id": "region_7544", "name": "crypt32.dll", "norm_filename": "c:\\windows\\system32\\crypt32.dll", "region_type": "memory_mapped_file", "start_va": 140725088026624, "timestamp": "00:01:40.963", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 69632, "start_va": 140725039071232, "type": "region", "version": 1 }, "end_va": 140725039140863, "entry_point": 140725039075456, "filename": "\\Windows\\System32\\wtsapi32.dll", "id": "region_7545", "name": "wtsapi32.dll", "norm_filename": "c:\\windows\\system32\\wtsapi32.dll", "region_type": "memory_mapped_file", "start_va": 140725039071232, "timestamp": "00:01:40.964", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1925120, "start_va": 140725101789184, "type": "region", "version": 1 }, "end_va": 140725103714303, "entry_point": 140725101793472, "filename": "\\Windows\\System32\\setupapi.dll", "id": "region_7546", "name": "setupapi.dll", "norm_filename": "c:\\windows\\system32\\setupapi.dll", "region_type": "memory_mapped_file", "start_va": 140725101789184, "timestamp": "00:01:40.965", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 73728, "start_va": 140725087174656, "type": "region", "version": 1 }, "end_va": 140725087248383, "entry_point": 140725087178996, "filename": "\\Windows\\System32\\msasn1.dll", "id": "region_7547", "name": "msasn1.dll", "norm_filename": "c:\\windows\\system32\\msasn1.dll", "region_type": "memory_mapped_file", "start_va": 140725087174656, "timestamp": "00:01:40.966", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 303104, "start_va": 140725090320384, "type": "region", "version": 1 }, "end_va": 140725090623487, "entry_point": 140725090325080, "filename": "\\Windows\\System32\\cfgmgr32.dll", "id": "region_7548", "name": "cfgmgr32.dll", "norm_filename": "c:\\windows\\system32\\cfgmgr32.dll", "region_type": "memory_mapped_file", "start_va": 140725090320384, "timestamp": "00:01:40.968", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4169728, "start_va": 1052269543424, "type": "region", "version": 1 }, "end_va": 1052273713151, "entry_point": 0, "filename": null, "id": "region_7550", "name": "pagefile_0x000000f500270000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1052269543424, "timestamp": "00:01:40.976", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 1052273737728, "type": "region", "version": 1 }, "end_va": 1052274262015, "entry_point": 0, "filename": null, "id": "region_7551", "name": "private_0x000000f500670000", "norm_filename": null, "region_type": "private_memory", "start_va": 1052273737728, "timestamp": "00:01:40.976", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140695513767936, "type": "region", "version": 1 }, "end_va": 140695513776127, "entry_point": 0, "filename": null, "id": "region_7552", "name": "private_0x00007ff63a1ea000", "norm_filename": null, "region_type": "private_memory", "start_va": 140695513767936, "timestamp": "00:01:40.976", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 356352, "start_va": 140725078982656, "type": "region", "version": 1 }, "end_va": 140725079339007, "entry_point": 140725078989424, "filename": "\\Windows\\System32\\winsta.dll", "id": "region_7553", "name": "winsta.dll", "norm_filename": "c:\\windows\\system32\\winsta.dll", "region_type": "memory_mapped_file", "start_va": 140725078982656, "timestamp": "00:01:40.977", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "C:\\Windows\\system32\\AUDIODG.EXE 0x7d8", "filename": "c:\\windows\\system32\\audiodg.exe", "id": "proc_68", "image_name": "audiodg.exe", "monitor_reason": "child_process", "monitored_id": 68, "origin_monitor_id": 45, "ref_parent_process": { "ref_id": "proc_45", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable" ], "ref_process_dump": null, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_7907", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:01:52.686", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 131072, "start_va": 875120295936, "type": "region", "version": 1 }, "end_va": 875120427007, "entry_point": 0, "filename": null, "id": "region_7908", "name": "private_0x000000cbc13c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 875120295936, "timestamp": "00:01:52.686", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 61440, "start_va": 875120427008, "type": "region", "version": 1 }, "end_va": 875120488447, "entry_point": 0, "filename": null, "id": "region_7909", "name": "pagefile_0x000000cbc13e0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 875120427008, "timestamp": "00:01:52.686", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 875120492544, "type": "region", "version": 1 }, "end_va": 875121016831, "entry_point": 0, "filename": null, "id": "region_7910", "name": "private_0x000000cbc13f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 875120492544, "timestamp": "00:01:52.686", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 140695542759424, "type": "region", "version": 1 }, "end_va": 140695542902783, "entry_point": 0, "filename": null, "id": "region_7911", "name": "pagefile_0x00007ff63bd90000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 140695542759424, "timestamp": "00:01:52.686", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140695542943744, "type": "region", "version": 1 }, "end_va": 140695542951935, "entry_point": 0, "filename": null, "id": "region_7912", "name": "private_0x00007ff63bdbd000", "norm_filename": null, "region_type": "private_memory", "start_va": 140695542943744, "timestamp": "00:01:52.686", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 140695542951936, "type": "region", "version": 1 }, "end_va": 140695542956031, "entry_point": 0, "filename": null, "id": "region_7913", "name": "private_0x00007ff63bdbf000", "norm_filename": null, "region_type": "private_memory", "start_va": 140695542951936, "timestamp": "00:01:52.686", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 262144, "start_va": 140695545249792, "type": "region", "version": 1 }, "end_va": 140695545511935, "entry_point": 140695545249792, "filename": "\\Windows\\System32\\audiodg.exe", "id": "region_7914", "name": "audiodg.exe", "norm_filename": "c:\\windows\\system32\\audiodg.exe", "region_type": "memory_mapped_file", "start_va": 140695545249792, "timestamp": "00:01:52.686", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 140725133115392, "type": "region", "version": 1 }, "end_va": 140725134856191, "entry_point": 140725133115392, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_7915", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 140725133115392, "timestamp": "00:01:52.693", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 875122851840, "type": "region", "version": 1 }, "end_va": 875123900415, "entry_point": 0, "filename": null, "id": "region_7916", "name": "private_0x000000cbc1630000", "norm_filename": null, "region_type": "private_memory", "start_va": 875122851840, "timestamp": "00:01:52.951", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1105920, "start_va": 140725090648064, "type": "region", "version": 1 }, "end_va": 140725091753983, "entry_point": 140725090656928, "filename": "\\Windows\\System32\\KernelBase.dll", "id": "region_7917", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\system32\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 140725090648064, "timestamp": "00:01:52.951", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1282048, "start_va": 140725124988928, "type": "region", "version": 1 }, "end_va": 140725126270975, "entry_point": 140725125009460, "filename": "\\Windows\\System32\\kernel32.dll", "id": "region_7918", "name": "kernel32.dll", "norm_filename": "c:\\windows\\system32\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 140725124988928, "timestamp": "00:01:52.952", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 875120295936, "type": "region", "version": 1 }, "end_va": 875120361471, "entry_point": 0, "filename": null, "id": "region_7919", "name": "pagefile_0x000000cbc13c0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 875120295936, "timestamp": "00:01:52.955", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 140695541710848, "type": "region", "version": 1 }, "end_va": 140695542759423, "entry_point": 0, "filename": null, "id": "region_7920", "name": "pagefile_0x00007ff63bc90000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 140695541710848, "timestamp": "00:01:52.955", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 516096, "start_va": 875121016832, "type": "region", "version": 1 }, "end_va": 875121532927, "entry_point": 875121016832, "filename": "\\Windows\\System32\\locale.nls", "id": "region_7921", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 875121016832, "timestamp": "00:01:52.962", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 684032, "start_va": 140725098577920, "type": "region", "version": 1 }, "end_va": 140725099261951, "entry_point": 140725098588204, "filename": "\\Windows\\System32\\msvcrt.dll", "id": "region_7922", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\system32\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 140725098577920, "timestamp": "00:01:52.963", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1269760, "start_va": 140725127806976, "type": "region", "version": 1 }, "end_va": 140725129076735, "entry_point": 140725127811408, "filename": "\\Windows\\System32\\rpcrt4.dll", "id": "region_7923", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\system32\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 140725127806976, "timestamp": "00:01:52.973", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1929216, "start_va": 140725131149312, "type": "region", "version": 1 }, "end_va": 140725133078527, "entry_point": 140725131157344, "filename": "\\Windows\\System32\\combase.dll", "id": "region_7924", "name": "combase.dll", "norm_filename": "c:\\windows\\system32\\combase.dll", "region_type": "memory_mapped_file", "start_va": 140725131149312, "timestamp": "00:01:52.991", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 397312, "start_va": 140725054210048, "type": "region", "version": 1 }, "end_va": 140725054607359, "entry_point": 140725054288584, "filename": "\\Windows\\System32\\MMDevAPI.dll", "id": "region_7925", "name": "mmdevapi.dll", "norm_filename": "c:\\windows\\system32\\mmdevapi.dll", "region_type": "memory_mapped_file", "start_va": 140725054210048, "timestamp": "00:01:52.997", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 155648, "start_va": 140725068103680, "type": "region", "version": 1 }, "end_va": 140725068259327, "entry_point": 140725068109212, "filename": "\\Windows\\System32\\devobj.dll", "id": "region_7926", "name": "devobj.dll", "norm_filename": "c:\\windows\\system32\\devobj.dll", "region_type": "memory_mapped_file", "start_va": 140725068103680, "timestamp": "00:01:53.003", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 28672, "start_va": 875120361472, "type": "region", "version": 1 }, "end_va": 875120390143, "entry_point": 0, "filename": null, "id": "region_7927", "name": "private_0x000000cbc13d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 875120361472, "timestamp": "00:01:53.004", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 356352, "start_va": 140725098184704, "type": "region", "version": 1 }, "end_va": 140725098541055, "entry_point": 140725098194176, "filename": "\\Windows\\System32\\sechost.dll", "id": "region_7928", "name": "sechost.dll", "norm_filename": "c:\\windows\\system32\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 140725098184704, "timestamp": "00:01:53.009", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 303104, "start_va": 140725090320384, "type": "region", "version": 1 }, "end_va": 140725090623487, "entry_point": 140725090325080, "filename": "\\Windows\\System32\\cfgmgr32.dll", "id": "region_7929", "name": "cfgmgr32.dll", "norm_filename": "c:\\windows\\system32\\cfgmgr32.dll", "region_type": "memory_mapped_file", "start_va": 140725090320384, "timestamp": "00:01:53.013", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 851968, "start_va": 875121541120, "type": "region", "version": 1 }, "end_va": 875122393087, "entry_point": 0, "filename": null, "id": "region_7930", "name": "private_0x000000cbc14f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 875121541120, "timestamp": "00:01:53.015", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 28672, "start_va": 875121541120, "type": "region", "version": 1 }, "end_va": 875121569791, "entry_point": 0, "filename": null, "id": "region_7931", "name": "private_0x000000cbc14f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 875121541120, "timestamp": "00:01:53.016", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 875122327552, "type": "region", "version": 1 }, "end_va": 875122393087, "entry_point": 0, "filename": null, "id": "region_7932", "name": "private_0x000000cbc15b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 875122327552, "timestamp": "00:01:53.016", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 761856, "start_va": 875123900416, "type": "region", "version": 1 }, "end_va": 875124662271, "entry_point": 875124082536, "filename": "\\Windows\\System32\\rpcss.dll", "id": "region_7933", "name": "rpcss.dll", "norm_filename": "c:\\windows\\system32\\rpcss.dll", "region_type": "memory_mapped_file", "start_va": 875123900416, "timestamp": "00:01:53.019", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 140725068431360, "type": "region", "version": 1 }, "end_va": 140725068472319, "entry_point": 140725068437320, "filename": "\\Windows\\System32\\kernel.appcore.dll", "id": "region_7934", "name": "kernel.appcore.dll", "norm_filename": "c:\\windows\\system32\\kernel.appcore.dll", "region_type": "memory_mapped_file", "start_va": 140725068431360, "timestamp": "00:01:53.022", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 140725085208576, "type": "region", "version": 1 }, "end_va": 140725085249535, "entry_point": 140725085212688, "filename": "\\Windows\\System32\\cryptbase.dll", "id": "region_7935", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\system32\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 140725085208576, "timestamp": "00:01:53.026", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 385024, "start_va": 140725084815360, "type": "region", "version": 1 }, "end_va": 140725085200383, "entry_point": 140725084944032, "filename": "\\Windows\\System32\\bcryptprimitives.dll", "id": "region_7936", "name": "bcryptprimitives.dll", "norm_filename": "c:\\windows\\system32\\bcryptprimitives.dll", "region_type": "memory_mapped_file", "start_va": 140725084815360, "timestamp": "00:01:53.028", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 875121606656, "type": "region", "version": 1 }, "end_va": 875121614847, "entry_point": 0, "filename": null, "id": "region_7937", "name": "private_0x000000cbc1500000", "norm_filename": null, "region_type": "private_memory", "start_va": 875121606656, "timestamp": "00:01:53.030", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 2105344, "start_va": 875123900416, "type": "region", "version": 1 }, "end_va": 875126005759, "entry_point": 0, "filename": null, "id": "region_7938", "name": "private_0x000000cbc1730000", "norm_filename": null, "region_type": "private_memory", "start_va": 875123900416, "timestamp": "00:01:53.030", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 875121672192, "type": "region", "version": 1 }, "end_va": 875122196479, "entry_point": 0, "filename": null, "id": "region_7939", "name": "private_0x000000cbc1510000", "norm_filename": null, "region_type": "private_memory", "start_va": 875121672192, "timestamp": "00:01:53.036", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140695542935552, "type": "region", "version": 1 }, "end_va": 140695542943743, "entry_point": 0, "filename": null, "id": "region_7940", "name": "private_0x00007ff63bdbb000", "norm_filename": null, "region_type": "private_memory", "start_va": 140695542935552, "timestamp": "00:01:53.036", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1511424, "start_va": 140725093466112, "type": "region", "version": 1 }, "end_va": 140725094977535, "entry_point": 140725093620416, "filename": "\\Windows\\System32\\user32.dll", "id": "region_7941", "name": "user32.dll", "norm_filename": "c:\\windows\\system32\\user32.dll", "region_type": "memory_mapped_file", "start_va": 140725093466112, "timestamp": "00:01:53.057", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1331200, "start_va": 140725129773056, "type": "region", "version": 1 }, "end_va": 140725131104255, "entry_point": 140725129845848, "filename": "\\Windows\\System32\\gdi32.dll", "id": "region_7942", "name": "gdi32.dll", "norm_filename": "c:\\windows\\system32\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 140725129773056, "timestamp": "00:01:53.067", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 12288, "start_va": 875122196480, "type": "region", "version": 1 }, "end_va": 875122208767, "entry_point": 0, "filename": null, "id": "region_7943", "name": "pagefile_0x000000cbc1590000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 875122196480, "timestamp": "00:01:53.073", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 875122262016, "type": "region", "version": 1 }, "end_va": 875122266111, "entry_point": 0, "filename": null, "id": "region_7944", "name": "pagefile_0x000000cbc15a0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 875122262016, "timestamp": "00:01:53.073", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 875122393088, "type": "region", "version": 1 }, "end_va": 875122397183, "entry_point": 0, "filename": null, "id": "region_7945", "name": "private_0x000000cbc15c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 875122393088, "timestamp": "00:01:53.073", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 875122458624, "type": "region", "version": 1 }, "end_va": 875122462719, "entry_point": 0, "filename": null, "id": "region_7946", "name": "private_0x000000cbc15d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 875122458624, "timestamp": "00:01:53.073", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 875126063104, "type": "region", "version": 1 }, "end_va": 875127668735, "entry_point": 0, "filename": null, "id": "region_7947", "name": "pagefile_0x000000cbc1940000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 875126063104, "timestamp": "00:01:53.073", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 875127701504, "type": "region", "version": 1 }, "end_va": 875129278463, "entry_point": 0, "filename": null, "id": "region_7948", "name": "pagefile_0x000000cbc1ad0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 875127701504, "timestamp": "00:01:53.073", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 786432, "start_va": 875129339904, "type": "region", "version": 1 }, "end_va": 875130126335, "entry_point": 0, "filename": null, "id": "region_7949", "name": "pagefile_0x000000cbc1c60000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 875129339904, "timestamp": "00:01:53.073", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1277952, "start_va": 875130126336, "type": "region", "version": 1 }, "end_va": 875131404287, "entry_point": 0, "filename": null, "id": "region_7950", "name": "pagefile_0x000000cbc1d20000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 875130126336, "timestamp": "00:01:53.073", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 875131437056, "type": "region", "version": 1 }, "end_va": 875131961343, "entry_point": 0, "filename": null, "id": "region_7951", "name": "private_0x000000cbc1e60000", "norm_filename": null, "region_type": "private_memory", "start_va": 875131437056, "timestamp": "00:01:53.074", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140695542927360, "type": "region", "version": 1 }, "end_va": 140695542935551, "entry_point": 0, "filename": null, "id": "region_7952", "name": "private_0x00007ff63bdb9000", "norm_filename": null, "region_type": "private_memory", "start_va": 140695542927360, "timestamp": "00:01:53.074", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 875122524160, "type": "region", "version": 1 }, "end_va": 875122528255, "entry_point": 0, "filename": null, "id": "region_7956", "name": "pagefile_0x000000cbc15e0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 875122524160, "timestamp": "00:01:53.106", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 671744, "start_va": 140725095825408, "type": "region", "version": 1 }, "end_va": 140725096497151, "entry_point": 140725095829872, "filename": "\\Windows\\System32\\clbcatq.dll", "id": "region_7957", "name": "clbcatq.dll", "norm_filename": "c:\\windows\\system32\\clbcatq.dll", "region_type": "memory_mapped_file", "start_va": 140725095825408, "timestamp": "00:01:53.109", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 122880, "start_va": 140725079769088, "type": "region", "version": 1 }, "end_va": 140725079891967, "entry_point": 140725079773640, "filename": "\\Windows\\System32\\cryptsp.dll", "id": "region_7958", "name": "cryptsp.dll", "norm_filename": "c:\\windows\\system32\\cryptsp.dll", "region_type": "memory_mapped_file", "start_va": 140725079769088, "timestamp": "00:01:53.117", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 217088, "start_va": 140725075443712, "type": "region", "version": 1 }, "end_va": 140725075660799, "entry_point": 140725075448792, "filename": "\\Windows\\System32\\rsaenh.dll", "id": "region_7959", "name": "rsaenh.dll", "norm_filename": "c:\\windows\\system32\\rsaenh.dll", "region_type": "memory_mapped_file", "start_va": 140725075443712, "timestamp": "00:01:53.120", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 155648, "start_va": 140725082062848, "type": "region", "version": 1 }, "end_va": 140725082218495, "entry_point": 140725082086248, "filename": "\\Windows\\System32\\bcrypt.dll", "id": "region_7960", "name": "bcrypt.dll", "norm_filename": "c:\\windows\\system32\\bcrypt.dll", "region_type": "memory_mapped_file", "start_va": 140725082062848, "timestamp": "00:01:53.123", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2969600, "start_va": 875131961344, "type": "region", "version": 1 }, "end_va": 875134930943, "entry_point": 875131961344, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_7961", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 875131961344, "timestamp": "00:01:53.125", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 875134976000, "type": "region", "version": 1 }, "end_va": 875135500287, "entry_point": 0, "filename": null, "id": "region_7962", "name": "private_0x000000cbc21c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 875134976000, "timestamp": "00:01:53.137", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140695542919168, "type": "region", "version": 1 }, "end_va": 140695542927359, "entry_point": 0, "filename": null, "id": "region_7963", "name": "private_0x00007ff63bdb7000", "norm_filename": null, "region_type": "private_memory", "start_va": 140695542919168, "timestamp": "00:01:53.137", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 875135500288, "type": "region", "version": 1 }, "end_va": 875136024575, "entry_point": 0, "filename": null, "id": "region_7964", "name": "private_0x000000cbc2240000", "norm_filename": null, "region_type": "private_memory", "start_va": 875135500288, "timestamp": "00:01:53.138", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140695542910976, "type": "region", "version": 1 }, "end_va": 140695542919167, "entry_point": 0, "filename": null, "id": "region_7965", "name": "private_0x00007ff63bdb5000", "norm_filename": null, "region_type": "private_memory", "start_va": 140695542910976, "timestamp": "00:01:53.138", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 483328, "start_va": 140724965212160, "type": "region", "version": 1 }, "end_va": 140724965695487, "entry_point": 140724965259184, "filename": "\\Windows\\System32\\AudioSes.dll", "id": "region_7973", "name": "audioses.dll", "norm_filename": "c:\\windows\\system32\\audioses.dll", "region_type": "memory_mapped_file", "start_va": 140724965212160, "timestamp": "00:01:53.182", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 749568, "start_va": 140725101002752, "type": "region", "version": 1 }, "end_va": 140725101752319, "entry_point": 140725101007136, "filename": "\\Windows\\System32\\oleaut32.dll", "id": "region_7974", "name": "oleaut32.dll", "norm_filename": "c:\\windows\\system32\\oleaut32.dll", "region_type": "memory_mapped_file", "start_va": 140725101002752, "timestamp": "00:01:53.187", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 282624, "start_va": 140725086126080, "type": "region", "version": 1 }, "end_va": 140725086408703, "entry_point": 140725086130832, "filename": "\\Windows\\System32\\powrprof.dll", "id": "region_7975", "name": "powrprof.dll", "norm_filename": "c:\\windows\\system32\\powrprof.dll", "region_type": "memory_mapped_file", "start_va": 140725086126080, "timestamp": "00:01:53.190", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1536000, "start_va": 875136024576, "type": "region", "version": 1 }, "end_va": 875137560575, "entry_point": 875136028852, "filename": "\\Windows\\System32\\ole32.dll", "id": "region_7976", "name": "ole32.dll", "norm_filename": "c:\\windows\\system32\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 875136024576, "timestamp": "00:01:53.192", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 875122589696, "type": "region", "version": 1 }, "end_va": 875122593791, "entry_point": 0, "filename": null, "id": "region_7978", "name": "pagefile_0x000000cbc15f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 875122589696, "timestamp": "00:01:53.203", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 466944, "start_va": 140724934082560, "type": "region", "version": 1 }, "end_va": 140724934549503, "entry_point": 140724934082560, "filename": "\\Windows\\System32\\AudioEng.dll", "id": "region_7979", "name": "audioeng.dll", "norm_filename": "c:\\windows\\system32\\audioeng.dll", "region_type": "memory_mapped_file", "start_va": 140724934082560, "timestamp": "00:01:53.212", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 45056, "start_va": 140725036974080, "type": "region", "version": 1 }, "end_va": 140725037019135, "entry_point": 140725036978192, "filename": "\\Windows\\System32\\avrt.dll", "id": "region_7980", "name": "avrt.dll", "norm_filename": "c:\\windows\\system32\\avrt.dll", "region_type": "memory_mapped_file", "start_va": 140725036974080, "timestamp": "00:01:53.228", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 875122655232, "type": "region", "version": 1 }, "end_va": 875122663423, "entry_point": 0, "filename": null, "id": "region_7981", "name": "private_0x000000cbc1600000", "norm_filename": null, "region_type": "private_memory", "start_va": 875122655232, "timestamp": "00:01:53.230", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 2105344, "start_va": 875136024576, "type": "region", "version": 1 }, "end_va": 875138129919, "entry_point": 0, "filename": null, "id": "region_7982", "name": "private_0x000000cbc22c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 875136024576, "timestamp": "00:01:53.230", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 385024, "start_va": 140724933689344, "type": "region", "version": 1 }, "end_va": 140724934074367, "entry_point": 140724933689344, "filename": "\\Windows\\System32\\AUDIOKSE.dll", "id": "region_7983", "name": "audiokse.dll", "norm_filename": "c:\\windows\\system32\\audiokse.dll", "region_type": "memory_mapped_file", "start_va": 140724933689344, "timestamp": "00:01:53.235", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 65536, "start_va": 875122720768, "type": "region", "version": 1 }, "end_va": 875122786303, "entry_point": 0, "filename": null, "id": "region_7984", "name": "private_0x000000cbc1610000", "norm_filename": null, "region_type": "private_memory", "start_va": 875122720768, "timestamp": "00:01:53.250", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 875122786304, "type": "region", "version": 1 }, "end_va": 875122794495, "entry_point": 0, "filename": null, "id": "region_7985", "name": "private_0x000000cbc1620000", "norm_filename": null, "region_type": "private_memory", "start_va": 875122786304, "timestamp": "00:01:53.252", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 73728, "start_va": 875138187264, "type": "region", "version": 1 }, "end_va": 875138260991, "entry_point": 0, "filename": null, "id": "region_7986", "name": "private_0x000000cbc24d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 875138187264, "timestamp": "00:01:53.252", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 875138318336, "type": "region", "version": 1 }, "end_va": 875138322431, "entry_point": 0, "filename": null, "id": "region_7987", "name": "private_0x000000cbc24f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 875138318336, "timestamp": "00:01:53.254", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 875138383872, "type": "region", "version": 1 }, "end_va": 875138387967, "entry_point": 0, "filename": null, "id": "region_7988", "name": "private_0x000000cbc2500000", "norm_filename": null, "region_type": "private_memory", "start_va": 875138383872, "timestamp": "00:01:53.254", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 875138449408, "type": "region", "version": 1 }, "end_va": 875138457599, "entry_point": 0, "filename": null, "id": "region_7989", "name": "private_0x000000cbc2510000", "norm_filename": null, "region_type": "private_memory", "start_va": 875138449408, "timestamp": "00:01:53.263", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 875138514944, "type": "region", "version": 1 }, "end_va": 875138519039, "entry_point": 0, "filename": null, "id": "region_7990", "name": "private_0x000000cbc2520000", "norm_filename": null, "region_type": "private_memory", "start_va": 875138514944, "timestamp": "00:01:53.263", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 875138580480, "type": "region", "version": 1 }, "end_va": 875138588671, "entry_point": 0, "filename": null, "id": "region_7991", "name": "private_0x000000cbc2530000", "norm_filename": null, "region_type": "private_memory", "start_va": 875138580480, "timestamp": "00:01:53.263", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 270336, "start_va": 875138646016, "type": "region", "version": 1 }, "end_va": 875138916351, "entry_point": 0, "filename": null, "id": "region_7992", "name": "private_0x000000cbc2540000", "norm_filename": null, "region_type": "private_memory", "start_va": 875138646016, "timestamp": "00:01:53.263", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 875138973696, "type": "region", "version": 1 }, "end_va": 875139497983, "entry_point": 0, "filename": null, "id": "region_7993", "name": "private_0x000000cbc2590000", "norm_filename": null, "region_type": "private_memory", "start_va": 875138973696, "timestamp": "00:01:53.277", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 875139497984, "type": "region", "version": 1 }, "end_va": 875139506175, "entry_point": 0, "filename": null, "id": "region_7994", "name": "private_0x000000cbc2610000", "norm_filename": null, "region_type": "private_memory", "start_va": 875139497984, "timestamp": "00:01:53.277", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140695542902784, "type": "region", "version": 1 }, "end_va": 140695542910975, "entry_point": 0, "filename": null, "id": "region_7995", "name": "private_0x00007ff63bdb3000", "norm_filename": null, "region_type": "private_memory", "start_va": 140695542902784, "timestamp": "00:01:53.277", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 40960, "start_va": 875139563520, "type": "region", "version": 1 }, "end_va": 875139604479, "entry_point": 0, "filename": null, "id": "region_7996", "name": "private_0x000000cbc2620000", "norm_filename": null, "region_type": "private_memory", "start_va": 875139563520, "timestamp": "00:01:53.278", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1785856, "start_va": 140724900790272, "type": "region", "version": 1 }, "end_va": 140724902576127, "entry_point": 140724900790272, "filename": "\\Windows\\System32\\WMALFXGFXDSP.dll", "id": "region_8000", "name": "wmalfxgfxdsp.dll", "norm_filename": "c:\\windows\\system32\\wmalfxgfxdsp.dll", "region_type": "memory_mapped_file", "start_va": 140724900790272, "timestamp": "00:01:53.322", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 675840, "start_va": 140725126299648, "type": "region", "version": 1 }, "end_va": 140725126975487, "entry_point": 140725126303760, "filename": "\\Windows\\System32\\advapi32.dll", "id": "region_8001", "name": "advapi32.dll", "norm_filename": "c:\\windows\\system32\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 140725126299648, "timestamp": "00:01:53.359", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1531904, "start_va": 140725096546304, "type": "region", "version": 1 }, "end_va": 140725098078207, "entry_point": 140725096550580, "filename": "\\Windows\\System32\\ole32.dll", "id": "region_8002", "name": "ole32.dll", "norm_filename": "c:\\windows\\system32\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 140725096546304, "timestamp": "00:01:53.369", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 868352, "start_va": 140724930412544, "type": "region", "version": 1 }, "end_va": 140724931280895, "entry_point": 140724930416656, "filename": "\\Windows\\System32\\mfplat.dll", "id": "region_8003", "name": "mfplat.dll", "norm_filename": "c:\\windows\\system32\\mfplat.dll", "region_type": "memory_mapped_file", "start_va": 140724930412544, "timestamp": "00:01:53.377", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 147456, "start_va": 140724932706304, "type": "region", "version": 1 }, "end_va": 140724932853759, "entry_point": 140724932743340, "filename": "\\Windows\\System32\\RTWorkQ.dll", "id": "region_8004", "name": "rtworkq.dll", "norm_filename": "c:\\windows\\system32\\rtworkq.dll", "region_type": "memory_mapped_file", "start_va": 140724932706304, "timestamp": "00:01:53.386", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 875139629056, "type": "region", "version": 1 }, "end_va": 875140153343, "entry_point": 0, "filename": null, "id": "region_8005", "name": "private_0x000000cbc2630000", "norm_filename": null, "region_type": "private_memory", "start_va": 875139629056, "timestamp": "00:01:53.401", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 875140153344, "type": "region", "version": 1 }, "end_va": 875140157439, "entry_point": 0, "filename": null, "id": "region_8006", "name": "private_0x000000cbc26b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 875140153344, "timestamp": "00:01:53.401", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140695541702656, "type": "region", "version": 1 }, "end_va": 140695541710847, "entry_point": 0, "filename": null, "id": "region_8007", "name": "private_0x00007ff63bc8e000", "norm_filename": null, "region_type": "private_memory", "start_va": 140695541702656, "timestamp": "00:01:53.401", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 875140218880, "type": "region", "version": 1 }, "end_va": 875140227071, "entry_point": 0, "filename": null, "id": "region_8008", "name": "pagefile_0x000000cbc26c0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 875140218880, "timestamp": "00:01:53.402", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 875140284416, "type": "region", "version": 1 }, "end_va": 875141332991, "entry_point": 0, "filename": null, "id": "region_8009", "name": "private_0x000000cbc26d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 875140284416, "timestamp": "00:01:53.402", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 875141332992, "type": "region", "version": 1 }, "end_va": 875141857279, "entry_point": 0, "filename": null, "id": "region_9549", "name": "private_0x000000cbc27d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 875141332992, "timestamp": "00:02:18.528", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140695541694464, "type": "region", "version": 1 }, "end_va": 140695541702655, "entry_point": 0, "filename": null, "id": "region_9550", "name": "private_0x00007ff63bc8c000", "norm_filename": null, "region_type": "private_memory", "start_va": 140695541694464, "timestamp": "00:02:18.528", "type": "region", "version": 1 } ], "terminate_reason": "timeout", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "C:\\PROGRA~1\\COMMON~1\\WANACR~1.EXE", "filename": "c:\\progra~1\\common~1\\wanacr~1.exe", "id": "proc_69", "image_name": "wanacr~1.exe", "monitor_reason": "child_process", "monitored_id": 69, "origin_monitor_id": 58, "ref_parent_process": { "ref_id": "proc_58", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable" ], "ref_process_dump": null, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_8053", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:01:53.955", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 131072, "start_va": 406634823680, "type": "region", "version": 1 }, "end_va": 406634954751, "entry_point": 0, "filename": null, "id": "region_8054", "name": "private_0x0000005ead530000", "norm_filename": null, "region_type": "private_memory", "start_va": 406634823680, "timestamp": "00:01:53.955", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 61440, "start_va": 406634954752, "type": "region", "version": 1 }, "end_va": 406635016191, "entry_point": 0, "filename": null, "id": "region_8055", "name": "pagefile_0x0000005ead550000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 406634954752, "timestamp": "00:01:53.955", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4194304, "start_va": 406635020288, "type": "region", "version": 1 }, "end_va": 406639214591, "entry_point": 0, "filename": null, "id": "region_8056", "name": "private_0x0000005ead560000", "norm_filename": null, "region_type": "private_memory", "start_va": 406635020288, "timestamp": "00:01:53.955", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 406639214592, "type": "region", "version": 1 }, "end_va": 406639230975, "entry_point": 0, "filename": null, "id": "region_8057", "name": "pagefile_0x0000005ead960000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 406639214592, "timestamp": "00:01:53.955", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 140698002325504, "type": "region", "version": 1 }, "end_va": 140698002468863, "entry_point": 0, "filename": null, "id": "region_8058", "name": "pagefile_0x00007ff6ce730000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 140698002325504, "timestamp": "00:01:53.955", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140698002509824, "type": "region", "version": 1 }, "end_va": 140698002518015, "entry_point": 0, "filename": null, "id": "region_8059", "name": "private_0x00007ff6ce75d000", "norm_filename": null, "region_type": "private_memory", "start_va": 140698002509824, "timestamp": "00:01:53.955", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 140698002518016, "type": "region", "version": 1 }, "end_va": 140698002522111, "entry_point": 0, "filename": null, "id": "region_8060", "name": "private_0x00007ff6ce75f000", "norm_filename": null, "region_type": "private_memory", "start_va": 140698002518016, "timestamp": "00:01:53.955", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1085440, "start_va": 140698014777344, "type": "region", "version": 1 }, "end_va": 140698015862783, "entry_point": 140698014972444, "filename": "\\PROGRA~1\\COMMON~1\\WANACR~1.EXE", "id": "region_8061", "name": "wanacr~1.exe", "norm_filename": "c:\\progra~1\\common~1\\wanacr~1.exe", "region_type": "memory_mapped_file", "start_va": 140698014777344, "timestamp": "00:01:53.955", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 140725133115392, "type": "region", "version": 1 }, "end_va": 140725134856191, "entry_point": 140725133115392, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_8062", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 140725133115392, "timestamp": "00:01:53.956", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 406639280128, "type": "region", "version": 1 }, "end_va": 406639288319, "entry_point": 0, "filename": null, "id": "region_8069", "name": "pagefile_0x0000005ead970000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 406639280128, "timestamp": "00:01:54.083", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 406639345664, "type": "region", "version": 1 }, "end_va": 406639353855, "entry_point": 0, "filename": null, "id": "region_8070", "name": "private_0x0000005ead980000", "norm_filename": null, "region_type": "private_memory", "start_va": 406639345664, "timestamp": "00:01:54.083", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4194304, "start_va": 406639542272, "type": "region", "version": 1 }, "end_va": 406643736575, "entry_point": 0, "filename": null, "id": "region_8075", "name": "private_0x0000005ead9b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 406639542272, "timestamp": "00:01:54.254", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1105920, "start_va": 140725090648064, "type": "region", "version": 1 }, "end_va": 140725091753983, "entry_point": 140725090656928, "filename": "\\Windows\\System32\\KernelBase.dll", "id": "region_8076", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\system32\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 140725090648064, "timestamp": "00:01:54.254", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1282048, "start_va": 140725124988928, "type": "region", "version": 1 }, "end_va": 140725126270975, "entry_point": 140725125009460, "filename": "\\Windows\\System32\\kernel32.dll", "id": "region_8077", "name": "kernel32.dll", "norm_filename": "c:\\windows\\system32\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 140725124988928, "timestamp": "00:01:54.255", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 406634823680, "type": "region", "version": 1 }, "end_va": 406634889215, "entry_point": 0, "filename": null, "id": "region_8078", "name": "pagefile_0x0000005ead530000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 406634823680, "timestamp": "00:01:54.268", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 140698001276928, "type": "region", "version": 1 }, "end_va": 140698002325503, "entry_point": 0, "filename": null, "id": "region_8079", "name": "pagefile_0x00007ff6ce630000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 140698001276928, "timestamp": "00:01:54.268", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 516096, "start_va": 406643736576, "type": "region", "version": 1 }, "end_va": 406644252671, "entry_point": 406643736576, "filename": "\\Windows\\System32\\locale.nls", "id": "region_8080", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 406643736576, "timestamp": "00:01:54.290", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 36864, "start_va": 140724958920704, "type": "region", "version": 1 }, "end_va": 140724958957567, "entry_point": 140724958924928, "filename": "\\Windows\\System32\\wsock32.dll", "id": "region_8081", "name": "wsock32.dll", "norm_filename": "c:\\windows\\system32\\wsock32.dll", "region_type": "memory_mapped_file", "start_va": 140724958920704, "timestamp": "00:01:54.291", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 140724958855168, "type": "region", "version": 1 }, "end_va": 140724958896127, "entry_point": 140724958859456, "filename": "\\Windows\\System32\\version.dll", "id": "region_8082", "name": "version.dll", "norm_filename": "c:\\windows\\system32\\version.dll", "region_type": "memory_mapped_file", "start_va": 140724958855168, "timestamp": "00:01:54.293", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 126976, "start_va": 140724958724096, "type": "region", "version": 1 }, "end_va": 140724958851071, "entry_point": 140724958733304, "filename": "\\Windows\\System32\\winmm.dll", "id": "region_8083", "name": "winmm.dll", "norm_filename": "c:\\windows\\system32\\winmm.dll", "region_type": "memory_mapped_file", "start_va": 140724958724096, "timestamp": "00:01:54.294", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2465792, "start_va": 140725055651840, "type": "region", "version": 1 }, "end_va": 140725058117631, "entry_point": 140725055670080, "filename": "\\Windows\\WinSxS\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_62475f7becb72503\\comctl32.dll", "id": "region_8084", "name": "comctl32.dll", "norm_filename": "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_62475f7becb72503\\comctl32.dll", "region_type": "memory_mapped_file", "start_va": 140725055651840, "timestamp": "00:01:54.295", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 110592, "start_va": 140724999946240, "type": "region", "version": 1 }, "end_va": 140725000056831, "entry_point": 140724999950416, "filename": "\\Windows\\System32\\mpr.dll", "id": "region_8085", "name": "mpr.dll", "norm_filename": "c:\\windows\\system32\\mpr.dll", "region_type": "memory_mapped_file", "start_va": 140724999946240, "timestamp": "00:01:54.296", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 28672, "start_va": 406634889216, "type": "region", "version": 1 }, "end_va": 406634917887, "entry_point": 0, "filename": null, "id": "region_8086", "name": "private_0x0000005ead540000", "norm_filename": null, "region_type": "private_memory", "start_va": 406634889216, "timestamp": "00:01:54.298", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2359296, "start_va": 140725005254656, "type": "region", "version": 1 }, "end_va": 140725007613951, "entry_point": 140725005259760, "filename": "\\Windows\\System32\\wininet.dll", "id": "region_8087", "name": "wininet.dll", "norm_filename": "c:\\windows\\system32\\wininet.dll", "region_type": "memory_mapped_file", "start_va": 140725005254656, "timestamp": "00:01:54.299", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 28672, "start_va": 140725103820800, "type": "region", "version": 1 }, "end_va": 140725103849471, "entry_point": 140725103824912, "filename": "\\Windows\\System32\\psapi.dll", "id": "region_8088", "name": "psapi.dll", "norm_filename": "c:\\windows\\system32\\psapi.dll", "region_type": "memory_mapped_file", "start_va": 140725103820800, "timestamp": "00:01:54.299", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 167936, "start_va": 140725016985600, "type": "region", "version": 1 }, "end_va": 140725017153535, "entry_point": 140725017016680, "filename": "\\Windows\\System32\\IPHLPAPI.DLL", "id": "region_8089", "name": "iphlpapi.dll", "norm_filename": "c:\\windows\\system32\\iphlpapi.dll", "region_type": "memory_mapped_file", "start_va": 140725016985600, "timestamp": "00:01:54.300", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 126976, "start_va": 140725076557824, "type": "region", "version": 1 }, "end_va": 140725076684799, "entry_point": 140725076562672, "filename": "\\Windows\\System32\\userenv.dll", "id": "region_8090", "name": "userenv.dll", "norm_filename": "c:\\windows\\system32\\userenv.dll", "region_type": "memory_mapped_file", "start_va": 140725076557824, "timestamp": "00:01:54.301", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1187840, "start_va": 140725066858496, "type": "region", "version": 1 }, "end_va": 140725068046335, "entry_point": 140725066904644, "filename": "\\Windows\\System32\\uxtheme.dll", "id": "region_8091", "name": "uxtheme.dll", "norm_filename": "c:\\windows\\system32\\uxtheme.dll", "region_type": "memory_mapped_file", "start_va": 140725066858496, "timestamp": "00:01:54.302", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1511424, "start_va": 140725093466112, "type": "region", "version": 1 }, "end_va": 140725094977535, "entry_point": 140725093620416, "filename": "\\Windows\\System32\\user32.dll", "id": "region_8092", "name": "user32.dll", "norm_filename": "c:\\windows\\system32\\user32.dll", "region_type": "memory_mapped_file", "start_va": 140725093466112, "timestamp": "00:01:54.303", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1331200, "start_va": 140725129773056, "type": "region", "version": 1 }, "end_va": 140725131104255, "entry_point": 140725129845848, "filename": "\\Windows\\System32\\gdi32.dll", "id": "region_8093", "name": "gdi32.dll", "norm_filename": "c:\\windows\\system32\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 140725129773056, "timestamp": "00:01:54.304", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 630784, "start_va": 140725129117696, "type": "region", "version": 1 }, "end_va": 140725129748479, "entry_point": 140725129122212, "filename": "\\Windows\\System32\\comdlg32.dll", "id": "region_8094", "name": "comdlg32.dll", "norm_filename": "c:\\windows\\system32\\comdlg32.dll", "region_type": "memory_mapped_file", "start_va": 140725129117696, "timestamp": "00:01:54.304", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 675840, "start_va": 140725126299648, "type": "region", "version": 1 }, "end_va": 140725126975487, "entry_point": 140725126303760, "filename": "\\Windows\\System32\\advapi32.dll", "id": "region_8095", "name": "advapi32.dll", "norm_filename": "c:\\windows\\system32\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 140725126299648, "timestamp": "00:01:54.305", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 21032960, "start_va": 140725103951872, "type": "region", "version": 1 }, "end_va": 140725124984831, "entry_point": 140725103956224, "filename": "\\Windows\\System32\\shell32.dll", "id": "region_8096", "name": "shell32.dll", "norm_filename": "c:\\windows\\system32\\shell32.dll", "region_type": "memory_mapped_file", "start_va": 140725103951872, "timestamp": "00:01:54.307", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1531904, "start_va": 140725096546304, "type": "region", "version": 1 }, "end_va": 140725098078207, "entry_point": 140725096550580, "filename": "\\Windows\\System32\\ole32.dll", "id": "region_8097", "name": "ole32.dll", "norm_filename": "c:\\windows\\system32\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 140725096546304, "timestamp": "00:01:54.308", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 749568, "start_va": 140725101002752, "type": "region", "version": 1 }, "end_va": 140725101752319, "entry_point": 140725101007136, "filename": "\\Windows\\System32\\oleaut32.dll", "id": "region_8098", "name": "oleaut32.dll", "norm_filename": "c:\\windows\\system32\\oleaut32.dll", "region_type": "memory_mapped_file", "start_va": 140725101002752, "timestamp": "00:01:54.309", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 360448, "start_va": 140725127020544, "type": "region", "version": 1 }, "end_va": 140725127380991, "entry_point": 140725127024796, "filename": "\\Windows\\System32\\ws2_32.dll", "id": "region_8099", "name": "ws2_32.dll", "norm_filename": "c:\\windows\\system32\\ws2_32.dll", "region_type": "memory_mapped_file", "start_va": 140725127020544, "timestamp": "00:01:54.310", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 684032, "start_va": 140725098577920, "type": "region", "version": 1 }, "end_va": 140725099261951, "entry_point": 140725098588204, "filename": "\\Windows\\System32\\msvcrt.dll", "id": "region_8100", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\system32\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 140725098577920, "timestamp": "00:01:54.312", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 172032, "start_va": 140725043789824, "type": "region", "version": 1 }, "end_va": 140725043961855, "entry_point": 140725043832680, "filename": "\\Windows\\System32\\winmmbase.dll", "id": "region_8101", "name": "winmmbase.dll", "norm_filename": "c:\\windows\\system32\\winmmbase.dll", "region_type": "memory_mapped_file", "start_va": 140725043789824, "timestamp": "00:01:54.313", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1269760, "start_va": 140725127806976, "type": "region", "version": 1 }, "end_va": 140725129076735, "entry_point": 140725127811408, "filename": "\\Windows\\System32\\rpcrt4.dll", "id": "region_8102", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\system32\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 140725127806976, "timestamp": "00:01:54.316", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2785280, "start_va": 140725002436608, "type": "region", "version": 1 }, "end_va": 140725005221887, "entry_point": 140725002493380, "filename": "\\Windows\\System32\\iertutil.dll", "id": "region_8103", "name": "iertutil.dll", "norm_filename": "c:\\windows\\system32\\iertutil.dll", "region_type": "memory_mapped_file", "start_va": 140725002436608, "timestamp": "00:01:54.317", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 36864, "start_va": 140725103886336, "type": "region", "version": 1 }, "end_va": 140725103923199, "entry_point": 140725103891456, "filename": "\\Windows\\System32\\nsi.dll", "id": "region_8104", "name": "nsi.dll", "norm_filename": "c:\\windows\\system32\\nsi.dll", "region_type": "memory_mapped_file", "start_va": 140725103886336, "timestamp": "00:01:54.319", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 140725016920064, "type": "region", "version": 1 }, "end_va": 140725016961023, "entry_point": 140725016924356, "filename": "\\Windows\\System32\\winnsi.dll", "id": "region_8105", "name": "winnsi.dll", "norm_filename": "c:\\windows\\system32\\winnsi.dll", "region_type": "memory_mapped_file", "start_va": 140725016920064, "timestamp": "00:01:54.320", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 81920, "start_va": 140725086453760, "type": "region", "version": 1 }, "end_va": 140725086535679, "entry_point": 140725086468812, "filename": "\\Windows\\System32\\profapi.dll", "id": "region_8106", "name": "profapi.dll", "norm_filename": "c:\\windows\\system32\\profapi.dll", "region_type": "memory_mapped_file", "start_va": 140725086453760, "timestamp": "00:01:54.322", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1929216, "start_va": 140725131149312, "type": "region", "version": 1 }, "end_va": 140725133078527, "entry_point": 140725131157344, "filename": "\\Windows\\System32\\combase.dll", "id": "region_8107", "name": "combase.dll", "norm_filename": "c:\\windows\\system32\\combase.dll", "region_type": "memory_mapped_file", "start_va": 140725131149312, "timestamp": "00:01:54.325", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 331776, "start_va": 140725095038976, "type": "region", "version": 1 }, "end_va": 140725095370751, "entry_point": 140725095043776, "filename": "\\Windows\\System32\\shlwapi.dll", "id": "region_8108", "name": "shlwapi.dll", "norm_filename": "c:\\windows\\system32\\shlwapi.dll", "region_type": "memory_mapped_file", "start_va": 140725095038976, "timestamp": "00:01:54.330", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 356352, "start_va": 140725098184704, "type": "region", "version": 1 }, "end_va": 140725098541055, "entry_point": 140725098194176, "filename": "\\Windows\\System32\\sechost.dll", "id": "region_8109", "name": "sechost.dll", "norm_filename": "c:\\windows\\system32\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 140725098184704, "timestamp": "00:01:54.331", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 303104, "start_va": 140725090320384, "type": "region", "version": 1 }, "end_va": 140725090623487, "entry_point": 140725090325080, "filename": "\\Windows\\System32\\cfgmgr32.dll", "id": "region_8110", "name": "cfgmgr32.dll", "norm_filename": "c:\\windows\\system32\\cfgmgr32.dll", "region_type": "memory_mapped_file", "start_va": 140725090320384, "timestamp": "00:01:54.334", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 155648, "start_va": 140725068103680, "type": "region", "version": 1 }, "end_va": 140725068259327, "entry_point": 140725068109212, "filename": "\\Windows\\System32\\devobj.dll", "id": "region_8111", "name": "devobj.dll", "norm_filename": "c:\\windows\\system32\\devobj.dll", "region_type": "memory_mapped_file", "start_va": 140725068103680, "timestamp": "00:01:54.335", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 659456, "start_va": 140725060108288, "type": "region", "version": 1 }, "end_va": 140725060767743, "entry_point": 140725060112544, "filename": "\\Windows\\System32\\SHCore.dll", "id": "region_8112", "name": "shcore.dll", "norm_filename": "c:\\windows\\system32\\shcore.dll", "region_type": "memory_mapped_file", "start_va": 140725060108288, "timestamp": "00:01:54.346", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 458752, "start_va": 406644260864, "type": "region", "version": 1 }, "end_va": 406644719615, "entry_point": 0, "filename": null, "id": "region_8113", "name": "private_0x0000005eade30000", "norm_filename": null, "region_type": "private_memory", "start_va": 406644260864, "timestamp": "00:01:54.350", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 28672, "start_va": 406639411200, "type": "region", "version": 1 }, "end_va": 406639439871, "entry_point": 0, "filename": null, "id": "region_8114", "name": "private_0x0000005ead990000", "norm_filename": null, "region_type": "private_memory", "start_va": 406639411200, "timestamp": "00:01:54.352", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 212992, "start_va": 406644260864, "type": "region", "version": 1 }, "end_va": 406644473855, "entry_point": 406644265008, "filename": "\\Windows\\System32\\imm32.dll", "id": "region_8115", "name": "imm32.dll", "norm_filename": "c:\\windows\\system32\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 406644260864, "timestamp": "00:01:54.355", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 406644654080, "type": "region", "version": 1 }, "end_va": 406644719615, "entry_point": 0, "filename": null, "id": "region_8116", "name": "private_0x0000005eade90000", "norm_filename": null, "region_type": "private_memory", "start_va": 406644654080, "timestamp": "00:01:54.355", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 406644719616, "type": "region", "version": 1 }, "end_va": 406646325247, "entry_point": 0, "filename": null, "id": "region_8117", "name": "pagefile_0x0000005eadea0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 406644719616, "timestamp": "00:01:54.355", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 212992, "start_va": 140725095563264, "type": "region", "version": 1 }, "end_va": 140725095776255, "entry_point": 140725095567408, "filename": "\\Windows\\System32\\imm32.dll", "id": "region_8118", "name": "imm32.dll", "norm_filename": "c:\\windows\\system32\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 140725095563264, "timestamp": "00:01:54.356", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1277952, "start_va": 140725091762176, "type": "region", "version": 1 }, "end_va": 140725093040127, "entry_point": 140725091766288, "filename": "\\Windows\\System32\\msctf.dll", "id": "region_8119", "name": "msctf.dll", "norm_filename": "c:\\windows\\system32\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 140725091762176, "timestamp": "00:01:54.357", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 406646358016, "type": "region", "version": 1 }, "end_va": 406647934975, "entry_point": 0, "filename": null, "id": "region_8120", "name": "pagefile_0x0000005eae030000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 406646358016, "timestamp": "00:01:54.360", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20971520, "start_va": 406647996416, "type": "region", "version": 1 }, "end_va": 406668967935, "entry_point": 0, "filename": null, "id": "region_8121", "name": "pagefile_0x0000005eae1c0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 406647996416, "timestamp": "00:01:54.360", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 406639476736, "type": "region", "version": 1 }, "end_va": 406639480831, "entry_point": 0, "filename": null, "id": "region_8122", "name": "private_0x0000005ead9a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 406639476736, "timestamp": "00:01:54.365", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 406644260864, "type": "region", "version": 1 }, "end_va": 406644264959, "entry_point": 0, "filename": null, "id": "region_8123", "name": "private_0x0000005eade30000", "norm_filename": null, "region_type": "private_memory", "start_va": 406644260864, "timestamp": "00:01:54.365", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 406644326400, "type": "region", "version": 1 }, "end_va": 406644330495, "entry_point": 406644326400, "filename": "\\Windows\\WindowsShell.Manifest", "id": "region_8124", "name": "windowsshell.manifest", "norm_filename": "c:\\windows\\windowsshell.manifest", "region_type": "memory_mapped_file", "start_va": 406644326400, "timestamp": "00:01:54.365", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 406644391936, "type": "region", "version": 1 }, "end_va": 406644400127, "entry_point": 0, "filename": null, "id": "region_8125", "name": "pagefile_0x0000005eade50000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 406644391936, "timestamp": "00:01:54.366", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 406644326400, "type": "region", "version": 1 }, "end_va": 406644391935, "entry_point": 0, "filename": null, "id": "region_8126", "name": "private_0x0000005eade40000", "norm_filename": null, "region_type": "private_memory", "start_va": 406644326400, "timestamp": "00:01:54.371", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 761856, "start_va": 406668967936, "type": "region", "version": 1 }, "end_va": 406669729791, "entry_point": 406669150056, "filename": "\\Windows\\System32\\rpcss.dll", "id": "region_8127", "name": "rpcss.dll", "norm_filename": "c:\\windows\\system32\\rpcss.dll", "region_type": "memory_mapped_file", "start_va": 406668967936, "timestamp": "00:01:54.376", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 140725068431360, "type": "region", "version": 1 }, "end_va": 140725068472319, "entry_point": 140725068437320, "filename": "\\Windows\\System32\\kernel.appcore.dll", "id": "region_8128", "name": "kernel.appcore.dll", "norm_filename": "c:\\windows\\system32\\kernel.appcore.dll", "region_type": "memory_mapped_file", "start_va": 140725068431360, "timestamp": "00:01:54.378", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 140725085208576, "type": "region", "version": 1 }, "end_va": 140725085249535, "entry_point": 140725085212688, "filename": "\\Windows\\System32\\cryptbase.dll", "id": "region_8129", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\system32\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 140725085208576, "timestamp": "00:01:54.380", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 385024, "start_va": 140725084815360, "type": "region", "version": 1 }, "end_va": 140725085200383, "entry_point": 140725084944032, "filename": "\\Windows\\System32\\bcryptprimitives.dll", "id": "region_8130", "name": "bcryptprimitives.dll", "norm_filename": "c:\\windows\\system32\\bcryptprimitives.dll", "region_type": "memory_mapped_file", "start_va": 140725084815360, "timestamp": "00:01:54.382", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 406644457472, "type": "region", "version": 1 }, "end_va": 406644461567, "entry_point": 0, "filename": null, "id": "region_8132", "name": "pagefile_0x0000005eade60000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 406644457472, "timestamp": "00:01:54.395", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 983040, "start_va": 406668967936, "type": "region", "version": 1 }, "end_va": 406669950975, "entry_point": 0, "filename": null, "id": "region_8133", "name": "pagefile_0x0000005eaf5c0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 406668967936, "timestamp": "00:01:54.395", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 406644457472, "type": "region", "version": 1 }, "end_va": 406644473855, "entry_point": 0, "filename": null, "id": "region_8134", "name": "pagefile_0x0000005eade60000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 406644457472, "timestamp": "00:01:54.396", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 28672, "start_va": 406644523008, "type": "region", "version": 1 }, "end_va": 406644551679, "entry_point": 0, "filename": null, "id": "region_8135", "name": "private_0x0000005eade70000", "norm_filename": null, "region_type": "private_memory", "start_va": 406644523008, "timestamp": "00:01:54.396", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 406669950976, "type": "region", "version": 1 }, "end_va": 406670999551, "entry_point": 0, "filename": null, "id": "region_8136", "name": "private_0x0000005eaf6b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 406669950976, "timestamp": "00:01:54.405", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1052672, "start_va": 406670999552, "type": "region", "version": 1 }, "end_va": 406672052223, "entry_point": 406671194652, "filename": "\\Program Files\\Common Files\\wanacry6.malware.exe", "id": "region_8137", "name": "wanacry6.malware.exe", "norm_filename": "c:\\program files\\common files\\wanacry6.malware.exe", "region_type": "memory_mapped_file", "start_va": 406670999552, "timestamp": "00:01:54.420", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 406644588544, "type": "region", "version": 1 }, "end_va": 406644592639, "entry_point": 0, "filename": null, "id": "region_8138", "name": "private_0x0000005eade80000", "norm_filename": null, "region_type": "private_memory", "start_va": 406644588544, "timestamp": "00:01:54.451", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 135168, "start_va": 140725058142208, "type": "region", "version": 1 }, "end_va": 140725058277375, "entry_point": 140725058146560, "filename": "\\Windows\\System32\\dwmapi.dll", "id": "region_8139", "name": "dwmapi.dll", "norm_filename": "c:\\windows\\system32\\dwmapi.dll", "region_type": "memory_mapped_file", "start_va": 140725058142208, "timestamp": "00:01:54.452", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2969600, "start_va": 406670999552, "type": "region", "version": 1 }, "end_va": 406673969151, "entry_point": 406670999552, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_8140", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 406670999552, "timestamp": "00:01:54.454", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 12288, "start_va": 406674014208, "type": "region", "version": 1 }, "end_va": 406674026495, "entry_point": 0, "filename": null, "id": "region_8141", "name": "pagefile_0x0000005eafa90000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 406674014208, "timestamp": "00:01:54.459", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 406674014208, "type": "region", "version": 1 }, "end_va": 406674018303, "entry_point": 0, "filename": null, "id": "region_8142", "name": "pagefile_0x0000005eafa90000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 406674014208, "timestamp": "00:01:54.466", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 406674079744, "type": "region", "version": 1 }, "end_va": 406674083839, "entry_point": 0, "filename": null, "id": "region_8143", "name": "private_0x0000005eafaa0000", "norm_filename": null, "region_type": "private_memory", "start_va": 406674079744, "timestamp": "00:01:55.491", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 5185536, "start_va": 406674145280, "type": "region", "version": 1 }, "end_va": 406679330815, "entry_point": 0, "filename": null, "id": "region_8144", "name": "pagefile_0x0000005eafab0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 406674145280, "timestamp": "00:01:55.497", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 15138816, "start_va": 406679388160, "type": "region", "version": 1 }, "end_va": 406694526975, "entry_point": 406679388160, "filename": "\\Windows\\Fonts\\StaticCache.dat", "id": "region_8145", "name": "staticcache.dat", "norm_filename": "c:\\windows\\fonts\\staticcache.dat", "region_type": "memory_mapped_file", "start_va": 406679388160, "timestamp": "00:01:55.498", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 86016, "start_va": 140725025898496, "type": "region", "version": 1 }, "end_va": 140725025984511, "entry_point": 140725025902656, "filename": "\\Windows\\System32\\netapi32.dll", "id": "region_8146", "name": "netapi32.dll", "norm_filename": "c:\\windows\\system32\\netapi32.dll", "region_type": "memory_mapped_file", "start_va": 140725025898496, "timestamp": "00:01:55.505", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 140725072494592, "type": "region", "version": 1 }, "end_va": 140725072543743, "entry_point": 140725072499804, "filename": "\\Windows\\System32\\netutils.dll", "id": "region_8147", "name": "netutils.dll", "norm_filename": "c:\\windows\\system32\\netutils.dll", "region_type": "memory_mapped_file", "start_va": 140725072494592, "timestamp": "00:01:55.507", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 151552, "start_va": 140725073608704, "type": "region", "version": 1 }, "end_va": 140725073760255, "entry_point": 140725073612916, "filename": "\\Windows\\System32\\srvcli.dll", "id": "region_8148", "name": "srvcli.dll", "norm_filename": "c:\\windows\\system32\\srvcli.dll", "region_type": "memory_mapped_file", "start_va": 140725073608704, "timestamp": "00:01:55.508", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 90112, "start_va": 140725025636352, "type": "region", "version": 1 }, "end_va": 140725025726463, "entry_point": 140725025640520, "filename": "\\Windows\\System32\\wkscli.dll", "id": "region_8149", "name": "wkscli.dll", "norm_filename": "c:\\windows\\system32\\wkscli.dll", "region_type": "memory_mapped_file", "start_va": 140725025636352, "timestamp": "00:01:55.509", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 2195456, "start_va": 406694526976, "type": "region", "version": 1 }, "end_va": 406696722431, "entry_point": 0, "filename": null, "id": "region_8170", "name": "pagefile_0x0000005eb0e20000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 406694526976, "timestamp": "00:01:55.581", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 406696755200, "type": "region", "version": 1 }, "end_va": 406696759295, "entry_point": 0, "filename": null, "id": "region_8171", "name": "pagefile_0x0000005eb1040000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 406696755200, "timestamp": "00:01:55.581", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 48848896, "start_va": 406696755200, "type": "region", "version": 1 }, "end_va": 406745604095, "entry_point": 406696755200, "filename": "\\Windows\\System32\\imageres.dll", "id": "region_8190", "name": "imageres.dll", "norm_filename": "c:\\windows\\system32\\imageres.dll", "region_type": "memory_mapped_file", "start_va": 406696755200, "timestamp": "00:01:56.359", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 12288, "start_va": 406745645056, "type": "region", "version": 1 }, "end_va": 406745657343, "entry_point": 0, "filename": null, "id": "region_8191", "name": "pagefile_0x0000005eb3ee0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 406745645056, "timestamp": "00:01:56.360", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 406745710592, "type": "region", "version": 1 }, "end_va": 406745714687, "entry_point": 0, "filename": null, "id": "region_8192", "name": "pagefile_0x0000005eb3ef0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 406745710592, "timestamp": "00:01:56.360", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4169728, "start_va": 406745776128, "type": "region", "version": 1 }, "end_va": 406749945855, "entry_point": 0, "filename": null, "id": "region_8193", "name": "pagefile_0x0000005eb3f00000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 406745776128, "timestamp": "00:01:56.360", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 278528, "start_va": 406749970432, "type": "region", "version": 1 }, "end_va": 406750248959, "entry_point": 0, "filename": null, "id": "region_8194", "name": "pagefile_0x0000005eb4300000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 406749970432, "timestamp": "00:01:56.360", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 122880, "start_va": 140725079769088, "type": "region", "version": 1 }, "end_va": 140725079891967, "entry_point": 140725079773640, "filename": "\\Windows\\System32\\cryptsp.dll", "id": "region_8195", "name": "cryptsp.dll", "norm_filename": "c:\\windows\\system32\\cryptsp.dll", "region_type": "memory_mapped_file", "start_va": 140725079769088, "timestamp": "00:01:56.360", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 217088, "start_va": 140725075443712, "type": "region", "version": 1 }, "end_va": 140725075660799, "entry_point": 140725075448792, "filename": "\\Windows\\System32\\rsaenh.dll", "id": "region_8196", "name": "rsaenh.dll", "norm_filename": "c:\\windows\\system32\\rsaenh.dll", "region_type": "memory_mapped_file", "start_va": 140725075443712, "timestamp": "00:01:56.369", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 155648, "start_va": 140725082062848, "type": "region", "version": 1 }, "end_va": 140725082218495, "entry_point": 140725082086248, "filename": "\\Windows\\System32\\bcrypt.dll", "id": "region_8197", "name": "bcrypt.dll", "norm_filename": "c:\\windows\\system32\\bcrypt.dll", "region_type": "memory_mapped_file", "start_va": 140725082062848, "timestamp": "00:01:56.371", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "C:\\PROGRA~1\\COMMON~1\\WANACR~1.EXE", "filename": "c:\\progra~1\\common~1\\wanacr~1.exe", "id": "proc_70", "image_name": "wanacr~1.exe", "monitor_reason": "child_process", "monitored_id": 70, "origin_monitor_id": 69, "ref_parent_process": { "ref_id": "proc_69", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable" ], "ref_process_dump": null, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_8213", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:01:56.760", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 131072, "start_va": 818564956160, "type": "region", "version": 1 }, "end_va": 818565087231, "entry_point": 0, "filename": null, "id": "region_8214", "name": "private_0x000000be96460000", "norm_filename": null, "region_type": "private_memory", "start_va": 818564956160, "timestamp": "00:01:56.760", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 61440, "start_va": 818565087232, "type": "region", "version": 1 }, "end_va": 818565148671, "entry_point": 0, "filename": null, "id": "region_8215", "name": "pagefile_0x000000be96480000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 818565087232, "timestamp": "00:01:56.760", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4194304, "start_va": 818565152768, "type": "region", "version": 1 }, "end_va": 818569347071, "entry_point": 0, "filename": null, "id": "region_8216", "name": "private_0x000000be96490000", "norm_filename": null, "region_type": "private_memory", "start_va": 818565152768, "timestamp": "00:01:56.760", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 818569347072, "type": "region", "version": 1 }, "end_va": 818569363455, "entry_point": 0, "filename": null, "id": "region_8217", "name": "pagefile_0x000000be96890000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 818569347072, "timestamp": "00:01:56.760", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 140698007437312, "type": "region", "version": 1 }, "end_va": 140698007580671, "entry_point": 0, "filename": null, "id": "region_8218", "name": "pagefile_0x00007ff6cec10000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 140698007437312, "timestamp": "00:01:56.760", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 140698007588864, "type": "region", "version": 1 }, "end_va": 140698007592959, "entry_point": 0, "filename": null, "id": "region_8219", "name": "private_0x00007ff6cec35000", "norm_filename": null, "region_type": "private_memory", "start_va": 140698007588864, "timestamp": "00:01:56.760", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140698007625728, "type": "region", "version": 1 }, "end_va": 140698007633919, "entry_point": 0, "filename": null, "id": "region_8220", "name": "private_0x00007ff6cec3e000", "norm_filename": null, "region_type": "private_memory", "start_va": 140698007625728, "timestamp": "00:01:56.760", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1085440, "start_va": 140698014777344, "type": "region", "version": 1 }, "end_va": 140698015862783, "entry_point": 140698014972444, "filename": "\\PROGRA~1\\COMMON~1\\WANACR~1.EXE", "id": "region_8221", "name": "wanacr~1.exe", "norm_filename": "c:\\progra~1\\common~1\\wanacr~1.exe", "region_type": "memory_mapped_file", "start_va": 140698014777344, "timestamp": "00:01:56.760", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 140725133115392, "type": "region", "version": 1 }, "end_va": 140725134856191, "entry_point": 140725133115392, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_8222", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 140725133115392, "timestamp": "00:01:56.761", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 818569412608, "type": "region", "version": 1 }, "end_va": 818569420799, "entry_point": 0, "filename": null, "id": "region_8223", "name": "pagefile_0x000000be968a0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 818569412608, "timestamp": "00:01:56.765", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 818569478144, "type": "region", "version": 1 }, "end_va": 818569486335, "entry_point": 0, "filename": null, "id": "region_8227", "name": "private_0x000000be968b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 818569478144, "timestamp": "00:01:56.961", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4194304, "start_va": 818570330112, "type": "region", "version": 1 }, "end_va": 818574524415, "entry_point": 0, "filename": null, "id": "region_8228", "name": "private_0x000000be96980000", "norm_filename": null, "region_type": "private_memory", "start_va": 818570330112, "timestamp": "00:01:56.961", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1105920, "start_va": 140725090648064, "type": "region", "version": 1 }, "end_va": 140725091753983, "entry_point": 140725090656928, "filename": "\\Windows\\System32\\KernelBase.dll", "id": "region_8229", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\system32\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 140725090648064, "timestamp": "00:01:56.961", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1282048, "start_va": 140725124988928, "type": "region", "version": 1 }, "end_va": 140725126270975, "entry_point": 140725125009460, "filename": "\\Windows\\System32\\kernel32.dll", "id": "region_8230", "name": "kernel32.dll", "norm_filename": "c:\\windows\\system32\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 140725124988928, "timestamp": "00:01:56.962", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 818564956160, "type": "region", "version": 1 }, "end_va": 818565021695, "entry_point": 0, "filename": null, "id": "region_8231", "name": "pagefile_0x000000be96460000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 818564956160, "timestamp": "00:01:56.963", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 140698006388736, "type": "region", "version": 1 }, "end_va": 140698007437311, "entry_point": 0, "filename": null, "id": "region_8232", "name": "pagefile_0x00007ff6ceb10000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 140698006388736, "timestamp": "00:01:56.963", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 516096, "start_va": 818569543680, "type": "region", "version": 1 }, "end_va": 818570059775, "entry_point": 818569543680, "filename": "\\Windows\\System32\\locale.nls", "id": "region_8233", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 818569543680, "timestamp": "00:01:56.976", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 36864, "start_va": 140724958920704, "type": "region", "version": 1 }, "end_va": 140724958957567, "entry_point": 140724958924928, "filename": "\\Windows\\System32\\wsock32.dll", "id": "region_8234", "name": "wsock32.dll", "norm_filename": "c:\\windows\\system32\\wsock32.dll", "region_type": "memory_mapped_file", "start_va": 140724958920704, "timestamp": "00:01:56.977", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 140724958855168, "type": "region", "version": 1 }, "end_va": 140724958896127, "entry_point": 140724958859456, "filename": "\\Windows\\System32\\version.dll", "id": "region_8235", "name": "version.dll", "norm_filename": "c:\\windows\\system32\\version.dll", "region_type": "memory_mapped_file", "start_va": 140724958855168, "timestamp": "00:01:56.978", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 126976, "start_va": 140724958724096, "type": "region", "version": 1 }, "end_va": 140724958851071, "entry_point": 140724958733304, "filename": "\\Windows\\System32\\winmm.dll", "id": "region_8236", "name": "winmm.dll", "norm_filename": "c:\\windows\\system32\\winmm.dll", "region_type": "memory_mapped_file", "start_va": 140724958724096, "timestamp": "00:01:56.979", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2465792, "start_va": 140725055651840, "type": "region", "version": 1 }, "end_va": 140725058117631, "entry_point": 140725055670080, "filename": "\\Windows\\WinSxS\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_62475f7becb72503\\comctl32.dll", "id": "region_8237", "name": "comctl32.dll", "norm_filename": "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_62475f7becb72503\\comctl32.dll", "region_type": "memory_mapped_file", "start_va": 140725055651840, "timestamp": "00:01:56.980", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 110592, "start_va": 140724999946240, "type": "region", "version": 1 }, "end_va": 140725000056831, "entry_point": 140724999950416, "filename": "\\Windows\\System32\\mpr.dll", "id": "region_8238", "name": "mpr.dll", "norm_filename": "c:\\windows\\system32\\mpr.dll", "region_type": "memory_mapped_file", "start_va": 140724999946240, "timestamp": "00:01:56.982", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 28672, "start_va": 818565021696, "type": "region", "version": 1 }, "end_va": 818565050367, "entry_point": 0, "filename": null, "id": "region_8239", "name": "private_0x000000be96470000", "norm_filename": null, "region_type": "private_memory", "start_va": 818565021696, "timestamp": "00:01:56.984", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2359296, "start_va": 140725005254656, "type": "region", "version": 1 }, "end_va": 140725007613951, "entry_point": 140725005259760, "filename": "\\Windows\\System32\\wininet.dll", "id": "region_8240", "name": "wininet.dll", "norm_filename": "c:\\windows\\system32\\wininet.dll", "region_type": "memory_mapped_file", "start_va": 140725005254656, "timestamp": "00:01:56.984", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 28672, "start_va": 140725103820800, "type": "region", "version": 1 }, "end_va": 140725103849471, "entry_point": 140725103824912, "filename": "\\Windows\\System32\\psapi.dll", "id": "region_8241", "name": "psapi.dll", "norm_filename": "c:\\windows\\system32\\psapi.dll", "region_type": "memory_mapped_file", "start_va": 140725103820800, "timestamp": "00:01:56.985", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 167936, "start_va": 140725016985600, "type": "region", "version": 1 }, "end_va": 140725017153535, "entry_point": 140725017016680, "filename": "\\Windows\\System32\\IPHLPAPI.DLL", "id": "region_8242", "name": "iphlpapi.dll", "norm_filename": "c:\\windows\\system32\\iphlpapi.dll", "region_type": "memory_mapped_file", "start_va": 140725016985600, "timestamp": "00:01:56.986", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 126976, "start_va": 140725076557824, "type": "region", "version": 1 }, "end_va": 140725076684799, "entry_point": 140725076562672, "filename": "\\Windows\\System32\\userenv.dll", "id": "region_8243", "name": "userenv.dll", "norm_filename": "c:\\windows\\system32\\userenv.dll", "region_type": "memory_mapped_file", "start_va": 140725076557824, "timestamp": "00:01:56.987", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1187840, "start_va": 140725066858496, "type": "region", "version": 1 }, "end_va": 140725068046335, "entry_point": 140725066904644, "filename": "\\Windows\\System32\\uxtheme.dll", "id": "region_8244", "name": "uxtheme.dll", "norm_filename": "c:\\windows\\system32\\uxtheme.dll", "region_type": "memory_mapped_file", "start_va": 140725066858496, "timestamp": "00:01:56.988", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1511424, "start_va": 140725093466112, "type": "region", "version": 1 }, "end_va": 140725094977535, "entry_point": 140725093620416, "filename": "\\Windows\\System32\\user32.dll", "id": "region_8245", "name": "user32.dll", "norm_filename": "c:\\windows\\system32\\user32.dll", "region_type": "memory_mapped_file", "start_va": 140725093466112, "timestamp": "00:01:56.989", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1331200, "start_va": 140725129773056, "type": "region", "version": 1 }, "end_va": 140725131104255, "entry_point": 140725129845848, "filename": "\\Windows\\System32\\gdi32.dll", "id": "region_8246", "name": "gdi32.dll", "norm_filename": "c:\\windows\\system32\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 140725129773056, "timestamp": "00:01:56.990", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 630784, "start_va": 140725129117696, "type": "region", "version": 1 }, "end_va": 140725129748479, "entry_point": 140725129122212, "filename": "\\Windows\\System32\\comdlg32.dll", "id": "region_8247", "name": "comdlg32.dll", "norm_filename": "c:\\windows\\system32\\comdlg32.dll", "region_type": "memory_mapped_file", "start_va": 140725129117696, "timestamp": "00:01:56.990", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 675840, "start_va": 140725126299648, "type": "region", "version": 1 }, "end_va": 140725126975487, "entry_point": 140725126303760, "filename": "\\Windows\\System32\\advapi32.dll", "id": "region_8248", "name": "advapi32.dll", "norm_filename": "c:\\windows\\system32\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 140725126299648, "timestamp": "00:01:56.991", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 21032960, "start_va": 140725103951872, "type": "region", "version": 1 }, "end_va": 140725124984831, "entry_point": 140725103956224, "filename": "\\Windows\\System32\\shell32.dll", "id": "region_8249", "name": "shell32.dll", "norm_filename": "c:\\windows\\system32\\shell32.dll", "region_type": "memory_mapped_file", "start_va": 140725103951872, "timestamp": "00:01:56.993", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1531904, "start_va": 140725096546304, "type": "region", "version": 1 }, "end_va": 140725098078207, "entry_point": 140725096550580, "filename": "\\Windows\\System32\\ole32.dll", "id": "region_8250", "name": "ole32.dll", "norm_filename": "c:\\windows\\system32\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 140725096546304, "timestamp": "00:01:56.993", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 749568, "start_va": 140725101002752, "type": "region", "version": 1 }, "end_va": 140725101752319, "entry_point": 140725101007136, "filename": "\\Windows\\System32\\oleaut32.dll", "id": "region_8251", "name": "oleaut32.dll", "norm_filename": "c:\\windows\\system32\\oleaut32.dll", "region_type": "memory_mapped_file", "start_va": 140725101002752, "timestamp": "00:01:56.994", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 360448, "start_va": 140725127020544, "type": "region", "version": 1 }, "end_va": 140725127380991, "entry_point": 140725127024796, "filename": "\\Windows\\System32\\ws2_32.dll", "id": "region_8252", "name": "ws2_32.dll", "norm_filename": "c:\\windows\\system32\\ws2_32.dll", "region_type": "memory_mapped_file", "start_va": 140725127020544, "timestamp": "00:01:56.995", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 684032, "start_va": 140725098577920, "type": "region", "version": 1 }, "end_va": 140725099261951, "entry_point": 140725098588204, "filename": "\\Windows\\System32\\msvcrt.dll", "id": "region_8253", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\system32\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 140725098577920, "timestamp": "00:01:56.996", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 172032, "start_va": 140725043789824, "type": "region", "version": 1 }, "end_va": 140725043961855, "entry_point": 140725043832680, "filename": "\\Windows\\System32\\winmmbase.dll", "id": "region_8254", "name": "winmmbase.dll", "norm_filename": "c:\\windows\\system32\\winmmbase.dll", "region_type": "memory_mapped_file", "start_va": 140725043789824, "timestamp": "00:01:57.014", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1269760, "start_va": 140725127806976, "type": "region", "version": 1 }, "end_va": 140725129076735, "entry_point": 140725127811408, "filename": "\\Windows\\System32\\rpcrt4.dll", "id": "region_8255", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\system32\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 140725127806976, "timestamp": "00:01:57.016", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2785280, "start_va": 140725002436608, "type": "region", "version": 1 }, "end_va": 140725005221887, "entry_point": 140725002493380, "filename": "\\Windows\\System32\\iertutil.dll", "id": "region_8256", "name": "iertutil.dll", "norm_filename": "c:\\windows\\system32\\iertutil.dll", "region_type": "memory_mapped_file", "start_va": 140725002436608, "timestamp": "00:01:57.016", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 36864, "start_va": 140725103886336, "type": "region", "version": 1 }, "end_va": 140725103923199, "entry_point": 140725103891456, "filename": "\\Windows\\System32\\nsi.dll", "id": "region_8257", "name": "nsi.dll", "norm_filename": "c:\\windows\\system32\\nsi.dll", "region_type": "memory_mapped_file", "start_va": 140725103886336, "timestamp": "00:01:57.018", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 140725016920064, "type": "region", "version": 1 }, "end_va": 140725016961023, "entry_point": 140725016924356, "filename": "\\Windows\\System32\\winnsi.dll", "id": "region_8258", "name": "winnsi.dll", "norm_filename": "c:\\windows\\system32\\winnsi.dll", "region_type": "memory_mapped_file", "start_va": 140725016920064, "timestamp": "00:01:57.019", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 81920, "start_va": 140725086453760, "type": "region", "version": 1 }, "end_va": 140725086535679, "entry_point": 140725086468812, "filename": "\\Windows\\System32\\profapi.dll", "id": "region_8259", "name": "profapi.dll", "norm_filename": "c:\\windows\\system32\\profapi.dll", "region_type": "memory_mapped_file", "start_va": 140725086453760, "timestamp": "00:01:57.020", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1929216, "start_va": 140725131149312, "type": "region", "version": 1 }, "end_va": 140725133078527, "entry_point": 140725131157344, "filename": "\\Windows\\System32\\combase.dll", "id": "region_8260", "name": "combase.dll", "norm_filename": "c:\\windows\\system32\\combase.dll", "region_type": "memory_mapped_file", "start_va": 140725131149312, "timestamp": "00:01:57.023", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 331776, "start_va": 140725095038976, "type": "region", "version": 1 }, "end_va": 140725095370751, "entry_point": 140725095043776, "filename": "\\Windows\\System32\\shlwapi.dll", "id": "region_8261", "name": "shlwapi.dll", "norm_filename": "c:\\windows\\system32\\shlwapi.dll", "region_type": "memory_mapped_file", "start_va": 140725095038976, "timestamp": "00:01:57.025", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 356352, "start_va": 140725098184704, "type": "region", "version": 1 }, "end_va": 140725098541055, "entry_point": 140725098194176, "filename": "\\Windows\\System32\\sechost.dll", "id": "region_8262", "name": "sechost.dll", "norm_filename": "c:\\windows\\system32\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 140725098184704, "timestamp": "00:01:57.026", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 303104, "start_va": 140725090320384, "type": "region", "version": 1 }, "end_va": 140725090623487, "entry_point": 140725090325080, "filename": "\\Windows\\System32\\cfgmgr32.dll", "id": "region_8263", "name": "cfgmgr32.dll", "norm_filename": "c:\\windows\\system32\\cfgmgr32.dll", "region_type": "memory_mapped_file", "start_va": 140725090320384, "timestamp": "00:01:57.030", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 155648, "start_va": 140725068103680, "type": "region", "version": 1 }, "end_va": 140725068259327, "entry_point": 140725068109212, "filename": "\\Windows\\System32\\devobj.dll", "id": "region_8264", "name": "devobj.dll", "norm_filename": "c:\\windows\\system32\\devobj.dll", "region_type": "memory_mapped_file", "start_va": 140725068103680, "timestamp": "00:01:57.031", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 659456, "start_va": 140725060108288, "type": "region", "version": 1 }, "end_va": 140725060767743, "entry_point": 140725060112544, "filename": "\\Windows\\System32\\SHCore.dll", "id": "region_8265", "name": "shcore.dll", "norm_filename": "c:\\windows\\system32\\shcore.dll", "region_type": "memory_mapped_file", "start_va": 140725060108288, "timestamp": "00:01:57.041", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 786432, "start_va": 818574524416, "type": "region", "version": 1 }, "end_va": 818575310847, "entry_point": 0, "filename": null, "id": "region_8266", "name": "private_0x000000be96d80000", "norm_filename": null, "region_type": "private_memory", "start_va": 818574524416, "timestamp": "00:01:57.045", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 28672, "start_va": 818570067968, "type": "region", "version": 1 }, "end_va": 818570096639, "entry_point": 0, "filename": null, "id": "region_8267", "name": "private_0x000000be96940000", "norm_filename": null, "region_type": "private_memory", "start_va": 818570067968, "timestamp": "00:01:57.046", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 212992, "start_va": 818574524416, "type": "region", "version": 1 }, "end_va": 818574737407, "entry_point": 818574528560, "filename": "\\Windows\\System32\\imm32.dll", "id": "region_8268", "name": "imm32.dll", "norm_filename": "c:\\windows\\system32\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 818574524416, "timestamp": "00:01:57.048", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 818575245312, "type": "region", "version": 1 }, "end_va": 818575310847, "entry_point": 0, "filename": null, "id": "region_8269", "name": "private_0x000000be96e30000", "norm_filename": null, "region_type": "private_memory", "start_va": 818575245312, "timestamp": "00:01:57.048", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 818575310848, "type": "region", "version": 1 }, "end_va": 818576916479, "entry_point": 0, "filename": null, "id": "region_8270", "name": "pagefile_0x000000be96e40000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 818575310848, "timestamp": "00:01:57.048", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 212992, "start_va": 140725095563264, "type": "region", "version": 1 }, "end_va": 140725095776255, "entry_point": 140725095567408, "filename": "\\Windows\\System32\\imm32.dll", "id": "region_8271", "name": "imm32.dll", "norm_filename": "c:\\windows\\system32\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 140725095563264, "timestamp": "00:01:57.049", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1277952, "start_va": 140725091762176, "type": "region", "version": 1 }, "end_va": 140725093040127, "entry_point": 140725091766288, "filename": "\\Windows\\System32\\msctf.dll", "id": "region_8272", "name": "msctf.dll", "norm_filename": "c:\\windows\\system32\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 140725091762176, "timestamp": "00:01:57.050", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 818576949248, "type": "region", "version": 1 }, "end_va": 818578526207, "entry_point": 0, "filename": null, "id": "region_8273", "name": "pagefile_0x000000be96fd0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 818576949248, "timestamp": "00:01:57.053", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20971520, "start_va": 818578587648, "type": "region", "version": 1 }, "end_va": 818599559167, "entry_point": 0, "filename": null, "id": "region_8274", "name": "pagefile_0x000000be97160000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 818578587648, "timestamp": "00:01:57.053", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 818570133504, "type": "region", "version": 1 }, "end_va": 818570137599, "entry_point": 0, "filename": null, "id": "region_8275", "name": "private_0x000000be96950000", "norm_filename": null, "region_type": "private_memory", "start_va": 818570133504, "timestamp": "00:01:57.058", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 818570199040, "type": "region", "version": 1 }, "end_va": 818570203135, "entry_point": 0, "filename": null, "id": "region_8276", "name": "private_0x000000be96960000", "norm_filename": null, "region_type": "private_memory", "start_va": 818570199040, "timestamp": "00:01:57.058", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 818570264576, "type": "region", "version": 1 }, "end_va": 818570268671, "entry_point": 818570264576, "filename": "\\Windows\\WindowsShell.Manifest", "id": "region_8277", "name": "windowsshell.manifest", "norm_filename": "c:\\windows\\windowsshell.manifest", "region_type": "memory_mapped_file", "start_va": 818570264576, "timestamp": "00:01:57.058", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 818574524416, "type": "region", "version": 1 }, "end_va": 818574532607, "entry_point": 0, "filename": null, "id": "region_8278", "name": "pagefile_0x000000be96d80000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 818574524416, "timestamp": "00:01:57.059", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1769472, "start_va": 818599559168, "type": "region", "version": 1 }, "end_va": 818601328639, "entry_point": 0, "filename": null, "id": "region_8279", "name": "private_0x000000be98560000", "norm_filename": null, "region_type": "private_memory", "start_va": 818599559168, "timestamp": "00:01:57.063", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 761856, "start_va": 818599559168, "type": "region", "version": 1 }, "end_va": 818600321023, "entry_point": 818599741288, "filename": "\\Windows\\System32\\rpcss.dll", "id": "region_8280", "name": "rpcss.dll", "norm_filename": "c:\\windows\\system32\\rpcss.dll", "region_type": "memory_mapped_file", "start_va": 818599559168, "timestamp": "00:01:57.069", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 818601263104, "type": "region", "version": 1 }, "end_va": 818601328639, "entry_point": 0, "filename": null, "id": "region_8281", "name": "private_0x000000be98700000", "norm_filename": null, "region_type": "private_memory", "start_va": 818601263104, "timestamp": "00:01:57.070", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 140725068431360, "type": "region", "version": 1 }, "end_va": 140725068472319, "entry_point": 140725068437320, "filename": "\\Windows\\System32\\kernel.appcore.dll", "id": "region_8282", "name": "kernel.appcore.dll", "norm_filename": "c:\\windows\\system32\\kernel.appcore.dll", "region_type": "memory_mapped_file", "start_va": 140725068431360, "timestamp": "00:01:57.071", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 140725085208576, "type": "region", "version": 1 }, "end_va": 140725085249535, "entry_point": 140725085212688, "filename": "\\Windows\\System32\\cryptbase.dll", "id": "region_8283", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\system32\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 140725085208576, "timestamp": "00:01:57.073", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 385024, "start_va": 140725084815360, "type": "region", "version": 1 }, "end_va": 140725085200383, "entry_point": 140725084944032, "filename": "\\Windows\\System32\\bcryptprimitives.dll", "id": "region_8284", "name": "bcryptprimitives.dll", "norm_filename": "c:\\windows\\system32\\bcryptprimitives.dll", "region_type": "memory_mapped_file", "start_va": 140725084815360, "timestamp": "00:01:57.074", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 818570264576, "type": "region", "version": 1 }, "end_va": 818570268671, "entry_point": 0, "filename": null, "id": "region_8285", "name": "pagefile_0x000000be96970000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 818570264576, "timestamp": "00:01:57.085", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 983040, "start_va": 818599559168, "type": "region", "version": 1 }, "end_va": 818600542207, "entry_point": 0, "filename": null, "id": "region_8286", "name": "pagefile_0x000000be98560000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 818599559168, "timestamp": "00:01:57.085", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 818570264576, "type": "region", "version": 1 }, "end_va": 818570280959, "entry_point": 0, "filename": null, "id": "region_8287", "name": "pagefile_0x000000be96970000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 818570264576, "timestamp": "00:01:57.085", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 28672, "start_va": 818574589952, "type": "region", "version": 1 }, "end_va": 818574618623, "entry_point": 0, "filename": null, "id": "region_8288", "name": "private_0x000000be96d90000", "norm_filename": null, "region_type": "private_memory", "start_va": 818574589952, "timestamp": "00:01:57.086", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 818601328640, "type": "region", "version": 1 }, "end_va": 818602377215, "entry_point": 0, "filename": null, "id": "region_8289", "name": "private_0x000000be98710000", "norm_filename": null, "region_type": "private_memory", "start_va": 818601328640, "timestamp": "00:01:57.094", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1052672, "start_va": 818602377216, "type": "region", "version": 1 }, "end_va": 818603429887, "entry_point": 818602572316, "filename": "\\Program Files\\Common Files\\wanacry6.malware.exe", "id": "region_8290", "name": "wanacry6.malware.exe", "norm_filename": "c:\\program files\\common files\\wanacry6.malware.exe", "region_type": "memory_mapped_file", "start_va": 818602377216, "timestamp": "00:01:57.096", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 818574655488, "type": "region", "version": 1 }, "end_va": 818574659583, "entry_point": 0, "filename": null, "id": "region_8291", "name": "private_0x000000be96da0000", "norm_filename": null, "region_type": "private_memory", "start_va": 818574655488, "timestamp": "00:01:57.124", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 135168, "start_va": 140725058142208, "type": "region", "version": 1 }, "end_va": 140725058277375, "entry_point": 140725058146560, "filename": "\\Windows\\System32\\dwmapi.dll", "id": "region_8292", "name": "dwmapi.dll", "norm_filename": "c:\\windows\\system32\\dwmapi.dll", "region_type": "memory_mapped_file", "start_va": 140725058142208, "timestamp": "00:01:57.125", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2969600, "start_va": 818602377216, "type": "region", "version": 1 }, "end_va": 818605346815, "entry_point": 818602377216, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_8293", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 818602377216, "timestamp": "00:01:57.127", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 12288, "start_va": 818574721024, "type": "region", "version": 1 }, "end_va": 818574733311, "entry_point": 0, "filename": null, "id": "region_8294", "name": "pagefile_0x000000be96db0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 818574721024, "timestamp": "00:01:57.131", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 818574721024, "type": "region", "version": 1 }, "end_va": 818574725119, "entry_point": 0, "filename": null, "id": "region_8295", "name": "pagefile_0x000000be96db0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 818574721024, "timestamp": "00:01:57.137", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 818574786560, "type": "region", "version": 1 }, "end_va": 818574790655, "entry_point": 0, "filename": null, "id": "region_8296", "name": "private_0x000000be96dc0000", "norm_filename": null, "region_type": "private_memory", "start_va": 818574786560, "timestamp": "00:01:58.160", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 5185536, "start_va": 818605391872, "type": "region", "version": 1 }, "end_va": 818610577407, "entry_point": 0, "filename": null, "id": "region_8297", "name": "pagefile_0x000000be98af0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 818605391872, "timestamp": "00:01:58.166", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 15138816, "start_va": 818610634752, "type": "region", "version": 1 }, "end_va": 818625773567, "entry_point": 818610634752, "filename": "\\Windows\\Fonts\\StaticCache.dat", "id": "region_8298", "name": "staticcache.dat", "norm_filename": "c:\\windows\\fonts\\staticcache.dat", "region_type": "memory_mapped_file", "start_va": 818610634752, "timestamp": "00:01:58.166", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 86016, "start_va": 140725025898496, "type": "region", "version": 1 }, "end_va": 140725025984511, "entry_point": 140725025902656, "filename": "\\Windows\\System32\\netapi32.dll", "id": "region_8299", "name": "netapi32.dll", "norm_filename": "c:\\windows\\system32\\netapi32.dll", "region_type": "memory_mapped_file", "start_va": 140725025898496, "timestamp": "00:01:58.173", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 140725072494592, "type": "region", "version": 1 }, "end_va": 140725072543743, "entry_point": 140725072499804, "filename": "\\Windows\\System32\\netutils.dll", "id": "region_8300", "name": "netutils.dll", "norm_filename": "c:\\windows\\system32\\netutils.dll", "region_type": "memory_mapped_file", "start_va": 140725072494592, "timestamp": "00:01:58.175", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 151552, "start_va": 140725073608704, "type": "region", "version": 1 }, "end_va": 140725073760255, "entry_point": 140725073612916, "filename": "\\Windows\\System32\\srvcli.dll", "id": "region_8301", "name": "srvcli.dll", "norm_filename": "c:\\windows\\system32\\srvcli.dll", "region_type": "memory_mapped_file", "start_va": 140725073608704, "timestamp": "00:01:58.176", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 90112, "start_va": 140725025636352, "type": "region", "version": 1 }, "end_va": 140725025726463, "entry_point": 140725025640520, "filename": "\\Windows\\System32\\wkscli.dll", "id": "region_8302", "name": "wkscli.dll", "norm_filename": "c:\\windows\\system32\\wkscli.dll", "region_type": "memory_mapped_file", "start_va": 140725025636352, "timestamp": "00:01:58.177", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 818574852096, "type": "region", "version": 1 }, "end_va": 818574856191, "entry_point": 0, "filename": null, "id": "region_8323", "name": "pagefile_0x000000be96dd0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 818574852096, "timestamp": "00:01:58.253", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 2195456, "start_va": 818625773568, "type": "region", "version": 1 }, "end_va": 818627969023, "entry_point": 0, "filename": null, "id": "region_8324", "name": "pagefile_0x000000be99e60000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 818625773568, "timestamp": "00:01:58.253", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 12288, "start_va": 818574852096, "type": "region", "version": 1 }, "end_va": 818574864383, "entry_point": 0, "filename": null, "id": "region_8341", "name": "pagefile_0x000000be96dd0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 818574852096, "timestamp": "00:01:58.981", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 818574917632, "type": "region", "version": 1 }, "end_va": 818574921727, "entry_point": 0, "filename": null, "id": "region_8342", "name": "pagefile_0x000000be96de0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 818574917632, "timestamp": "00:01:58.981", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 278528, "start_va": 818600542208, "type": "region", "version": 1 }, "end_va": 818600820735, "entry_point": 0, "filename": null, "id": "region_8343", "name": "pagefile_0x000000be98650000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 818600542208, "timestamp": "00:01:58.981", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 48848896, "start_va": 818628001792, "type": "region", "version": 1 }, "end_va": 818676850687, "entry_point": 818628001792, "filename": "\\Windows\\System32\\imageres.dll", "id": "region_8344", "name": "imageres.dll", "norm_filename": "c:\\windows\\system32\\imageres.dll", "region_type": "memory_mapped_file", "start_va": 818628001792, "timestamp": "00:01:58.982", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4169728, "start_va": 818676891648, "type": "region", "version": 1 }, "end_va": 818681061375, "entry_point": 0, "filename": null, "id": "region_8345", "name": "pagefile_0x000000be9cf20000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 818676891648, "timestamp": "00:01:58.983", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 217088, "start_va": 140725075443712, "type": "region", "version": 1 }, "end_va": 140725075660799, "entry_point": 140725075448792, "filename": "\\Windows\\System32\\rsaenh.dll", "id": "region_8346", "name": "rsaenh.dll", "norm_filename": "c:\\windows\\system32\\rsaenh.dll", "region_type": "memory_mapped_file", "start_va": 140725075443712, "timestamp": "00:01:58.983", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 122880, "start_va": 140725079769088, "type": "region", "version": 1 }, "end_va": 140725079891967, "entry_point": 140725079773640, "filename": "\\Windows\\System32\\cryptsp.dll", "id": "region_8347", "name": "cryptsp.dll", "norm_filename": "c:\\windows\\system32\\cryptsp.dll", "region_type": "memory_mapped_file", "start_va": 140725079769088, "timestamp": "00:01:58.984", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 155648, "start_va": 140725082062848, "type": "region", "version": 1 }, "end_va": 140725082218495, "entry_point": 140725082086248, "filename": "\\Windows\\System32\\bcrypt.dll", "id": "region_8348", "name": "bcrypt.dll", "norm_filename": "c:\\windows\\system32\\bcrypt.dll", "region_type": "memory_mapped_file", "start_va": 140725082062848, "timestamp": "00:01:58.984", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1085440, "start_va": 818681085952, "type": "region", "version": 1 }, "end_va": 818682171391, "entry_point": 0, "filename": null, "id": "region_8349", "name": "private_0x000000be9d320000", "norm_filename": null, "region_type": "private_memory", "start_va": 818681085952, "timestamp": "00:01:58.994", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "C:\\PROGRA~1\\COMMON~1\\WANACR~1.EXE", "filename": "c:\\progra~1\\common~1\\wanacr~1.exe", "id": "proc_71", "image_name": "wanacr~1.exe", "monitor_reason": "child_process", "monitored_id": 71, "origin_monitor_id": 70, "ref_parent_process": { "ref_id": "proc_70", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable" ], "ref_process_dump": null, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_8365", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:01:59.280", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 131072, "start_va": 1012734885888, "type": "region", "version": 1 }, "end_va": 1012735016959, "entry_point": 0, "filename": null, "id": "region_8366", "name": "private_0x000000ebcbb40000", "norm_filename": null, "region_type": "private_memory", "start_va": 1012734885888, "timestamp": "00:01:59.280", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 61440, "start_va": 1012735016960, "type": "region", "version": 1 }, "end_va": 1012735078399, "entry_point": 0, "filename": null, "id": "region_8367", "name": "pagefile_0x000000ebcbb60000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1012735016960, "timestamp": "00:01:59.280", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4194304, "start_va": 1012735082496, "type": "region", "version": 1 }, "end_va": 1012739276799, "entry_point": 0, "filename": null, "id": "region_8368", "name": "private_0x000000ebcbb70000", "norm_filename": null, "region_type": "private_memory", "start_va": 1012735082496, "timestamp": "00:01:59.280", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 1012739276800, "type": "region", "version": 1 }, "end_va": 1012739293183, "entry_point": 0, "filename": null, "id": "region_8369", "name": "pagefile_0x000000ebcbf70000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1012739276800, "timestamp": "00:01:59.280", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 140698001604608, "type": "region", "version": 1 }, "end_va": 140698001747967, "entry_point": 0, "filename": null, "id": "region_8370", "name": "pagefile_0x00007ff6ce680000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 140698001604608, "timestamp": "00:01:59.280", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140698001788928, "type": "region", "version": 1 }, "end_va": 140698001797119, "entry_point": 0, "filename": null, "id": "region_8371", "name": "private_0x00007ff6ce6ad000", "norm_filename": null, "region_type": "private_memory", "start_va": 140698001788928, "timestamp": "00:01:59.280", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 140698001797120, "type": "region", "version": 1 }, "end_va": 140698001801215, "entry_point": 0, "filename": null, "id": "region_8372", "name": "private_0x00007ff6ce6af000", "norm_filename": null, "region_type": "private_memory", "start_va": 140698001797120, "timestamp": "00:01:59.280", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1085440, "start_va": 140698014777344, "type": "region", "version": 1 }, "end_va": 140698015862783, "entry_point": 140698014972444, "filename": "\\PROGRA~1\\COMMON~1\\WANACR~1.EXE", "id": "region_8373", "name": "wanacr~1.exe", "norm_filename": "c:\\progra~1\\common~1\\wanacr~1.exe", "region_type": "memory_mapped_file", "start_va": 140698014777344, "timestamp": "00:01:59.280", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 140725133115392, "type": "region", "version": 1 }, "end_va": 140725134856191, "entry_point": 140725133115392, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_8374", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 140725133115392, "timestamp": "00:01:59.281", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 1012739342336, "type": "region", "version": 1 }, "end_va": 1012739350527, "entry_point": 0, "filename": null, "id": "region_8375", "name": "pagefile_0x000000ebcbf80000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1012739342336, "timestamp": "00:01:59.282", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 1012739407872, "type": "region", "version": 1 }, "end_va": 1012739416063, "entry_point": 0, "filename": null, "id": "region_8376", "name": "private_0x000000ebcbf90000", "norm_filename": null, "region_type": "private_memory", "start_va": 1012739407872, "timestamp": "00:01:59.403", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4194304, "start_va": 1012739735552, "type": "region", "version": 1 }, "end_va": 1012743929855, "entry_point": 0, "filename": null, "id": "region_8377", "name": "private_0x000000ebcbfe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1012739735552, "timestamp": "00:01:59.404", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1105920, "start_va": 140725090648064, "type": "region", "version": 1 }, "end_va": 140725091753983, "entry_point": 140725090656928, "filename": "\\Windows\\System32\\KernelBase.dll", "id": "region_8378", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\system32\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 140725090648064, "timestamp": "00:01:59.404", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1282048, "start_va": 140725124988928, "type": "region", "version": 1 }, "end_va": 140725126270975, "entry_point": 140725125009460, "filename": "\\Windows\\System32\\kernel32.dll", "id": "region_8379", "name": "kernel32.dll", "norm_filename": "c:\\windows\\system32\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 140725124988928, "timestamp": "00:01:59.405", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 1012734885888, "type": "region", "version": 1 }, "end_va": 1012734951423, "entry_point": 0, "filename": null, "id": "region_8380", "name": "pagefile_0x000000ebcbb40000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1012734885888, "timestamp": "00:01:59.406", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 140698000556032, "type": "region", "version": 1 }, "end_va": 140698001604607, "entry_point": 0, "filename": null, "id": "region_8381", "name": "pagefile_0x00007ff6ce580000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 140698000556032, "timestamp": "00:01:59.406", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 516096, "start_va": 1012743929856, "type": "region", "version": 1 }, "end_va": 1012744445951, "entry_point": 1012743929856, "filename": "\\Windows\\System32\\locale.nls", "id": "region_8382", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 1012743929856, "timestamp": "00:01:59.418", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 36864, "start_va": 140724958920704, "type": "region", "version": 1 }, "end_va": 140724958957567, "entry_point": 140724958924928, "filename": "\\Windows\\System32\\wsock32.dll", "id": "region_8383", "name": "wsock32.dll", "norm_filename": "c:\\windows\\system32\\wsock32.dll", "region_type": "memory_mapped_file", "start_va": 140724958920704, "timestamp": "00:01:59.419", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 140724958855168, "type": "region", "version": 1 }, "end_va": 140724958896127, "entry_point": 140724958859456, "filename": "\\Windows\\System32\\version.dll", "id": "region_8384", "name": "version.dll", "norm_filename": "c:\\windows\\system32\\version.dll", "region_type": "memory_mapped_file", "start_va": 140724958855168, "timestamp": "00:01:59.420", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 126976, "start_va": 140724958724096, "type": "region", "version": 1 }, "end_va": 140724958851071, "entry_point": 140724958733304, "filename": "\\Windows\\System32\\winmm.dll", "id": "region_8385", "name": "winmm.dll", "norm_filename": "c:\\windows\\system32\\winmm.dll", "region_type": "memory_mapped_file", "start_va": 140724958724096, "timestamp": "00:01:59.421", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2465792, "start_va": 140725055651840, "type": "region", "version": 1 }, "end_va": 140725058117631, "entry_point": 140725055670080, "filename": "\\Windows\\WinSxS\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_62475f7becb72503\\comctl32.dll", "id": "region_8386", "name": "comctl32.dll", "norm_filename": "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_62475f7becb72503\\comctl32.dll", "region_type": "memory_mapped_file", "start_va": 140725055651840, "timestamp": "00:01:59.422", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 110592, "start_va": 140724999946240, "type": "region", "version": 1 }, "end_va": 140725000056831, "entry_point": 140724999950416, "filename": "\\Windows\\System32\\mpr.dll", "id": "region_8387", "name": "mpr.dll", "norm_filename": "c:\\windows\\system32\\mpr.dll", "region_type": "memory_mapped_file", "start_va": 140724999946240, "timestamp": "00:01:59.423", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 28672, "start_va": 1012734951424, "type": "region", "version": 1 }, "end_va": 1012734980095, "entry_point": 0, "filename": null, "id": "region_8388", "name": "private_0x000000ebcbb50000", "norm_filename": null, "region_type": "private_memory", "start_va": 1012734951424, "timestamp": "00:01:59.433", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2359296, "start_va": 140725005254656, "type": "region", "version": 1 }, "end_va": 140725007613951, "entry_point": 140725005259760, "filename": "\\Windows\\System32\\wininet.dll", "id": "region_8389", "name": "wininet.dll", "norm_filename": "c:\\windows\\system32\\wininet.dll", "region_type": "memory_mapped_file", "start_va": 140725005254656, "timestamp": "00:01:59.433", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 28672, "start_va": 140725103820800, "type": "region", "version": 1 }, "end_va": 140725103849471, "entry_point": 140725103824912, "filename": "\\Windows\\System32\\psapi.dll", "id": "region_8390", "name": "psapi.dll", "norm_filename": "c:\\windows\\system32\\psapi.dll", "region_type": "memory_mapped_file", "start_va": 140725103820800, "timestamp": "00:01:59.434", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 167936, "start_va": 140725016985600, "type": "region", "version": 1 }, "end_va": 140725017153535, "entry_point": 140725017016680, "filename": "\\Windows\\System32\\IPHLPAPI.DLL", "id": "region_8391", "name": "iphlpapi.dll", "norm_filename": "c:\\windows\\system32\\iphlpapi.dll", "region_type": "memory_mapped_file", "start_va": 140725016985600, "timestamp": "00:01:59.435", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 126976, "start_va": 140725076557824, "type": "region", "version": 1 }, "end_va": 140725076684799, "entry_point": 140725076562672, "filename": "\\Windows\\System32\\userenv.dll", "id": "region_8392", "name": "userenv.dll", "norm_filename": "c:\\windows\\system32\\userenv.dll", "region_type": "memory_mapped_file", "start_va": 140725076557824, "timestamp": "00:01:59.461", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1187840, "start_va": 140725066858496, "type": "region", "version": 1 }, "end_va": 140725068046335, "entry_point": 140725066904644, "filename": "\\Windows\\System32\\uxtheme.dll", "id": "region_8393", "name": "uxtheme.dll", "norm_filename": "c:\\windows\\system32\\uxtheme.dll", "region_type": "memory_mapped_file", "start_va": 140725066858496, "timestamp": "00:01:59.462", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1511424, "start_va": 140725093466112, "type": "region", "version": 1 }, "end_va": 140725094977535, "entry_point": 140725093620416, "filename": "\\Windows\\System32\\user32.dll", "id": "region_8394", "name": "user32.dll", "norm_filename": "c:\\windows\\system32\\user32.dll", "region_type": "memory_mapped_file", "start_va": 140725093466112, "timestamp": "00:01:59.463", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1331200, "start_va": 140725129773056, "type": "region", "version": 1 }, "end_va": 140725131104255, "entry_point": 140725129845848, "filename": "\\Windows\\System32\\gdi32.dll", "id": "region_8395", "name": "gdi32.dll", "norm_filename": "c:\\windows\\system32\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 140725129773056, "timestamp": "00:01:59.464", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 630784, "start_va": 140725129117696, "type": "region", "version": 1 }, "end_va": 140725129748479, "entry_point": 140725129122212, "filename": "\\Windows\\System32\\comdlg32.dll", "id": "region_8396", "name": "comdlg32.dll", "norm_filename": "c:\\windows\\system32\\comdlg32.dll", "region_type": "memory_mapped_file", "start_va": 140725129117696, "timestamp": "00:01:59.464", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 675840, "start_va": 140725126299648, "type": "region", "version": 1 }, "end_va": 140725126975487, "entry_point": 140725126303760, "filename": "\\Windows\\System32\\advapi32.dll", "id": "region_8397", "name": "advapi32.dll", "norm_filename": "c:\\windows\\system32\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 140725126299648, "timestamp": "00:01:59.465", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 21032960, "start_va": 140725103951872, "type": "region", "version": 1 }, "end_va": 140725124984831, "entry_point": 140725103956224, "filename": "\\Windows\\System32\\shell32.dll", "id": "region_8398", "name": "shell32.dll", "norm_filename": "c:\\windows\\system32\\shell32.dll", "region_type": "memory_mapped_file", "start_va": 140725103951872, "timestamp": "00:01:59.467", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1531904, "start_va": 140725096546304, "type": "region", "version": 1 }, "end_va": 140725098078207, "entry_point": 140725096550580, "filename": "\\Windows\\System32\\ole32.dll", "id": "region_8399", "name": "ole32.dll", "norm_filename": "c:\\windows\\system32\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 140725096546304, "timestamp": "00:01:59.467", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 749568, "start_va": 140725101002752, "type": "region", "version": 1 }, "end_va": 140725101752319, "entry_point": 140725101007136, "filename": "\\Windows\\System32\\oleaut32.dll", "id": "region_8400", "name": "oleaut32.dll", "norm_filename": "c:\\windows\\system32\\oleaut32.dll", "region_type": "memory_mapped_file", "start_va": 140725101002752, "timestamp": "00:01:59.468", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 360448, "start_va": 140725127020544, "type": "region", "version": 1 }, "end_va": 140725127380991, "entry_point": 140725127024796, "filename": "\\Windows\\System32\\ws2_32.dll", "id": "region_8401", "name": "ws2_32.dll", "norm_filename": "c:\\windows\\system32\\ws2_32.dll", "region_type": "memory_mapped_file", "start_va": 140725127020544, "timestamp": "00:01:59.469", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 684032, "start_va": 140725098577920, "type": "region", "version": 1 }, "end_va": 140725099261951, "entry_point": 140725098588204, "filename": "\\Windows\\System32\\msvcrt.dll", "id": "region_8402", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\system32\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 140725098577920, "timestamp": "00:01:59.470", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 172032, "start_va": 140725043789824, "type": "region", "version": 1 }, "end_va": 140725043961855, "entry_point": 140725043832680, "filename": "\\Windows\\System32\\winmmbase.dll", "id": "region_8403", "name": "winmmbase.dll", "norm_filename": "c:\\windows\\system32\\winmmbase.dll", "region_type": "memory_mapped_file", "start_va": 140725043789824, "timestamp": "00:01:59.482", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1269760, "start_va": 140725127806976, "type": "region", "version": 1 }, "end_va": 140725129076735, "entry_point": 140725127811408, "filename": "\\Windows\\System32\\rpcrt4.dll", "id": "region_8404", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\system32\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 140725127806976, "timestamp": "00:01:59.483", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2785280, "start_va": 140725002436608, "type": "region", "version": 1 }, "end_va": 140725005221887, "entry_point": 140725002493380, "filename": "\\Windows\\System32\\iertutil.dll", "id": "region_8405", "name": "iertutil.dll", "norm_filename": "c:\\windows\\system32\\iertutil.dll", "region_type": "memory_mapped_file", "start_va": 140725002436608, "timestamp": "00:01:59.484", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 36864, "start_va": 140725103886336, "type": "region", "version": 1 }, "end_va": 140725103923199, "entry_point": 140725103891456, "filename": "\\Windows\\System32\\nsi.dll", "id": "region_8406", "name": "nsi.dll", "norm_filename": "c:\\windows\\system32\\nsi.dll", "region_type": "memory_mapped_file", "start_va": 140725103886336, "timestamp": "00:01:59.486", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 140725016920064, "type": "region", "version": 1 }, "end_va": 140725016961023, "entry_point": 140725016924356, "filename": "\\Windows\\System32\\winnsi.dll", "id": "region_8407", "name": "winnsi.dll", "norm_filename": "c:\\windows\\system32\\winnsi.dll", "region_type": "memory_mapped_file", "start_va": 140725016920064, "timestamp": "00:01:59.505", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 81920, "start_va": 140725086453760, "type": "region", "version": 1 }, "end_va": 140725086535679, "entry_point": 140725086468812, "filename": "\\Windows\\System32\\profapi.dll", "id": "region_8408", "name": "profapi.dll", "norm_filename": "c:\\windows\\system32\\profapi.dll", "region_type": "memory_mapped_file", "start_va": 140725086453760, "timestamp": "00:01:59.508", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1929216, "start_va": 140725131149312, "type": "region", "version": 1 }, "end_va": 140725133078527, "entry_point": 140725131157344, "filename": "\\Windows\\System32\\combase.dll", "id": "region_8409", "name": "combase.dll", "norm_filename": "c:\\windows\\system32\\combase.dll", "region_type": "memory_mapped_file", "start_va": 140725131149312, "timestamp": "00:01:59.510", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 331776, "start_va": 140725095038976, "type": "region", "version": 1 }, "end_va": 140725095370751, "entry_point": 140725095043776, "filename": "\\Windows\\System32\\shlwapi.dll", "id": "region_8410", "name": "shlwapi.dll", "norm_filename": "c:\\windows\\system32\\shlwapi.dll", "region_type": "memory_mapped_file", "start_va": 140725095038976, "timestamp": "00:01:59.513", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 356352, "start_va": 140725098184704, "type": "region", "version": 1 }, "end_va": 140725098541055, "entry_point": 140725098194176, "filename": "\\Windows\\System32\\sechost.dll", "id": "region_8411", "name": "sechost.dll", "norm_filename": "c:\\windows\\system32\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 140725098184704, "timestamp": "00:01:59.514", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 303104, "start_va": 140725090320384, "type": "region", "version": 1 }, "end_va": 140725090623487, "entry_point": 140725090325080, "filename": "\\Windows\\System32\\cfgmgr32.dll", "id": "region_8412", "name": "cfgmgr32.dll", "norm_filename": "c:\\windows\\system32\\cfgmgr32.dll", "region_type": "memory_mapped_file", "start_va": 140725090320384, "timestamp": "00:01:59.517", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 155648, "start_va": 140725068103680, "type": "region", "version": 1 }, "end_va": 140725068259327, "entry_point": 140725068109212, "filename": "\\Windows\\System32\\devobj.dll", "id": "region_8413", "name": "devobj.dll", "norm_filename": "c:\\windows\\system32\\devobj.dll", "region_type": "memory_mapped_file", "start_va": 140725068103680, "timestamp": "00:01:59.519", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 659456, "start_va": 140725060108288, "type": "region", "version": 1 }, "end_va": 140725060767743, "entry_point": 140725060112544, "filename": "\\Windows\\System32\\SHCore.dll", "id": "region_8414", "name": "shcore.dll", "norm_filename": "c:\\windows\\system32\\shcore.dll", "region_type": "memory_mapped_file", "start_va": 140725060108288, "timestamp": "00:01:59.528", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1572864, "start_va": 1012744454144, "type": "region", "version": 1 }, "end_va": 1012746027007, "entry_point": 0, "filename": null, "id": "region_8415", "name": "private_0x000000ebcc460000", "norm_filename": null, "region_type": "private_memory", "start_va": 1012744454144, "timestamp": "00:01:59.531", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 28672, "start_va": 1012739473408, "type": "region", "version": 1 }, "end_va": 1012739502079, "entry_point": 0, "filename": null, "id": "region_8416", "name": "private_0x000000ebcbfa0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1012739473408, "timestamp": "00:01:59.532", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 212992, "start_va": 1012744454144, "type": "region", "version": 1 }, "end_va": 1012744667135, "entry_point": 1012744458288, "filename": "\\Windows\\System32\\imm32.dll", "id": "region_8417", "name": "imm32.dll", "norm_filename": "c:\\windows\\system32\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 1012744454144, "timestamp": "00:01:59.535", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 1012745961472, "type": "region", "version": 1 }, "end_va": 1012746027007, "entry_point": 0, "filename": null, "id": "region_8418", "name": "private_0x000000ebcc5d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1012745961472, "timestamp": "00:01:59.536", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 1012746027008, "type": "region", "version": 1 }, "end_va": 1012747632639, "entry_point": 0, "filename": null, "id": "region_8419", "name": "pagefile_0x000000ebcc5e0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1012746027008, "timestamp": "00:01:59.536", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 212992, "start_va": 140725095563264, "type": "region", "version": 1 }, "end_va": 140725095776255, "entry_point": 140725095567408, "filename": "\\Windows\\System32\\imm32.dll", "id": "region_8420", "name": "imm32.dll", "norm_filename": "c:\\windows\\system32\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 140725095563264, "timestamp": "00:01:59.537", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1277952, "start_va": 140725091762176, "type": "region", "version": 1 }, "end_va": 140725093040127, "entry_point": 140725091766288, "filename": "\\Windows\\System32\\msctf.dll", "id": "region_8421", "name": "msctf.dll", "norm_filename": "c:\\windows\\system32\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 140725091762176, "timestamp": "00:01:59.538", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 1012747665408, "type": "region", "version": 1 }, "end_va": 1012749242367, "entry_point": 0, "filename": null, "id": "region_8422", "name": "pagefile_0x000000ebcc770000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1012747665408, "timestamp": "00:01:59.540", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20971520, "start_va": 1012749303808, "type": "region", "version": 1 }, "end_va": 1012770275327, "entry_point": 0, "filename": null, "id": "region_8423", "name": "pagefile_0x000000ebcc900000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1012749303808, "timestamp": "00:01:59.540", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 1012739538944, "type": "region", "version": 1 }, "end_va": 1012739543039, "entry_point": 0, "filename": null, "id": "region_8424", "name": "private_0x000000ebcbfb0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1012739538944, "timestamp": "00:01:59.543", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 1012739604480, "type": "region", "version": 1 }, "end_va": 1012739608575, "entry_point": 0, "filename": null, "id": "region_8425", "name": "private_0x000000ebcbfc0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1012739604480, "timestamp": "00:01:59.543", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 1012739670016, "type": "region", "version": 1 }, "end_va": 1012739674111, "entry_point": 1012739670016, "filename": "\\Windows\\WindowsShell.Manifest", "id": "region_8426", "name": "windowsshell.manifest", "norm_filename": "c:\\windows\\windowsshell.manifest", "region_type": "memory_mapped_file", "start_va": 1012739670016, "timestamp": "00:01:59.543", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 1012744454144, "type": "region", "version": 1 }, "end_va": 1012744462335, "entry_point": 0, "filename": null, "id": "region_8427", "name": "pagefile_0x000000ebcc460000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1012744454144, "timestamp": "00:01:59.543", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1507328, "start_va": 1012770275328, "type": "region", "version": 1 }, "end_va": 1012771782655, "entry_point": 0, "filename": null, "id": "region_8428", "name": "private_0x000000ebcdd00000", "norm_filename": null, "region_type": "private_memory", "start_va": 1012770275328, "timestamp": "00:01:59.548", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 761856, "start_va": 1012744519680, "type": "region", "version": 1 }, "end_va": 1012745281535, "entry_point": 1012744701800, "filename": "\\Windows\\System32\\rpcss.dll", "id": "region_8429", "name": "rpcss.dll", "norm_filename": "c:\\windows\\system32\\rpcss.dll", "region_type": "memory_mapped_file", "start_va": 1012744519680, "timestamp": "00:01:59.553", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 140725068431360, "type": "region", "version": 1 }, "end_va": 140725068472319, "entry_point": 140725068437320, "filename": "\\Windows\\System32\\kernel.appcore.dll", "id": "region_8430", "name": "kernel.appcore.dll", "norm_filename": "c:\\windows\\system32\\kernel.appcore.dll", "region_type": "memory_mapped_file", "start_va": 140725068431360, "timestamp": "00:01:59.555", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 140725085208576, "type": "region", "version": 1 }, "end_va": 140725085249535, "entry_point": 140725085212688, "filename": "\\Windows\\System32\\cryptbase.dll", "id": "region_8431", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\system32\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 140725085208576, "timestamp": "00:01:59.556", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 385024, "start_va": 140725084815360, "type": "region", "version": 1 }, "end_va": 140725085200383, "entry_point": 140725084944032, "filename": "\\Windows\\System32\\bcryptprimitives.dll", "id": "region_8432", "name": "bcryptprimitives.dll", "norm_filename": "c:\\windows\\system32\\bcryptprimitives.dll", "region_type": "memory_mapped_file", "start_va": 140725084815360, "timestamp": "00:01:59.558", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 1012739670016, "type": "region", "version": 1 }, "end_va": 1012739674111, "entry_point": 0, "filename": null, "id": "region_8433", "name": "pagefile_0x000000ebcbfd0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1012739670016, "timestamp": "00:01:59.568", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 983040, "start_va": 1012744519680, "type": "region", "version": 1 }, "end_va": 1012745502719, "entry_point": 0, "filename": null, "id": "region_8434", "name": "pagefile_0x000000ebcc470000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1012744519680, "timestamp": "00:01:59.568", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 1012739670016, "type": "region", "version": 1 }, "end_va": 1012739686399, "entry_point": 0, "filename": null, "id": "region_8435", "name": "pagefile_0x000000ebcbfd0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1012739670016, "timestamp": "00:01:59.568", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 28672, "start_va": 1012745502720, "type": "region", "version": 1 }, "end_va": 1012745531391, "entry_point": 0, "filename": null, "id": "region_8436", "name": "private_0x000000ebcc560000", "norm_filename": null, "region_type": "private_memory", "start_va": 1012745502720, "timestamp": "00:01:59.569", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 1012770275328, "type": "region", "version": 1 }, "end_va": 1012771323903, "entry_point": 0, "filename": null, "id": "region_8437", "name": "private_0x000000ebcdd00000", "norm_filename": null, "region_type": "private_memory", "start_va": 1012770275328, "timestamp": "00:01:59.576", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 1012771717120, "type": "region", "version": 1 }, "end_va": 1012771782655, "entry_point": 0, "filename": null, "id": "region_8438", "name": "private_0x000000ebcde60000", "norm_filename": null, "region_type": "private_memory", "start_va": 1012771717120, "timestamp": "00:01:59.576", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1052672, "start_va": 1012771782656, "type": "region", "version": 1 }, "end_va": 1012772835327, "entry_point": 1012771977756, "filename": "\\Program Files\\Common Files\\wanacry6.malware.exe", "id": "region_8439", "name": "wanacry6.malware.exe", "norm_filename": "c:\\program files\\common files\\wanacry6.malware.exe", "region_type": "memory_mapped_file", "start_va": 1012771782656, "timestamp": "00:01:59.581", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 1012745568256, "type": "region", "version": 1 }, "end_va": 1012745572351, "entry_point": 0, "filename": null, "id": "region_8440", "name": "private_0x000000ebcc570000", "norm_filename": null, "region_type": "private_memory", "start_va": 1012745568256, "timestamp": "00:01:59.611", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 135168, "start_va": 140725058142208, "type": "region", "version": 1 }, "end_va": 140725058277375, "entry_point": 140725058146560, "filename": "\\Windows\\System32\\dwmapi.dll", "id": "region_8441", "name": "dwmapi.dll", "norm_filename": "c:\\windows\\system32\\dwmapi.dll", "region_type": "memory_mapped_file", "start_va": 140725058142208, "timestamp": "00:01:59.612", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2969600, "start_va": 1012771782656, "type": "region", "version": 1 }, "end_va": 1012774752255, "entry_point": 1012771782656, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_8442", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 1012771782656, "timestamp": "00:01:59.615", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 12288, "start_va": 1012745633792, "type": "region", "version": 1 }, "end_va": 1012745646079, "entry_point": 0, "filename": null, "id": "region_8443", "name": "pagefile_0x000000ebcc580000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1012745633792, "timestamp": "00:01:59.620", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 1012745633792, "type": "region", "version": 1 }, "end_va": 1012745637887, "entry_point": 0, "filename": null, "id": "region_8444", "name": "pagefile_0x000000ebcc580000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1012745633792, "timestamp": "00:01:59.625", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 1012745699328, "type": "region", "version": 1 }, "end_va": 1012745703423, "entry_point": 0, "filename": null, "id": "region_8446", "name": "private_0x000000ebcc590000", "norm_filename": null, "region_type": "private_memory", "start_va": 1012745699328, "timestamp": "00:02:00.648", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 5185536, "start_va": 1012774797312, "type": "region", "version": 1 }, "end_va": 1012779982847, "entry_point": 0, "filename": null, "id": "region_8447", "name": "pagefile_0x000000ebce150000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1012774797312, "timestamp": "00:02:00.654", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 15138816, "start_va": 1012780040192, "type": "region", "version": 1 }, "end_va": 1012795179007, "entry_point": 1012780040192, "filename": "\\Windows\\Fonts\\StaticCache.dat", "id": "region_8448", "name": "staticcache.dat", "norm_filename": "c:\\windows\\fonts\\staticcache.dat", "region_type": "memory_mapped_file", "start_va": 1012780040192, "timestamp": "00:02:00.655", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 86016, "start_va": 140725025898496, "type": "region", "version": 1 }, "end_va": 140725025984511, "entry_point": 140725025902656, "filename": "\\Windows\\System32\\netapi32.dll", "id": "region_8449", "name": "netapi32.dll", "norm_filename": "c:\\windows\\system32\\netapi32.dll", "region_type": "memory_mapped_file", "start_va": 140725025898496, "timestamp": "00:02:00.662", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 140725072494592, "type": "region", "version": 1 }, "end_va": 140725072543743, "entry_point": 140725072499804, "filename": "\\Windows\\System32\\netutils.dll", "id": "region_8450", "name": "netutils.dll", "norm_filename": "c:\\windows\\system32\\netutils.dll", "region_type": "memory_mapped_file", "start_va": 140725072494592, "timestamp": "00:02:00.664", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 151552, "start_va": 140725073608704, "type": "region", "version": 1 }, "end_va": 140725073760255, "entry_point": 140725073612916, "filename": "\\Windows\\System32\\srvcli.dll", "id": "region_8451", "name": "srvcli.dll", "norm_filename": "c:\\windows\\system32\\srvcli.dll", "region_type": "memory_mapped_file", "start_va": 140725073608704, "timestamp": "00:02:00.665", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 90112, "start_va": 140725025636352, "type": "region", "version": 1 }, "end_va": 140725025726463, "entry_point": 140725025640520, "filename": "\\Windows\\System32\\wkscli.dll", "id": "region_8452", "name": "wkscli.dll", "norm_filename": "c:\\windows\\system32\\wkscli.dll", "region_type": "memory_mapped_file", "start_va": 140725025636352, "timestamp": "00:02:00.666", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 1012745764864, "type": "region", "version": 1 }, "end_va": 1012745768959, "entry_point": 0, "filename": null, "id": "region_8474", "name": "pagefile_0x000000ebcc5a0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1012745764864, "timestamp": "00:02:00.741", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 2195456, "start_va": 1012795179008, "type": "region", "version": 1 }, "end_va": 1012797374463, "entry_point": 0, "filename": null, "id": "region_8475", "name": "pagefile_0x000000ebcf4c0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1012795179008, "timestamp": "00:02:00.741", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 12288, "start_va": 1012745764864, "type": "region", "version": 1 }, "end_va": 1012745777151, "entry_point": 0, "filename": null, "id": "region_8495", "name": "pagefile_0x000000ebcc5a0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1012745764864, "timestamp": "00:02:01.516", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 1012745830400, "type": "region", "version": 1 }, "end_va": 1012745834495, "entry_point": 0, "filename": null, "id": "region_8496", "name": "pagefile_0x000000ebcc5b0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1012745830400, "timestamp": "00:02:01.516", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 278528, "start_va": 1012771323904, "type": "region", "version": 1 }, "end_va": 1012771602431, "entry_point": 0, "filename": null, "id": "region_8497", "name": "pagefile_0x000000ebcde00000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1012771323904, "timestamp": "00:02:01.516", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 48848896, "start_va": 1012797407232, "type": "region", "version": 1 }, "end_va": 1012846256127, "entry_point": 1012797407232, "filename": "\\Windows\\System32\\imageres.dll", "id": "region_8498", "name": "imageres.dll", "norm_filename": "c:\\windows\\system32\\imageres.dll", "region_type": "memory_mapped_file", "start_va": 1012797407232, "timestamp": "00:02:01.517", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4169728, "start_va": 1012846297088, "type": "region", "version": 1 }, "end_va": 1012850466815, "entry_point": 0, "filename": null, "id": "region_8499", "name": "pagefile_0x000000ebd2580000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1012846297088, "timestamp": "00:02:01.518", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 217088, "start_va": 140725075443712, "type": "region", "version": 1 }, "end_va": 140725075660799, "entry_point": 140725075448792, "filename": "\\Windows\\System32\\rsaenh.dll", "id": "region_8500", "name": "rsaenh.dll", "norm_filename": "c:\\windows\\system32\\rsaenh.dll", "region_type": "memory_mapped_file", "start_va": 140725075443712, "timestamp": "00:02:01.518", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 122880, "start_va": 140725079769088, "type": "region", "version": 1 }, "end_va": 140725079891967, "entry_point": 140725079773640, "filename": "\\Windows\\System32\\cryptsp.dll", "id": "region_8501", "name": "cryptsp.dll", "norm_filename": "c:\\windows\\system32\\cryptsp.dll", "region_type": "memory_mapped_file", "start_va": 140725079769088, "timestamp": "00:02:01.519", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 155648, "start_va": 140725082062848, "type": "region", "version": 1 }, "end_va": 140725082218495, "entry_point": 140725082086248, "filename": "\\Windows\\System32\\bcrypt.dll", "id": "region_8502", "name": "bcrypt.dll", "norm_filename": "c:\\windows\\system32\\bcrypt.dll", "region_type": "memory_mapped_file", "start_va": 140725082062848, "timestamp": "00:02:01.519", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "C:\\PROGRA~1\\COMMON~1\\WANACR~1.EXE", "filename": "c:\\progra~1\\common~1\\wanacr~1.exe", "id": "proc_72", "image_name": "wanacr~1.exe", "monitor_reason": "child_process", "monitored_id": 72, "origin_monitor_id": 71, "ref_parent_process": { "ref_id": "proc_71", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable" ], "ref_process_dump": null, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_8518", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:02:01.813", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 131072, "start_va": 534176989184, "type": "region", "version": 1 }, "end_va": 534177120255, "entry_point": 0, "filename": null, "id": "region_8519", "name": "private_0x0000007c5f6e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 534176989184, "timestamp": "00:02:01.813", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 61440, "start_va": 534177120256, "type": "region", "version": 1 }, "end_va": 534177181695, "entry_point": 0, "filename": null, "id": "region_8520", "name": "pagefile_0x0000007c5f700000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 534177120256, "timestamp": "00:02:01.813", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4194304, "start_va": 534177185792, "type": "region", "version": 1 }, "end_va": 534181380095, "entry_point": 0, "filename": null, "id": "region_8521", "name": "private_0x0000007c5f710000", "norm_filename": null, "region_type": "private_memory", "start_va": 534177185792, "timestamp": "00:02:01.814", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 534181380096, "type": "region", "version": 1 }, "end_va": 534181396479, "entry_point": 0, "filename": null, "id": "region_8522", "name": "pagefile_0x0000007c5fb10000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 534181380096, "timestamp": "00:02:01.814", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 140698005340160, "type": "region", "version": 1 }, "end_va": 140698005483519, "entry_point": 0, "filename": null, "id": "region_8523", "name": "pagefile_0x00007ff6cea10000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 140698005340160, "timestamp": "00:02:01.814", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 140698005487616, "type": "region", "version": 1 }, "end_va": 140698005491711, "entry_point": 0, "filename": null, "id": "region_8524", "name": "private_0x00007ff6cea34000", "norm_filename": null, "region_type": "private_memory", "start_va": 140698005487616, "timestamp": "00:02:01.814", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140698005528576, "type": "region", "version": 1 }, "end_va": 140698005536767, "entry_point": 0, "filename": null, "id": "region_8525", "name": "private_0x00007ff6cea3e000", "norm_filename": null, "region_type": "private_memory", "start_va": 140698005528576, "timestamp": "00:02:01.814", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1085440, "start_va": 140698014777344, "type": "region", "version": 1 }, "end_va": 140698015862783, "entry_point": 140698014972444, "filename": "\\PROGRA~1\\COMMON~1\\WANACR~1.EXE", "id": "region_8526", "name": "wanacr~1.exe", "norm_filename": "c:\\progra~1\\common~1\\wanacr~1.exe", "region_type": "memory_mapped_file", "start_va": 140698014777344, "timestamp": "00:02:01.814", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 140725133115392, "type": "region", "version": 1 }, "end_va": 140725134856191, "entry_point": 140725133115392, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_8527", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 140725133115392, "timestamp": "00:02:01.815", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 534181445632, "type": "region", "version": 1 }, "end_va": 534181453823, "entry_point": 0, "filename": null, "id": "region_8528", "name": "pagefile_0x0000007c5fb20000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 534181445632, "timestamp": "00:02:01.816", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 534181511168, "type": "region", "version": 1 }, "end_va": 534181519359, "entry_point": 0, "filename": null, "id": "region_8529", "name": "private_0x0000007c5fb30000", "norm_filename": null, "region_type": "private_memory", "start_va": 534181511168, "timestamp": "00:02:01.936", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4194304, "start_va": 534182559744, "type": "region", "version": 1 }, "end_va": 534186754047, "entry_point": 0, "filename": null, "id": "region_8530", "name": "private_0x0000007c5fc30000", "norm_filename": null, "region_type": "private_memory", "start_va": 534182559744, "timestamp": "00:02:01.937", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1105920, "start_va": 140725090648064, "type": "region", "version": 1 }, "end_va": 140725091753983, "entry_point": 140725090656928, "filename": "\\Windows\\System32\\KernelBase.dll", "id": "region_8531", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\system32\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 140725090648064, "timestamp": "00:02:01.937", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1282048, "start_va": 140725124988928, "type": "region", "version": 1 }, "end_va": 140725126270975, "entry_point": 140725125009460, "filename": "\\Windows\\System32\\kernel32.dll", "id": "region_8532", "name": "kernel32.dll", "norm_filename": "c:\\windows\\system32\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 140725124988928, "timestamp": "00:02:01.938", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 534176989184, "type": "region", "version": 1 }, "end_va": 534177054719, "entry_point": 0, "filename": null, "id": "region_8533", "name": "pagefile_0x0000007c5f6e0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 534176989184, "timestamp": "00:02:01.939", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 140698004291584, "type": "region", "version": 1 }, "end_va": 140698005340159, "entry_point": 0, "filename": null, "id": "region_8534", "name": "pagefile_0x00007ff6ce910000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 140698004291584, "timestamp": "00:02:01.939", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 516096, "start_va": 534181576704, "type": "region", "version": 1 }, "end_va": 534182092799, "entry_point": 534181576704, "filename": "\\Windows\\System32\\locale.nls", "id": "region_8535", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 534181576704, "timestamp": "00:02:01.941", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 36864, "start_va": 140724958920704, "type": "region", "version": 1 }, "end_va": 140724958957567, "entry_point": 140724958924928, "filename": "\\Windows\\System32\\wsock32.dll", "id": "region_8536", "name": "wsock32.dll", "norm_filename": "c:\\windows\\system32\\wsock32.dll", "region_type": "memory_mapped_file", "start_va": 140724958920704, "timestamp": "00:02:01.952", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 140724958855168, "type": "region", "version": 1 }, "end_va": 140724958896127, "entry_point": 140724958859456, "filename": "\\Windows\\System32\\version.dll", "id": "region_8537", "name": "version.dll", "norm_filename": "c:\\windows\\system32\\version.dll", "region_type": "memory_mapped_file", "start_va": 140724958855168, "timestamp": "00:02:01.953", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 126976, "start_va": 140724958724096, "type": "region", "version": 1 }, "end_va": 140724958851071, "entry_point": 140724958733304, "filename": "\\Windows\\System32\\winmm.dll", "id": "region_8538", "name": "winmm.dll", "norm_filename": "c:\\windows\\system32\\winmm.dll", "region_type": "memory_mapped_file", "start_va": 140724958724096, "timestamp": "00:02:01.954", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2465792, "start_va": 140725055651840, "type": "region", "version": 1 }, "end_va": 140725058117631, "entry_point": 140725055670080, "filename": "\\Windows\\WinSxS\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_62475f7becb72503\\comctl32.dll", "id": "region_8539", "name": "comctl32.dll", "norm_filename": "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_62475f7becb72503\\comctl32.dll", "region_type": "memory_mapped_file", "start_va": 140725055651840, "timestamp": "00:02:01.955", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 110592, "start_va": 140724999946240, "type": "region", "version": 1 }, "end_va": 140725000056831, "entry_point": 140724999950416, "filename": "\\Windows\\System32\\mpr.dll", "id": "region_8540", "name": "mpr.dll", "norm_filename": "c:\\windows\\system32\\mpr.dll", "region_type": "memory_mapped_file", "start_va": 140724999946240, "timestamp": "00:02:01.956", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 28672, "start_va": 534177054720, "type": "region", "version": 1 }, "end_va": 534177083391, "entry_point": 0, "filename": null, "id": "region_8541", "name": "private_0x0000007c5f6f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 534177054720, "timestamp": "00:02:01.957", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2359296, "start_va": 140725005254656, "type": "region", "version": 1 }, "end_va": 140725007613951, "entry_point": 140725005259760, "filename": "\\Windows\\System32\\wininet.dll", "id": "region_8542", "name": "wininet.dll", "norm_filename": "c:\\windows\\system32\\wininet.dll", "region_type": "memory_mapped_file", "start_va": 140725005254656, "timestamp": "00:02:01.967", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 28672, "start_va": 140725103820800, "type": "region", "version": 1 }, "end_va": 140725103849471, "entry_point": 140725103824912, "filename": "\\Windows\\System32\\psapi.dll", "id": "region_8543", "name": "psapi.dll", "norm_filename": "c:\\windows\\system32\\psapi.dll", "region_type": "memory_mapped_file", "start_va": 140725103820800, "timestamp": "00:02:01.968", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 167936, "start_va": 140725016985600, "type": "region", "version": 1 }, "end_va": 140725017153535, "entry_point": 140725017016680, "filename": "\\Windows\\System32\\IPHLPAPI.DLL", "id": "region_8544", "name": "iphlpapi.dll", "norm_filename": "c:\\windows\\system32\\iphlpapi.dll", "region_type": "memory_mapped_file", "start_va": 140725016985600, "timestamp": "00:02:01.969", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 126976, "start_va": 140725076557824, "type": "region", "version": 1 }, "end_va": 140725076684799, "entry_point": 140725076562672, "filename": "\\Windows\\System32\\userenv.dll", "id": "region_8545", "name": "userenv.dll", "norm_filename": "c:\\windows\\system32\\userenv.dll", "region_type": "memory_mapped_file", "start_va": 140725076557824, "timestamp": "00:02:01.970", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1187840, "start_va": 140725066858496, "type": "region", "version": 1 }, "end_va": 140725068046335, "entry_point": 140725066904644, "filename": "\\Windows\\System32\\uxtheme.dll", "id": "region_8546", "name": "uxtheme.dll", "norm_filename": "c:\\windows\\system32\\uxtheme.dll", "region_type": "memory_mapped_file", "start_va": 140725066858496, "timestamp": "00:02:01.971", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1511424, "start_va": 140725093466112, "type": "region", "version": 1 }, "end_va": 140725094977535, "entry_point": 140725093620416, "filename": "\\Windows\\System32\\user32.dll", "id": "region_8547", "name": "user32.dll", "norm_filename": "c:\\windows\\system32\\user32.dll", "region_type": "memory_mapped_file", "start_va": 140725093466112, "timestamp": "00:02:01.971", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1331200, "start_va": 140725129773056, "type": "region", "version": 1 }, "end_va": 140725131104255, "entry_point": 140725129845848, "filename": "\\Windows\\System32\\gdi32.dll", "id": "region_8548", "name": "gdi32.dll", "norm_filename": "c:\\windows\\system32\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 140725129773056, "timestamp": "00:02:01.972", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 630784, "start_va": 140725129117696, "type": "region", "version": 1 }, "end_va": 140725129748479, "entry_point": 140725129122212, "filename": "\\Windows\\System32\\comdlg32.dll", "id": "region_8549", "name": "comdlg32.dll", "norm_filename": "c:\\windows\\system32\\comdlg32.dll", "region_type": "memory_mapped_file", "start_va": 140725129117696, "timestamp": "00:02:01.982", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 675840, "start_va": 140725126299648, "type": "region", "version": 1 }, "end_va": 140725126975487, "entry_point": 140725126303760, "filename": "\\Windows\\System32\\advapi32.dll", "id": "region_8550", "name": "advapi32.dll", "norm_filename": "c:\\windows\\system32\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 140725126299648, "timestamp": "00:02:01.983", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 21032960, "start_va": 140725103951872, "type": "region", "version": 1 }, "end_va": 140725124984831, "entry_point": 140725103956224, "filename": "\\Windows\\System32\\shell32.dll", "id": "region_8551", "name": "shell32.dll", "norm_filename": "c:\\windows\\system32\\shell32.dll", "region_type": "memory_mapped_file", "start_va": 140725103951872, "timestamp": "00:02:01.984", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1531904, "start_va": 140725096546304, "type": "region", "version": 1 }, "end_va": 140725098078207, "entry_point": 140725096550580, "filename": "\\Windows\\System32\\ole32.dll", "id": "region_8552", "name": "ole32.dll", "norm_filename": "c:\\windows\\system32\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 140725096546304, "timestamp": "00:02:01.986", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 749568, "start_va": 140725101002752, "type": "region", "version": 1 }, "end_va": 140725101752319, "entry_point": 140725101007136, "filename": "\\Windows\\System32\\oleaut32.dll", "id": "region_8553", "name": "oleaut32.dll", "norm_filename": "c:\\windows\\system32\\oleaut32.dll", "region_type": "memory_mapped_file", "start_va": 140725101002752, "timestamp": "00:02:01.986", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 360448, "start_va": 140725127020544, "type": "region", "version": 1 }, "end_va": 140725127380991, "entry_point": 140725127024796, "filename": "\\Windows\\System32\\ws2_32.dll", "id": "region_8554", "name": "ws2_32.dll", "norm_filename": "c:\\windows\\system32\\ws2_32.dll", "region_type": "memory_mapped_file", "start_va": 140725127020544, "timestamp": "00:02:01.987", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 684032, "start_va": 140725098577920, "type": "region", "version": 1 }, "end_va": 140725099261951, "entry_point": 140725098588204, "filename": "\\Windows\\System32\\msvcrt.dll", "id": "region_8555", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\system32\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 140725098577920, "timestamp": "00:02:01.988", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 172032, "start_va": 140725043789824, "type": "region", "version": 1 }, "end_va": 140725043961855, "entry_point": 140725043832680, "filename": "\\Windows\\System32\\winmmbase.dll", "id": "region_8556", "name": "winmmbase.dll", "norm_filename": "c:\\windows\\system32\\winmmbase.dll", "region_type": "memory_mapped_file", "start_va": 140725043789824, "timestamp": "00:02:01.999", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1269760, "start_va": 140725127806976, "type": "region", "version": 1 }, "end_va": 140725129076735, "entry_point": 140725127811408, "filename": "\\Windows\\System32\\rpcrt4.dll", "id": "region_8557", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\system32\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 140725127806976, "timestamp": "00:02:02.001", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2785280, "start_va": 140725002436608, "type": "region", "version": 1 }, "end_va": 140725005221887, "entry_point": 140725002493380, "filename": "\\Windows\\System32\\iertutil.dll", "id": "region_8558", "name": "iertutil.dll", "norm_filename": "c:\\windows\\system32\\iertutil.dll", "region_type": "memory_mapped_file", "start_va": 140725002436608, "timestamp": "00:02:02.002", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 36864, "start_va": 140725103886336, "type": "region", "version": 1 }, "end_va": 140725103923199, "entry_point": 140725103891456, "filename": "\\Windows\\System32\\nsi.dll", "id": "region_8559", "name": "nsi.dll", "norm_filename": "c:\\windows\\system32\\nsi.dll", "region_type": "memory_mapped_file", "start_va": 140725103886336, "timestamp": "00:02:02.004", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 140725016920064, "type": "region", "version": 1 }, "end_va": 140725016961023, "entry_point": 140725016924356, "filename": "\\Windows\\System32\\winnsi.dll", "id": "region_8560", "name": "winnsi.dll", "norm_filename": "c:\\windows\\system32\\winnsi.dll", "region_type": "memory_mapped_file", "start_va": 140725016920064, "timestamp": "00:02:02.016", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 81920, "start_va": 140725086453760, "type": "region", "version": 1 }, "end_va": 140725086535679, "entry_point": 140725086468812, "filename": "\\Windows\\System32\\profapi.dll", "id": "region_8561", "name": "profapi.dll", "norm_filename": "c:\\windows\\system32\\profapi.dll", "region_type": "memory_mapped_file", "start_va": 140725086453760, "timestamp": "00:02:02.018", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1929216, "start_va": 140725131149312, "type": "region", "version": 1 }, "end_va": 140725133078527, "entry_point": 140725131157344, "filename": "\\Windows\\System32\\combase.dll", "id": "region_8562", "name": "combase.dll", "norm_filename": "c:\\windows\\system32\\combase.dll", "region_type": "memory_mapped_file", "start_va": 140725131149312, "timestamp": "00:02:02.040", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 331776, "start_va": 140725095038976, "type": "region", "version": 1 }, "end_va": 140725095370751, "entry_point": 140725095043776, "filename": "\\Windows\\System32\\shlwapi.dll", "id": "region_8563", "name": "shlwapi.dll", "norm_filename": "c:\\windows\\system32\\shlwapi.dll", "region_type": "memory_mapped_file", "start_va": 140725095038976, "timestamp": "00:02:02.042", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 356352, "start_va": 140725098184704, "type": "region", "version": 1 }, "end_va": 140725098541055, "entry_point": 140725098194176, "filename": "\\Windows\\System32\\sechost.dll", "id": "region_8564", "name": "sechost.dll", "norm_filename": "c:\\windows\\system32\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 140725098184704, "timestamp": "00:02:02.044", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 303104, "start_va": 140725090320384, "type": "region", "version": 1 }, "end_va": 140725090623487, "entry_point": 140725090325080, "filename": "\\Windows\\System32\\cfgmgr32.dll", "id": "region_8565", "name": "cfgmgr32.dll", "norm_filename": "c:\\windows\\system32\\cfgmgr32.dll", "region_type": "memory_mapped_file", "start_va": 140725090320384, "timestamp": "00:02:02.047", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 155648, "start_va": 140725068103680, "type": "region", "version": 1 }, "end_va": 140725068259327, "entry_point": 140725068109212, "filename": "\\Windows\\System32\\devobj.dll", "id": "region_8566", "name": "devobj.dll", "norm_filename": "c:\\windows\\system32\\devobj.dll", "region_type": "memory_mapped_file", "start_va": 140725068103680, "timestamp": "00:02:02.049", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 659456, "start_va": 140725060108288, "type": "region", "version": 1 }, "end_va": 140725060767743, "entry_point": 140725060112544, "filename": "\\Windows\\System32\\SHCore.dll", "id": "region_8567", "name": "shcore.dll", "norm_filename": "c:\\windows\\system32\\shcore.dll", "region_type": "memory_mapped_file", "start_va": 140725060108288, "timestamp": "00:02:02.059", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1835008, "start_va": 534186754048, "type": "region", "version": 1 }, "end_va": 534188589055, "entry_point": 0, "filename": null, "id": "region_8568", "name": "private_0x0000007c60030000", "norm_filename": null, "region_type": "private_memory", "start_va": 534186754048, "timestamp": "00:02:02.063", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 28672, "start_va": 534182100992, "type": "region", "version": 1 }, "end_va": 534182129663, "entry_point": 0, "filename": null, "id": "region_8569", "name": "private_0x0000007c5fbc0000", "norm_filename": null, "region_type": "private_memory", "start_va": 534182100992, "timestamp": "00:02:02.065", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 212992, "start_va": 534182166528, "type": "region", "version": 1 }, "end_va": 534182379519, "entry_point": 534182170672, "filename": "\\Windows\\System32\\imm32.dll", "id": "region_8570", "name": "imm32.dll", "norm_filename": "c:\\windows\\system32\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 534182166528, "timestamp": "00:02:02.067", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 534186754048, "type": "region", "version": 1 }, "end_va": 534188359679, "entry_point": 0, "filename": null, "id": "region_8571", "name": "pagefile_0x0000007c60030000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 534186754048, "timestamp": "00:02:02.068", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 534188523520, "type": "region", "version": 1 }, "end_va": 534188589055, "entry_point": 0, "filename": null, "id": "region_8572", "name": "private_0x0000007c601e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 534188523520, "timestamp": "00:02:02.068", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 212992, "start_va": 140725095563264, "type": "region", "version": 1 }, "end_va": 140725095776255, "entry_point": 140725095567408, "filename": "\\Windows\\System32\\imm32.dll", "id": "region_8573", "name": "imm32.dll", "norm_filename": "c:\\windows\\system32\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 140725095563264, "timestamp": "00:02:02.069", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1277952, "start_va": 140725091762176, "type": "region", "version": 1 }, "end_va": 140725093040127, "entry_point": 140725091766288, "filename": "\\Windows\\System32\\msctf.dll", "id": "region_8574", "name": "msctf.dll", "norm_filename": "c:\\windows\\system32\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 140725091762176, "timestamp": "00:02:02.070", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 534188589056, "type": "region", "version": 1 }, "end_va": 534190166015, "entry_point": 0, "filename": null, "id": "region_8575", "name": "pagefile_0x0000007c601f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 534188589056, "timestamp": "00:02:02.074", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20971520, "start_va": 534190227456, "type": "region", "version": 1 }, "end_va": 534211198975, "entry_point": 0, "filename": null, "id": "region_8576", "name": "pagefile_0x0000007c60380000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 534190227456, "timestamp": "00:02:02.074", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 534182166528, "type": "region", "version": 1 }, "end_va": 534182170623, "entry_point": 0, "filename": null, "id": "region_8577", "name": "private_0x0000007c5fbd0000", "norm_filename": null, "region_type": "private_memory", "start_va": 534182166528, "timestamp": "00:02:02.078", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 534182232064, "type": "region", "version": 1 }, "end_va": 534182236159, "entry_point": 0, "filename": null, "id": "region_8578", "name": "private_0x0000007c5fbe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 534182232064, "timestamp": "00:02:02.078", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 534182297600, "type": "region", "version": 1 }, "end_va": 534182301695, "entry_point": 534182297600, "filename": "\\Windows\\WindowsShell.Manifest", "id": "region_8579", "name": "windowsshell.manifest", "norm_filename": "c:\\windows\\windowsshell.manifest", "region_type": "memory_mapped_file", "start_va": 534182297600, "timestamp": "00:02:02.078", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 534182363136, "type": "region", "version": 1 }, "end_va": 534182371327, "entry_point": 0, "filename": null, "id": "region_8580", "name": "pagefile_0x0000007c5fc00000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 534182363136, "timestamp": "00:02:02.079", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 327680, "start_va": 534211198976, "type": "region", "version": 1 }, "end_va": 534211526655, "entry_point": 0, "filename": null, "id": "region_8581", "name": "private_0x0000007c61780000", "norm_filename": null, "region_type": "private_memory", "start_va": 534211198976, "timestamp": "00:02:02.084", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 761856, "start_va": 534211526656, "type": "region", "version": 1 }, "end_va": 534212288511, "entry_point": 534211708776, "filename": "\\Windows\\System32\\rpcss.dll", "id": "region_8582", "name": "rpcss.dll", "norm_filename": "c:\\windows\\system32\\rpcss.dll", "region_type": "memory_mapped_file", "start_va": 534211526656, "timestamp": "00:02:02.089", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 140725068431360, "type": "region", "version": 1 }, "end_va": 140725068472319, "entry_point": 140725068437320, "filename": "\\Windows\\System32\\kernel.appcore.dll", "id": "region_8583", "name": "kernel.appcore.dll", "norm_filename": "c:\\windows\\system32\\kernel.appcore.dll", "region_type": "memory_mapped_file", "start_va": 140725068431360, "timestamp": "00:02:02.092", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 140725085208576, "type": "region", "version": 1 }, "end_va": 140725085249535, "entry_point": 140725085212688, "filename": "\\Windows\\System32\\cryptbase.dll", "id": "region_8584", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\system32\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 140725085208576, "timestamp": "00:02:02.094", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 385024, "start_va": 140725084815360, "type": "region", "version": 1 }, "end_va": 140725085200383, "entry_point": 140725084944032, "filename": "\\Windows\\System32\\bcryptprimitives.dll", "id": "region_8585", "name": "bcryptprimitives.dll", "norm_filename": "c:\\windows\\system32\\bcryptprimitives.dll", "region_type": "memory_mapped_file", "start_va": 140725084815360, "timestamp": "00:02:02.096", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 534182297600, "type": "region", "version": 1 }, "end_va": 534182301695, "entry_point": 0, "filename": null, "id": "region_8586", "name": "pagefile_0x0000007c5fbf0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 534182297600, "timestamp": "00:02:02.108", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 983040, "start_va": 534211526656, "type": "region", "version": 1 }, "end_va": 534212509695, "entry_point": 0, "filename": null, "id": "region_8587", "name": "pagefile_0x0000007c617d0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 534211526656, "timestamp": "00:02:02.109", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 534182297600, "type": "region", "version": 1 }, "end_va": 534182313983, "entry_point": 0, "filename": null, "id": "region_8588", "name": "pagefile_0x0000007c5fbf0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 534182297600, "timestamp": "00:02:02.109", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 28672, "start_va": 534182428672, "type": "region", "version": 1 }, "end_va": 534182457343, "entry_point": 0, "filename": null, "id": "region_8589", "name": "private_0x0000007c5fc10000", "norm_filename": null, "region_type": "private_memory", "start_va": 534182428672, "timestamp": "00:02:02.110", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 534212509696, "type": "region", "version": 1 }, "end_va": 534213558271, "entry_point": 0, "filename": null, "id": "region_8590", "name": "private_0x0000007c618c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 534212509696, "timestamp": "00:02:02.120", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1052672, "start_va": 534213558272, "type": "region", "version": 1 }, "end_va": 534214610943, "entry_point": 534213753372, "filename": "\\Program Files\\Common Files\\wanacry6.malware.exe", "id": "region_8591", "name": "wanacry6.malware.exe", "norm_filename": "c:\\program files\\common files\\wanacry6.malware.exe", "region_type": "memory_mapped_file", "start_va": 534213558272, "timestamp": "00:02:02.123", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 534182494208, "type": "region", "version": 1 }, "end_va": 534182498303, "entry_point": 0, "filename": null, "id": "region_8592", "name": "private_0x0000007c5fc20000", "norm_filename": null, "region_type": "private_memory", "start_va": 534182494208, "timestamp": "00:02:02.164", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 135168, "start_va": 140725058142208, "type": "region", "version": 1 }, "end_va": 140725058277375, "entry_point": 140725058146560, "filename": "\\Windows\\System32\\dwmapi.dll", "id": "region_8593", "name": "dwmapi.dll", "norm_filename": "c:\\windows\\system32\\dwmapi.dll", "region_type": "memory_mapped_file", "start_va": 140725058142208, "timestamp": "00:02:02.165", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2969600, "start_va": 534213558272, "type": "region", "version": 1 }, "end_va": 534216527871, "entry_point": 534213558272, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_8594", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 534213558272, "timestamp": "00:02:02.168", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 12288, "start_va": 534188392448, "type": "region", "version": 1 }, "end_va": 534188404735, "entry_point": 0, "filename": null, "id": "region_8595", "name": "pagefile_0x0000007c601c0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 534188392448, "timestamp": "00:02:02.172", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 534188392448, "type": "region", "version": 1 }, "end_va": 534188396543, "entry_point": 0, "filename": null, "id": "region_8596", "name": "pagefile_0x0000007c601c0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 534188392448, "timestamp": "00:02:02.178", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 534188457984, "type": "region", "version": 1 }, "end_va": 534188462079, "entry_point": 0, "filename": null, "id": "region_8600", "name": "private_0x0000007c601d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 534188457984, "timestamp": "00:02:03.202", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 5185536, "start_va": 534216572928, "type": "region", "version": 1 }, "end_va": 534221758463, "entry_point": 0, "filename": null, "id": "region_8601", "name": "pagefile_0x0000007c61ca0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 534216572928, "timestamp": "00:02:03.208", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 15138816, "start_va": 534221815808, "type": "region", "version": 1 }, "end_va": 534236954623, "entry_point": 534221815808, "filename": "\\Windows\\Fonts\\StaticCache.dat", "id": "region_8602", "name": "staticcache.dat", "norm_filename": "c:\\windows\\fonts\\staticcache.dat", "region_type": "memory_mapped_file", "start_va": 534221815808, "timestamp": "00:02:03.209", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 86016, "start_va": 140725025898496, "type": "region", "version": 1 }, "end_va": 140725025984511, "entry_point": 140725025902656, "filename": "\\Windows\\System32\\netapi32.dll", "id": "region_8603", "name": "netapi32.dll", "norm_filename": "c:\\windows\\system32\\netapi32.dll", "region_type": "memory_mapped_file", "start_va": 140725025898496, "timestamp": "00:02:03.217", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 140725072494592, "type": "region", "version": 1 }, "end_va": 140725072543743, "entry_point": 140725072499804, "filename": "\\Windows\\System32\\netutils.dll", "id": "region_8604", "name": "netutils.dll", "norm_filename": "c:\\windows\\system32\\netutils.dll", "region_type": "memory_mapped_file", "start_va": 140725072494592, "timestamp": "00:02:03.219", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 151552, "start_va": 140725073608704, "type": "region", "version": 1 }, "end_va": 140725073760255, "entry_point": 140725073612916, "filename": "\\Windows\\System32\\srvcli.dll", "id": "region_8605", "name": "srvcli.dll", "norm_filename": "c:\\windows\\system32\\srvcli.dll", "region_type": "memory_mapped_file", "start_va": 140725073608704, "timestamp": "00:02:03.220", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 90112, "start_va": 140725025636352, "type": "region", "version": 1 }, "end_va": 140725025726463, "entry_point": 140725025640520, "filename": "\\Windows\\System32\\wkscli.dll", "id": "region_8606", "name": "wkscli.dll", "norm_filename": "c:\\windows\\system32\\wkscli.dll", "region_type": "memory_mapped_file", "start_va": 140725025636352, "timestamp": "00:02:03.221", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 534211198976, "type": "region", "version": 1 }, "end_va": 534211203071, "entry_point": 0, "filename": null, "id": "region_8627", "name": "pagefile_0x0000007c61780000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 534211198976, "timestamp": "00:02:03.301", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 534211461120, "type": "region", "version": 1 }, "end_va": 534211526655, "entry_point": 0, "filename": null, "id": "region_8628", "name": "private_0x0000007c617c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 534211461120, "timestamp": "00:02:03.301", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 2195456, "start_va": 534236954624, "type": "region", "version": 1 }, "end_va": 534239150079, "entry_point": 0, "filename": null, "id": "region_8629", "name": "pagefile_0x0000007c63010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 534236954624, "timestamp": "00:02:03.301", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 12288, "start_va": 534211198976, "type": "region", "version": 1 }, "end_va": 534211211263, "entry_point": 0, "filename": null, "id": "region_8647", "name": "pagefile_0x0000007c61780000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 534211198976, "timestamp": "00:02:04.151", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 534211264512, "type": "region", "version": 1 }, "end_va": 534211268607, "entry_point": 0, "filename": null, "id": "region_8648", "name": "pagefile_0x0000007c61790000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 534211264512, "timestamp": "00:02:04.151", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 48848896, "start_va": 534239182848, "type": "region", "version": 1 }, "end_va": 534288031743, "entry_point": 534239182848, "filename": "\\Windows\\System32\\imageres.dll", "id": "region_8649", "name": "imageres.dll", "norm_filename": "c:\\windows\\system32\\imageres.dll", "region_type": "memory_mapped_file", "start_va": 534239182848, "timestamp": "00:02:04.152", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4169728, "start_va": 534288072704, "type": "region", "version": 1 }, "end_va": 534292242431, "entry_point": 0, "filename": null, "id": "region_8650", "name": "pagefile_0x0000007c660d0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 534288072704, "timestamp": "00:02:04.153", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 278528, "start_va": 534292267008, "type": "region", "version": 1 }, "end_va": 534292545535, "entry_point": 0, "filename": null, "id": "region_8651", "name": "pagefile_0x0000007c664d0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 534292267008, "timestamp": "00:02:04.153", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 217088, "start_va": 140725075443712, "type": "region", "version": 1 }, "end_va": 140725075660799, "entry_point": 140725075448792, "filename": "\\Windows\\System32\\rsaenh.dll", "id": "region_8652", "name": "rsaenh.dll", "norm_filename": "c:\\windows\\system32\\rsaenh.dll", "region_type": "memory_mapped_file", "start_va": 140725075443712, "timestamp": "00:02:04.153", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 122880, "start_va": 140725079769088, "type": "region", "version": 1 }, "end_va": 140725079891967, "entry_point": 140725079773640, "filename": "\\Windows\\System32\\cryptsp.dll", "id": "region_8653", "name": "cryptsp.dll", "norm_filename": "c:\\windows\\system32\\cryptsp.dll", "region_type": "memory_mapped_file", "start_va": 140725079769088, "timestamp": "00:02:04.154", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 155648, "start_va": 140725082062848, "type": "region", "version": 1 }, "end_va": 140725082218495, "entry_point": 140725082086248, "filename": "\\Windows\\System32\\bcrypt.dll", "id": "region_8654", "name": "bcrypt.dll", "norm_filename": "c:\\windows\\system32\\bcrypt.dll", "region_type": "memory_mapped_file", "start_va": 140725082062848, "timestamp": "00:02:04.154", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1110016, "start_va": 534292594688, "type": "region", "version": 1 }, "end_va": 534293704703, "entry_point": 0, "filename": null, "id": "region_8655", "name": "private_0x0000007c66520000", "norm_filename": null, "region_type": "private_memory", "start_va": 534292594688, "timestamp": "00:02:04.164", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "C:\\PROGRA~1\\COMMON~1\\WANACR~1.EXE", "filename": "c:\\progra~1\\common~1\\wanacr~1.exe", "id": "proc_73", "image_name": "wanacr~1.exe", "monitor_reason": "child_process", "monitored_id": 73, "origin_monitor_id": 72, "ref_parent_process": { "ref_id": "proc_72", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable" ], "ref_process_dump": null, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_8671", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:02:04.540", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 131072, "start_va": 744927068160, "type": "region", "version": 1 }, "end_va": 744927199231, "entry_point": 0, "filename": null, "id": "region_8672", "name": "private_0x000000ad711d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 744927068160, "timestamp": "00:02:04.540", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 61440, "start_va": 744927199232, "type": "region", "version": 1 }, "end_va": 744927260671, "entry_point": 0, "filename": null, "id": "region_8673", "name": "pagefile_0x000000ad711f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 744927199232, "timestamp": "00:02:04.540", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4194304, "start_va": 744927264768, "type": "region", "version": 1 }, "end_va": 744931459071, "entry_point": 0, "filename": null, "id": "region_8674", "name": "private_0x000000ad71200000", "norm_filename": null, "region_type": "private_memory", "start_va": 744927264768, "timestamp": "00:02:04.540", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 744931459072, "type": "region", "version": 1 }, "end_va": 744931475455, "entry_point": 0, "filename": null, "id": "region_8675", "name": "pagefile_0x000000ad71600000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 744931459072, "timestamp": "00:02:04.540", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 140698012614656, "type": "region", "version": 1 }, "end_va": 140698012758015, "entry_point": 0, "filename": null, "id": "region_8676", "name": "pagefile_0x00007ff6cf100000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 140698012614656, "timestamp": "00:02:04.540", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140698012798976, "type": "region", "version": 1 }, "end_va": 140698012807167, "entry_point": 0, "filename": null, "id": "region_8677", "name": "private_0x00007ff6cf12d000", "norm_filename": null, "region_type": "private_memory", "start_va": 140698012798976, "timestamp": "00:02:04.540", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 140698012807168, "type": "region", "version": 1 }, "end_va": 140698012811263, "entry_point": 0, "filename": null, "id": "region_8678", "name": "private_0x00007ff6cf12f000", "norm_filename": null, "region_type": "private_memory", "start_va": 140698012807168, "timestamp": "00:02:04.540", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1085440, "start_va": 140698014777344, "type": "region", "version": 1 }, "end_va": 140698015862783, "entry_point": 140698014972444, "filename": "\\PROGRA~1\\COMMON~1\\WANACR~1.EXE", "id": "region_8679", "name": "wanacr~1.exe", "norm_filename": "c:\\progra~1\\common~1\\wanacr~1.exe", "region_type": "memory_mapped_file", "start_va": 140698014777344, "timestamp": "00:02:04.541", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 140725133115392, "type": "region", "version": 1 }, "end_va": 140725134856191, "entry_point": 140725133115392, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_8680", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 140725133115392, "timestamp": "00:02:04.542", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 744931524608, "type": "region", "version": 1 }, "end_va": 744931532799, "entry_point": 0, "filename": null, "id": "region_8681", "name": "pagefile_0x000000ad71610000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 744931524608, "timestamp": "00:02:04.543", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 744931590144, "type": "region", "version": 1 }, "end_va": 744931598335, "entry_point": 0, "filename": null, "id": "region_8682", "name": "private_0x000000ad71620000", "norm_filename": null, "region_type": "private_memory", "start_va": 744931590144, "timestamp": "00:02:04.669", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4194304, "start_va": 744932769792, "type": "region", "version": 1 }, "end_va": 744936964095, "entry_point": 0, "filename": null, "id": "region_8683", "name": "private_0x000000ad71740000", "norm_filename": null, "region_type": "private_memory", "start_va": 744932769792, "timestamp": "00:02:04.670", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1105920, "start_va": 140725090648064, "type": "region", "version": 1 }, "end_va": 140725091753983, "entry_point": 140725090656928, "filename": "\\Windows\\System32\\KernelBase.dll", "id": "region_8684", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\system32\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 140725090648064, "timestamp": "00:02:04.670", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1282048, "start_va": 140725124988928, "type": "region", "version": 1 }, "end_va": 140725126270975, "entry_point": 140725125009460, "filename": "\\Windows\\System32\\kernel32.dll", "id": "region_8685", "name": "kernel32.dll", "norm_filename": "c:\\windows\\system32\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 140725124988928, "timestamp": "00:02:04.671", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 744927068160, "type": "region", "version": 1 }, "end_va": 744927133695, "entry_point": 0, "filename": null, "id": "region_8686", "name": "pagefile_0x000000ad711d0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 744927068160, "timestamp": "00:02:04.684", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 140698011566080, "type": "region", "version": 1 }, "end_va": 140698012614655, "entry_point": 0, "filename": null, "id": "region_8687", "name": "pagefile_0x00007ff6cf000000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 140698011566080, "timestamp": "00:02:04.684", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 516096, "start_va": 744931655680, "type": "region", "version": 1 }, "end_va": 744932171775, "entry_point": 744931655680, "filename": "\\Windows\\System32\\locale.nls", "id": "region_8688", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 744931655680, "timestamp": "00:02:04.686", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 36864, "start_va": 140724958920704, "type": "region", "version": 1 }, "end_va": 140724958957567, "entry_point": 140724958924928, "filename": "\\Windows\\System32\\wsock32.dll", "id": "region_8689", "name": "wsock32.dll", "norm_filename": "c:\\windows\\system32\\wsock32.dll", "region_type": "memory_mapped_file", "start_va": 140724958920704, "timestamp": "00:02:04.696", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 140724958855168, "type": "region", "version": 1 }, "end_va": 140724958896127, "entry_point": 140724958859456, "filename": "\\Windows\\System32\\version.dll", "id": "region_8690", "name": "version.dll", "norm_filename": "c:\\windows\\system32\\version.dll", "region_type": "memory_mapped_file", "start_va": 140724958855168, "timestamp": "00:02:04.697", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 126976, "start_va": 140724958724096, "type": "region", "version": 1 }, "end_va": 140724958851071, "entry_point": 140724958733304, "filename": "\\Windows\\System32\\winmm.dll", "id": "region_8691", "name": "winmm.dll", "norm_filename": "c:\\windows\\system32\\winmm.dll", "region_type": "memory_mapped_file", "start_va": 140724958724096, "timestamp": "00:02:04.699", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2465792, "start_va": 140725055651840, "type": "region", "version": 1 }, "end_va": 140725058117631, "entry_point": 140725055670080, "filename": "\\Windows\\WinSxS\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_62475f7becb72503\\comctl32.dll", "id": "region_8692", "name": "comctl32.dll", "norm_filename": "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_62475f7becb72503\\comctl32.dll", "region_type": "memory_mapped_file", "start_va": 140725055651840, "timestamp": "00:02:04.700", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 110592, "start_va": 140724999946240, "type": "region", "version": 1 }, "end_va": 140725000056831, "entry_point": 140724999950416, "filename": "\\Windows\\System32\\mpr.dll", "id": "region_8693", "name": "mpr.dll", "norm_filename": "c:\\windows\\system32\\mpr.dll", "region_type": "memory_mapped_file", "start_va": 140724999946240, "timestamp": "00:02:04.701", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 28672, "start_va": 744927133696, "type": "region", "version": 1 }, "end_va": 744927162367, "entry_point": 0, "filename": null, "id": "region_8694", "name": "private_0x000000ad711e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 744927133696, "timestamp": "00:02:04.701", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2359296, "start_va": 140725005254656, "type": "region", "version": 1 }, "end_va": 140725007613951, "entry_point": 140725005259760, "filename": "\\Windows\\System32\\wininet.dll", "id": "region_8695", "name": "wininet.dll", "norm_filename": "c:\\windows\\system32\\wininet.dll", "region_type": "memory_mapped_file", "start_va": 140725005254656, "timestamp": "00:02:04.702", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 28672, "start_va": 140725103820800, "type": "region", "version": 1 }, "end_va": 140725103849471, "entry_point": 140725103824912, "filename": "\\Windows\\System32\\psapi.dll", "id": "region_8696", "name": "psapi.dll", "norm_filename": "c:\\windows\\system32\\psapi.dll", "region_type": "memory_mapped_file", "start_va": 140725103820800, "timestamp": "00:02:04.712", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 167936, "start_va": 140725016985600, "type": "region", "version": 1 }, "end_va": 140725017153535, "entry_point": 140725017016680, "filename": "\\Windows\\System32\\IPHLPAPI.DLL", "id": "region_8697", "name": "iphlpapi.dll", "norm_filename": "c:\\windows\\system32\\iphlpapi.dll", "region_type": "memory_mapped_file", "start_va": 140725016985600, "timestamp": "00:02:04.713", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 126976, "start_va": 140725076557824, "type": "region", "version": 1 }, "end_va": 140725076684799, "entry_point": 140725076562672, "filename": "\\Windows\\System32\\userenv.dll", "id": "region_8698", "name": "userenv.dll", "norm_filename": "c:\\windows\\system32\\userenv.dll", "region_type": "memory_mapped_file", "start_va": 140725076557824, "timestamp": "00:02:04.714", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1187840, "start_va": 140725066858496, "type": "region", "version": 1 }, "end_va": 140725068046335, "entry_point": 140725066904644, "filename": "\\Windows\\System32\\uxtheme.dll", "id": "region_8699", "name": "uxtheme.dll", "norm_filename": "c:\\windows\\system32\\uxtheme.dll", "region_type": "memory_mapped_file", "start_va": 140725066858496, "timestamp": "00:02:04.715", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1511424, "start_va": 140725093466112, "type": "region", "version": 1 }, "end_va": 140725094977535, "entry_point": 140725093620416, "filename": "\\Windows\\System32\\user32.dll", "id": "region_8700", "name": "user32.dll", "norm_filename": "c:\\windows\\system32\\user32.dll", "region_type": "memory_mapped_file", "start_va": 140725093466112, "timestamp": "00:02:04.716", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1331200, "start_va": 140725129773056, "type": "region", "version": 1 }, "end_va": 140725131104255, "entry_point": 140725129845848, "filename": "\\Windows\\System32\\gdi32.dll", "id": "region_8701", "name": "gdi32.dll", "norm_filename": "c:\\windows\\system32\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 140725129773056, "timestamp": "00:02:04.716", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 630784, "start_va": 140725129117696, "type": "region", "version": 1 }, "end_va": 140725129748479, "entry_point": 140725129122212, "filename": "\\Windows\\System32\\comdlg32.dll", "id": "region_8702", "name": "comdlg32.dll", "norm_filename": "c:\\windows\\system32\\comdlg32.dll", "region_type": "memory_mapped_file", "start_va": 140725129117696, "timestamp": "00:02:04.717", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 675840, "start_va": 140725126299648, "type": "region", "version": 1 }, "end_va": 140725126975487, "entry_point": 140725126303760, "filename": "\\Windows\\System32\\advapi32.dll", "id": "region_8703", "name": "advapi32.dll", "norm_filename": "c:\\windows\\system32\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 140725126299648, "timestamp": "00:02:04.727", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 21032960, "start_va": 140725103951872, "type": "region", "version": 1 }, "end_va": 140725124984831, "entry_point": 140725103956224, "filename": "\\Windows\\System32\\shell32.dll", "id": "region_8704", "name": "shell32.dll", "norm_filename": "c:\\windows\\system32\\shell32.dll", "region_type": "memory_mapped_file", "start_va": 140725103951872, "timestamp": "00:02:04.729", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1531904, "start_va": 140725096546304, "type": "region", "version": 1 }, "end_va": 140725098078207, "entry_point": 140725096550580, "filename": "\\Windows\\System32\\ole32.dll", "id": "region_8705", "name": "ole32.dll", "norm_filename": "c:\\windows\\system32\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 140725096546304, "timestamp": "00:02:04.730", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 749568, "start_va": 140725101002752, "type": "region", "version": 1 }, "end_va": 140725101752319, "entry_point": 140725101007136, "filename": "\\Windows\\System32\\oleaut32.dll", "id": "region_8706", "name": "oleaut32.dll", "norm_filename": "c:\\windows\\system32\\oleaut32.dll", "region_type": "memory_mapped_file", "start_va": 140725101002752, "timestamp": "00:02:04.731", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 360448, "start_va": 140725127020544, "type": "region", "version": 1 }, "end_va": 140725127380991, "entry_point": 140725127024796, "filename": "\\Windows\\System32\\ws2_32.dll", "id": "region_8707", "name": "ws2_32.dll", "norm_filename": "c:\\windows\\system32\\ws2_32.dll", "region_type": "memory_mapped_file", "start_va": 140725127020544, "timestamp": "00:02:04.732", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 684032, "start_va": 140725098577920, "type": "region", "version": 1 }, "end_va": 140725099261951, "entry_point": 140725098588204, "filename": "\\Windows\\System32\\msvcrt.dll", "id": "region_8708", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\system32\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 140725098577920, "timestamp": "00:02:04.733", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 172032, "start_va": 140725043789824, "type": "region", "version": 1 }, "end_va": 140725043961855, "entry_point": 140725043832680, "filename": "\\Windows\\System32\\winmmbase.dll", "id": "region_8709", "name": "winmmbase.dll", "norm_filename": "c:\\windows\\system32\\winmmbase.dll", "region_type": "memory_mapped_file", "start_va": 140725043789824, "timestamp": "00:02:04.745", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1269760, "start_va": 140725127806976, "type": "region", "version": 1 }, "end_va": 140725129076735, "entry_point": 140725127811408, "filename": "\\Windows\\System32\\rpcrt4.dll", "id": "region_8710", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\system32\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 140725127806976, "timestamp": "00:02:04.747", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2785280, "start_va": 140725002436608, "type": "region", "version": 1 }, "end_va": 140725005221887, "entry_point": 140725002493380, "filename": "\\Windows\\System32\\iertutil.dll", "id": "region_8711", "name": "iertutil.dll", "norm_filename": "c:\\windows\\system32\\iertutil.dll", "region_type": "memory_mapped_file", "start_va": 140725002436608, "timestamp": "00:02:04.749", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 36864, "start_va": 140725103886336, "type": "region", "version": 1 }, "end_va": 140725103923199, "entry_point": 140725103891456, "filename": "\\Windows\\System32\\nsi.dll", "id": "region_8712", "name": "nsi.dll", "norm_filename": "c:\\windows\\system32\\nsi.dll", "region_type": "memory_mapped_file", "start_va": 140725103886336, "timestamp": "00:02:04.760", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 140725016920064, "type": "region", "version": 1 }, "end_va": 140725016961023, "entry_point": 140725016924356, "filename": "\\Windows\\System32\\winnsi.dll", "id": "region_8713", "name": "winnsi.dll", "norm_filename": "c:\\windows\\system32\\winnsi.dll", "region_type": "memory_mapped_file", "start_va": 140725016920064, "timestamp": "00:02:04.762", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 81920, "start_va": 140725086453760, "type": "region", "version": 1 }, "end_va": 140725086535679, "entry_point": 140725086468812, "filename": "\\Windows\\System32\\profapi.dll", "id": "region_8714", "name": "profapi.dll", "norm_filename": "c:\\windows\\system32\\profapi.dll", "region_type": "memory_mapped_file", "start_va": 140725086453760, "timestamp": "00:02:04.763", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1929216, "start_va": 140725131149312, "type": "region", "version": 1 }, "end_va": 140725133078527, "entry_point": 140725131157344, "filename": "\\Windows\\System32\\combase.dll", "id": "region_8715", "name": "combase.dll", "norm_filename": "c:\\windows\\system32\\combase.dll", "region_type": "memory_mapped_file", "start_va": 140725131149312, "timestamp": "00:02:04.782", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 331776, "start_va": 140725095038976, "type": "region", "version": 1 }, "end_va": 140725095370751, "entry_point": 140725095043776, "filename": "\\Windows\\System32\\shlwapi.dll", "id": "region_8716", "name": "shlwapi.dll", "norm_filename": "c:\\windows\\system32\\shlwapi.dll", "region_type": "memory_mapped_file", "start_va": 140725095038976, "timestamp": "00:02:04.784", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 356352, "start_va": 140725098184704, "type": "region", "version": 1 }, "end_va": 140725098541055, "entry_point": 140725098194176, "filename": "\\Windows\\System32\\sechost.dll", "id": "region_8717", "name": "sechost.dll", "norm_filename": "c:\\windows\\system32\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 140725098184704, "timestamp": "00:02:04.785", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 303104, "start_va": 140725090320384, "type": "region", "version": 1 }, "end_va": 140725090623487, "entry_point": 140725090325080, "filename": "\\Windows\\System32\\cfgmgr32.dll", "id": "region_8718", "name": "cfgmgr32.dll", "norm_filename": "c:\\windows\\system32\\cfgmgr32.dll", "region_type": "memory_mapped_file", "start_va": 140725090320384, "timestamp": "00:02:04.789", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 155648, "start_va": 140725068103680, "type": "region", "version": 1 }, "end_va": 140725068259327, "entry_point": 140725068109212, "filename": "\\Windows\\System32\\devobj.dll", "id": "region_8719", "name": "devobj.dll", "norm_filename": "c:\\windows\\system32\\devobj.dll", "region_type": "memory_mapped_file", "start_va": 140725068103680, "timestamp": "00:02:04.790", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 659456, "start_va": 140725060108288, "type": "region", "version": 1 }, "end_va": 140725060767743, "entry_point": 140725060112544, "filename": "\\Windows\\System32\\SHCore.dll", "id": "region_8720", "name": "shcore.dll", "norm_filename": "c:\\windows\\system32\\shcore.dll", "region_type": "memory_mapped_file", "start_va": 140725060108288, "timestamp": "00:02:04.802", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1835008, "start_va": 744936964096, "type": "region", "version": 1 }, "end_va": 744938799103, "entry_point": 0, "filename": null, "id": "region_8721", "name": "private_0x000000ad71b40000", "norm_filename": null, "region_type": "private_memory", "start_va": 744936964096, "timestamp": "00:02:04.806", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 28672, "start_va": 744932179968, "type": "region", "version": 1 }, "end_va": 744932208639, "entry_point": 0, "filename": null, "id": "region_8722", "name": "private_0x000000ad716b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 744932179968, "timestamp": "00:02:04.807", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 212992, "start_va": 744932245504, "type": "region", "version": 1 }, "end_va": 744932458495, "entry_point": 744932249648, "filename": "\\Windows\\System32\\imm32.dll", "id": "region_8723", "name": "imm32.dll", "norm_filename": "c:\\windows\\system32\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 744932245504, "timestamp": "00:02:04.832", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 744936964096, "type": "region", "version": 1 }, "end_va": 744938569727, "entry_point": 0, "filename": null, "id": "region_8724", "name": "pagefile_0x000000ad71b40000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 744936964096, "timestamp": "00:02:04.833", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 744938733568, "type": "region", "version": 1 }, "end_va": 744938799103, "entry_point": 0, "filename": null, "id": "region_8725", "name": "private_0x000000ad71cf0000", "norm_filename": null, "region_type": "private_memory", "start_va": 744938733568, "timestamp": "00:02:04.833", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 212992, "start_va": 140725095563264, "type": "region", "version": 1 }, "end_va": 140725095776255, "entry_point": 140725095567408, "filename": "\\Windows\\System32\\imm32.dll", "id": "region_8726", "name": "imm32.dll", "norm_filename": "c:\\windows\\system32\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 140725095563264, "timestamp": "00:02:04.834", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1277952, "start_va": 140725091762176, "type": "region", "version": 1 }, "end_va": 140725093040127, "entry_point": 140725091766288, "filename": "\\Windows\\System32\\msctf.dll", "id": "region_8727", "name": "msctf.dll", "norm_filename": "c:\\windows\\system32\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 140725091762176, "timestamp": "00:02:04.835", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 744938799104, "type": "region", "version": 1 }, "end_va": 744940376063, "entry_point": 0, "filename": null, "id": "region_8728", "name": "pagefile_0x000000ad71d00000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 744938799104, "timestamp": "00:02:04.837", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20971520, "start_va": 744940437504, "type": "region", "version": 1 }, "end_va": 744961409023, "entry_point": 0, "filename": null, "id": "region_8729", "name": "pagefile_0x000000ad71e90000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 744940437504, "timestamp": "00:02:04.837", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 744932245504, "type": "region", "version": 1 }, "end_va": 744932249599, "entry_point": 0, "filename": null, "id": "region_8730", "name": "private_0x000000ad716c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 744932245504, "timestamp": "00:02:04.842", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 744932311040, "type": "region", "version": 1 }, "end_va": 744932315135, "entry_point": 0, "filename": null, "id": "region_8731", "name": "private_0x000000ad716d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 744932311040, "timestamp": "00:02:04.842", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 744932376576, "type": "region", "version": 1 }, "end_va": 744932380671, "entry_point": 744932376576, "filename": "\\Windows\\WindowsShell.Manifest", "id": "region_8732", "name": "windowsshell.manifest", "norm_filename": "c:\\windows\\windowsshell.manifest", "region_type": "memory_mapped_file", "start_va": 744932376576, "timestamp": "00:02:04.842", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 744932442112, "type": "region", "version": 1 }, "end_va": 744932450303, "entry_point": 0, "filename": null, "id": "region_8733", "name": "pagefile_0x000000ad716f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 744932442112, "timestamp": "00:02:04.842", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1835008, "start_va": 744961409024, "type": "region", "version": 1 }, "end_va": 744963244031, "entry_point": 0, "filename": null, "id": "region_8734", "name": "private_0x000000ad73290000", "norm_filename": null, "region_type": "private_memory", "start_va": 744961409024, "timestamp": "00:02:04.846", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 761856, "start_va": 744961409024, "type": "region", "version": 1 }, "end_va": 744962170879, "entry_point": 744961591144, "filename": "\\Windows\\System32\\rpcss.dll", "id": "region_8735", "name": "rpcss.dll", "norm_filename": "c:\\windows\\system32\\rpcss.dll", "region_type": "memory_mapped_file", "start_va": 744961409024, "timestamp": "00:02:04.852", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 744963178496, "type": "region", "version": 1 }, "end_va": 744963244031, "entry_point": 0, "filename": null, "id": "region_8736", "name": "private_0x000000ad73440000", "norm_filename": null, "region_type": "private_memory", "start_va": 744963178496, "timestamp": "00:02:04.853", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 140725068431360, "type": "region", "version": 1 }, "end_va": 140725068472319, "entry_point": 140725068437320, "filename": "\\Windows\\System32\\kernel.appcore.dll", "id": "region_8737", "name": "kernel.appcore.dll", "norm_filename": "c:\\windows\\system32\\kernel.appcore.dll", "region_type": "memory_mapped_file", "start_va": 140725068431360, "timestamp": "00:02:04.854", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 140725085208576, "type": "region", "version": 1 }, "end_va": 140725085249535, "entry_point": 140725085212688, "filename": "\\Windows\\System32\\cryptbase.dll", "id": "region_8738", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\system32\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 140725085208576, "timestamp": "00:02:04.856", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 385024, "start_va": 140725084815360, "type": "region", "version": 1 }, "end_va": 140725085200383, "entry_point": 140725084944032, "filename": "\\Windows\\System32\\bcryptprimitives.dll", "id": "region_8739", "name": "bcryptprimitives.dll", "norm_filename": "c:\\windows\\system32\\bcryptprimitives.dll", "region_type": "memory_mapped_file", "start_va": 140725084815360, "timestamp": "00:02:04.857", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 744932376576, "type": "region", "version": 1 }, "end_va": 744932380671, "entry_point": 0, "filename": null, "id": "region_8740", "name": "pagefile_0x000000ad716e0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 744932376576, "timestamp": "00:02:04.863", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 983040, "start_va": 744961409024, "type": "region", "version": 1 }, "end_va": 744962392063, "entry_point": 0, "filename": null, "id": "region_8741", "name": "pagefile_0x000000ad73290000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 744961409024, "timestamp": "00:02:04.864", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 744932376576, "type": "region", "version": 1 }, "end_va": 744932392959, "entry_point": 0, "filename": null, "id": "region_8742", "name": "pagefile_0x000000ad716e0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 744932376576, "timestamp": "00:02:04.864", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 28672, "start_va": 744932507648, "type": "region", "version": 1 }, "end_va": 744932536319, "entry_point": 0, "filename": null, "id": "region_8743", "name": "private_0x000000ad71700000", "norm_filename": null, "region_type": "private_memory", "start_va": 744932507648, "timestamp": "00:02:04.864", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 744963244032, "type": "region", "version": 1 }, "end_va": 744964292607, "entry_point": 0, "filename": null, "id": "region_8744", "name": "private_0x000000ad73450000", "norm_filename": null, "region_type": "private_memory", "start_va": 744963244032, "timestamp": "00:02:04.872", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1052672, "start_va": 744964292608, "type": "region", "version": 1 }, "end_va": 744965345279, "entry_point": 744964487708, "filename": "\\Program Files\\Common Files\\wanacry6.malware.exe", "id": "region_8745", "name": "wanacry6.malware.exe", "norm_filename": "c:\\program files\\common files\\wanacry6.malware.exe", "region_type": "memory_mapped_file", "start_va": 744964292608, "timestamp": "00:02:04.875", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 744932573184, "type": "region", "version": 1 }, "end_va": 744932577279, "entry_point": 0, "filename": null, "id": "region_8746", "name": "private_0x000000ad71710000", "norm_filename": null, "region_type": "private_memory", "start_va": 744932573184, "timestamp": "00:02:04.907", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 135168, "start_va": 140725058142208, "type": "region", "version": 1 }, "end_va": 140725058277375, "entry_point": 140725058146560, "filename": "\\Windows\\System32\\dwmapi.dll", "id": "region_8747", "name": "dwmapi.dll", "norm_filename": "c:\\windows\\system32\\dwmapi.dll", "region_type": "memory_mapped_file", "start_va": 140725058142208, "timestamp": "00:02:04.908", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2969600, "start_va": 744964292608, "type": "region", "version": 1 }, "end_va": 744967262207, "entry_point": 744964292608, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_8748", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 744964292608, "timestamp": "00:02:04.912", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 12288, "start_va": 744932638720, "type": "region", "version": 1 }, "end_va": 744932651007, "entry_point": 0, "filename": null, "id": "region_8749", "name": "pagefile_0x000000ad71720000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 744932638720, "timestamp": "00:02:04.916", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 744932638720, "type": "region", "version": 1 }, "end_va": 744932642815, "entry_point": 0, "filename": null, "id": "region_8750", "name": "pagefile_0x000000ad71720000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 744932638720, "timestamp": "00:02:04.922", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 744932704256, "type": "region", "version": 1 }, "end_va": 744932708351, "entry_point": 0, "filename": null, "id": "region_8751", "name": "private_0x000000ad71730000", "norm_filename": null, "region_type": "private_memory", "start_va": 744932704256, "timestamp": "00:02:05.945", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 5185536, "start_va": 744967307264, "type": "region", "version": 1 }, "end_va": 744972492799, "entry_point": 0, "filename": null, "id": "region_8752", "name": "pagefile_0x000000ad73830000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 744967307264, "timestamp": "00:02:05.952", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 15138816, "start_va": 744972550144, "type": "region", "version": 1 }, "end_va": 744987688959, "entry_point": 744972550144, "filename": "\\Windows\\Fonts\\StaticCache.dat", "id": "region_8753", "name": "staticcache.dat", "norm_filename": "c:\\windows\\fonts\\staticcache.dat", "region_type": "memory_mapped_file", "start_va": 744972550144, "timestamp": "00:02:05.952", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 86016, "start_va": 140725025898496, "type": "region", "version": 1 }, "end_va": 140725025984511, "entry_point": 140725025902656, "filename": "\\Windows\\System32\\netapi32.dll", "id": "region_8754", "name": "netapi32.dll", "norm_filename": "c:\\windows\\system32\\netapi32.dll", "region_type": "memory_mapped_file", "start_va": 140725025898496, "timestamp": "00:02:05.961", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 140725072494592, "type": "region", "version": 1 }, "end_va": 140725072543743, "entry_point": 140725072499804, "filename": "\\Windows\\System32\\netutils.dll", "id": "region_8755", "name": "netutils.dll", "norm_filename": "c:\\windows\\system32\\netutils.dll", "region_type": "memory_mapped_file", "start_va": 140725072494592, "timestamp": "00:02:05.963", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 151552, "start_va": 140725073608704, "type": "region", "version": 1 }, "end_va": 140725073760255, "entry_point": 140725073612916, "filename": "\\Windows\\System32\\srvcli.dll", "id": "region_8756", "name": "srvcli.dll", "norm_filename": "c:\\windows\\system32\\srvcli.dll", "region_type": "memory_mapped_file", "start_va": 140725073608704, "timestamp": "00:02:05.964", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 90112, "start_va": 140725025636352, "type": "region", "version": 1 }, "end_va": 140725025726463, "entry_point": 140725025640520, "filename": "\\Windows\\System32\\wkscli.dll", "id": "region_8757", "name": "wkscli.dll", "norm_filename": "c:\\windows\\system32\\wkscli.dll", "region_type": "memory_mapped_file", "start_va": 140725025636352, "timestamp": "00:02:05.965", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 744938602496, "type": "region", "version": 1 }, "end_va": 744938606591, "entry_point": 0, "filename": null, "id": "region_8778", "name": "pagefile_0x000000ad71cd0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 744938602496, "timestamp": "00:02:06.051", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 2195456, "start_va": 744987688960, "type": "region", "version": 1 }, "end_va": 744989884415, "entry_point": 0, "filename": null, "id": "region_8779", "name": "pagefile_0x000000ad74ba0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 744987688960, "timestamp": "00:02:06.052", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 12288, "start_va": 744938602496, "type": "region", "version": 1 }, "end_va": 744938614783, "entry_point": 0, "filename": null, "id": "region_8798", "name": "pagefile_0x000000ad71cd0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 744938602496, "timestamp": "00:02:06.806", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 744938668032, "type": "region", "version": 1 }, "end_va": 744938672127, "entry_point": 0, "filename": null, "id": "region_8799", "name": "pagefile_0x000000ad71ce0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 744938668032, "timestamp": "00:02:06.806", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 278528, "start_va": 744962392064, "type": "region", "version": 1 }, "end_va": 744962670591, "entry_point": 0, "filename": null, "id": "region_8800", "name": "pagefile_0x000000ad73380000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 744962392064, "timestamp": "00:02:06.806", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 48848896, "start_va": 744989917184, "type": "region", "version": 1 }, "end_va": 745038766079, "entry_point": 744989917184, "filename": "\\Windows\\System32\\imageres.dll", "id": "region_8801", "name": "imageres.dll", "norm_filename": "c:\\windows\\system32\\imageres.dll", "region_type": "memory_mapped_file", "start_va": 744989917184, "timestamp": "00:02:06.807", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4169728, "start_va": 745038807040, "type": "region", "version": 1 }, "end_va": 745042976767, "entry_point": 0, "filename": null, "id": "region_8802", "name": "pagefile_0x000000ad77c60000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 745038807040, "timestamp": "00:02:06.807", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 217088, "start_va": 140725075443712, "type": "region", "version": 1 }, "end_va": 140725075660799, "entry_point": 140725075448792, "filename": "\\Windows\\System32\\rsaenh.dll", "id": "region_8803", "name": "rsaenh.dll", "norm_filename": "c:\\windows\\system32\\rsaenh.dll", "region_type": "memory_mapped_file", "start_va": 140725075443712, "timestamp": "00:02:06.808", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 122880, "start_va": 140725079769088, "type": "region", "version": 1 }, "end_va": 140725079891967, "entry_point": 140725079773640, "filename": "\\Windows\\System32\\cryptsp.dll", "id": "region_8804", "name": "cryptsp.dll", "norm_filename": "c:\\windows\\system32\\cryptsp.dll", "region_type": "memory_mapped_file", "start_va": 140725079769088, "timestamp": "00:02:06.808", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 155648, "start_va": 140725082062848, "type": "region", "version": 1 }, "end_va": 140725082218495, "entry_point": 140725082086248, "filename": "\\Windows\\System32\\bcrypt.dll", "id": "region_8805", "name": "bcrypt.dll", "norm_filename": "c:\\windows\\system32\\bcrypt.dll", "region_type": "memory_mapped_file", "start_va": 140725082062848, "timestamp": "00:02:06.809", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1089536, "start_va": 745043001344, "type": "region", "version": 1 }, "end_va": 745044090879, "entry_point": 0, "filename": null, "id": "region_8806", "name": "private_0x000000ad78060000", "norm_filename": null, "region_type": "private_memory", "start_va": 745043001344, "timestamp": "00:02:06.817", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "C:\\PROGRA~1\\COMMON~1\\WANACR~1.EXE", "filename": "c:\\progra~1\\common~1\\wanacr~1.exe", "id": "proc_74", "image_name": "wanacr~1.exe", "monitor_reason": "child_process", "monitored_id": 74, "origin_monitor_id": 73, "ref_parent_process": { "ref_id": "proc_73", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable" ], "ref_process_dump": null, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_8822", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:02:07.197", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 131072, "start_va": 416768917504, "type": "region", "version": 1 }, "end_va": 416769048575, "entry_point": 0, "filename": null, "id": "region_8823", "name": "private_0x00000061095d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 416768917504, "timestamp": "00:02:07.197", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 61440, "start_va": 416769048576, "type": "region", "version": 1 }, "end_va": 416769110015, "entry_point": 0, "filename": null, "id": "region_8824", "name": "pagefile_0x00000061095f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 416769048576, "timestamp": "00:02:07.197", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4194304, "start_va": 416769114112, "type": "region", "version": 1 }, "end_va": 416773308415, "entry_point": 0, "filename": null, "id": "region_8825", "name": "private_0x0000006109600000", "norm_filename": null, "region_type": "private_memory", "start_va": 416769114112, "timestamp": "00:02:07.198", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 416773308416, "type": "region", "version": 1 }, "end_va": 416773324799, "entry_point": 0, "filename": null, "id": "region_8826", "name": "pagefile_0x0000006109a00000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 416773308416, "timestamp": "00:02:07.198", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 140697998983168, "type": "region", "version": 1 }, "end_va": 140697999126527, "entry_point": 0, "filename": null, "id": "region_8827", "name": "pagefile_0x00007ff6ce400000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 140697998983168, "timestamp": "00:02:07.198", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140697999167488, "type": "region", "version": 1 }, "end_va": 140697999175679, "entry_point": 0, "filename": null, "id": "region_8828", "name": "private_0x00007ff6ce42d000", "norm_filename": null, "region_type": "private_memory", "start_va": 140697999167488, "timestamp": "00:02:07.198", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 140697999175680, "type": "region", "version": 1 }, "end_va": 140697999179775, "entry_point": 0, "filename": null, "id": "region_8829", "name": "private_0x00007ff6ce42f000", "norm_filename": null, "region_type": "private_memory", "start_va": 140697999175680, "timestamp": "00:02:07.198", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1085440, "start_va": 140698014777344, "type": "region", "version": 1 }, "end_va": 140698015862783, "entry_point": 140698014972444, "filename": "\\PROGRA~1\\COMMON~1\\WANACR~1.EXE", "id": "region_8830", "name": "wanacr~1.exe", "norm_filename": "c:\\progra~1\\common~1\\wanacr~1.exe", "region_type": "memory_mapped_file", "start_va": 140698014777344, "timestamp": "00:02:07.198", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 140725133115392, "type": "region", "version": 1 }, "end_va": 140725134856191, "entry_point": 140725133115392, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_8831", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 140725133115392, "timestamp": "00:02:07.199", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 416773373952, "type": "region", "version": 1 }, "end_va": 416773382143, "entry_point": 0, "filename": null, "id": "region_8832", "name": "pagefile_0x0000006109a10000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 416773373952, "timestamp": "00:02:07.200", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 416773439488, "type": "region", "version": 1 }, "end_va": 416773447679, "entry_point": 0, "filename": null, "id": "region_8834", "name": "private_0x0000006109a20000", "norm_filename": null, "region_type": "private_memory", "start_va": 416773439488, "timestamp": "00:02:07.323", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4194304, "start_va": 416773636096, "type": "region", "version": 1 }, "end_va": 416777830399, "entry_point": 0, "filename": null, "id": "region_8835", "name": "private_0x0000006109a50000", "norm_filename": null, "region_type": "private_memory", "start_va": 416773636096, "timestamp": "00:02:07.323", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1105920, "start_va": 140725090648064, "type": "region", "version": 1 }, "end_va": 140725091753983, "entry_point": 140725090656928, "filename": "\\Windows\\System32\\KernelBase.dll", "id": "region_8836", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\system32\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 140725090648064, "timestamp": "00:02:07.323", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1282048, "start_va": 140725124988928, "type": "region", "version": 1 }, "end_va": 140725126270975, "entry_point": 140725125009460, "filename": "\\Windows\\System32\\kernel32.dll", "id": "region_8837", "name": "kernel32.dll", "norm_filename": "c:\\windows\\system32\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 140725124988928, "timestamp": "00:02:07.324", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 416768917504, "type": "region", "version": 1 }, "end_va": 416768983039, "entry_point": 0, "filename": null, "id": "region_8838", "name": "pagefile_0x00000061095d0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 416768917504, "timestamp": "00:02:07.326", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 140697997934592, "type": "region", "version": 1 }, "end_va": 140697998983167, "entry_point": 0, "filename": null, "id": "region_8839", "name": "pagefile_0x00007ff6ce300000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 140697997934592, "timestamp": "00:02:07.326", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 516096, "start_va": 416777830400, "type": "region", "version": 1 }, "end_va": 416778346495, "entry_point": 416777830400, "filename": "\\Windows\\System32\\locale.nls", "id": "region_8840", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 416777830400, "timestamp": "00:02:07.339", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 36864, "start_va": 140724958920704, "type": "region", "version": 1 }, "end_va": 140724958957567, "entry_point": 140724958924928, "filename": "\\Windows\\System32\\wsock32.dll", "id": "region_8841", "name": "wsock32.dll", "norm_filename": "c:\\windows\\system32\\wsock32.dll", "region_type": "memory_mapped_file", "start_va": 140724958920704, "timestamp": "00:02:07.340", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 140724958855168, "type": "region", "version": 1 }, "end_va": 140724958896127, "entry_point": 140724958859456, "filename": "\\Windows\\System32\\version.dll", "id": "region_8842", "name": "version.dll", "norm_filename": "c:\\windows\\system32\\version.dll", "region_type": "memory_mapped_file", "start_va": 140724958855168, "timestamp": "00:02:07.341", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 126976, "start_va": 140724958724096, "type": "region", "version": 1 }, "end_va": 140724958851071, "entry_point": 140724958733304, "filename": "\\Windows\\System32\\winmm.dll", "id": "region_8843", "name": "winmm.dll", "norm_filename": "c:\\windows\\system32\\winmm.dll", "region_type": "memory_mapped_file", "start_va": 140724958724096, "timestamp": "00:02:07.342", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2465792, "start_va": 140725055651840, "type": "region", "version": 1 }, "end_va": 140725058117631, "entry_point": 140725055670080, "filename": "\\Windows\\WinSxS\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_62475f7becb72503\\comctl32.dll", "id": "region_8844", "name": "comctl32.dll", "norm_filename": "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_62475f7becb72503\\comctl32.dll", "region_type": "memory_mapped_file", "start_va": 140725055651840, "timestamp": "00:02:07.343", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 110592, "start_va": 140724999946240, "type": "region", "version": 1 }, "end_va": 140725000056831, "entry_point": 140724999950416, "filename": "\\Windows\\System32\\mpr.dll", "id": "region_8845", "name": "mpr.dll", "norm_filename": "c:\\windows\\system32\\mpr.dll", "region_type": "memory_mapped_file", "start_va": 140724999946240, "timestamp": "00:02:07.355", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 28672, "start_va": 416768983040, "type": "region", "version": 1 }, "end_va": 416769011711, "entry_point": 0, "filename": null, "id": "region_8846", "name": "private_0x00000061095e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 416768983040, "timestamp": "00:02:07.356", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2359296, "start_va": 140725005254656, "type": "region", "version": 1 }, "end_va": 140725007613951, "entry_point": 140725005259760, "filename": "\\Windows\\System32\\wininet.dll", "id": "region_8847", "name": "wininet.dll", "norm_filename": "c:\\windows\\system32\\wininet.dll", "region_type": "memory_mapped_file", "start_va": 140725005254656, "timestamp": "00:02:07.356", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 28672, "start_va": 140725103820800, "type": "region", "version": 1 }, "end_va": 140725103849471, "entry_point": 140725103824912, "filename": "\\Windows\\System32\\psapi.dll", "id": "region_8848", "name": "psapi.dll", "norm_filename": "c:\\windows\\system32\\psapi.dll", "region_type": "memory_mapped_file", "start_va": 140725103820800, "timestamp": "00:02:07.357", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 167936, "start_va": 140725016985600, "type": "region", "version": 1 }, "end_va": 140725017153535, "entry_point": 140725017016680, "filename": "\\Windows\\System32\\IPHLPAPI.DLL", "id": "region_8849", "name": "iphlpapi.dll", "norm_filename": "c:\\windows\\system32\\iphlpapi.dll", "region_type": "memory_mapped_file", "start_va": 140725016985600, "timestamp": "00:02:07.358", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 126976, "start_va": 140725076557824, "type": "region", "version": 1 }, "end_va": 140725076684799, "entry_point": 140725076562672, "filename": "\\Windows\\System32\\userenv.dll", "id": "region_8850", "name": "userenv.dll", "norm_filename": "c:\\windows\\system32\\userenv.dll", "region_type": "memory_mapped_file", "start_va": 140725076557824, "timestamp": "00:02:07.368", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1187840, "start_va": 140725066858496, "type": "region", "version": 1 }, "end_va": 140725068046335, "entry_point": 140725066904644, "filename": "\\Windows\\System32\\uxtheme.dll", "id": "region_8851", "name": "uxtheme.dll", "norm_filename": "c:\\windows\\system32\\uxtheme.dll", "region_type": "memory_mapped_file", "start_va": 140725066858496, "timestamp": "00:02:07.369", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1511424, "start_va": 140725093466112, "type": "region", "version": 1 }, "end_va": 140725094977535, "entry_point": 140725093620416, "filename": "\\Windows\\System32\\user32.dll", "id": "region_8852", "name": "user32.dll", "norm_filename": "c:\\windows\\system32\\user32.dll", "region_type": "memory_mapped_file", "start_va": 140725093466112, "timestamp": "00:02:07.370", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1331200, "start_va": 140725129773056, "type": "region", "version": 1 }, "end_va": 140725131104255, "entry_point": 140725129845848, "filename": "\\Windows\\System32\\gdi32.dll", "id": "region_8853", "name": "gdi32.dll", "norm_filename": "c:\\windows\\system32\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 140725129773056, "timestamp": "00:02:07.371", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 630784, "start_va": 140725129117696, "type": "region", "version": 1 }, "end_va": 140725129748479, "entry_point": 140725129122212, "filename": "\\Windows\\System32\\comdlg32.dll", "id": "region_8854", "name": "comdlg32.dll", "norm_filename": "c:\\windows\\system32\\comdlg32.dll", "region_type": "memory_mapped_file", "start_va": 140725129117696, "timestamp": "00:02:07.372", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 675840, "start_va": 140725126299648, "type": "region", "version": 1 }, "end_va": 140725126975487, "entry_point": 140725126303760, "filename": "\\Windows\\System32\\advapi32.dll", "id": "region_8855", "name": "advapi32.dll", "norm_filename": "c:\\windows\\system32\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 140725126299648, "timestamp": "00:02:07.372", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 21032960, "start_va": 140725103951872, "type": "region", "version": 1 }, "end_va": 140725124984831, "entry_point": 140725103956224, "filename": "\\Windows\\System32\\shell32.dll", "id": "region_8856", "name": "shell32.dll", "norm_filename": "c:\\windows\\system32\\shell32.dll", "region_type": "memory_mapped_file", "start_va": 140725103951872, "timestamp": "00:02:07.373", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1531904, "start_va": 140725096546304, "type": "region", "version": 1 }, "end_va": 140725098078207, "entry_point": 140725096550580, "filename": "\\Windows\\System32\\ole32.dll", "id": "region_8857", "name": "ole32.dll", "norm_filename": "c:\\windows\\system32\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 140725096546304, "timestamp": "00:02:07.384", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 749568, "start_va": 140725101002752, "type": "region", "version": 1 }, "end_va": 140725101752319, "entry_point": 140725101007136, "filename": "\\Windows\\System32\\oleaut32.dll", "id": "region_8858", "name": "oleaut32.dll", "norm_filename": "c:\\windows\\system32\\oleaut32.dll", "region_type": "memory_mapped_file", "start_va": 140725101002752, "timestamp": "00:02:07.385", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 360448, "start_va": 140725127020544, "type": "region", "version": 1 }, "end_va": 140725127380991, "entry_point": 140725127024796, "filename": "\\Windows\\System32\\ws2_32.dll", "id": "region_8859", "name": "ws2_32.dll", "norm_filename": "c:\\windows\\system32\\ws2_32.dll", "region_type": "memory_mapped_file", "start_va": 140725127020544, "timestamp": "00:02:07.386", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 684032, "start_va": 140725098577920, "type": "region", "version": 1 }, "end_va": 140725099261951, "entry_point": 140725098588204, "filename": "\\Windows\\System32\\msvcrt.dll", "id": "region_8860", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\system32\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 140725098577920, "timestamp": "00:02:07.387", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 172032, "start_va": 140725043789824, "type": "region", "version": 1 }, "end_va": 140725043961855, "entry_point": 140725043832680, "filename": "\\Windows\\System32\\winmmbase.dll", "id": "region_8861", "name": "winmmbase.dll", "norm_filename": "c:\\windows\\system32\\winmmbase.dll", "region_type": "memory_mapped_file", "start_va": 140725043789824, "timestamp": "00:02:07.388", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1269760, "start_va": 140725127806976, "type": "region", "version": 1 }, "end_va": 140725129076735, "entry_point": 140725127811408, "filename": "\\Windows\\System32\\rpcrt4.dll", "id": "region_8862", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\system32\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 140725127806976, "timestamp": "00:02:07.400", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2785280, "start_va": 140725002436608, "type": "region", "version": 1 }, "end_va": 140725005221887, "entry_point": 140725002493380, "filename": "\\Windows\\System32\\iertutil.dll", "id": "region_8863", "name": "iertutil.dll", "norm_filename": "c:\\windows\\system32\\iertutil.dll", "region_type": "memory_mapped_file", "start_va": 140725002436608, "timestamp": "00:02:07.402", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 36864, "start_va": 140725103886336, "type": "region", "version": 1 }, "end_va": 140725103923199, "entry_point": 140725103891456, "filename": "\\Windows\\System32\\nsi.dll", "id": "region_8864", "name": "nsi.dll", "norm_filename": "c:\\windows\\system32\\nsi.dll", "region_type": "memory_mapped_file", "start_va": 140725103886336, "timestamp": "00:02:07.403", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 140725016920064, "type": "region", "version": 1 }, "end_va": 140725016961023, "entry_point": 140725016924356, "filename": "\\Windows\\System32\\winnsi.dll", "id": "region_8865", "name": "winnsi.dll", "norm_filename": "c:\\windows\\system32\\winnsi.dll", "region_type": "memory_mapped_file", "start_va": 140725016920064, "timestamp": "00:02:07.404", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 81920, "start_va": 140725086453760, "type": "region", "version": 1 }, "end_va": 140725086535679, "entry_point": 140725086468812, "filename": "\\Windows\\System32\\profapi.dll", "id": "region_8866", "name": "profapi.dll", "norm_filename": "c:\\windows\\system32\\profapi.dll", "region_type": "memory_mapped_file", "start_va": 140725086453760, "timestamp": "00:02:07.415", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1929216, "start_va": 140725131149312, "type": "region", "version": 1 }, "end_va": 140725133078527, "entry_point": 140725131157344, "filename": "\\Windows\\System32\\combase.dll", "id": "region_8867", "name": "combase.dll", "norm_filename": "c:\\windows\\system32\\combase.dll", "region_type": "memory_mapped_file", "start_va": 140725131149312, "timestamp": "00:02:07.419", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 331776, "start_va": 140725095038976, "type": "region", "version": 1 }, "end_va": 140725095370751, "entry_point": 140725095043776, "filename": "\\Windows\\System32\\shlwapi.dll", "id": "region_8868", "name": "shlwapi.dll", "norm_filename": "c:\\windows\\system32\\shlwapi.dll", "region_type": "memory_mapped_file", "start_va": 140725095038976, "timestamp": "00:02:07.432", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 356352, "start_va": 140725098184704, "type": "region", "version": 1 }, "end_va": 140725098541055, "entry_point": 140725098194176, "filename": "\\Windows\\System32\\sechost.dll", "id": "region_8869", "name": "sechost.dll", "norm_filename": "c:\\windows\\system32\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 140725098184704, "timestamp": "00:02:07.434", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 303104, "start_va": 140725090320384, "type": "region", "version": 1 }, "end_va": 140725090623487, "entry_point": 140725090325080, "filename": "\\Windows\\System32\\cfgmgr32.dll", "id": "region_8870", "name": "cfgmgr32.dll", "norm_filename": "c:\\windows\\system32\\cfgmgr32.dll", "region_type": "memory_mapped_file", "start_va": 140725090320384, "timestamp": "00:02:07.458", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 155648, "start_va": 140725068103680, "type": "region", "version": 1 }, "end_va": 140725068259327, "entry_point": 140725068109212, "filename": "\\Windows\\System32\\devobj.dll", "id": "region_8871", "name": "devobj.dll", "norm_filename": "c:\\windows\\system32\\devobj.dll", "region_type": "memory_mapped_file", "start_va": 140725068103680, "timestamp": "00:02:07.460", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 659456, "start_va": 140725060108288, "type": "region", "version": 1 }, "end_va": 140725060767743, "entry_point": 140725060112544, "filename": "\\Windows\\System32\\SHCore.dll", "id": "region_8872", "name": "shcore.dll", "norm_filename": "c:\\windows\\system32\\shcore.dll", "region_type": "memory_mapped_file", "start_va": 140725060108288, "timestamp": "00:02:07.471", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1703936, "start_va": 416778354688, "type": "region", "version": 1 }, "end_va": 416780058623, "entry_point": 0, "filename": null, "id": "region_8873", "name": "private_0x0000006109ed0000", "norm_filename": null, "region_type": "private_memory", "start_va": 416778354688, "timestamp": "00:02:07.491", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 28672, "start_va": 416773505024, "type": "region", "version": 1 }, "end_va": 416773533695, "entry_point": 0, "filename": null, "id": "region_8874", "name": "private_0x0000006109a30000", "norm_filename": null, "region_type": "private_memory", "start_va": 416773505024, "timestamp": "00:02:07.493", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 416778354688, "type": "region", "version": 1 }, "end_va": 416779960319, "entry_point": 0, "filename": null, "id": "region_8875", "name": "pagefile_0x0000006109ed0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 416778354688, "timestamp": "00:02:07.495", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 416779993088, "type": "region", "version": 1 }, "end_va": 416780058623, "entry_point": 0, "filename": null, "id": "region_8876", "name": "private_0x000000610a060000", "norm_filename": null, "region_type": "private_memory", "start_va": 416779993088, "timestamp": "00:02:07.495", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 212992, "start_va": 416780058624, "type": "region", "version": 1 }, "end_va": 416780271615, "entry_point": 416780062768, "filename": "\\Windows\\System32\\imm32.dll", "id": "region_8877", "name": "imm32.dll", "norm_filename": "c:\\windows\\system32\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 416780058624, "timestamp": "00:02:07.495", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 212992, "start_va": 140725095563264, "type": "region", "version": 1 }, "end_va": 140725095776255, "entry_point": 140725095567408, "filename": "\\Windows\\System32\\imm32.dll", "id": "region_8878", "name": "imm32.dll", "norm_filename": "c:\\windows\\system32\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 140725095563264, "timestamp": "00:02:07.497", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1277952, "start_va": 140725091762176, "type": "region", "version": 1 }, "end_va": 140725093040127, "entry_point": 140725091766288, "filename": "\\Windows\\System32\\msctf.dll", "id": "region_8879", "name": "msctf.dll", "norm_filename": "c:\\windows\\system32\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 140725091762176, "timestamp": "00:02:07.498", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 416780058624, "type": "region", "version": 1 }, "end_va": 416781635583, "entry_point": 0, "filename": null, "id": "region_8880", "name": "pagefile_0x000000610a070000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 416780058624, "timestamp": "00:02:07.503", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20971520, "start_va": 416781697024, "type": "region", "version": 1 }, "end_va": 416802668543, "entry_point": 0, "filename": null, "id": "region_8881", "name": "pagefile_0x000000610a200000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 416781697024, "timestamp": "00:02:07.503", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 416773570560, "type": "region", "version": 1 }, "end_va": 416773574655, "entry_point": 0, "filename": null, "id": "region_8882", "name": "private_0x0000006109a40000", "norm_filename": null, "region_type": "private_memory", "start_va": 416773570560, "timestamp": "00:02:07.507", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 416802668544, "type": "region", "version": 1 }, "end_va": 416802672639, "entry_point": 0, "filename": null, "id": "region_8883", "name": "private_0x000000610b600000", "norm_filename": null, "region_type": "private_memory", "start_va": 416802668544, "timestamp": "00:02:07.507", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 416802734080, "type": "region", "version": 1 }, "end_va": 416802738175, "entry_point": 416802734080, "filename": "\\Windows\\WindowsShell.Manifest", "id": "region_8884", "name": "windowsshell.manifest", "norm_filename": "c:\\windows\\windowsshell.manifest", "region_type": "memory_mapped_file", "start_va": 416802734080, "timestamp": "00:02:07.508", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 416802799616, "type": "region", "version": 1 }, "end_va": 416802807807, "entry_point": 0, "filename": null, "id": "region_8885", "name": "pagefile_0x000000610b620000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 416802799616, "timestamp": "00:02:07.508", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 416802865152, "type": "region", "version": 1 }, "end_va": 416803913727, "entry_point": 0, "filename": null, "id": "region_8886", "name": "private_0x000000610b630000", "norm_filename": null, "region_type": "private_memory", "start_va": 416802865152, "timestamp": "00:02:07.512", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 761856, "start_va": 416802865152, "type": "region", "version": 1 }, "end_va": 416803627007, "entry_point": 416803047272, "filename": "\\Windows\\System32\\rpcss.dll", "id": "region_8887", "name": "rpcss.dll", "norm_filename": "c:\\windows\\system32\\rpcss.dll", "region_type": "memory_mapped_file", "start_va": 416802865152, "timestamp": "00:02:07.518", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 416803848192, "type": "region", "version": 1 }, "end_va": 416803913727, "entry_point": 0, "filename": null, "id": "region_8888", "name": "private_0x000000610b720000", "norm_filename": null, "region_type": "private_memory", "start_va": 416803848192, "timestamp": "00:02:07.519", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 140725068431360, "type": "region", "version": 1 }, "end_va": 140725068472319, "entry_point": 140725068437320, "filename": "\\Windows\\System32\\kernel.appcore.dll", "id": "region_8889", "name": "kernel.appcore.dll", "norm_filename": "c:\\windows\\system32\\kernel.appcore.dll", "region_type": "memory_mapped_file", "start_va": 140725068431360, "timestamp": "00:02:07.520", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 140725085208576, "type": "region", "version": 1 }, "end_va": 140725085249535, "entry_point": 140725085212688, "filename": "\\Windows\\System32\\cryptbase.dll", "id": "region_8890", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\system32\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 140725085208576, "timestamp": "00:02:07.522", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 385024, "start_va": 140725084815360, "type": "region", "version": 1 }, "end_va": 140725085200383, "entry_point": 140725084944032, "filename": "\\Windows\\System32\\bcryptprimitives.dll", "id": "region_8891", "name": "bcryptprimitives.dll", "norm_filename": "c:\\windows\\system32\\bcryptprimitives.dll", "region_type": "memory_mapped_file", "start_va": 140725084815360, "timestamp": "00:02:07.523", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 416802734080, "type": "region", "version": 1 }, "end_va": 416802738175, "entry_point": 0, "filename": null, "id": "region_8892", "name": "pagefile_0x000000610b610000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 416802734080, "timestamp": "00:02:07.529", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 983040, "start_va": 416802865152, "type": "region", "version": 1 }, "end_va": 416803848191, "entry_point": 0, "filename": null, "id": "region_8893", "name": "pagefile_0x000000610b630000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 416802865152, "timestamp": "00:02:07.529", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 416802734080, "type": "region", "version": 1 }, "end_va": 416802750463, "entry_point": 0, "filename": null, "id": "region_8894", "name": "pagefile_0x000000610b610000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 416802734080, "timestamp": "00:02:07.530", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 28672, "start_va": 416803913728, "type": "region", "version": 1 }, "end_va": 416803942399, "entry_point": 0, "filename": null, "id": "region_8895", "name": "private_0x000000610b730000", "norm_filename": null, "region_type": "private_memory", "start_va": 416803913728, "timestamp": "00:02:07.530", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 416803979264, "type": "region", "version": 1 }, "end_va": 416805027839, "entry_point": 0, "filename": null, "id": "region_8896", "name": "private_0x000000610b740000", "norm_filename": null, "region_type": "private_memory", "start_va": 416803979264, "timestamp": "00:02:07.537", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1052672, "start_va": 416805027840, "type": "region", "version": 1 }, "end_va": 416806080511, "entry_point": 416805222940, "filename": "\\Program Files\\Common Files\\wanacry6.malware.exe", "id": "region_8897", "name": "wanacry6.malware.exe", "norm_filename": "c:\\program files\\common files\\wanacry6.malware.exe", "region_type": "memory_mapped_file", "start_va": 416805027840, "timestamp": "00:02:07.540", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 416805027840, "type": "region", "version": 1 }, "end_va": 416805031935, "entry_point": 0, "filename": null, "id": "region_8898", "name": "private_0x000000610b840000", "norm_filename": null, "region_type": "private_memory", "start_va": 416805027840, "timestamp": "00:02:07.571", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 135168, "start_va": 140725058142208, "type": "region", "version": 1 }, "end_va": 140725058277375, "entry_point": 140725058146560, "filename": "\\Windows\\System32\\dwmapi.dll", "id": "region_8899", "name": "dwmapi.dll", "norm_filename": "c:\\windows\\system32\\dwmapi.dll", "region_type": "memory_mapped_file", "start_va": 140725058142208, "timestamp": "00:02:07.572", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2969600, "start_va": 416805093376, "type": "region", "version": 1 }, "end_va": 416808062975, "entry_point": 416805093376, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_8900", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 416805093376, "timestamp": "00:02:07.577", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 12288, "start_va": 416808108032, "type": "region", "version": 1 }, "end_va": 416808120319, "entry_point": 0, "filename": null, "id": "region_8901", "name": "pagefile_0x000000610bb30000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 416808108032, "timestamp": "00:02:07.581", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 416808108032, "type": "region", "version": 1 }, "end_va": 416808112127, "entry_point": 0, "filename": null, "id": "region_8902", "name": "pagefile_0x000000610bb30000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 416808108032, "timestamp": "00:02:07.587", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 416808173568, "type": "region", "version": 1 }, "end_va": 416808177663, "entry_point": 0, "filename": null, "id": "region_8903", "name": "private_0x000000610bb40000", "norm_filename": null, "region_type": "private_memory", "start_va": 416808173568, "timestamp": "00:02:08.610", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 5185536, "start_va": 416808239104, "type": "region", "version": 1 }, "end_va": 416813424639, "entry_point": 0, "filename": null, "id": "region_8904", "name": "pagefile_0x000000610bb50000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 416808239104, "timestamp": "00:02:08.616", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 15138816, "start_va": 416813481984, "type": "region", "version": 1 }, "end_va": 416828620799, "entry_point": 416813481984, "filename": "\\Windows\\Fonts\\StaticCache.dat", "id": "region_8905", "name": "staticcache.dat", "norm_filename": "c:\\windows\\fonts\\staticcache.dat", "region_type": "memory_mapped_file", "start_va": 416813481984, "timestamp": "00:02:08.616", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 86016, "start_va": 140725025898496, "type": "region", "version": 1 }, "end_va": 140725025984511, "entry_point": 140725025902656, "filename": "\\Windows\\System32\\netapi32.dll", "id": "region_8906", "name": "netapi32.dll", "norm_filename": "c:\\windows\\system32\\netapi32.dll", "region_type": "memory_mapped_file", "start_va": 140725025898496, "timestamp": "00:02:08.624", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 140725072494592, "type": "region", "version": 1 }, "end_va": 140725072543743, "entry_point": 140725072499804, "filename": "\\Windows\\System32\\netutils.dll", "id": "region_8907", "name": "netutils.dll", "norm_filename": "c:\\windows\\system32\\netutils.dll", "region_type": "memory_mapped_file", "start_va": 140725072494592, "timestamp": "00:02:08.625", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 151552, "start_va": 140725073608704, "type": "region", "version": 1 }, "end_va": 140725073760255, "entry_point": 140725073612916, "filename": "\\Windows\\System32\\srvcli.dll", "id": "region_8908", "name": "srvcli.dll", "norm_filename": "c:\\windows\\system32\\srvcli.dll", "region_type": "memory_mapped_file", "start_va": 140725073608704, "timestamp": "00:02:08.626", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 90112, "start_va": 140725025636352, "type": "region", "version": 1 }, "end_va": 140725025726463, "entry_point": 140725025640520, "filename": "\\Windows\\System32\\wkscli.dll", "id": "region_8909", "name": "wkscli.dll", "norm_filename": "c:\\windows\\system32\\wkscli.dll", "region_type": "memory_mapped_file", "start_va": 140725025636352, "timestamp": "00:02:08.627", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 2195456, "start_va": 416828620800, "type": "region", "version": 1 }, "end_va": 416830816255, "entry_point": 0, "filename": null, "id": "region_8930", "name": "pagefile_0x000000610cec0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 416828620800, "timestamp": "00:02:08.703", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 416830849024, "type": "region", "version": 1 }, "end_va": 416830853119, "entry_point": 0, "filename": null, "id": "region_8931", "name": "pagefile_0x000000610d0e0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 416830849024, "timestamp": "00:02:08.703", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 48848896, "start_va": 416830849024, "type": "region", "version": 1 }, "end_va": 416879697919, "entry_point": 416830849024, "filename": "\\Windows\\System32\\imageres.dll", "id": "region_8951", "name": "imageres.dll", "norm_filename": "c:\\windows\\system32\\imageres.dll", "region_type": "memory_mapped_file", "start_va": 416830849024, "timestamp": "00:02:09.519", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 12288, "start_va": 416879738880, "type": "region", "version": 1 }, "end_va": 416879751167, "entry_point": 0, "filename": null, "id": "region_8952", "name": "pagefile_0x000000610ff80000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 416879738880, "timestamp": "00:02:09.519", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 416879804416, "type": "region", "version": 1 }, "end_va": 416879808511, "entry_point": 0, "filename": null, "id": "region_8953", "name": "pagefile_0x000000610ff90000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 416879804416, "timestamp": "00:02:09.519", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4169728, "start_va": 416879869952, "type": "region", "version": 1 }, "end_va": 416884039679, "entry_point": 0, "filename": null, "id": "region_8954", "name": "pagefile_0x000000610ffa0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 416879869952, "timestamp": "00:02:09.520", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 278528, "start_va": 416884064256, "type": "region", "version": 1 }, "end_va": 416884342783, "entry_point": 0, "filename": null, "id": "region_8955", "name": "pagefile_0x00000061103a0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 416884064256, "timestamp": "00:02:09.520", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 217088, "start_va": 140725075443712, "type": "region", "version": 1 }, "end_va": 140725075660799, "entry_point": 140725075448792, "filename": "\\Windows\\System32\\rsaenh.dll", "id": "region_8956", "name": "rsaenh.dll", "norm_filename": "c:\\windows\\system32\\rsaenh.dll", "region_type": "memory_mapped_file", "start_va": 140725075443712, "timestamp": "00:02:09.520", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 122880, "start_va": 140725079769088, "type": "region", "version": 1 }, "end_va": 140725079891967, "entry_point": 140725079773640, "filename": "\\Windows\\System32\\cryptsp.dll", "id": "region_8957", "name": "cryptsp.dll", "norm_filename": "c:\\windows\\system32\\cryptsp.dll", "region_type": "memory_mapped_file", "start_va": 140725079769088, "timestamp": "00:02:09.520", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 155648, "start_va": 140725082062848, "type": "region", "version": 1 }, "end_va": 140725082218495, "entry_point": 140725082086248, "filename": "\\Windows\\System32\\bcrypt.dll", "id": "region_8958", "name": "bcrypt.dll", "norm_filename": "c:\\windows\\system32\\bcrypt.dll", "region_type": "memory_mapped_file", "start_va": 140725082062848, "timestamp": "00:02:09.521", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1089536, "start_va": 416884391936, "type": "region", "version": 1 }, "end_va": 416885481471, "entry_point": 0, "filename": null, "id": "region_8959", "name": "private_0x00000061103f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 416884391936, "timestamp": "00:02:09.530", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "C:\\PROGRA~1\\COMMON~1\\WANACR~1.EXE", "filename": "c:\\progra~1\\common~1\\wanacr~1.exe", "id": "proc_75", "image_name": "wanacr~1.exe", "monitor_reason": "child_process", "monitored_id": 75, "origin_monitor_id": 74, "ref_parent_process": { "ref_id": "proc_74", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable" ], "ref_process_dump": null, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_8975", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:02:09.816", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 131072, "start_va": 813950042112, "type": "region", "version": 1 }, "end_va": 813950173183, "entry_point": 0, "filename": null, "id": "region_8976", "name": "private_0x000000bd83340000", "norm_filename": null, "region_type": "private_memory", "start_va": 813950042112, "timestamp": "00:02:09.816", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 61440, "start_va": 813950173184, "type": "region", "version": 1 }, "end_va": 813950234623, "entry_point": 0, "filename": null, "id": "region_8977", "name": "pagefile_0x000000bd83360000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 813950173184, "timestamp": "00:02:09.816", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4194304, "start_va": 813950238720, "type": "region", "version": 1 }, "end_va": 813954433023, "entry_point": 0, "filename": null, "id": "region_8978", "name": "private_0x000000bd83370000", "norm_filename": null, "region_type": "private_memory", "start_va": 813950238720, "timestamp": "00:02:09.817", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 813954433024, "type": "region", "version": 1 }, "end_va": 813954449407, "entry_point": 0, "filename": null, "id": "region_8979", "name": "pagefile_0x000000bd83770000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 813954433024, "timestamp": "00:02:09.817", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 140698000162816, "type": "region", "version": 1 }, "end_va": 140698000306175, "entry_point": 0, "filename": null, "id": "region_8980", "name": "pagefile_0x00007ff6ce520000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 140698000162816, "timestamp": "00:02:09.817", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 140698000314368, "type": "region", "version": 1 }, "end_va": 140698000318463, "entry_point": 0, "filename": null, "id": "region_8981", "name": "private_0x00007ff6ce545000", "norm_filename": null, "region_type": "private_memory", "start_va": 140698000314368, "timestamp": "00:02:09.817", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140698000351232, "type": "region", "version": 1 }, "end_va": 140698000359423, "entry_point": 0, "filename": null, "id": "region_8982", "name": "private_0x00007ff6ce54e000", "norm_filename": null, "region_type": "private_memory", "start_va": 140698000351232, "timestamp": "00:02:09.817", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1085440, "start_va": 140698014777344, "type": "region", "version": 1 }, "end_va": 140698015862783, "entry_point": 140698014972444, "filename": "\\PROGRA~1\\COMMON~1\\WANACR~1.EXE", "id": "region_8983", "name": "wanacr~1.exe", "norm_filename": "c:\\progra~1\\common~1\\wanacr~1.exe", "region_type": "memory_mapped_file", "start_va": 140698014777344, "timestamp": "00:02:09.817", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 140725133115392, "type": "region", "version": 1 }, "end_va": 140725134856191, "entry_point": 140725133115392, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_8984", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 140725133115392, "timestamp": "00:02:09.817", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 813954498560, "type": "region", "version": 1 }, "end_va": 813954506751, "entry_point": 0, "filename": null, "id": "region_8985", "name": "pagefile_0x000000bd83780000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 813954498560, "timestamp": "00:02:09.818", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 813954564096, "type": "region", "version": 1 }, "end_va": 813954572287, "entry_point": 0, "filename": null, "id": "region_8986", "name": "private_0x000000bd83790000", "norm_filename": null, "region_type": "private_memory", "start_va": 813954564096, "timestamp": "00:02:09.942", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4194304, "start_va": 813956595712, "type": "region", "version": 1 }, "end_va": 813960790015, "entry_point": 0, "filename": null, "id": "region_8987", "name": "private_0x000000bd83980000", "norm_filename": null, "region_type": "private_memory", "start_va": 813956595712, "timestamp": "00:02:09.942", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1105920, "start_va": 140725090648064, "type": "region", "version": 1 }, "end_va": 140725091753983, "entry_point": 140725090656928, "filename": "\\Windows\\System32\\KernelBase.dll", "id": "region_8988", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\system32\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 140725090648064, "timestamp": "00:02:09.942", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1282048, "start_va": 140725124988928, "type": "region", "version": 1 }, "end_va": 140725126270975, "entry_point": 140725125009460, "filename": "\\Windows\\System32\\kernel32.dll", "id": "region_8989", "name": "kernel32.dll", "norm_filename": "c:\\windows\\system32\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 140725124988928, "timestamp": "00:02:09.943", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 813950042112, "type": "region", "version": 1 }, "end_va": 813950107647, "entry_point": 0, "filename": null, "id": "region_8990", "name": "pagefile_0x000000bd83340000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 813950042112, "timestamp": "00:02:09.954", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 140697999114240, "type": "region", "version": 1 }, "end_va": 140698000162815, "entry_point": 0, "filename": null, "id": "region_8991", "name": "pagefile_0x00007ff6ce420000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 140697999114240, "timestamp": "00:02:09.954", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 516096, "start_va": 813954629632, "type": "region", "version": 1 }, "end_va": 813955145727, "entry_point": 813954629632, "filename": "\\Windows\\System32\\locale.nls", "id": "region_8992", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 813954629632, "timestamp": "00:02:09.956", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 36864, "start_va": 140724958920704, "type": "region", "version": 1 }, "end_va": 140724958957567, "entry_point": 140724958924928, "filename": "\\Windows\\System32\\wsock32.dll", "id": "region_8993", "name": "wsock32.dll", "norm_filename": "c:\\windows\\system32\\wsock32.dll", "region_type": "memory_mapped_file", "start_va": 140724958920704, "timestamp": "00:02:09.957", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 140724958855168, "type": "region", "version": 1 }, "end_va": 140724958896127, "entry_point": 140724958859456, "filename": "\\Windows\\System32\\version.dll", "id": "region_8994", "name": "version.dll", "norm_filename": "c:\\windows\\system32\\version.dll", "region_type": "memory_mapped_file", "start_va": 140724958855168, "timestamp": "00:02:09.958", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 126976, "start_va": 140724958724096, "type": "region", "version": 1 }, "end_va": 140724958851071, "entry_point": 140724958733304, "filename": "\\Windows\\System32\\winmm.dll", "id": "region_8995", "name": "winmm.dll", "norm_filename": "c:\\windows\\system32\\winmm.dll", "region_type": "memory_mapped_file", "start_va": 140724958724096, "timestamp": "00:02:09.959", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2465792, "start_va": 140725055651840, "type": "region", "version": 1 }, "end_va": 140725058117631, "entry_point": 140725055670080, "filename": "\\Windows\\WinSxS\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_62475f7becb72503\\comctl32.dll", "id": "region_8996", "name": "comctl32.dll", "norm_filename": "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_62475f7becb72503\\comctl32.dll", "region_type": "memory_mapped_file", "start_va": 140725055651840, "timestamp": "00:02:09.969", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 110592, "start_va": 140724999946240, "type": "region", "version": 1 }, "end_va": 140725000056831, "entry_point": 140724999950416, "filename": "\\Windows\\System32\\mpr.dll", "id": "region_8997", "name": "mpr.dll", "norm_filename": "c:\\windows\\system32\\mpr.dll", "region_type": "memory_mapped_file", "start_va": 140724999946240, "timestamp": "00:02:09.971", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 28672, "start_va": 813950107648, "type": "region", "version": 1 }, "end_va": 813950136319, "entry_point": 0, "filename": null, "id": "region_8998", "name": "private_0x000000bd83350000", "norm_filename": null, "region_type": "private_memory", "start_va": 813950107648, "timestamp": "00:02:09.972", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2359296, "start_va": 140725005254656, "type": "region", "version": 1 }, "end_va": 140725007613951, "entry_point": 140725005259760, "filename": "\\Windows\\System32\\wininet.dll", "id": "region_8999", "name": "wininet.dll", "norm_filename": "c:\\windows\\system32\\wininet.dll", "region_type": "memory_mapped_file", "start_va": 140725005254656, "timestamp": "00:02:09.972", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 28672, "start_va": 140725103820800, "type": "region", "version": 1 }, "end_va": 140725103849471, "entry_point": 140725103824912, "filename": "\\Windows\\System32\\psapi.dll", "id": "region_9000", "name": "psapi.dll", "norm_filename": "c:\\windows\\system32\\psapi.dll", "region_type": "memory_mapped_file", "start_va": 140725103820800, "timestamp": "00:02:09.973", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 167936, "start_va": 140725016985600, "type": "region", "version": 1 }, "end_va": 140725017153535, "entry_point": 140725017016680, "filename": "\\Windows\\System32\\IPHLPAPI.DLL", "id": "region_9001", "name": "iphlpapi.dll", "norm_filename": "c:\\windows\\system32\\iphlpapi.dll", "region_type": "memory_mapped_file", "start_va": 140725016985600, "timestamp": "00:02:09.974", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 126976, "start_va": 140725076557824, "type": "region", "version": 1 }, "end_va": 140725076684799, "entry_point": 140725076562672, "filename": "\\Windows\\System32\\userenv.dll", "id": "region_9002", "name": "userenv.dll", "norm_filename": "c:\\windows\\system32\\userenv.dll", "region_type": "memory_mapped_file", "start_va": 140725076557824, "timestamp": "00:02:09.975", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1187840, "start_va": 140725066858496, "type": "region", "version": 1 }, "end_va": 140725068046335, "entry_point": 140725066904644, "filename": "\\Windows\\System32\\uxtheme.dll", "id": "region_9003", "name": "uxtheme.dll", "norm_filename": "c:\\windows\\system32\\uxtheme.dll", "region_type": "memory_mapped_file", "start_va": 140725066858496, "timestamp": "00:02:09.985", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1511424, "start_va": 140725093466112, "type": "region", "version": 1 }, "end_va": 140725094977535, "entry_point": 140725093620416, "filename": "\\Windows\\System32\\user32.dll", "id": "region_9004", "name": "user32.dll", "norm_filename": "c:\\windows\\system32\\user32.dll", "region_type": "memory_mapped_file", "start_va": 140725093466112, "timestamp": "00:02:09.986", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1331200, "start_va": 140725129773056, "type": "region", "version": 1 }, "end_va": 140725131104255, "entry_point": 140725129845848, "filename": "\\Windows\\System32\\gdi32.dll", "id": "region_9005", "name": "gdi32.dll", "norm_filename": "c:\\windows\\system32\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 140725129773056, "timestamp": "00:02:09.987", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 630784, "start_va": 140725129117696, "type": "region", "version": 1 }, "end_va": 140725129748479, "entry_point": 140725129122212, "filename": "\\Windows\\System32\\comdlg32.dll", "id": "region_9006", "name": "comdlg32.dll", "norm_filename": "c:\\windows\\system32\\comdlg32.dll", "region_type": "memory_mapped_file", "start_va": 140725129117696, "timestamp": "00:02:09.988", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 675840, "start_va": 140725126299648, "type": "region", "version": 1 }, "end_va": 140725126975487, "entry_point": 140725126303760, "filename": "\\Windows\\System32\\advapi32.dll", "id": "region_9007", "name": "advapi32.dll", "norm_filename": "c:\\windows\\system32\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 140725126299648, "timestamp": "00:02:09.988", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 21032960, "start_va": 140725103951872, "type": "region", "version": 1 }, "end_va": 140725124984831, "entry_point": 140725103956224, "filename": "\\Windows\\System32\\shell32.dll", "id": "region_9008", "name": "shell32.dll", "norm_filename": "c:\\windows\\system32\\shell32.dll", "region_type": "memory_mapped_file", "start_va": 140725103951872, "timestamp": "00:02:09.989", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1531904, "start_va": 140725096546304, "type": "region", "version": 1 }, "end_va": 140725098078207, "entry_point": 140725096550580, "filename": "\\Windows\\System32\\ole32.dll", "id": "region_9009", "name": "ole32.dll", "norm_filename": "c:\\windows\\system32\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 140725096546304, "timestamp": "00:02:09.990", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 749568, "start_va": 140725101002752, "type": "region", "version": 1 }, "end_va": 140725101752319, "entry_point": 140725101007136, "filename": "\\Windows\\System32\\oleaut32.dll", "id": "region_9010", "name": "oleaut32.dll", "norm_filename": "c:\\windows\\system32\\oleaut32.dll", "region_type": "memory_mapped_file", "start_va": 140725101002752, "timestamp": "00:02:10.000", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 360448, "start_va": 140725127020544, "type": "region", "version": 1 }, "end_va": 140725127380991, "entry_point": 140725127024796, "filename": "\\Windows\\System32\\ws2_32.dll", "id": "region_9011", "name": "ws2_32.dll", "norm_filename": "c:\\windows\\system32\\ws2_32.dll", "region_type": "memory_mapped_file", "start_va": 140725127020544, "timestamp": "00:02:10.001", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 684032, "start_va": 140725098577920, "type": "region", "version": 1 }, "end_va": 140725099261951, "entry_point": 140725098588204, "filename": "\\Windows\\System32\\msvcrt.dll", "id": "region_9012", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\system32\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 140725098577920, "timestamp": "00:02:10.002", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 172032, "start_va": 140725043789824, "type": "region", "version": 1 }, "end_va": 140725043961855, "entry_point": 140725043832680, "filename": "\\Windows\\System32\\winmmbase.dll", "id": "region_9013", "name": "winmmbase.dll", "norm_filename": "c:\\windows\\system32\\winmmbase.dll", "region_type": "memory_mapped_file", "start_va": 140725043789824, "timestamp": "00:02:10.004", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1269760, "start_va": 140725127806976, "type": "region", "version": 1 }, "end_va": 140725129076735, "entry_point": 140725127811408, "filename": "\\Windows\\System32\\rpcrt4.dll", "id": "region_9014", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\system32\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 140725127806976, "timestamp": "00:02:10.006", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2785280, "start_va": 140725002436608, "type": "region", "version": 1 }, "end_va": 140725005221887, "entry_point": 140725002493380, "filename": "\\Windows\\System32\\iertutil.dll", "id": "region_9015", "name": "iertutil.dll", "norm_filename": "c:\\windows\\system32\\iertutil.dll", "region_type": "memory_mapped_file", "start_va": 140725002436608, "timestamp": "00:02:10.018", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 36864, "start_va": 140725103886336, "type": "region", "version": 1 }, "end_va": 140725103923199, "entry_point": 140725103891456, "filename": "\\Windows\\System32\\nsi.dll", "id": "region_9016", "name": "nsi.dll", "norm_filename": "c:\\windows\\system32\\nsi.dll", "region_type": "memory_mapped_file", "start_va": 140725103886336, "timestamp": "00:02:10.020", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 140725016920064, "type": "region", "version": 1 }, "end_va": 140725016961023, "entry_point": 140725016924356, "filename": "\\Windows\\System32\\winnsi.dll", "id": "region_9017", "name": "winnsi.dll", "norm_filename": "c:\\windows\\system32\\winnsi.dll", "region_type": "memory_mapped_file", "start_va": 140725016920064, "timestamp": "00:02:10.020", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 81920, "start_va": 140725086453760, "type": "region", "version": 1 }, "end_va": 140725086535679, "entry_point": 140725086468812, "filename": "\\Windows\\System32\\profapi.dll", "id": "region_9018", "name": "profapi.dll", "norm_filename": "c:\\windows\\system32\\profapi.dll", "region_type": "memory_mapped_file", "start_va": 140725086453760, "timestamp": "00:02:10.022", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1929216, "start_va": 140725131149312, "type": "region", "version": 1 }, "end_va": 140725133078527, "entry_point": 140725131157344, "filename": "\\Windows\\System32\\combase.dll", "id": "region_9019", "name": "combase.dll", "norm_filename": "c:\\windows\\system32\\combase.dll", "region_type": "memory_mapped_file", "start_va": 140725131149312, "timestamp": "00:02:10.042", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 331776, "start_va": 140725095038976, "type": "region", "version": 1 }, "end_va": 140725095370751, "entry_point": 140725095043776, "filename": "\\Windows\\System32\\shlwapi.dll", "id": "region_9020", "name": "shlwapi.dll", "norm_filename": "c:\\windows\\system32\\shlwapi.dll", "region_type": "memory_mapped_file", "start_va": 140725095038976, "timestamp": "00:02:10.045", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 356352, "start_va": 140725098184704, "type": "region", "version": 1 }, "end_va": 140725098541055, "entry_point": 140725098194176, "filename": "\\Windows\\System32\\sechost.dll", "id": "region_9021", "name": "sechost.dll", "norm_filename": "c:\\windows\\system32\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 140725098184704, "timestamp": "00:02:10.046", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 303104, "start_va": 140725090320384, "type": "region", "version": 1 }, "end_va": 140725090623487, "entry_point": 140725090325080, "filename": "\\Windows\\System32\\cfgmgr32.dll", "id": "region_9022", "name": "cfgmgr32.dll", "norm_filename": "c:\\windows\\system32\\cfgmgr32.dll", "region_type": "memory_mapped_file", "start_va": 140725090320384, "timestamp": "00:02:10.049", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 155648, "start_va": 140725068103680, "type": "region", "version": 1 }, "end_va": 140725068259327, "entry_point": 140725068109212, "filename": "\\Windows\\System32\\devobj.dll", "id": "region_9023", "name": "devobj.dll", "norm_filename": "c:\\windows\\system32\\devobj.dll", "region_type": "memory_mapped_file", "start_va": 140725068103680, "timestamp": "00:02:10.050", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 659456, "start_va": 140725060108288, "type": "region", "version": 1 }, "end_va": 140725060767743, "entry_point": 140725060112544, "filename": "\\Windows\\System32\\SHCore.dll", "id": "region_9024", "name": "shcore.dll", "norm_filename": "c:\\windows\\system32\\shcore.dll", "region_type": "memory_mapped_file", "start_va": 140725060108288, "timestamp": "00:02:10.059", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 851968, "start_va": 813955153920, "type": "region", "version": 1 }, "end_va": 813956005887, "entry_point": 0, "filename": null, "id": "region_9025", "name": "private_0x000000bd83820000", "norm_filename": null, "region_type": "private_memory", "start_va": 813955153920, "timestamp": "00:02:10.063", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 28672, "start_va": 813955153920, "type": "region", "version": 1 }, "end_va": 813955182591, "entry_point": 0, "filename": null, "id": "region_9026", "name": "private_0x000000bd83820000", "norm_filename": null, "region_type": "private_memory", "start_va": 813955153920, "timestamp": "00:02:10.064", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 813955940352, "type": "region", "version": 1 }, "end_va": 813956005887, "entry_point": 0, "filename": null, "id": "region_9027", "name": "private_0x000000bd838e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 813955940352, "timestamp": "00:02:10.064", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 212992, "start_va": 813955219456, "type": "region", "version": 1 }, "end_va": 813955432447, "entry_point": 813955223600, "filename": "\\Windows\\System32\\imm32.dll", "id": "region_9028", "name": "imm32.dll", "norm_filename": "c:\\windows\\system32\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 813955219456, "timestamp": "00:02:10.066", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 813960790016, "type": "region", "version": 1 }, "end_va": 813962395647, "entry_point": 0, "filename": null, "id": "region_9029", "name": "pagefile_0x000000bd83d80000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 813960790016, "timestamp": "00:02:10.066", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 212992, "start_va": 140725095563264, "type": "region", "version": 1 }, "end_va": 140725095776255, "entry_point": 140725095567408, "filename": "\\Windows\\System32\\imm32.dll", "id": "region_9030", "name": "imm32.dll", "norm_filename": "c:\\windows\\system32\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 140725095563264, "timestamp": "00:02:10.067", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1277952, "start_va": 140725091762176, "type": "region", "version": 1 }, "end_va": 140725093040127, "entry_point": 140725091766288, "filename": "\\Windows\\System32\\msctf.dll", "id": "region_9031", "name": "msctf.dll", "norm_filename": "c:\\windows\\system32\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 140725091762176, "timestamp": "00:02:10.068", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 813962428416, "type": "region", "version": 1 }, "end_va": 813964005375, "entry_point": 0, "filename": null, "id": "region_9032", "name": "pagefile_0x000000bd83f10000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 813962428416, "timestamp": "00:02:10.070", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20971520, "start_va": 813964066816, "type": "region", "version": 1 }, "end_va": 813985038335, "entry_point": 0, "filename": null, "id": "region_9033", "name": "pagefile_0x000000bd840a0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 813964066816, "timestamp": "00:02:10.071", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 813955219456, "type": "region", "version": 1 }, "end_va": 813955223551, "entry_point": 0, "filename": null, "id": "region_9034", "name": "private_0x000000bd83830000", "norm_filename": null, "region_type": "private_memory", "start_va": 813955219456, "timestamp": "00:02:10.076", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 813955284992, "type": "region", "version": 1 }, "end_va": 813955289087, "entry_point": 0, "filename": null, "id": "region_9035", "name": "private_0x000000bd83840000", "norm_filename": null, "region_type": "private_memory", "start_va": 813955284992, "timestamp": "00:02:10.076", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 813955350528, "type": "region", "version": 1 }, "end_va": 813955354623, "entry_point": 813955350528, "filename": "\\Windows\\WindowsShell.Manifest", "id": "region_9036", "name": "windowsshell.manifest", "norm_filename": "c:\\windows\\windowsshell.manifest", "region_type": "memory_mapped_file", "start_va": 813955350528, "timestamp": "00:02:10.076", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 813955416064, "type": "region", "version": 1 }, "end_va": 813955424255, "entry_point": 0, "filename": null, "id": "region_9037", "name": "pagefile_0x000000bd83860000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 813955416064, "timestamp": "00:02:10.076", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 131072, "start_va": 813955481600, "type": "region", "version": 1 }, "end_va": 813955612671, "entry_point": 0, "filename": null, "id": "region_9038", "name": "private_0x000000bd83870000", "norm_filename": null, "region_type": "private_memory", "start_va": 813955481600, "timestamp": "00:02:10.080", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 761856, "start_va": 813985038336, "type": "region", "version": 1 }, "end_va": 813985800191, "entry_point": 813985220456, "filename": "\\Windows\\System32\\rpcss.dll", "id": "region_9039", "name": "rpcss.dll", "norm_filename": "c:\\windows\\system32\\rpcss.dll", "region_type": "memory_mapped_file", "start_va": 813985038336, "timestamp": "00:02:10.086", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 140725068431360, "type": "region", "version": 1 }, "end_va": 140725068472319, "entry_point": 140725068437320, "filename": "\\Windows\\System32\\kernel.appcore.dll", "id": "region_9040", "name": "kernel.appcore.dll", "norm_filename": "c:\\windows\\system32\\kernel.appcore.dll", "region_type": "memory_mapped_file", "start_va": 140725068431360, "timestamp": "00:02:10.088", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 140725085208576, "type": "region", "version": 1 }, "end_va": 140725085249535, "entry_point": 140725085212688, "filename": "\\Windows\\System32\\cryptbase.dll", "id": "region_9041", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\system32\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 140725085208576, "timestamp": "00:02:10.089", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 385024, "start_va": 140725084815360, "type": "region", "version": 1 }, "end_va": 140725085200383, "entry_point": 140725084944032, "filename": "\\Windows\\System32\\bcryptprimitives.dll", "id": "region_9042", "name": "bcryptprimitives.dll", "norm_filename": "c:\\windows\\system32\\bcryptprimitives.dll", "region_type": "memory_mapped_file", "start_va": 140725084815360, "timestamp": "00:02:10.090", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 813955350528, "type": "region", "version": 1 }, "end_va": 813955354623, "entry_point": 0, "filename": null, "id": "region_9043", "name": "pagefile_0x000000bd83850000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 813955350528, "timestamp": "00:02:10.101", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 983040, "start_va": 813985038336, "type": "region", "version": 1 }, "end_va": 813986021375, "entry_point": 0, "filename": null, "id": "region_9044", "name": "pagefile_0x000000bd854a0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 813985038336, "timestamp": "00:02:10.101", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 813955350528, "type": "region", "version": 1 }, "end_va": 813955366911, "entry_point": 0, "filename": null, "id": "region_9045", "name": "pagefile_0x000000bd83850000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 813955350528, "timestamp": "00:02:10.101", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 28672, "start_va": 813955481600, "type": "region", "version": 1 }, "end_va": 813955510271, "entry_point": 0, "filename": null, "id": "region_9046", "name": "private_0x000000bd83870000", "norm_filename": null, "region_type": "private_memory", "start_va": 813955481600, "timestamp": "00:02:10.102", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 813955547136, "type": "region", "version": 1 }, "end_va": 813955612671, "entry_point": 0, "filename": null, "id": "region_9047", "name": "private_0x000000bd83880000", "norm_filename": null, "region_type": "private_memory", "start_va": 813955547136, "timestamp": "00:02:10.102", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 813986021376, "type": "region", "version": 1 }, "end_va": 813987069951, "entry_point": 0, "filename": null, "id": "region_9048", "name": "private_0x000000bd85590000", "norm_filename": null, "region_type": "private_memory", "start_va": 813986021376, "timestamp": "00:02:10.109", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1052672, "start_va": 813987069952, "type": "region", "version": 1 }, "end_va": 813988122623, "entry_point": 813987265052, "filename": "\\Program Files\\Common Files\\wanacry6.malware.exe", "id": "region_9049", "name": "wanacry6.malware.exe", "norm_filename": "c:\\program files\\common files\\wanacry6.malware.exe", "region_type": "memory_mapped_file", "start_va": 813987069952, "timestamp": "00:02:10.113", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 813955612672, "type": "region", "version": 1 }, "end_va": 813955616767, "entry_point": 0, "filename": null, "id": "region_9050", "name": "private_0x000000bd83890000", "norm_filename": null, "region_type": "private_memory", "start_va": 813955612672, "timestamp": "00:02:10.143", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 135168, "start_va": 140725058142208, "type": "region", "version": 1 }, "end_va": 140725058277375, "entry_point": 140725058146560, "filename": "\\Windows\\System32\\dwmapi.dll", "id": "region_9051", "name": "dwmapi.dll", "norm_filename": "c:\\windows\\system32\\dwmapi.dll", "region_type": "memory_mapped_file", "start_va": 140725058142208, "timestamp": "00:02:10.144", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2969600, "start_va": 813987069952, "type": "region", "version": 1 }, "end_va": 813990039551, "entry_point": 813987069952, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_9052", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 813987069952, "timestamp": "00:02:10.146", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 12288, "start_va": 813955678208, "type": "region", "version": 1 }, "end_va": 813955690495, "entry_point": 0, "filename": null, "id": "region_9053", "name": "pagefile_0x000000bd838a0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 813955678208, "timestamp": "00:02:10.151", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 813955678208, "type": "region", "version": 1 }, "end_va": 813955682303, "entry_point": 0, "filename": null, "id": "region_9054", "name": "pagefile_0x000000bd838a0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 813955678208, "timestamp": "00:02:10.157", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 813955743744, "type": "region", "version": 1 }, "end_va": 813955747839, "entry_point": 0, "filename": null, "id": "region_9055", "name": "private_0x000000bd838b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 813955743744, "timestamp": "00:02:11.180", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 5185536, "start_va": 813990084608, "type": "region", "version": 1 }, "end_va": 813995270143, "entry_point": 0, "filename": null, "id": "region_9056", "name": "pagefile_0x000000bd85970000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 813990084608, "timestamp": "00:02:11.187", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 15138816, "start_va": 813995327488, "type": "region", "version": 1 }, "end_va": 814010466303, "entry_point": 813995327488, "filename": "\\Windows\\Fonts\\StaticCache.dat", "id": "region_9057", "name": "staticcache.dat", "norm_filename": "c:\\windows\\fonts\\staticcache.dat", "region_type": "memory_mapped_file", "start_va": 813995327488, "timestamp": "00:02:11.187", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 86016, "start_va": 140725025898496, "type": "region", "version": 1 }, "end_va": 140725025984511, "entry_point": 140725025902656, "filename": "\\Windows\\System32\\netapi32.dll", "id": "region_9058", "name": "netapi32.dll", "norm_filename": "c:\\windows\\system32\\netapi32.dll", "region_type": "memory_mapped_file", "start_va": 140725025898496, "timestamp": "00:02:11.195", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 140725072494592, "type": "region", "version": 1 }, "end_va": 140725072543743, "entry_point": 140725072499804, "filename": "\\Windows\\System32\\netutils.dll", "id": "region_9059", "name": "netutils.dll", "norm_filename": "c:\\windows\\system32\\netutils.dll", "region_type": "memory_mapped_file", "start_va": 140725072494592, "timestamp": "00:02:11.197", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 151552, "start_va": 140725073608704, "type": "region", "version": 1 }, "end_va": 140725073760255, "entry_point": 140725073612916, "filename": "\\Windows\\System32\\srvcli.dll", "id": "region_9060", "name": "srvcli.dll", "norm_filename": "c:\\windows\\system32\\srvcli.dll", "region_type": "memory_mapped_file", "start_va": 140725073608704, "timestamp": "00:02:11.198", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 90112, "start_va": 140725025636352, "type": "region", "version": 1 }, "end_va": 140725025726463, "entry_point": 140725025640520, "filename": "\\Windows\\System32\\wkscli.dll", "id": "region_9061", "name": "wkscli.dll", "norm_filename": "c:\\windows\\system32\\wkscli.dll", "region_type": "memory_mapped_file", "start_va": 140725025636352, "timestamp": "00:02:11.199", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 813955809280, "type": "region", "version": 1 }, "end_va": 813955813375, "entry_point": 0, "filename": null, "id": "region_9082", "name": "pagefile_0x000000bd838c0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 813955809280, "timestamp": "00:02:11.276", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 2195456, "start_va": 814010466304, "type": "region", "version": 1 }, "end_va": 814012661759, "entry_point": 0, "filename": null, "id": "region_9083", "name": "pagefile_0x000000bd86ce0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 814010466304, "timestamp": "00:02:11.276", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 12288, "start_va": 813955809280, "type": "region", "version": 1 }, "end_va": 813955821567, "entry_point": 0, "filename": null, "id": "region_9174", "name": "pagefile_0x000000bd838c0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 813955809280, "timestamp": "00:02:12.065", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 813955874816, "type": "region", "version": 1 }, "end_va": 813955878911, "entry_point": 0, "filename": null, "id": "region_9175", "name": "pagefile_0x000000bd838d0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 813955874816, "timestamp": "00:02:12.065", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 278528, "start_va": 813956005888, "type": "region", "version": 1 }, "end_va": 813956284415, "entry_point": 0, "filename": null, "id": "region_9176", "name": "pagefile_0x000000bd838f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 813956005888, "timestamp": "00:02:12.065", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 48848896, "start_va": 814012694528, "type": "region", "version": 1 }, "end_va": 814061543423, "entry_point": 814012694528, "filename": "\\Windows\\System32\\imageres.dll", "id": "region_9177", "name": "imageres.dll", "norm_filename": "c:\\windows\\system32\\imageres.dll", "region_type": "memory_mapped_file", "start_va": 814012694528, "timestamp": "00:02:12.066", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4169728, "start_va": 814061584384, "type": "region", "version": 1 }, "end_va": 814065754111, "entry_point": 0, "filename": null, "id": "region_9178", "name": "pagefile_0x000000bd89da0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 814061584384, "timestamp": "00:02:12.067", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 217088, "start_va": 140725075443712, "type": "region", "version": 1 }, "end_va": 140725075660799, "entry_point": 140725075448792, "filename": "\\Windows\\System32\\rsaenh.dll", "id": "region_9179", "name": "rsaenh.dll", "norm_filename": "c:\\windows\\system32\\rsaenh.dll", "region_type": "memory_mapped_file", "start_va": 140725075443712, "timestamp": "00:02:12.067", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 122880, "start_va": 140725079769088, "type": "region", "version": 1 }, "end_va": 140725079891967, "entry_point": 140725079773640, "filename": "\\Windows\\System32\\cryptsp.dll", "id": "region_9180", "name": "cryptsp.dll", "norm_filename": "c:\\windows\\system32\\cryptsp.dll", "region_type": "memory_mapped_file", "start_va": 140725079769088, "timestamp": "00:02:12.067", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 155648, "start_va": 140725082062848, "type": "region", "version": 1 }, "end_va": 140725082218495, "entry_point": 140725082086248, "filename": "\\Windows\\System32\\bcrypt.dll", "id": "region_9181", "name": "bcrypt.dll", "norm_filename": "c:\\windows\\system32\\bcrypt.dll", "region_type": "memory_mapped_file", "start_va": 140725082062848, "timestamp": "00:02:12.068", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1060864, "start_va": 814065778688, "type": "region", "version": 1 }, "end_va": 814066839551, "entry_point": 0, "filename": null, "id": "region_9182", "name": "private_0x000000bd8a1a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 814065778688, "timestamp": "00:02:12.078", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "C:\\Windows\\System32\\ThumbnailExtractionHost.exe -Embedding", "filename": "c:\\windows\\system32\\thumbnailextractionhost.exe", "id": "proc_76", "image_name": "thumbnailextractionhost.exe", "monitor_reason": "child_process", "monitored_id": 76, "origin_monitor_id": 41, "ref_parent_process": { "ref_id": "proc_41", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable" ], "ref_process_dump": null, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_9090", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:02:11.565", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 131072, "start_va": 618913595392, "type": "region", "version": 1 }, "end_va": 618913726463, "entry_point": 0, "filename": null, "id": "region_9091", "name": "private_0x000000901a200000", "norm_filename": null, "region_type": "private_memory", "start_va": 618913595392, "timestamp": "00:02:11.565", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 61440, "start_va": 618913726464, "type": "region", "version": 1 }, "end_va": 618913787903, "entry_point": 0, "filename": null, "id": "region_9092", "name": "pagefile_0x000000901a220000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 618913726464, "timestamp": "00:02:11.565", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 618913792000, "type": "region", "version": 1 }, "end_va": 618914316287, "entry_point": 0, "filename": null, "id": "region_9093", "name": "private_0x000000901a230000", "norm_filename": null, "region_type": "private_memory", "start_va": 618913792000, "timestamp": "00:02:11.565", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 618914316288, "type": "region", "version": 1 }, "end_va": 618914332671, "entry_point": 0, "filename": null, "id": "region_9094", "name": "pagefile_0x000000901a2b0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 618914316288, "timestamp": "00:02:11.565", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 140699777433600, "type": "region", "version": 1 }, "end_va": 140699777576959, "entry_point": 0, "filename": null, "id": "region_9095", "name": "pagefile_0x00007ff738410000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 140699777433600, "timestamp": "00:02:11.565", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 140699777597440, "type": "region", "version": 1 }, "end_va": 140699777601535, "entry_point": 0, "filename": null, "id": "region_9096", "name": "private_0x00007ff738438000", "norm_filename": null, "region_type": "private_memory", "start_va": 140699777597440, "timestamp": "00:02:11.565", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140699777622016, "type": "region", "version": 1 }, "end_va": 140699777630207, "entry_point": 0, "filename": null, "id": "region_9097", "name": "private_0x00007ff73843e000", "norm_filename": null, "region_type": "private_memory", "start_va": 140699777622016, "timestamp": "00:02:11.565", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 140699788312576, "type": "region", "version": 1 }, "end_va": 140699788361727, "entry_point": 140699788332140, "filename": "\\Windows\\System32\\ThumbnailExtractionHost.exe", "id": "region_9098", "name": "thumbnailextractionhost.exe", "norm_filename": "c:\\windows\\system32\\thumbnailextractionhost.exe", "region_type": "memory_mapped_file", "start_va": 140699788312576, "timestamp": "00:02:11.565", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 140725133115392, "type": "region", "version": 1 }, "end_va": 140725134856191, "entry_point": 140725133115392, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_9099", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 140725133115392, "timestamp": "00:02:11.589", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 12288, "start_va": 618914381824, "type": "region", "version": 1 }, "end_va": 618914394111, "entry_point": 0, "filename": null, "id": "region_9100", "name": "pagefile_0x000000901a2c0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 618914381824, "timestamp": "00:02:11.590", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 618914447360, "type": "region", "version": 1 }, "end_va": 618914455551, "entry_point": 0, "filename": null, "id": "region_9101", "name": "private_0x000000901a2d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 618914447360, "timestamp": "00:02:11.591", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 618916020224, "type": "region", "version": 1 }, "end_va": 618917068799, "entry_point": 0, "filename": null, "id": "region_9102", "name": "private_0x000000901a450000", "norm_filename": null, "region_type": "private_memory", "start_va": 618916020224, "timestamp": "00:02:11.609", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1105920, "start_va": 140725090648064, "type": "region", "version": 1 }, "end_va": 140725091753983, "entry_point": 140725090656928, "filename": "\\Windows\\System32\\KernelBase.dll", "id": "region_9103", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\system32\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 140725090648064, "timestamp": "00:02:11.609", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1282048, "start_va": 140725124988928, "type": "region", "version": 1 }, "end_va": 140725126270975, "entry_point": 140725125009460, "filename": "\\Windows\\System32\\kernel32.dll", "id": "region_9104", "name": "kernel32.dll", "norm_filename": "c:\\windows\\system32\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 140725124988928, "timestamp": "00:02:11.610", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 618913595392, "type": "region", "version": 1 }, "end_va": 618913660927, "entry_point": 0, "filename": null, "id": "region_9105", "name": "pagefile_0x000000901a200000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 618913595392, "timestamp": "00:02:11.611", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 140699776385024, "type": "region", "version": 1 }, "end_va": 140699777433599, "entry_point": 0, "filename": null, "id": "region_9106", "name": "pagefile_0x00007ff738310000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 140699776385024, "timestamp": "00:02:11.611", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 516096, "start_va": 618914512896, "type": "region", "version": 1 }, "end_va": 618915028991, "entry_point": 618914512896, "filename": "\\Windows\\System32\\locale.nls", "id": "region_9107", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 618914512896, "timestamp": "00:02:11.612", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1511424, "start_va": 140725093466112, "type": "region", "version": 1 }, "end_va": 140725094977535, "entry_point": 140725093620416, "filename": "\\Windows\\System32\\user32.dll", "id": "region_9108", "name": "user32.dll", "norm_filename": "c:\\windows\\system32\\user32.dll", "region_type": "memory_mapped_file", "start_va": 140725093466112, "timestamp": "00:02:11.614", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 684032, "start_va": 140725098577920, "type": "region", "version": 1 }, "end_va": 140725099261951, "entry_point": 140725098588204, "filename": "\\Windows\\System32\\msvcrt.dll", "id": "region_9109", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\system32\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 140725098577920, "timestamp": "00:02:11.615", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 331776, "start_va": 140725095038976, "type": "region", "version": 1 }, "end_va": 140725095370751, "entry_point": 140725095043776, "filename": "\\Windows\\System32\\shlwapi.dll", "id": "region_9110", "name": "shlwapi.dll", "norm_filename": "c:\\windows\\system32\\shlwapi.dll", "region_type": "memory_mapped_file", "start_va": 140725095038976, "timestamp": "00:02:11.616", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 749568, "start_va": 140725101002752, "type": "region", "version": 1 }, "end_va": 140725101752319, "entry_point": 140725101007136, "filename": "\\Windows\\System32\\oleaut32.dll", "id": "region_9111", "name": "oleaut32.dll", "norm_filename": "c:\\windows\\system32\\oleaut32.dll", "region_type": "memory_mapped_file", "start_va": 140725101002752, "timestamp": "00:02:11.616", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1331200, "start_va": 140725129773056, "type": "region", "version": 1 }, "end_va": 140725131104255, "entry_point": 140725129845848, "filename": "\\Windows\\System32\\gdi32.dll", "id": "region_9112", "name": "gdi32.dll", "norm_filename": "c:\\windows\\system32\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 140725129773056, "timestamp": "00:02:11.618", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 28672, "start_va": 618913660928, "type": "region", "version": 1 }, "end_va": 618913689599, "entry_point": 0, "filename": null, "id": "region_9113", "name": "private_0x000000901a210000", "norm_filename": null, "region_type": "private_memory", "start_va": 618913660928, "timestamp": "00:02:11.618", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1929216, "start_va": 140725131149312, "type": "region", "version": 1 }, "end_va": 140725133078527, "entry_point": 140725131157344, "filename": "\\Windows\\System32\\combase.dll", "id": "region_9114", "name": "combase.dll", "norm_filename": "c:\\windows\\system32\\combase.dll", "region_type": "memory_mapped_file", "start_va": 140725131149312, "timestamp": "00:02:11.619", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1269760, "start_va": 140725127806976, "type": "region", "version": 1 }, "end_va": 140725129076735, "entry_point": 140725127811408, "filename": "\\Windows\\System32\\rpcrt4.dll", "id": "region_9115", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\system32\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 140725127806976, "timestamp": "00:02:11.621", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 618917068800, "type": "region", "version": 1 }, "end_va": 618918674431, "entry_point": 0, "filename": null, "id": "region_9116", "name": "pagefile_0x000000901a550000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 618917068800, "timestamp": "00:02:11.626", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 212992, "start_va": 618915037184, "type": "region", "version": 1 }, "end_va": 618915250175, "entry_point": 618915041328, "filename": "\\Windows\\System32\\imm32.dll", "id": "region_9117", "name": "imm32.dll", "norm_filename": "c:\\windows\\system32\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 618915037184, "timestamp": "00:02:11.627", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 212992, "start_va": 140725095563264, "type": "region", "version": 1 }, "end_va": 140725095776255, "entry_point": 140725095567408, "filename": "\\Windows\\System32\\imm32.dll", "id": "region_9118", "name": "imm32.dll", "norm_filename": "c:\\windows\\system32\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 140725095563264, "timestamp": "00:02:11.628", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1277952, "start_va": 140725091762176, "type": "region", "version": 1 }, "end_va": 140725093040127, "entry_point": 140725091766288, "filename": "\\Windows\\System32\\msctf.dll", "id": "region_9119", "name": "msctf.dll", "norm_filename": "c:\\windows\\system32\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 140725091762176, "timestamp": "00:02:11.629", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1507328, "start_va": 618918707200, "type": "region", "version": 1 }, "end_va": 618920214527, "entry_point": 0, "filename": null, "id": "region_9120", "name": "private_0x000000901a6e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 618918707200, "timestamp": "00:02:11.631", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 28672, "start_va": 618915037184, "type": "region", "version": 1 }, "end_va": 618915065855, "entry_point": 0, "filename": null, "id": "region_9121", "name": "private_0x000000901a360000", "norm_filename": null, "region_type": "private_memory", "start_va": 618915037184, "timestamp": "00:02:11.632", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 618920214528, "type": "region", "version": 1 }, "end_va": 618921791487, "entry_point": 0, "filename": null, "id": "region_9122", "name": "pagefile_0x000000901a850000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 618920214528, "timestamp": "00:02:11.634", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20971520, "start_va": 618921852928, "type": "region", "version": 1 }, "end_va": 618942824447, "entry_point": 0, "filename": null, "id": "region_9123", "name": "pagefile_0x000000901a9e0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 618921852928, "timestamp": "00:02:11.634", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 618915102720, "type": "region", "version": 1 }, "end_va": 618915106815, "entry_point": 0, "filename": null, "id": "region_9124", "name": "private_0x000000901a370000", "norm_filename": null, "region_type": "private_memory", "start_va": 618915102720, "timestamp": "00:02:11.638", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 618915168256, "type": "region", "version": 1 }, "end_va": 618915172351, "entry_point": 0, "filename": null, "id": "region_9125", "name": "private_0x000000901a380000", "norm_filename": null, "region_type": "private_memory", "start_va": 618915168256, "timestamp": "00:02:11.638", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1536000, "start_va": 618942824448, "type": "region", "version": 1 }, "end_va": 618944360447, "entry_point": 618942828724, "filename": "\\Windows\\System32\\ole32.dll", "id": "region_9126", "name": "ole32.dll", "norm_filename": "c:\\windows\\system32\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 618942824448, "timestamp": "00:02:11.638", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1531904, "start_va": 140725096546304, "type": "region", "version": 1 }, "end_va": 140725098078207, "entry_point": 140725096550580, "filename": "\\Windows\\System32\\ole32.dll", "id": "region_9127", "name": "ole32.dll", "norm_filename": "c:\\windows\\system32\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 140725096546304, "timestamp": "00:02:11.640", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 356352, "start_va": 140725098184704, "type": "region", "version": 1 }, "end_va": 140725098541055, "entry_point": 140725098194176, "filename": "\\Windows\\System32\\sechost.dll", "id": "region_9128", "name": "sechost.dll", "norm_filename": "c:\\windows\\system32\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 140725098184704, "timestamp": "00:02:11.641", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 761856, "start_va": 618915233792, "type": "region", "version": 1 }, "end_va": 618915995647, "entry_point": 618915415912, "filename": "\\Windows\\System32\\rpcss.dll", "id": "region_9129", "name": "rpcss.dll", "norm_filename": "c:\\windows\\system32\\rpcss.dll", "region_type": "memory_mapped_file", "start_va": 618915233792, "timestamp": "00:02:11.644", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 140725068431360, "type": "region", "version": 1 }, "end_va": 140725068472319, "entry_point": 140725068437320, "filename": "\\Windows\\System32\\kernel.appcore.dll", "id": "region_9130", "name": "kernel.appcore.dll", "norm_filename": "c:\\windows\\system32\\kernel.appcore.dll", "region_type": "memory_mapped_file", "start_va": 140725068431360, "timestamp": "00:02:11.645", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 140725085208576, "type": "region", "version": 1 }, "end_va": 140725085249535, "entry_point": 140725085212688, "filename": "\\Windows\\System32\\cryptbase.dll", "id": "region_9131", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\system32\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 140725085208576, "timestamp": "00:02:11.647", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 385024, "start_va": 140725084815360, "type": "region", "version": 1 }, "end_va": 140725085200383, "entry_point": 140725084944032, "filename": "\\Windows\\System32\\bcryptprimitives.dll", "id": "region_9132", "name": "bcryptprimitives.dll", "norm_filename": "c:\\windows\\system32\\bcryptprimitives.dll", "region_type": "memory_mapped_file", "start_va": 140725084815360, "timestamp": "00:02:11.648", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1187840, "start_va": 140725066858496, "type": "region", "version": 1 }, "end_va": 140725068046335, "entry_point": 140725066904644, "filename": "\\Windows\\System32\\uxtheme.dll", "id": "region_9133", "name": "uxtheme.dll", "norm_filename": "c:\\windows\\system32\\uxtheme.dll", "region_type": "memory_mapped_file", "start_va": 140725066858496, "timestamp": "00:02:11.650", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1179648, "start_va": 618918707200, "type": "region", "version": 1 }, "end_va": 618919886847, "entry_point": 0, "filename": null, "id": "region_9134", "name": "private_0x000000901a6e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 618918707200, "timestamp": "00:02:11.652", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 618920148992, "type": "region", "version": 1 }, "end_va": 618920214527, "entry_point": 0, "filename": null, "id": "region_9135", "name": "private_0x000000901a840000", "norm_filename": null, "region_type": "private_memory", "start_va": 618920148992, "timestamp": "00:02:11.652", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 618915233792, "type": "region", "version": 1 }, "end_va": 618915237887, "entry_point": 0, "filename": null, "id": "region_9137", "name": "pagefile_0x000000901a390000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 618915233792, "timestamp": "00:02:11.655", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 983040, "start_va": 618918707200, "type": "region", "version": 1 }, "end_va": 618919690239, "entry_point": 0, "filename": null, "id": "region_9138", "name": "pagefile_0x000000901a6e0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 618918707200, "timestamp": "00:02:11.655", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 618919821312, "type": "region", "version": 1 }, "end_va": 618919886847, "entry_point": 0, "filename": null, "id": "region_9139", "name": "private_0x000000901a7f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 618919821312, "timestamp": "00:02:11.655", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 618915233792, "type": "region", "version": 1 }, "end_va": 618915250175, "entry_point": 0, "filename": null, "id": "region_9140", "name": "pagefile_0x000000901a390000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 618915233792, "timestamp": "00:02:11.655", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 28672, "start_va": 618915299328, "type": "region", "version": 1 }, "end_va": 618915327999, "entry_point": 0, "filename": null, "id": "region_9141", "name": "private_0x000000901a3a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 618915299328, "timestamp": "00:02:11.656", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 618915364864, "type": "region", "version": 1 }, "end_va": 618915368959, "entry_point": 0, "filename": null, "id": "region_9142", "name": "pagefile_0x000000901a3b0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 618915364864, "timestamp": "00:02:11.661", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 671744, "start_va": 140725095825408, "type": "region", "version": 1 }, "end_va": 140725096497151, "entry_point": 140725095829872, "filename": "\\Windows\\System32\\clbcatq.dll", "id": "region_9143", "name": "clbcatq.dll", "norm_filename": "c:\\windows\\system32\\clbcatq.dll", "region_type": "memory_mapped_file", "start_va": 140725095825408, "timestamp": "00:02:11.662", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 122880, "start_va": 140725079769088, "type": "region", "version": 1 }, "end_va": 140725079891967, "entry_point": 140725079773640, "filename": "\\Windows\\System32\\cryptsp.dll", "id": "region_9144", "name": "cryptsp.dll", "norm_filename": "c:\\windows\\system32\\cryptsp.dll", "region_type": "memory_mapped_file", "start_va": 140725079769088, "timestamp": "00:02:11.671", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 217088, "start_va": 140725075443712, "type": "region", "version": 1 }, "end_va": 140725075660799, "entry_point": 140725075448792, "filename": "\\Windows\\System32\\rsaenh.dll", "id": "region_9145", "name": "rsaenh.dll", "norm_filename": "c:\\windows\\system32\\rsaenh.dll", "region_type": "memory_mapped_file", "start_va": 140725075443712, "timestamp": "00:02:11.673", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 155648, "start_va": 140725082062848, "type": "region", "version": 1 }, "end_va": 140725082218495, "entry_point": 140725082086248, "filename": "\\Windows\\System32\\bcrypt.dll", "id": "region_9146", "name": "bcrypt.dll", "norm_filename": "c:\\windows\\system32\\bcrypt.dll", "region_type": "memory_mapped_file", "start_va": 140725082062848, "timestamp": "00:02:11.674", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2969600, "start_va": 618942824448, "type": "region", "version": 1 }, "end_va": 618945794047, "entry_point": 618942824448, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_9147", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 618942824448, "timestamp": "00:02:11.677", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 618915430400, "type": "region", "version": 1 }, "end_va": 618915954687, "entry_point": 0, "filename": null, "id": "region_9148", "name": "private_0x000000901a3c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 618915430400, "timestamp": "00:02:11.680", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140699777613824, "type": "region", "version": 1 }, "end_va": 140699777622015, "entry_point": 0, "filename": null, "id": "region_9149", "name": "private_0x00007ff73843c000", "norm_filename": null, "region_type": "private_memory", "start_va": 140699777613824, "timestamp": "00:02:11.680", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 618945839104, "type": "region", "version": 1 }, "end_va": 618946363391, "entry_point": 0, "filename": null, "id": "region_9150", "name": "private_0x000000901c0c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 618945839104, "timestamp": "00:02:11.681", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 618946363392, "type": "region", "version": 1 }, "end_va": 618946887679, "entry_point": 0, "filename": null, "id": "region_9151", "name": "private_0x000000901c140000", "norm_filename": null, "region_type": "private_memory", "start_va": 618946363392, "timestamp": "00:02:11.681", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140699777589248, "type": "region", "version": 1 }, "end_va": 140699777597439, "entry_point": 0, "filename": null, "id": "region_9152", "name": "private_0x00007ff738436000", "norm_filename": null, "region_type": "private_memory", "start_va": 140699777589248, "timestamp": "00:02:11.681", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140699777605632, "type": "region", "version": 1 }, "end_va": 140699777613823, "entry_point": 0, "filename": null, "id": "region_9153", "name": "private_0x00007ff73843a000", "norm_filename": null, "region_type": "private_memory", "start_va": 140699777605632, "timestamp": "00:02:11.681", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 618946887680, "type": "region", "version": 1 }, "end_va": 618947411967, "entry_point": 0, "filename": null, "id": "region_9154", "name": "private_0x000000901c1c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 618946887680, "timestamp": "00:02:11.684", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140699777581056, "type": "region", "version": 1 }, "end_va": 140699777589247, "entry_point": 0, "filename": null, "id": "region_9155", "name": "private_0x00007ff738434000", "norm_filename": null, "region_type": "private_memory", "start_va": 140699777581056, "timestamp": "00:02:11.684", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1458176, "start_va": 140725039202304, "type": "region", "version": 1 }, "end_va": 140725040660479, "entry_point": 140725039341808, "filename": "\\Windows\\System32\\propsys.dll", "id": "region_9156", "name": "propsys.dll", "norm_filename": "c:\\windows\\system32\\propsys.dll", "region_type": "memory_mapped_file", "start_va": 140725039202304, "timestamp": "00:02:11.686", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "C:\\PROGRA~1\\COMMON~1\\WANACR~1.EXE", "filename": "c:\\progra~1\\common~1\\wanacr~1.exe", "id": "proc_77", "image_name": "wanacr~1.exe", "monitor_reason": "child_process", "monitored_id": 77, "origin_monitor_id": 75, "ref_parent_process": { "ref_id": "proc_75", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable" ], "ref_process_dump": null, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_9198", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:02:12.455", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 131072, "start_va": 958695604224, "type": "region", "version": 1 }, "end_va": 958695735295, "entry_point": 0, "filename": null, "id": "region_9199", "name": "private_0x000000df36b60000", "norm_filename": null, "region_type": "private_memory", "start_va": 958695604224, "timestamp": "00:02:12.455", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 61440, "start_va": 958695735296, "type": "region", "version": 1 }, "end_va": 958695796735, "entry_point": 0, "filename": null, "id": "region_9200", "name": "pagefile_0x000000df36b80000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 958695735296, "timestamp": "00:02:12.455", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4194304, "start_va": 958695800832, "type": "region", "version": 1 }, "end_va": 958699995135, "entry_point": 0, "filename": null, "id": "region_9201", "name": "private_0x000000df36b90000", "norm_filename": null, "region_type": "private_memory", "start_va": 958695800832, "timestamp": "00:02:12.455", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 958699995136, "type": "region", "version": 1 }, "end_va": 958700011519, "entry_point": 0, "filename": null, "id": "region_9202", "name": "pagefile_0x000000df36f90000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 958699995136, "timestamp": "00:02:12.455", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 140698006781952, "type": "region", "version": 1 }, "end_va": 140698006925311, "entry_point": 0, "filename": null, "id": "region_9203", "name": "pagefile_0x00007ff6ceb70000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 140698006781952, "timestamp": "00:02:12.455", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140698006966272, "type": "region", "version": 1 }, "end_va": 140698006974463, "entry_point": 0, "filename": null, "id": "region_9204", "name": "private_0x00007ff6ceb9d000", "norm_filename": null, "region_type": "private_memory", "start_va": 140698006966272, "timestamp": "00:02:12.455", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 140698006974464, "type": "region", "version": 1 }, "end_va": 140698006978559, "entry_point": 0, "filename": null, "id": "region_9205", "name": "private_0x00007ff6ceb9f000", "norm_filename": null, "region_type": "private_memory", "start_va": 140698006974464, "timestamp": "00:02:12.455", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1085440, "start_va": 140698014777344, "type": "region", "version": 1 }, "end_va": 140698015862783, "entry_point": 140698014972444, "filename": "\\PROGRA~1\\COMMON~1\\WANACR~1.EXE", "id": "region_9206", "name": "wanacr~1.exe", "norm_filename": "c:\\progra~1\\common~1\\wanacr~1.exe", "region_type": "memory_mapped_file", "start_va": 140698014777344, "timestamp": "00:02:12.455", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 140725133115392, "type": "region", "version": 1 }, "end_va": 140725134856191, "entry_point": 140725133115392, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_9207", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 140725133115392, "timestamp": "00:02:12.456", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 958700060672, "type": "region", "version": 1 }, "end_va": 958700068863, "entry_point": 0, "filename": null, "id": "region_9208", "name": "pagefile_0x000000df36fa0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 958700060672, "timestamp": "00:02:12.458", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 958700126208, "type": "region", "version": 1 }, "end_va": 958700134399, "entry_point": 0, "filename": null, "id": "region_9209", "name": "private_0x000000df36fb0000", "norm_filename": null, "region_type": "private_memory", "start_va": 958700126208, "timestamp": "00:02:12.582", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4194304, "start_va": 958700912640, "type": "region", "version": 1 }, "end_va": 958705106943, "entry_point": 0, "filename": null, "id": "region_9210", "name": "private_0x000000df37070000", "norm_filename": null, "region_type": "private_memory", "start_va": 958700912640, "timestamp": "00:02:12.582", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1105920, "start_va": 140725090648064, "type": "region", "version": 1 }, "end_va": 140725091753983, "entry_point": 140725090656928, "filename": "\\Windows\\System32\\KernelBase.dll", "id": "region_9211", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\system32\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 140725090648064, "timestamp": "00:02:12.582", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1282048, "start_va": 140725124988928, "type": "region", "version": 1 }, "end_va": 140725126270975, "entry_point": 140725125009460, "filename": "\\Windows\\System32\\kernel32.dll", "id": "region_9212", "name": "kernel32.dll", "norm_filename": "c:\\windows\\system32\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 140725124988928, "timestamp": "00:02:12.583", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 958695604224, "type": "region", "version": 1 }, "end_va": 958695669759, "entry_point": 0, "filename": null, "id": "region_9213", "name": "pagefile_0x000000df36b60000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 958695604224, "timestamp": "00:02:12.594", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 140698005733376, "type": "region", "version": 1 }, "end_va": 140698006781951, "entry_point": 0, "filename": null, "id": "region_9214", "name": "pagefile_0x00007ff6cea70000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 140698005733376, "timestamp": "00:02:12.594", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 516096, "start_va": 958700191744, "type": "region", "version": 1 }, "end_va": 958700707839, "entry_point": 958700191744, "filename": "\\Windows\\System32\\locale.nls", "id": "region_9215", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 958700191744, "timestamp": "00:02:12.597", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 36864, "start_va": 140724958920704, "type": "region", "version": 1 }, "end_va": 140724958957567, "entry_point": 140724958924928, "filename": "\\Windows\\System32\\wsock32.dll", "id": "region_9216", "name": "wsock32.dll", "norm_filename": "c:\\windows\\system32\\wsock32.dll", "region_type": "memory_mapped_file", "start_va": 140724958920704, "timestamp": "00:02:12.598", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 140724958855168, "type": "region", "version": 1 }, "end_va": 140724958896127, "entry_point": 140724958859456, "filename": "\\Windows\\System32\\version.dll", "id": "region_9217", "name": "version.dll", "norm_filename": "c:\\windows\\system32\\version.dll", "region_type": "memory_mapped_file", "start_va": 140724958855168, "timestamp": "00:02:12.608", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 126976, "start_va": 140724958724096, "type": "region", "version": 1 }, "end_va": 140724958851071, "entry_point": 140724958733304, "filename": "\\Windows\\System32\\winmm.dll", "id": "region_9218", "name": "winmm.dll", "norm_filename": "c:\\windows\\system32\\winmm.dll", "region_type": "memory_mapped_file", "start_va": 140724958724096, "timestamp": "00:02:12.609", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2465792, "start_va": 140725055651840, "type": "region", "version": 1 }, "end_va": 140725058117631, "entry_point": 140725055670080, "filename": "\\Windows\\WinSxS\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_62475f7becb72503\\comctl32.dll", "id": "region_9219", "name": "comctl32.dll", "norm_filename": "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_62475f7becb72503\\comctl32.dll", "region_type": "memory_mapped_file", "start_va": 140725055651840, "timestamp": "00:02:12.610", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 110592, "start_va": 140724999946240, "type": "region", "version": 1 }, "end_va": 140725000056831, "entry_point": 140724999950416, "filename": "\\Windows\\System32\\mpr.dll", "id": "region_9220", "name": "mpr.dll", "norm_filename": "c:\\windows\\system32\\mpr.dll", "region_type": "memory_mapped_file", "start_va": 140724999946240, "timestamp": "00:02:12.611", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 28672, "start_va": 958695669760, "type": "region", "version": 1 }, "end_va": 958695698431, "entry_point": 0, "filename": null, "id": "region_9221", "name": "private_0x000000df36b70000", "norm_filename": null, "region_type": "private_memory", "start_va": 958695669760, "timestamp": "00:02:12.612", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2359296, "start_va": 140725005254656, "type": "region", "version": 1 }, "end_va": 140725007613951, "entry_point": 140725005259760, "filename": "\\Windows\\System32\\wininet.dll", "id": "region_9222", "name": "wininet.dll", "norm_filename": "c:\\windows\\system32\\wininet.dll", "region_type": "memory_mapped_file", "start_va": 140725005254656, "timestamp": "00:02:12.613", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 28672, "start_va": 140725103820800, "type": "region", "version": 1 }, "end_va": 140725103849471, "entry_point": 140725103824912, "filename": "\\Windows\\System32\\psapi.dll", "id": "region_9223", "name": "psapi.dll", "norm_filename": "c:\\windows\\system32\\psapi.dll", "region_type": "memory_mapped_file", "start_va": 140725103820800, "timestamp": "00:02:12.614", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 167936, "start_va": 140725016985600, "type": "region", "version": 1 }, "end_va": 140725017153535, "entry_point": 140725017016680, "filename": "\\Windows\\System32\\IPHLPAPI.DLL", "id": "region_9224", "name": "iphlpapi.dll", "norm_filename": "c:\\windows\\system32\\iphlpapi.dll", "region_type": "memory_mapped_file", "start_va": 140725016985600, "timestamp": "00:02:12.624", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 126976, "start_va": 140725076557824, "type": "region", "version": 1 }, "end_va": 140725076684799, "entry_point": 140725076562672, "filename": "\\Windows\\System32\\userenv.dll", "id": "region_9225", "name": "userenv.dll", "norm_filename": "c:\\windows\\system32\\userenv.dll", "region_type": "memory_mapped_file", "start_va": 140725076557824, "timestamp": "00:02:12.625", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1187840, "start_va": 140725066858496, "type": "region", "version": 1 }, "end_va": 140725068046335, "entry_point": 140725066904644, "filename": "\\Windows\\System32\\uxtheme.dll", "id": "region_9226", "name": "uxtheme.dll", "norm_filename": "c:\\windows\\system32\\uxtheme.dll", "region_type": "memory_mapped_file", "start_va": 140725066858496, "timestamp": "00:02:12.626", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1511424, "start_va": 140725093466112, "type": "region", "version": 1 }, "end_va": 140725094977535, "entry_point": 140725093620416, "filename": "\\Windows\\System32\\user32.dll", "id": "region_9227", "name": "user32.dll", "norm_filename": "c:\\windows\\system32\\user32.dll", "region_type": "memory_mapped_file", "start_va": 140725093466112, "timestamp": "00:02:12.627", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1331200, "start_va": 140725129773056, "type": "region", "version": 1 }, "end_va": 140725131104255, "entry_point": 140725129845848, "filename": "\\Windows\\System32\\gdi32.dll", "id": "region_9228", "name": "gdi32.dll", "norm_filename": "c:\\windows\\system32\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 140725129773056, "timestamp": "00:02:12.628", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 630784, "start_va": 140725129117696, "type": "region", "version": 1 }, "end_va": 140725129748479, "entry_point": 140725129122212, "filename": "\\Windows\\System32\\comdlg32.dll", "id": "region_9229", "name": "comdlg32.dll", "norm_filename": "c:\\windows\\system32\\comdlg32.dll", "region_type": "memory_mapped_file", "start_va": 140725129117696, "timestamp": "00:02:12.629", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 675840, "start_va": 140725126299648, "type": "region", "version": 1 }, "end_va": 140725126975487, "entry_point": 140725126303760, "filename": "\\Windows\\System32\\advapi32.dll", "id": "region_9230", "name": "advapi32.dll", "norm_filename": "c:\\windows\\system32\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 140725126299648, "timestamp": "00:02:12.630", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 21032960, "start_va": 140725103951872, "type": "region", "version": 1 }, "end_va": 140725124984831, "entry_point": 140725103956224, "filename": "\\Windows\\System32\\shell32.dll", "id": "region_9231", "name": "shell32.dll", "norm_filename": "c:\\windows\\system32\\shell32.dll", "region_type": "memory_mapped_file", "start_va": 140725103951872, "timestamp": "00:02:12.641", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1531904, "start_va": 140725096546304, "type": "region", "version": 1 }, "end_va": 140725098078207, "entry_point": 140725096550580, "filename": "\\Windows\\System32\\ole32.dll", "id": "region_9232", "name": "ole32.dll", "norm_filename": "c:\\windows\\system32\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 140725096546304, "timestamp": "00:02:12.642", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 749568, "start_va": 140725101002752, "type": "region", "version": 1 }, "end_va": 140725101752319, "entry_point": 140725101007136, "filename": "\\Windows\\System32\\oleaut32.dll", "id": "region_9233", "name": "oleaut32.dll", "norm_filename": "c:\\windows\\system32\\oleaut32.dll", "region_type": "memory_mapped_file", "start_va": 140725101002752, "timestamp": "00:02:12.643", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 360448, "start_va": 140725127020544, "type": "region", "version": 1 }, "end_va": 140725127380991, "entry_point": 140725127024796, "filename": "\\Windows\\System32\\ws2_32.dll", "id": "region_9234", "name": "ws2_32.dll", "norm_filename": "c:\\windows\\system32\\ws2_32.dll", "region_type": "memory_mapped_file", "start_va": 140725127020544, "timestamp": "00:02:12.644", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 684032, "start_va": 140725098577920, "type": "region", "version": 1 }, "end_va": 140725099261951, "entry_point": 140725098588204, "filename": "\\Windows\\System32\\msvcrt.dll", "id": "region_9235", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\system32\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 140725098577920, "timestamp": "00:02:12.645", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 172032, "start_va": 140725043789824, "type": "region", "version": 1 }, "end_va": 140725043961855, "entry_point": 140725043832680, "filename": "\\Windows\\System32\\winmmbase.dll", "id": "region_9236", "name": "winmmbase.dll", "norm_filename": "c:\\windows\\system32\\winmmbase.dll", "region_type": "memory_mapped_file", "start_va": 140725043789824, "timestamp": "00:02:12.655", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1269760, "start_va": 140725127806976, "type": "region", "version": 1 }, "end_va": 140725129076735, "entry_point": 140725127811408, "filename": "\\Windows\\System32\\rpcrt4.dll", "id": "region_9237", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\system32\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 140725127806976, "timestamp": "00:02:12.657", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2785280, "start_va": 140725002436608, "type": "region", "version": 1 }, "end_va": 140725005221887, "entry_point": 140725002493380, "filename": "\\Windows\\System32\\iertutil.dll", "id": "region_9238", "name": "iertutil.dll", "norm_filename": "c:\\windows\\system32\\iertutil.dll", "region_type": "memory_mapped_file", "start_va": 140725002436608, "timestamp": "00:02:12.658", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 36864, "start_va": 140725103886336, "type": "region", "version": 1 }, "end_va": 140725103923199, "entry_point": 140725103891456, "filename": "\\Windows\\System32\\nsi.dll", "id": "region_9239", "name": "nsi.dll", "norm_filename": "c:\\windows\\system32\\nsi.dll", "region_type": "memory_mapped_file", "start_va": 140725103886336, "timestamp": "00:02:12.660", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 140725016920064, "type": "region", "version": 1 }, "end_va": 140725016961023, "entry_point": 140725016924356, "filename": "\\Windows\\System32\\winnsi.dll", "id": "region_9240", "name": "winnsi.dll", "norm_filename": "c:\\windows\\system32\\winnsi.dll", "region_type": "memory_mapped_file", "start_va": 140725016920064, "timestamp": "00:02:12.661", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 81920, "start_va": 140725086453760, "type": "region", "version": 1 }, "end_va": 140725086535679, "entry_point": 140725086468812, "filename": "\\Windows\\System32\\profapi.dll", "id": "region_9241", "name": "profapi.dll", "norm_filename": "c:\\windows\\system32\\profapi.dll", "region_type": "memory_mapped_file", "start_va": 140725086453760, "timestamp": "00:02:12.672", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1929216, "start_va": 140725131149312, "type": "region", "version": 1 }, "end_va": 140725133078527, "entry_point": 140725131157344, "filename": "\\Windows\\System32\\combase.dll", "id": "region_9242", "name": "combase.dll", "norm_filename": "c:\\windows\\system32\\combase.dll", "region_type": "memory_mapped_file", "start_va": 140725131149312, "timestamp": "00:02:12.675", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 331776, "start_va": 140725095038976, "type": "region", "version": 1 }, "end_va": 140725095370751, "entry_point": 140725095043776, "filename": "\\Windows\\System32\\shlwapi.dll", "id": "region_9243", "name": "shlwapi.dll", "norm_filename": "c:\\windows\\system32\\shlwapi.dll", "region_type": "memory_mapped_file", "start_va": 140725095038976, "timestamp": "00:02:12.695", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 356352, "start_va": 140725098184704, "type": "region", "version": 1 }, "end_va": 140725098541055, "entry_point": 140725098194176, "filename": "\\Windows\\System32\\sechost.dll", "id": "region_9244", "name": "sechost.dll", "norm_filename": "c:\\windows\\system32\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 140725098184704, "timestamp": "00:02:12.697", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 303104, "start_va": 140725090320384, "type": "region", "version": 1 }, "end_va": 140725090623487, "entry_point": 140725090325080, "filename": "\\Windows\\System32\\cfgmgr32.dll", "id": "region_9245", "name": "cfgmgr32.dll", "norm_filename": "c:\\windows\\system32\\cfgmgr32.dll", "region_type": "memory_mapped_file", "start_va": 140725090320384, "timestamp": "00:02:12.700", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 155648, "start_va": 140725068103680, "type": "region", "version": 1 }, "end_va": 140725068259327, "entry_point": 140725068109212, "filename": "\\Windows\\System32\\devobj.dll", "id": "region_9246", "name": "devobj.dll", "norm_filename": "c:\\windows\\system32\\devobj.dll", "region_type": "memory_mapped_file", "start_va": 140725068103680, "timestamp": "00:02:12.701", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 659456, "start_va": 140725060108288, "type": "region", "version": 1 }, "end_va": 140725060767743, "entry_point": 140725060112544, "filename": "\\Windows\\System32\\SHCore.dll", "id": "region_9247", "name": "shcore.dll", "norm_filename": "c:\\windows\\system32\\shcore.dll", "region_type": "memory_mapped_file", "start_va": 140725060108288, "timestamp": "00:02:12.710", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1966080, "start_va": 958705106944, "type": "region", "version": 1 }, "end_va": 958707073023, "entry_point": 0, "filename": null, "id": "region_9248", "name": "private_0x000000df37470000", "norm_filename": null, "region_type": "private_memory", "start_va": 958705106944, "timestamp": "00:02:12.714", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 28672, "start_va": 958700716032, "type": "region", "version": 1 }, "end_va": 958700744703, "entry_point": 0, "filename": null, "id": "region_9249", "name": "private_0x000000df37040000", "norm_filename": null, "region_type": "private_memory", "start_va": 958700716032, "timestamp": "00:02:12.715", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 958705106944, "type": "region", "version": 1 }, "end_va": 958706712575, "entry_point": 0, "filename": null, "id": "region_9250", "name": "pagefile_0x000000df37470000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 958705106944, "timestamp": "00:02:12.717", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 212992, "start_va": 958706745344, "type": "region", "version": 1 }, "end_va": 958706958335, "entry_point": 958706749488, "filename": "\\Windows\\System32\\imm32.dll", "id": "region_9251", "name": "imm32.dll", "norm_filename": "c:\\windows\\system32\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 958706745344, "timestamp": "00:02:12.717", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 958707007488, "type": "region", "version": 1 }, "end_va": 958707073023, "entry_point": 0, "filename": null, "id": "region_9252", "name": "private_0x000000df37640000", "norm_filename": null, "region_type": "private_memory", "start_va": 958707007488, "timestamp": "00:02:12.717", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 212992, "start_va": 140725095563264, "type": "region", "version": 1 }, "end_va": 140725095776255, "entry_point": 140725095567408, "filename": "\\Windows\\System32\\imm32.dll", "id": "region_9253", "name": "imm32.dll", "norm_filename": "c:\\windows\\system32\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 140725095563264, "timestamp": "00:02:12.718", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1277952, "start_va": 140725091762176, "type": "region", "version": 1 }, "end_va": 140725093040127, "entry_point": 140725091766288, "filename": "\\Windows\\System32\\msctf.dll", "id": "region_9254", "name": "msctf.dll", "norm_filename": "c:\\windows\\system32\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 140725091762176, "timestamp": "00:02:12.719", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 958707073024, "type": "region", "version": 1 }, "end_va": 958708649983, "entry_point": 0, "filename": null, "id": "region_9255", "name": "pagefile_0x000000df37650000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 958707073024, "timestamp": "00:02:12.722", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20971520, "start_va": 958708711424, "type": "region", "version": 1 }, "end_va": 958729682943, "entry_point": 0, "filename": null, "id": "region_9256", "name": "pagefile_0x000000df377e0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 958708711424, "timestamp": "00:02:12.722", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 958700781568, "type": "region", "version": 1 }, "end_va": 958700785663, "entry_point": 0, "filename": null, "id": "region_9257", "name": "private_0x000000df37050000", "norm_filename": null, "region_type": "private_memory", "start_va": 958700781568, "timestamp": "00:02:12.727", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 958700847104, "type": "region", "version": 1 }, "end_va": 958700851199, "entry_point": 0, "filename": null, "id": "region_9258", "name": "private_0x000000df37060000", "norm_filename": null, "region_type": "private_memory", "start_va": 958700847104, "timestamp": "00:02:12.727", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 958706745344, "type": "region", "version": 1 }, "end_va": 958706749439, "entry_point": 958706745344, "filename": "\\Windows\\WindowsShell.Manifest", "id": "region_9259", "name": "windowsshell.manifest", "norm_filename": "c:\\windows\\windowsshell.manifest", "region_type": "memory_mapped_file", "start_va": 958706745344, "timestamp": "00:02:12.727", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 958706810880, "type": "region", "version": 1 }, "end_va": 958706819071, "entry_point": 0, "filename": null, "id": "region_9260", "name": "pagefile_0x000000df37610000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 958706810880, "timestamp": "00:02:12.728", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 958729682944, "type": "region", "version": 1 }, "end_va": 958729945087, "entry_point": 0, "filename": null, "id": "region_9261", "name": "private_0x000000df38be0000", "norm_filename": null, "region_type": "private_memory", "start_va": 958729682944, "timestamp": "00:02:12.731", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 761856, "start_va": 958729945088, "type": "region", "version": 1 }, "end_va": 958730706943, "entry_point": 958730127208, "filename": "\\Windows\\System32\\rpcss.dll", "id": "region_9262", "name": "rpcss.dll", "norm_filename": "c:\\windows\\system32\\rpcss.dll", "region_type": "memory_mapped_file", "start_va": 958729945088, "timestamp": "00:02:12.736", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 140725068431360, "type": "region", "version": 1 }, "end_va": 140725068472319, "entry_point": 140725068437320, "filename": "\\Windows\\System32\\kernel.appcore.dll", "id": "region_9263", "name": "kernel.appcore.dll", "norm_filename": "c:\\windows\\system32\\kernel.appcore.dll", "region_type": "memory_mapped_file", "start_va": 140725068431360, "timestamp": "00:02:12.738", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 140725085208576, "type": "region", "version": 1 }, "end_va": 140725085249535, "entry_point": 140725085212688, "filename": "\\Windows\\System32\\cryptbase.dll", "id": "region_9264", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\system32\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 140725085208576, "timestamp": "00:02:12.740", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 385024, "start_va": 140725084815360, "type": "region", "version": 1 }, "end_va": 140725085200383, "entry_point": 140725084944032, "filename": "\\Windows\\System32\\bcryptprimitives.dll", "id": "region_9265", "name": "bcryptprimitives.dll", "norm_filename": "c:\\windows\\system32\\bcryptprimitives.dll", "region_type": "memory_mapped_file", "start_va": 140725084815360, "timestamp": "00:02:12.741", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 958706745344, "type": "region", "version": 1 }, "end_va": 958706749439, "entry_point": 0, "filename": null, "id": "region_9267", "name": "pagefile_0x000000df37600000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 958706745344, "timestamp": "00:02:12.751", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 983040, "start_va": 958729945088, "type": "region", "version": 1 }, "end_va": 958730928127, "entry_point": 0, "filename": null, "id": "region_9268", "name": "pagefile_0x000000df38c20000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 958729945088, "timestamp": "00:02:12.751", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 958706745344, "type": "region", "version": 1 }, "end_va": 958706761727, "entry_point": 0, "filename": null, "id": "region_9269", "name": "pagefile_0x000000df37600000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 958706745344, "timestamp": "00:02:12.752", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 28672, "start_va": 958706876416, "type": "region", "version": 1 }, "end_va": 958706905087, "entry_point": 0, "filename": null, "id": "region_9270", "name": "private_0x000000df37620000", "norm_filename": null, "region_type": "private_memory", "start_va": 958706876416, "timestamp": "00:02:12.752", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 958730928128, "type": "region", "version": 1 }, "end_va": 958731976703, "entry_point": 0, "filename": null, "id": "region_9271", "name": "private_0x000000df38d10000", "norm_filename": null, "region_type": "private_memory", "start_va": 958730928128, "timestamp": "00:02:12.759", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1052672, "start_va": 958731976704, "type": "region", "version": 1 }, "end_va": 958733029375, "entry_point": 958732171804, "filename": "\\Program Files\\Common Files\\wanacry6.malware.exe", "id": "region_9272", "name": "wanacry6.malware.exe", "norm_filename": "c:\\program files\\common files\\wanacry6.malware.exe", "region_type": "memory_mapped_file", "start_va": 958731976704, "timestamp": "00:02:12.763", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 958706941952, "type": "region", "version": 1 }, "end_va": 958706946047, "entry_point": 0, "filename": null, "id": "region_9273", "name": "private_0x000000df37630000", "norm_filename": null, "region_type": "private_memory", "start_va": 958706941952, "timestamp": "00:02:12.793", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 135168, "start_va": 140725058142208, "type": "region", "version": 1 }, "end_va": 140725058277375, "entry_point": 140725058146560, "filename": "\\Windows\\System32\\dwmapi.dll", "id": "region_9274", "name": "dwmapi.dll", "norm_filename": "c:\\windows\\system32\\dwmapi.dll", "region_type": "memory_mapped_file", "start_va": 140725058142208, "timestamp": "00:02:12.793", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2969600, "start_va": 958731976704, "type": "region", "version": 1 }, "end_va": 958734946303, "entry_point": 958731976704, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_9275", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 958731976704, "timestamp": "00:02:12.796", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 12288, "start_va": 958729682944, "type": "region", "version": 1 }, "end_va": 958729695231, "entry_point": 0, "filename": null, "id": "region_9276", "name": "pagefile_0x000000df38be0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 958729682944, "timestamp": "00:02:12.801", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 958729879552, "type": "region", "version": 1 }, "end_va": 958729945087, "entry_point": 0, "filename": null, "id": "region_9277", "name": "private_0x000000df38c10000", "norm_filename": null, "region_type": "private_memory", "start_va": 958729879552, "timestamp": "00:02:12.801", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 958729682944, "type": "region", "version": 1 }, "end_va": 958729687039, "entry_point": 0, "filename": null, "id": "region_9278", "name": "pagefile_0x000000df38be0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 958729682944, "timestamp": "00:02:12.806", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 958729748480, "type": "region", "version": 1 }, "end_va": 958729752575, "entry_point": 0, "filename": null, "id": "region_9279", "name": "private_0x000000df38bf0000", "norm_filename": null, "region_type": "private_memory", "start_va": 958729748480, "timestamp": "00:02:13.830", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 5185536, "start_va": 958734991360, "type": "region", "version": 1 }, "end_va": 958740176895, "entry_point": 0, "filename": null, "id": "region_9280", "name": "pagefile_0x000000df390f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 958734991360, "timestamp": "00:02:13.837", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 15138816, "start_va": 958740234240, "type": "region", "version": 1 }, "end_va": 958755373055, "entry_point": 958740234240, "filename": "\\Windows\\Fonts\\StaticCache.dat", "id": "region_9281", "name": "staticcache.dat", "norm_filename": "c:\\windows\\fonts\\staticcache.dat", "region_type": "memory_mapped_file", "start_va": 958740234240, "timestamp": "00:02:13.837", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 86016, "start_va": 140725025898496, "type": "region", "version": 1 }, "end_va": 140725025984511, "entry_point": 140725025902656, "filename": "\\Windows\\System32\\netapi32.dll", "id": "region_9282", "name": "netapi32.dll", "norm_filename": "c:\\windows\\system32\\netapi32.dll", "region_type": "memory_mapped_file", "start_va": 140725025898496, "timestamp": "00:02:13.845", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 140725072494592, "type": "region", "version": 1 }, "end_va": 140725072543743, "entry_point": 140725072499804, "filename": "\\Windows\\System32\\netutils.dll", "id": "region_9283", "name": "netutils.dll", "norm_filename": "c:\\windows\\system32\\netutils.dll", "region_type": "memory_mapped_file", "start_va": 140725072494592, "timestamp": "00:02:13.848", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 151552, "start_va": 140725073608704, "type": "region", "version": 1 }, "end_va": 140725073760255, "entry_point": 140725073612916, "filename": "\\Windows\\System32\\srvcli.dll", "id": "region_9284", "name": "srvcli.dll", "norm_filename": "c:\\windows\\system32\\srvcli.dll", "region_type": "memory_mapped_file", "start_va": 140725073608704, "timestamp": "00:02:13.849", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 90112, "start_va": 140725025636352, "type": "region", "version": 1 }, "end_va": 140725025726463, "entry_point": 140725025640520, "filename": "\\Windows\\System32\\wkscli.dll", "id": "region_9285", "name": "wkscli.dll", "norm_filename": "c:\\windows\\system32\\wkscli.dll", "region_type": "memory_mapped_file", "start_va": 140725025636352, "timestamp": "00:02:13.851", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 958729814016, "type": "region", "version": 1 }, "end_va": 958729818111, "entry_point": 0, "filename": null, "id": "region_9334", "name": "pagefile_0x000000df38c00000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 958729814016, "timestamp": "00:02:14.936", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 2195456, "start_va": 958755373056, "type": "region", "version": 1 }, "end_va": 958757568511, "entry_point": 0, "filename": null, "id": "region_9335", "name": "pagefile_0x000000df3a460000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 958755373056, "timestamp": "00:02:14.936", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 12288, "start_va": 958729814016, "type": "region", "version": 1 }, "end_va": 958729826303, "entry_point": 0, "filename": null, "id": "region_9373", "name": "pagefile_0x000000df38c00000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 958729814016, "timestamp": "00:02:15.716", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 48848896, "start_va": 958757601280, "type": "region", "version": 1 }, "end_va": 958806450175, "entry_point": 958757601280, "filename": "\\Windows\\System32\\imageres.dll", "id": "region_9374", "name": "imageres.dll", "norm_filename": "c:\\windows\\system32\\imageres.dll", "region_type": "memory_mapped_file", "start_va": 958757601280, "timestamp": "00:02:15.717", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 958806491136, "type": "region", "version": 1 }, "end_va": 958806495231, "entry_point": 0, "filename": null, "id": "region_9375", "name": "pagefile_0x000000df3d520000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 958806491136, "timestamp": "00:02:15.718", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4169728, "start_va": 958806556672, "type": "region", "version": 1 }, "end_va": 958810726399, "entry_point": 0, "filename": null, "id": "region_9376", "name": "pagefile_0x000000df3d530000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 958806556672, "timestamp": "00:02:15.718", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 278528, "start_va": 958810750976, "type": "region", "version": 1 }, "end_va": 958811029503, "entry_point": 0, "filename": null, "id": "region_9377", "name": "pagefile_0x000000df3d930000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 958810750976, "timestamp": "00:02:15.718", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 217088, "start_va": 140725075443712, "type": "region", "version": 1 }, "end_va": 140725075660799, "entry_point": 140725075448792, "filename": "\\Windows\\System32\\rsaenh.dll", "id": "region_9378", "name": "rsaenh.dll", "norm_filename": "c:\\windows\\system32\\rsaenh.dll", "region_type": "memory_mapped_file", "start_va": 140725075443712, "timestamp": "00:02:15.718", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 122880, "start_va": 140725079769088, "type": "region", "version": 1 }, "end_va": 140725079891967, "entry_point": 140725079773640, "filename": "\\Windows\\System32\\cryptsp.dll", "id": "region_9379", "name": "cryptsp.dll", "norm_filename": "c:\\windows\\system32\\cryptsp.dll", "region_type": "memory_mapped_file", "start_va": 140725079769088, "timestamp": "00:02:15.719", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 155648, "start_va": 140725082062848, "type": "region", "version": 1 }, "end_va": 140725082218495, "entry_point": 140725082086248, "filename": "\\Windows\\System32\\bcrypt.dll", "id": "region_9380", "name": "bcrypt.dll", "norm_filename": "c:\\windows\\system32\\bcrypt.dll", "region_type": "memory_mapped_file", "start_va": 140725082062848, "timestamp": "00:02:15.719", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1101824, "start_va": 958811078656, "type": "region", "version": 1 }, "end_va": 958812180479, "entry_point": 0, "filename": null, "id": "region_9381", "name": "private_0x000000df3d980000", "norm_filename": null, "region_type": "private_memory", "start_va": 958811078656, "timestamp": "00:02:15.723", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "C:\\PROGRA~1\\COMMON~1\\WANACR~1.EXE", "filename": "c:\\progra~1\\common~1\\wanacr~1.exe", "id": "proc_78", "image_name": "wanacr~1.exe", "monitor_reason": "child_process", "monitored_id": 78, "origin_monitor_id": 77, "ref_parent_process": { "ref_id": "proc_77", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable" ], "ref_process_dump": null, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_9397", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:02:16.009", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 131072, "start_va": 20455096320, "type": "region", "version": 1 }, "end_va": 20455227391, "entry_point": 0, "filename": null, "id": "region_9398", "name": "private_0x00000004c3380000", "norm_filename": null, "region_type": "private_memory", "start_va": 20455096320, "timestamp": "00:02:16.009", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 61440, "start_va": 20455227392, "type": "region", "version": 1 }, "end_va": 20455288831, "entry_point": 0, "filename": null, "id": "region_9399", "name": "pagefile_0x00000004c33a0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 20455227392, "timestamp": "00:02:16.009", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4194304, "start_va": 20455292928, "type": "region", "version": 1 }, "end_va": 20459487231, "entry_point": 0, "filename": null, "id": "region_9400", "name": "private_0x00000004c33b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 20455292928, "timestamp": "00:02:16.009", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 20459487232, "type": "region", "version": 1 }, "end_va": 20459503615, "entry_point": 0, "filename": null, "id": "region_9401", "name": "pagefile_0x00000004c37b0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 20459487232, "timestamp": "00:02:16.009", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 140698003046400, "type": "region", "version": 1 }, "end_va": 140698003189759, "entry_point": 0, "filename": null, "id": "region_9402", "name": "pagefile_0x00007ff6ce7e0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 140698003046400, "timestamp": "00:02:16.009", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 140698003206144, "type": "region", "version": 1 }, "end_va": 140698003210239, "entry_point": 0, "filename": null, "id": "region_9403", "name": "private_0x00007ff6ce807000", "norm_filename": null, "region_type": "private_memory", "start_va": 140698003206144, "timestamp": "00:02:16.009", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140698003234816, "type": "region", "version": 1 }, "end_va": 140698003243007, "entry_point": 0, "filename": null, "id": "region_9404", "name": "private_0x00007ff6ce80e000", "norm_filename": null, "region_type": "private_memory", "start_va": 140698003234816, "timestamp": "00:02:16.009", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1085440, "start_va": 140698014777344, "type": "region", "version": 1 }, "end_va": 140698015862783, "entry_point": 140698014972444, "filename": "\\PROGRA~1\\COMMON~1\\WANACR~1.EXE", "id": "region_9405", "name": "wanacr~1.exe", "norm_filename": "c:\\progra~1\\common~1\\wanacr~1.exe", "region_type": "memory_mapped_file", "start_va": 140698014777344, "timestamp": "00:02:16.009", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 140725133115392, "type": "region", "version": 1 }, "end_va": 140725134856191, "entry_point": 140725133115392, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_9406", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 140725133115392, "timestamp": "00:02:16.010", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 20459552768, "type": "region", "version": 1 }, "end_va": 20459560959, "entry_point": 0, "filename": null, "id": "region_9407", "name": "pagefile_0x00000004c37c0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 20459552768, "timestamp": "00:02:16.011", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 20459618304, "type": "region", "version": 1 }, "end_va": 20459626495, "entry_point": 0, "filename": null, "id": "region_9408", "name": "private_0x00000004c37d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 20459618304, "timestamp": "00:02:16.133", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4194304, "start_va": 20460470272, "type": "region", "version": 1 }, "end_va": 20464664575, "entry_point": 0, "filename": null, "id": "region_9409", "name": "private_0x00000004c38a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 20460470272, "timestamp": "00:02:16.133", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1105920, "start_va": 140725090648064, "type": "region", "version": 1 }, "end_va": 140725091753983, "entry_point": 140725090656928, "filename": "\\Windows\\System32\\KernelBase.dll", "id": "region_9410", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\system32\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 140725090648064, "timestamp": "00:02:16.134", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1282048, "start_va": 140725124988928, "type": "region", "version": 1 }, "end_va": 140725126270975, "entry_point": 140725125009460, "filename": "\\Windows\\System32\\kernel32.dll", "id": "region_9411", "name": "kernel32.dll", "norm_filename": "c:\\windows\\system32\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 140725124988928, "timestamp": "00:02:16.135", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 20455096320, "type": "region", "version": 1 }, "end_va": 20455161855, "entry_point": 0, "filename": null, "id": "region_9412", "name": "pagefile_0x00000004c3380000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 20455096320, "timestamp": "00:02:16.145", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 140698001997824, "type": "region", "version": 1 }, "end_va": 140698003046399, "entry_point": 0, "filename": null, "id": "region_9413", "name": "pagefile_0x00007ff6ce6e0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 140698001997824, "timestamp": "00:02:16.145", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 516096, "start_va": 20459683840, "type": "region", "version": 1 }, "end_va": 20460199935, "entry_point": 20459683840, "filename": "\\Windows\\System32\\locale.nls", "id": "region_9414", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 20459683840, "timestamp": "00:02:16.148", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 36864, "start_va": 140724958920704, "type": "region", "version": 1 }, "end_va": 140724958957567, "entry_point": 140724958924928, "filename": "\\Windows\\System32\\wsock32.dll", "id": "region_9415", "name": "wsock32.dll", "norm_filename": "c:\\windows\\system32\\wsock32.dll", "region_type": "memory_mapped_file", "start_va": 140724958920704, "timestamp": "00:02:16.157", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 140724958855168, "type": "region", "version": 1 }, "end_va": 140724958896127, "entry_point": 140724958859456, "filename": "\\Windows\\System32\\version.dll", "id": "region_9416", "name": "version.dll", "norm_filename": "c:\\windows\\system32\\version.dll", "region_type": "memory_mapped_file", "start_va": 140724958855168, "timestamp": "00:02:16.159", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 126976, "start_va": 140724958724096, "type": "region", "version": 1 }, "end_va": 140724958851071, "entry_point": 140724958733304, "filename": "\\Windows\\System32\\winmm.dll", "id": "region_9417", "name": "winmm.dll", "norm_filename": "c:\\windows\\system32\\winmm.dll", "region_type": "memory_mapped_file", "start_va": 140724958724096, "timestamp": "00:02:16.160", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2465792, "start_va": 140725055651840, "type": "region", "version": 1 }, "end_va": 140725058117631, "entry_point": 140725055670080, "filename": "\\Windows\\WinSxS\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_62475f7becb72503\\comctl32.dll", "id": "region_9418", "name": "comctl32.dll", "norm_filename": "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_62475f7becb72503\\comctl32.dll", "region_type": "memory_mapped_file", "start_va": 140725055651840, "timestamp": "00:02:16.161", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 110592, "start_va": 140724999946240, "type": "region", "version": 1 }, "end_va": 140725000056831, "entry_point": 140724999950416, "filename": "\\Windows\\System32\\mpr.dll", "id": "region_9419", "name": "mpr.dll", "norm_filename": "c:\\windows\\system32\\mpr.dll", "region_type": "memory_mapped_file", "start_va": 140724999946240, "timestamp": "00:02:16.162", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 28672, "start_va": 20455161856, "type": "region", "version": 1 }, "end_va": 20455190527, "entry_point": 0, "filename": null, "id": "region_9420", "name": "private_0x00000004c3390000", "norm_filename": null, "region_type": "private_memory", "start_va": 20455161856, "timestamp": "00:02:16.163", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2359296, "start_va": 140725005254656, "type": "region", "version": 1 }, "end_va": 140725007613951, "entry_point": 140725005259760, "filename": "\\Windows\\System32\\wininet.dll", "id": "region_9421", "name": "wininet.dll", "norm_filename": "c:\\windows\\system32\\wininet.dll", "region_type": "memory_mapped_file", "start_va": 140725005254656, "timestamp": "00:02:16.163", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 28672, "start_va": 140725103820800, "type": "region", "version": 1 }, "end_va": 140725103849471, "entry_point": 140725103824912, "filename": "\\Windows\\System32\\psapi.dll", "id": "region_9422", "name": "psapi.dll", "norm_filename": "c:\\windows\\system32\\psapi.dll", "region_type": "memory_mapped_file", "start_va": 140725103820800, "timestamp": "00:02:16.164", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 167936, "start_va": 140725016985600, "type": "region", "version": 1 }, "end_va": 140725017153535, "entry_point": 140725017016680, "filename": "\\Windows\\System32\\IPHLPAPI.DLL", "id": "region_9423", "name": "iphlpapi.dll", "norm_filename": "c:\\windows\\system32\\iphlpapi.dll", "region_type": "memory_mapped_file", "start_va": 140725016985600, "timestamp": "00:02:16.176", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 126976, "start_va": 140725076557824, "type": "region", "version": 1 }, "end_va": 140725076684799, "entry_point": 140725076562672, "filename": "\\Windows\\System32\\userenv.dll", "id": "region_9424", "name": "userenv.dll", "norm_filename": "c:\\windows\\system32\\userenv.dll", "region_type": "memory_mapped_file", "start_va": 140725076557824, "timestamp": "00:02:16.177", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1187840, "start_va": 140725066858496, "type": "region", "version": 1 }, "end_va": 140725068046335, "entry_point": 140725066904644, "filename": "\\Windows\\System32\\uxtheme.dll", "id": "region_9425", "name": "uxtheme.dll", "norm_filename": "c:\\windows\\system32\\uxtheme.dll", "region_type": "memory_mapped_file", "start_va": 140725066858496, "timestamp": "00:02:16.178", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1511424, "start_va": 140725093466112, "type": "region", "version": 1 }, "end_va": 140725094977535, "entry_point": 140725093620416, "filename": "\\Windows\\System32\\user32.dll", "id": "region_9426", "name": "user32.dll", "norm_filename": "c:\\windows\\system32\\user32.dll", "region_type": "memory_mapped_file", "start_va": 140725093466112, "timestamp": "00:02:16.179", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1331200, "start_va": 140725129773056, "type": "region", "version": 1 }, "end_va": 140725131104255, "entry_point": 140725129845848, "filename": "\\Windows\\System32\\gdi32.dll", "id": "region_9427", "name": "gdi32.dll", "norm_filename": "c:\\windows\\system32\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 140725129773056, "timestamp": "00:02:16.189", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 630784, "start_va": 140725129117696, "type": "region", "version": 1 }, "end_va": 140725129748479, "entry_point": 140725129122212, "filename": "\\Windows\\System32\\comdlg32.dll", "id": "region_9428", "name": "comdlg32.dll", "norm_filename": "c:\\windows\\system32\\comdlg32.dll", "region_type": "memory_mapped_file", "start_va": 140725129117696, "timestamp": "00:02:16.190", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 675840, "start_va": 140725126299648, "type": "region", "version": 1 }, "end_va": 140725126975487, "entry_point": 140725126303760, "filename": "\\Windows\\System32\\advapi32.dll", "id": "region_9429", "name": "advapi32.dll", "norm_filename": "c:\\windows\\system32\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 140725126299648, "timestamp": "00:02:16.191", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 21032960, "start_va": 140725103951872, "type": "region", "version": 1 }, "end_va": 140725124984831, "entry_point": 140725103956224, "filename": "\\Windows\\System32\\shell32.dll", "id": "region_9430", "name": "shell32.dll", "norm_filename": "c:\\windows\\system32\\shell32.dll", "region_type": "memory_mapped_file", "start_va": 140725103951872, "timestamp": "00:02:16.192", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1531904, "start_va": 140725096546304, "type": "region", "version": 1 }, "end_va": 140725098078207, "entry_point": 140725096550580, "filename": "\\Windows\\System32\\ole32.dll", "id": "region_9431", "name": "ole32.dll", "norm_filename": "c:\\windows\\system32\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 140725096546304, "timestamp": "00:02:16.192", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 749568, "start_va": 140725101002752, "type": "region", "version": 1 }, "end_va": 140725101752319, "entry_point": 140725101007136, "filename": "\\Windows\\System32\\oleaut32.dll", "id": "region_9432", "name": "oleaut32.dll", "norm_filename": "c:\\windows\\system32\\oleaut32.dll", "region_type": "memory_mapped_file", "start_va": 140725101002752, "timestamp": "00:02:16.193", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 360448, "start_va": 140725127020544, "type": "region", "version": 1 }, "end_va": 140725127380991, "entry_point": 140725127024796, "filename": "\\Windows\\System32\\ws2_32.dll", "id": "region_9433", "name": "ws2_32.dll", "norm_filename": "c:\\windows\\system32\\ws2_32.dll", "region_type": "memory_mapped_file", "start_va": 140725127020544, "timestamp": "00:02:16.204", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 684032, "start_va": 140725098577920, "type": "region", "version": 1 }, "end_va": 140725099261951, "entry_point": 140725098588204, "filename": "\\Windows\\System32\\msvcrt.dll", "id": "region_9434", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\system32\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 140725098577920, "timestamp": "00:02:16.205", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 172032, "start_va": 140725043789824, "type": "region", "version": 1 }, "end_va": 140725043961855, "entry_point": 140725043832680, "filename": "\\Windows\\System32\\winmmbase.dll", "id": "region_9435", "name": "winmmbase.dll", "norm_filename": "c:\\windows\\system32\\winmmbase.dll", "region_type": "memory_mapped_file", "start_va": 140725043789824, "timestamp": "00:02:16.207", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1269760, "start_va": 140725127806976, "type": "region", "version": 1 }, "end_va": 140725129076735, "entry_point": 140725127811408, "filename": "\\Windows\\System32\\rpcrt4.dll", "id": "region_9436", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\system32\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 140725127806976, "timestamp": "00:02:16.226", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2785280, "start_va": 140725002436608, "type": "region", "version": 1 }, "end_va": 140725005221887, "entry_point": 140725002493380, "filename": "\\Windows\\System32\\iertutil.dll", "id": "region_9437", "name": "iertutil.dll", "norm_filename": "c:\\windows\\system32\\iertutil.dll", "region_type": "memory_mapped_file", "start_va": 140725002436608, "timestamp": "00:02:16.229", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 36864, "start_va": 140725103886336, "type": "region", "version": 1 }, "end_va": 140725103923199, "entry_point": 140725103891456, "filename": "\\Windows\\System32\\nsi.dll", "id": "region_9438", "name": "nsi.dll", "norm_filename": "c:\\windows\\system32\\nsi.dll", "region_type": "memory_mapped_file", "start_va": 140725103886336, "timestamp": "00:02:16.231", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 140725016920064, "type": "region", "version": 1 }, "end_va": 140725016961023, "entry_point": 140725016924356, "filename": "\\Windows\\System32\\winnsi.dll", "id": "region_9439", "name": "winnsi.dll", "norm_filename": "c:\\windows\\system32\\winnsi.dll", "region_type": "memory_mapped_file", "start_va": 140725016920064, "timestamp": "00:02:16.231", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 81920, "start_va": 140725086453760, "type": "region", "version": 1 }, "end_va": 140725086535679, "entry_point": 140725086468812, "filename": "\\Windows\\System32\\profapi.dll", "id": "region_9440", "name": "profapi.dll", "norm_filename": "c:\\windows\\system32\\profapi.dll", "region_type": "memory_mapped_file", "start_va": 140725086453760, "timestamp": "00:02:16.233", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1929216, "start_va": 140725131149312, "type": "region", "version": 1 }, "end_va": 140725133078527, "entry_point": 140725131157344, "filename": "\\Windows\\System32\\combase.dll", "id": "region_9441", "name": "combase.dll", "norm_filename": "c:\\windows\\system32\\combase.dll", "region_type": "memory_mapped_file", "start_va": 140725131149312, "timestamp": "00:02:16.236", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 331776, "start_va": 140725095038976, "type": "region", "version": 1 }, "end_va": 140725095370751, "entry_point": 140725095043776, "filename": "\\Windows\\System32\\shlwapi.dll", "id": "region_9442", "name": "shlwapi.dll", "norm_filename": "c:\\windows\\system32\\shlwapi.dll", "region_type": "memory_mapped_file", "start_va": 140725095038976, "timestamp": "00:02:16.238", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 356352, "start_va": 140725098184704, "type": "region", "version": 1 }, "end_va": 140725098541055, "entry_point": 140725098194176, "filename": "\\Windows\\System32\\sechost.dll", "id": "region_9443", "name": "sechost.dll", "norm_filename": "c:\\windows\\system32\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 140725098184704, "timestamp": "00:02:16.240", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 303104, "start_va": 140725090320384, "type": "region", "version": 1 }, "end_va": 140725090623487, "entry_point": 140725090325080, "filename": "\\Windows\\System32\\cfgmgr32.dll", "id": "region_9444", "name": "cfgmgr32.dll", "norm_filename": "c:\\windows\\system32\\cfgmgr32.dll", "region_type": "memory_mapped_file", "start_va": 140725090320384, "timestamp": "00:02:16.243", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 155648, "start_va": 140725068103680, "type": "region", "version": 1 }, "end_va": 140725068259327, "entry_point": 140725068109212, "filename": "\\Windows\\System32\\devobj.dll", "id": "region_9445", "name": "devobj.dll", "norm_filename": "c:\\windows\\system32\\devobj.dll", "region_type": "memory_mapped_file", "start_va": 140725068103680, "timestamp": "00:02:16.244", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 659456, "start_va": 140725060108288, "type": "region", "version": 1 }, "end_va": 140725060767743, "entry_point": 140725060112544, "filename": "\\Windows\\System32\\SHCore.dll", "id": "region_9446", "name": "shcore.dll", "norm_filename": "c:\\windows\\system32\\shcore.dll", "region_type": "memory_mapped_file", "start_va": 140725060108288, "timestamp": "00:02:16.253", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 2031616, "start_va": 20464664576, "type": "region", "version": 1 }, "end_va": 20466696191, "entry_point": 0, "filename": null, "id": "region_9447", "name": "private_0x00000004c3ca0000", "norm_filename": null, "region_type": "private_memory", "start_va": 20464664576, "timestamp": "00:02:16.258", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 28672, "start_va": 20460208128, "type": "region", "version": 1 }, "end_va": 20460236799, "entry_point": 0, "filename": null, "id": "region_9448", "name": "private_0x00000004c3860000", "norm_filename": null, "region_type": "private_memory", "start_va": 20460208128, "timestamp": "00:02:16.260", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 20464664576, "type": "region", "version": 1 }, "end_va": 20466270207, "entry_point": 0, "filename": null, "id": "region_9449", "name": "pagefile_0x00000004c3ca0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 20464664576, "timestamp": "00:02:16.262", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 212992, "start_va": 20466302976, "type": "region", "version": 1 }, "end_va": 20466515967, "entry_point": 20466307120, "filename": "\\Windows\\System32\\imm32.dll", "id": "region_9450", "name": "imm32.dll", "norm_filename": "c:\\windows\\system32\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 20466302976, "timestamp": "00:02:16.262", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 20466630656, "type": "region", "version": 1 }, "end_va": 20466696191, "entry_point": 0, "filename": null, "id": "region_9451", "name": "private_0x00000004c3e80000", "norm_filename": null, "region_type": "private_memory", "start_va": 20466630656, "timestamp": "00:02:16.263", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 212992, "start_va": 140725095563264, "type": "region", "version": 1 }, "end_va": 140725095776255, "entry_point": 140725095567408, "filename": "\\Windows\\System32\\imm32.dll", "id": "region_9452", "name": "imm32.dll", "norm_filename": "c:\\windows\\system32\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 140725095563264, "timestamp": "00:02:16.264", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1277952, "start_va": 140725091762176, "type": "region", "version": 1 }, "end_va": 140725093040127, "entry_point": 140725091766288, "filename": "\\Windows\\System32\\msctf.dll", "id": "region_9453", "name": "msctf.dll", "norm_filename": "c:\\windows\\system32\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 140725091762176, "timestamp": "00:02:16.265", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 20466696192, "type": "region", "version": 1 }, "end_va": 20468273151, "entry_point": 0, "filename": null, "id": "region_9454", "name": "pagefile_0x00000004c3e90000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 20466696192, "timestamp": "00:02:16.267", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20971520, "start_va": 20468334592, "type": "region", "version": 1 }, "end_va": 20489306111, "entry_point": 0, "filename": null, "id": "region_9455", "name": "pagefile_0x00000004c4020000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 20468334592, "timestamp": "00:02:16.268", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 20460273664, "type": "region", "version": 1 }, "end_va": 20460277759, "entry_point": 0, "filename": null, "id": "region_9456", "name": "private_0x00000004c3870000", "norm_filename": null, "region_type": "private_memory", "start_va": 20460273664, "timestamp": "00:02:16.272", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 20460339200, "type": "region", "version": 1 }, "end_va": 20460343295, "entry_point": 0, "filename": null, "id": "region_9457", "name": "private_0x00000004c3880000", "norm_filename": null, "region_type": "private_memory", "start_va": 20460339200, "timestamp": "00:02:16.272", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 20460404736, "type": "region", "version": 1 }, "end_va": 20460408831, "entry_point": 20460404736, "filename": "\\Windows\\WindowsShell.Manifest", "id": "region_9458", "name": "windowsshell.manifest", "norm_filename": "c:\\windows\\windowsshell.manifest", "region_type": "memory_mapped_file", "start_va": 20460404736, "timestamp": "00:02:16.272", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 20466302976, "type": "region", "version": 1 }, "end_va": 20466311167, "entry_point": 0, "filename": null, "id": "region_9459", "name": "pagefile_0x00000004c3e30000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 20466302976, "timestamp": "00:02:16.272", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 20466368512, "type": "region", "version": 1 }, "end_va": 20466630655, "entry_point": 0, "filename": null, "id": "region_9460", "name": "private_0x00000004c3e40000", "norm_filename": null, "region_type": "private_memory", "start_va": 20466368512, "timestamp": "00:02:16.277", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 761856, "start_va": 20489306112, "type": "region", "version": 1 }, "end_va": 20490067967, "entry_point": 20489488232, "filename": "\\Windows\\System32\\rpcss.dll", "id": "region_9461", "name": "rpcss.dll", "norm_filename": "c:\\windows\\system32\\rpcss.dll", "region_type": "memory_mapped_file", "start_va": 20489306112, "timestamp": "00:02:16.282", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 140725068431360, "type": "region", "version": 1 }, "end_va": 140725068472319, "entry_point": 140725068437320, "filename": "\\Windows\\System32\\kernel.appcore.dll", "id": "region_9462", "name": "kernel.appcore.dll", "norm_filename": "c:\\windows\\system32\\kernel.appcore.dll", "region_type": "memory_mapped_file", "start_va": 140725068431360, "timestamp": "00:02:16.285", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 140725085208576, "type": "region", "version": 1 }, "end_va": 140725085249535, "entry_point": 140725085212688, "filename": "\\Windows\\System32\\cryptbase.dll", "id": "region_9463", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\system32\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 140725085208576, "timestamp": "00:02:16.286", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 385024, "start_va": 140725084815360, "type": "region", "version": 1 }, "end_va": 140725085200383, "entry_point": 140725084944032, "filename": "\\Windows\\System32\\bcryptprimitives.dll", "id": "region_9464", "name": "bcryptprimitives.dll", "norm_filename": "c:\\windows\\system32\\bcryptprimitives.dll", "region_type": "memory_mapped_file", "start_va": 140725084815360, "timestamp": "00:02:16.288", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 20460404736, "type": "region", "version": 1 }, "end_va": 20460408831, "entry_point": 0, "filename": null, "id": "region_9466", "name": "pagefile_0x00000004c3890000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 20460404736, "timestamp": "00:02:16.297", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 983040, "start_va": 20489306112, "type": "region", "version": 1 }, "end_va": 20490289151, "entry_point": 0, "filename": null, "id": "region_9467", "name": "pagefile_0x00000004c5420000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 20489306112, "timestamp": "00:02:16.297", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 20460404736, "type": "region", "version": 1 }, "end_va": 20460421119, "entry_point": 0, "filename": null, "id": "region_9468", "name": "pagefile_0x00000004c3890000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 20460404736, "timestamp": "00:02:16.297", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 28672, "start_va": 20466368512, "type": "region", "version": 1 }, "end_va": 20466397183, "entry_point": 0, "filename": null, "id": "region_9469", "name": "private_0x00000004c3e40000", "norm_filename": null, "region_type": "private_memory", "start_va": 20466368512, "timestamp": "00:02:16.298", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 20466565120, "type": "region", "version": 1 }, "end_va": 20466630655, "entry_point": 0, "filename": null, "id": "region_9470", "name": "private_0x00000004c3e70000", "norm_filename": null, "region_type": "private_memory", "start_va": 20466565120, "timestamp": "00:02:16.298", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 20490289152, "type": "region", "version": 1 }, "end_va": 20491337727, "entry_point": 0, "filename": null, "id": "region_9471", "name": "private_0x00000004c5510000", "norm_filename": null, "region_type": "private_memory", "start_va": 20490289152, "timestamp": "00:02:16.306", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1052672, "start_va": 20491337728, "type": "region", "version": 1 }, "end_va": 20492390399, "entry_point": 20491532828, "filename": "\\Program Files\\Common Files\\wanacry6.malware.exe", "id": "region_9472", "name": "wanacry6.malware.exe", "norm_filename": "c:\\program files\\common files\\wanacry6.malware.exe", "region_type": "memory_mapped_file", "start_va": 20491337728, "timestamp": "00:02:16.309", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 20466434048, "type": "region", "version": 1 }, "end_va": 20466438143, "entry_point": 0, "filename": null, "id": "region_9473", "name": "private_0x00000004c3e50000", "norm_filename": null, "region_type": "private_memory", "start_va": 20466434048, "timestamp": "00:02:16.347", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 135168, "start_va": 140725058142208, "type": "region", "version": 1 }, "end_va": 140725058277375, "entry_point": 140725058146560, "filename": "\\Windows\\System32\\dwmapi.dll", "id": "region_9474", "name": "dwmapi.dll", "norm_filename": "c:\\windows\\system32\\dwmapi.dll", "region_type": "memory_mapped_file", "start_va": 140725058142208, "timestamp": "00:02:16.350", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2969600, "start_va": 20491337728, "type": "region", "version": 1 }, "end_va": 20494307327, "entry_point": 20491337728, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_9475", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 20491337728, "timestamp": "00:02:16.353", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 12288, "start_va": 20466499584, "type": "region", "version": 1 }, "end_va": 20466511871, "entry_point": 0, "filename": null, "id": "region_9476", "name": "pagefile_0x00000004c3e60000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 20466499584, "timestamp": "00:02:16.357", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 20466499584, "type": "region", "version": 1 }, "end_va": 20466503679, "entry_point": 0, "filename": null, "id": "region_9477", "name": "pagefile_0x00000004c3e60000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 20466499584, "timestamp": "00:02:16.362", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 20494352384, "type": "region", "version": 1 }, "end_va": 20494356479, "entry_point": 0, "filename": null, "id": "region_9478", "name": "private_0x00000004c58f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 20494352384, "timestamp": "00:02:17.423", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 5185536, "start_va": 20494417920, "type": "region", "version": 1 }, "end_va": 20499603455, "entry_point": 0, "filename": null, "id": "region_9479", "name": "pagefile_0x00000004c5900000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 20494417920, "timestamp": "00:02:17.431", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 15138816, "start_va": 20499660800, "type": "region", "version": 1 }, "end_va": 20514799615, "entry_point": 20499660800, "filename": "\\Windows\\Fonts\\StaticCache.dat", "id": "region_9480", "name": "staticcache.dat", "norm_filename": "c:\\windows\\fonts\\staticcache.dat", "region_type": "memory_mapped_file", "start_va": 20499660800, "timestamp": "00:02:17.432", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 86016, "start_va": 140725025898496, "type": "region", "version": 1 }, "end_va": 140725025984511, "entry_point": 140725025902656, "filename": "\\Windows\\System32\\netapi32.dll", "id": "region_9481", "name": "netapi32.dll", "norm_filename": "c:\\windows\\system32\\netapi32.dll", "region_type": "memory_mapped_file", "start_va": 140725025898496, "timestamp": "00:02:17.439", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 140725072494592, "type": "region", "version": 1 }, "end_va": 140725072543743, "entry_point": 140725072499804, "filename": "\\Windows\\System32\\netutils.dll", "id": "region_9482", "name": "netutils.dll", "norm_filename": "c:\\windows\\system32\\netutils.dll", "region_type": "memory_mapped_file", "start_va": 140725072494592, "timestamp": "00:02:17.441", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 151552, "start_va": 140725073608704, "type": "region", "version": 1 }, "end_va": 140725073760255, "entry_point": 140725073612916, "filename": "\\Windows\\System32\\srvcli.dll", "id": "region_9483", "name": "srvcli.dll", "norm_filename": "c:\\windows\\system32\\srvcli.dll", "region_type": "memory_mapped_file", "start_va": 140725073608704, "timestamp": "00:02:17.444", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 90112, "start_va": 140725025636352, "type": "region", "version": 1 }, "end_va": 140725025726463, "entry_point": 140725025640520, "filename": "\\Windows\\System32\\wkscli.dll", "id": "region_9484", "name": "wkscli.dll", "norm_filename": "c:\\windows\\system32\\wkscli.dll", "region_type": "memory_mapped_file", "start_va": 140725025636352, "timestamp": "00:02:17.445", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 2195456, "start_va": 20514799616, "type": "region", "version": 1 }, "end_va": 20516995071, "entry_point": 0, "filename": null, "id": "region_9505", "name": "pagefile_0x00000004c6c70000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 20514799616, "timestamp": "00:02:17.539", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 20517027840, "type": "region", "version": 1 }, "end_va": 20517031935, "entry_point": 0, "filename": null, "id": "region_9506", "name": "pagefile_0x00000004c6e90000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 20517027840, "timestamp": "00:02:17.539", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 48848896, "start_va": 20517027840, "type": "region", "version": 1 }, "end_va": 20565876735, "entry_point": 20517027840, "filename": "\\Windows\\System32\\imageres.dll", "id": "region_9525", "name": "imageres.dll", "norm_filename": "c:\\windows\\system32\\imageres.dll", "region_type": "memory_mapped_file", "start_va": 20517027840, "timestamp": "00:02:18.397", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 12288, "start_va": 20565917696, "type": "region", "version": 1 }, "end_va": 20565929983, "entry_point": 0, "filename": null, "id": "region_9526", "name": "pagefile_0x00000004c9d30000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 20565917696, "timestamp": "00:02:18.397", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 20565983232, "type": "region", "version": 1 }, "end_va": 20565987327, "entry_point": 0, "filename": null, "id": "region_9527", "name": "pagefile_0x00000004c9d40000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 20565983232, "timestamp": "00:02:18.397", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4169728, "start_va": 20566048768, "type": "region", "version": 1 }, "end_va": 20570218495, "entry_point": 0, "filename": null, "id": "region_9528", "name": "pagefile_0x00000004c9d50000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 20566048768, "timestamp": "00:02:18.397", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 278528, "start_va": 20570243072, "type": "region", "version": 1 }, "end_va": 20570521599, "entry_point": 0, "filename": null, "id": "region_9529", "name": "pagefile_0x00000004ca150000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 20570243072, "timestamp": "00:02:18.397", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 217088, "start_va": 140725075443712, "type": "region", "version": 1 }, "end_va": 140725075660799, "entry_point": 140725075448792, "filename": "\\Windows\\System32\\rsaenh.dll", "id": "region_9530", "name": "rsaenh.dll", "norm_filename": "c:\\windows\\system32\\rsaenh.dll", "region_type": "memory_mapped_file", "start_va": 140725075443712, "timestamp": "00:02:18.398", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 122880, "start_va": 140725079769088, "type": "region", "version": 1 }, "end_va": 140725079891967, "entry_point": 140725079773640, "filename": "\\Windows\\System32\\cryptsp.dll", "id": "region_9531", "name": "cryptsp.dll", "norm_filename": "c:\\windows\\system32\\cryptsp.dll", "region_type": "memory_mapped_file", "start_va": 140725079769088, "timestamp": "00:02:18.398", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 155648, "start_va": 140725082062848, "type": "region", "version": 1 }, "end_va": 140725082218495, "entry_point": 140725082086248, "filename": "\\Windows\\System32\\bcrypt.dll", "id": "region_9532", "name": "bcrypt.dll", "norm_filename": "c:\\windows\\system32\\bcrypt.dll", "region_type": "memory_mapped_file", "start_va": 140725082062848, "timestamp": "00:02:18.399", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1056768, "start_va": 20570570752, "type": "region", "version": 1 }, "end_va": 20571627519, "entry_point": 0, "filename": null, "id": "region_9533", "name": "private_0x00000004ca1a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 20570570752, "timestamp": "00:02:18.405", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "C:\\PROGRA~1\\COMMON~1\\WANACR~1.EXE", "filename": "c:\\progra~1\\common~1\\wanacr~1.exe", "id": "proc_79", "image_name": "wanacr~1.exe", "monitor_reason": "child_process", "monitored_id": 79, "origin_monitor_id": 78, "ref_parent_process": { "ref_id": "proc_78", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable" ], "ref_process_dump": null, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_9551", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:02:18.744", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 131072, "start_va": 287806455808, "type": "region", "version": 1 }, "end_va": 287806586879, "entry_point": 0, "filename": null, "id": "region_9552", "name": "private_0x00000043029a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 287806455808, "timestamp": "00:02:18.744", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 61440, "start_va": 287806586880, "type": "region", "version": 1 }, "end_va": 287806648319, "entry_point": 0, "filename": null, "id": "region_9553", "name": "pagefile_0x00000043029c0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 287806586880, "timestamp": "00:02:18.744", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4194304, "start_va": 287806652416, "type": "region", "version": 1 }, "end_va": 287810846719, "entry_point": 0, "filename": null, "id": "region_9554", "name": "private_0x00000043029d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 287806652416, "timestamp": "00:02:18.744", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 287810846720, "type": "region", "version": 1 }, "end_va": 287810863103, "entry_point": 0, "filename": null, "id": "region_9555", "name": "pagefile_0x0000004302dd0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 287810846720, "timestamp": "00:02:18.744", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 140697998786560, "type": "region", "version": 1 }, "end_va": 140697998929919, "entry_point": 0, "filename": null, "id": "region_9556", "name": "pagefile_0x00007ff6ce3d0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 140697998786560, "timestamp": "00:02:18.744", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 140697998934016, "type": "region", "version": 1 }, "end_va": 140697998938111, "entry_point": 0, "filename": null, "id": "region_9557", "name": "private_0x00007ff6ce3f4000", "norm_filename": null, "region_type": "private_memory", "start_va": 140697998934016, "timestamp": "00:02:18.744", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140697998974976, "type": "region", "version": 1 }, "end_va": 140697998983167, "entry_point": 0, "filename": null, "id": "region_9558", "name": "private_0x00007ff6ce3fe000", "norm_filename": null, "region_type": "private_memory", "start_va": 140697998974976, "timestamp": "00:02:18.744", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1085440, "start_va": 140698014777344, "type": "region", "version": 1 }, "end_va": 140698015862783, "entry_point": 140698014972444, "filename": "\\PROGRA~1\\COMMON~1\\WANACR~1.EXE", "id": "region_9559", "name": "wanacr~1.exe", "norm_filename": "c:\\progra~1\\common~1\\wanacr~1.exe", "region_type": "memory_mapped_file", "start_va": 140698014777344, "timestamp": "00:02:18.744", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 140725133115392, "type": "region", "version": 1 }, "end_va": 140725134856191, "entry_point": 140725133115392, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_9560", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 140725133115392, "timestamp": "00:02:18.745", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 287810912256, "type": "region", "version": 1 }, "end_va": 287810920447, "entry_point": 0, "filename": null, "id": "region_9561", "name": "pagefile_0x0000004302de0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 287810912256, "timestamp": "00:02:18.746", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 287810977792, "type": "region", "version": 1 }, "end_va": 287810985983, "entry_point": 0, "filename": null, "id": "region_9562", "name": "private_0x0000004302df0000", "norm_filename": null, "region_type": "private_memory", "start_va": 287810977792, "timestamp": "00:02:18.926", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4194304, "start_va": 287811174400, "type": "region", "version": 1 }, "end_va": 287815368703, "entry_point": 0, "filename": null, "id": "region_9563", "name": "private_0x0000004302e20000", "norm_filename": null, "region_type": "private_memory", "start_va": 287811174400, "timestamp": "00:02:18.926", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1105920, "start_va": 140725090648064, "type": "region", "version": 1 }, "end_va": 140725091753983, "entry_point": 140725090656928, "filename": "\\Windows\\System32\\KernelBase.dll", "id": "region_9564", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\system32\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 140725090648064, "timestamp": "00:02:18.926", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1282048, "start_va": 140725124988928, "type": "region", "version": 1 }, "end_va": 140725126270975, "entry_point": 140725125009460, "filename": "\\Windows\\System32\\kernel32.dll", "id": "region_9565", "name": "kernel32.dll", "norm_filename": "c:\\windows\\system32\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 140725124988928, "timestamp": "00:02:18.927", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 287806455808, "type": "region", "version": 1 }, "end_va": 287806521343, "entry_point": 0, "filename": null, "id": "region_9566", "name": "pagefile_0x00000043029a0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 287806455808, "timestamp": "00:02:18.939", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 140697997737984, "type": "region", "version": 1 }, "end_va": 140697998786559, "entry_point": 0, "filename": null, "id": "region_9567", "name": "pagefile_0x00007ff6ce2d0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 140697997737984, "timestamp": "00:02:18.939", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 516096, "start_va": 287815368704, "type": "region", "version": 1 }, "end_va": 287815884799, "entry_point": 287815368704, "filename": "\\Windows\\System32\\locale.nls", "id": "region_9568", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 287815368704, "timestamp": "00:02:18.944", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 36864, "start_va": 140724958920704, "type": "region", "version": 1 }, "end_va": 140724958957567, "entry_point": 140724958924928, "filename": "\\Windows\\System32\\wsock32.dll", "id": "region_9569", "name": "wsock32.dll", "norm_filename": "c:\\windows\\system32\\wsock32.dll", "region_type": "memory_mapped_file", "start_va": 140724958920704, "timestamp": "00:02:18.945", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 140724958855168, "type": "region", "version": 1 }, "end_va": 140724958896127, "entry_point": 140724958859456, "filename": "\\Windows\\System32\\version.dll", "id": "region_9570", "name": "version.dll", "norm_filename": "c:\\windows\\system32\\version.dll", "region_type": "memory_mapped_file", "start_va": 140724958855168, "timestamp": "00:02:18.946", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 126976, "start_va": 140724958724096, "type": "region", "version": 1 }, "end_va": 140724958851071, "entry_point": 140724958733304, "filename": "\\Windows\\System32\\winmm.dll", "id": "region_9571", "name": "winmm.dll", "norm_filename": "c:\\windows\\system32\\winmm.dll", "region_type": "memory_mapped_file", "start_va": 140724958724096, "timestamp": "00:02:18.947", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2465792, "start_va": 140725055651840, "type": "region", "version": 1 }, "end_va": 140725058117631, "entry_point": 140725055670080, "filename": "\\Windows\\WinSxS\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_62475f7becb72503\\comctl32.dll", "id": "region_9572", "name": "comctl32.dll", "norm_filename": "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_62475f7becb72503\\comctl32.dll", "region_type": "memory_mapped_file", "start_va": 140725055651840, "timestamp": "00:02:18.948", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 110592, "start_va": 140724999946240, "type": "region", "version": 1 }, "end_va": 140725000056831, "entry_point": 140724999950416, "filename": "\\Windows\\System32\\mpr.dll", "id": "region_9573", "name": "mpr.dll", "norm_filename": "c:\\windows\\system32\\mpr.dll", "region_type": "memory_mapped_file", "start_va": 140724999946240, "timestamp": "00:02:18.949", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 28672, "start_va": 287806521344, "type": "region", "version": 1 }, "end_va": 287806550015, "entry_point": 0, "filename": null, "id": "region_9574", "name": "private_0x00000043029b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 287806521344, "timestamp": "00:02:18.950", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2359296, "start_va": 140725005254656, "type": "region", "version": 1 }, "end_va": 140725007613951, "entry_point": 140725005259760, "filename": "\\Windows\\System32\\wininet.dll", "id": "region_9575", "name": "wininet.dll", "norm_filename": "c:\\windows\\system32\\wininet.dll", "region_type": "memory_mapped_file", "start_va": 140725005254656, "timestamp": "00:02:18.950", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 28672, "start_va": 140725103820800, "type": "region", "version": 1 }, "end_va": 140725103849471, "entry_point": 140725103824912, "filename": "\\Windows\\System32\\psapi.dll", "id": "region_9576", "name": "psapi.dll", "norm_filename": "c:\\windows\\system32\\psapi.dll", "region_type": "memory_mapped_file", "start_va": 140725103820800, "timestamp": "00:02:18.952", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 167936, "start_va": 140725016985600, "type": "region", "version": 1 }, "end_va": 140725017153535, "entry_point": 140725017016680, "filename": "\\Windows\\System32\\IPHLPAPI.DLL", "id": "region_9577", "name": "iphlpapi.dll", "norm_filename": "c:\\windows\\system32\\iphlpapi.dll", "region_type": "memory_mapped_file", "start_va": 140725016985600, "timestamp": "00:02:18.952", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 126976, "start_va": 140725076557824, "type": "region", "version": 1 }, "end_va": 140725076684799, "entry_point": 140725076562672, "filename": "\\Windows\\System32\\userenv.dll", "id": "region_9578", "name": "userenv.dll", "norm_filename": "c:\\windows\\system32\\userenv.dll", "region_type": "memory_mapped_file", "start_va": 140725076557824, "timestamp": "00:02:18.953", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1187840, "start_va": 140725066858496, "type": "region", "version": 1 }, "end_va": 140725068046335, "entry_point": 140725066904644, "filename": "\\Windows\\System32\\uxtheme.dll", "id": "region_9579", "name": "uxtheme.dll", "norm_filename": "c:\\windows\\system32\\uxtheme.dll", "region_type": "memory_mapped_file", "start_va": 140725066858496, "timestamp": "00:02:18.954", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1511424, "start_va": 140725093466112, "type": "region", "version": 1 }, "end_va": 140725094977535, "entry_point": 140725093620416, "filename": "\\Windows\\System32\\user32.dll", "id": "region_9580", "name": "user32.dll", "norm_filename": "c:\\windows\\system32\\user32.dll", "region_type": "memory_mapped_file", "start_va": 140725093466112, "timestamp": "00:02:18.955", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1331200, "start_va": 140725129773056, "type": "region", "version": 1 }, "end_va": 140725131104255, "entry_point": 140725129845848, "filename": "\\Windows\\System32\\gdi32.dll", "id": "region_9581", "name": "gdi32.dll", "norm_filename": "c:\\windows\\system32\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 140725129773056, "timestamp": "00:02:18.957", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 630784, "start_va": 140725129117696, "type": "region", "version": 1 }, "end_va": 140725129748479, "entry_point": 140725129122212, "filename": "\\Windows\\System32\\comdlg32.dll", "id": "region_9582", "name": "comdlg32.dll", "norm_filename": "c:\\windows\\system32\\comdlg32.dll", "region_type": "memory_mapped_file", "start_va": 140725129117696, "timestamp": "00:02:18.958", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 675840, "start_va": 140725126299648, "type": "region", "version": 1 }, "end_va": 140725126975487, "entry_point": 140725126303760, "filename": "\\Windows\\System32\\advapi32.dll", "id": "region_9583", "name": "advapi32.dll", "norm_filename": "c:\\windows\\system32\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 140725126299648, "timestamp": "00:02:18.959", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 21032960, "start_va": 140725103951872, "type": "region", "version": 1 }, "end_va": 140725124984831, "entry_point": 140725103956224, "filename": "\\Windows\\System32\\shell32.dll", "id": "region_9584", "name": "shell32.dll", "norm_filename": "c:\\windows\\system32\\shell32.dll", "region_type": "memory_mapped_file", "start_va": 140725103951872, "timestamp": "00:02:18.960", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1531904, "start_va": 140725096546304, "type": "region", "version": 1 }, "end_va": 140725098078207, "entry_point": 140725096550580, "filename": "\\Windows\\System32\\ole32.dll", "id": "region_9585", "name": "ole32.dll", "norm_filename": "c:\\windows\\system32\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 140725096546304, "timestamp": "00:02:18.961", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 749568, "start_va": 140725101002752, "type": "region", "version": 1 }, "end_va": 140725101752319, "entry_point": 140725101007136, "filename": "\\Windows\\System32\\oleaut32.dll", "id": "region_9586", "name": "oleaut32.dll", "norm_filename": "c:\\windows\\system32\\oleaut32.dll", "region_type": "memory_mapped_file", "start_va": 140725101002752, "timestamp": "00:02:18.962", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 360448, "start_va": 140725127020544, "type": "region", "version": 1 }, "end_va": 140725127380991, "entry_point": 140725127024796, "filename": "\\Windows\\System32\\ws2_32.dll", "id": "region_9587", "name": "ws2_32.dll", "norm_filename": "c:\\windows\\system32\\ws2_32.dll", "region_type": "memory_mapped_file", "start_va": 140725127020544, "timestamp": "00:02:18.963", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 684032, "start_va": 140725098577920, "type": "region", "version": 1 }, "end_va": 140725099261951, "entry_point": 140725098588204, "filename": "\\Windows\\System32\\msvcrt.dll", "id": "region_9588", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\system32\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 140725098577920, "timestamp": "00:02:18.964", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 172032, "start_va": 140725043789824, "type": "region", "version": 1 }, "end_va": 140725043961855, "entry_point": 140725043832680, "filename": "\\Windows\\System32\\winmmbase.dll", "id": "region_9589", "name": "winmmbase.dll", "norm_filename": "c:\\windows\\system32\\winmmbase.dll", "region_type": "memory_mapped_file", "start_va": 140725043789824, "timestamp": "00:02:18.966", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1269760, "start_va": 140725127806976, "type": "region", "version": 1 }, "end_va": 140725129076735, "entry_point": 140725127811408, "filename": "\\Windows\\System32\\rpcrt4.dll", "id": "region_9590", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\system32\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 140725127806976, "timestamp": "00:02:18.969", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2785280, "start_va": 140725002436608, "type": "region", "version": 1 }, "end_va": 140725005221887, "entry_point": 140725002493380, "filename": "\\Windows\\System32\\iertutil.dll", "id": "region_9591", "name": "iertutil.dll", "norm_filename": "c:\\windows\\system32\\iertutil.dll", "region_type": "memory_mapped_file", "start_va": 140725002436608, "timestamp": "00:02:18.970", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 36864, "start_va": 140725103886336, "type": "region", "version": 1 }, "end_va": 140725103923199, "entry_point": 140725103891456, "filename": "\\Windows\\System32\\nsi.dll", "id": "region_9592", "name": "nsi.dll", "norm_filename": "c:\\windows\\system32\\nsi.dll", "region_type": "memory_mapped_file", "start_va": 140725103886336, "timestamp": "00:02:18.971", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 140725016920064, "type": "region", "version": 1 }, "end_va": 140725016961023, "entry_point": 140725016924356, "filename": "\\Windows\\System32\\winnsi.dll", "id": "region_9593", "name": "winnsi.dll", "norm_filename": "c:\\windows\\system32\\winnsi.dll", "region_type": "memory_mapped_file", "start_va": 140725016920064, "timestamp": "00:02:18.991", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 81920, "start_va": 140725086453760, "type": "region", "version": 1 }, "end_va": 140725086535679, "entry_point": 140725086468812, "filename": "\\Windows\\System32\\profapi.dll", "id": "region_9594", "name": "profapi.dll", "norm_filename": "c:\\windows\\system32\\profapi.dll", "region_type": "memory_mapped_file", "start_va": 140725086453760, "timestamp": "00:02:18.993", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1929216, "start_va": 140725131149312, "type": "region", "version": 1 }, "end_va": 140725133078527, "entry_point": 140725131157344, "filename": "\\Windows\\System32\\combase.dll", "id": "region_9595", "name": "combase.dll", "norm_filename": "c:\\windows\\system32\\combase.dll", "region_type": "memory_mapped_file", "start_va": 140725131149312, "timestamp": "00:02:18.997", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 331776, "start_va": 140725095038976, "type": "region", "version": 1 }, "end_va": 140725095370751, "entry_point": 140725095043776, "filename": "\\Windows\\System32\\shlwapi.dll", "id": "region_9596", "name": "shlwapi.dll", "norm_filename": "c:\\windows\\system32\\shlwapi.dll", "region_type": "memory_mapped_file", "start_va": 140725095038976, "timestamp": "00:02:18.999", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 356352, "start_va": 140725098184704, "type": "region", "version": 1 }, "end_va": 140725098541055, "entry_point": 140725098194176, "filename": "\\Windows\\System32\\sechost.dll", "id": "region_9597", "name": "sechost.dll", "norm_filename": "c:\\windows\\system32\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 140725098184704, "timestamp": "00:02:19.001", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 303104, "start_va": 140725090320384, "type": "region", "version": 1 }, "end_va": 140725090623487, "entry_point": 140725090325080, "filename": "\\Windows\\System32\\cfgmgr32.dll", "id": "region_9598", "name": "cfgmgr32.dll", "norm_filename": "c:\\windows\\system32\\cfgmgr32.dll", "region_type": "memory_mapped_file", "start_va": 140725090320384, "timestamp": "00:02:19.004", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 155648, "start_va": 140725068103680, "type": "region", "version": 1 }, "end_va": 140725068259327, "entry_point": 140725068109212, "filename": "\\Windows\\System32\\devobj.dll", "id": "region_9599", "name": "devobj.dll", "norm_filename": "c:\\windows\\system32\\devobj.dll", "region_type": "memory_mapped_file", "start_va": 140725068103680, "timestamp": "00:02:19.006", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 659456, "start_va": 140725060108288, "type": "region", "version": 1 }, "end_va": 140725060767743, "entry_point": 140725060112544, "filename": "\\Windows\\System32\\SHCore.dll", "id": "region_9600", "name": "shcore.dll", "norm_filename": "c:\\windows\\system32\\shcore.dll", "region_type": "memory_mapped_file", "start_va": 140725060108288, "timestamp": "00:02:19.017", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 393216, "start_va": 287815892992, "type": "region", "version": 1 }, "end_va": 287816286207, "entry_point": 0, "filename": null, "id": "region_9601", "name": "private_0x00000043032a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 287815892992, "timestamp": "00:02:19.022", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 28672, "start_va": 287811043328, "type": "region", "version": 1 }, "end_va": 287811071999, "entry_point": 0, "filename": null, "id": "region_9602", "name": "private_0x0000004302e00000", "norm_filename": null, "region_type": "private_memory", "start_va": 287811043328, "timestamp": "00:02:19.029", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 212992, "start_va": 287815892992, "type": "region", "version": 1 }, "end_va": 287816105983, "entry_point": 287815897136, "filename": "\\Windows\\System32\\imm32.dll", "id": "region_9603", "name": "imm32.dll", "norm_filename": "c:\\windows\\system32\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 287815892992, "timestamp": "00:02:19.031", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 287816220672, "type": "region", "version": 1 }, "end_va": 287816286207, "entry_point": 0, "filename": null, "id": "region_9604", "name": "private_0x00000043032f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 287816220672, "timestamp": "00:02:19.031", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 287816286208, "type": "region", "version": 1 }, "end_va": 287817891839, "entry_point": 0, "filename": null, "id": "region_9605", "name": "pagefile_0x0000004303300000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 287816286208, "timestamp": "00:02:19.031", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 212992, "start_va": 140725095563264, "type": "region", "version": 1 }, "end_va": 140725095776255, "entry_point": 140725095567408, "filename": "\\Windows\\System32\\imm32.dll", "id": "region_9606", "name": "imm32.dll", "norm_filename": "c:\\windows\\system32\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 140725095563264, "timestamp": "00:02:19.032", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1277952, "start_va": 140725091762176, "type": "region", "version": 1 }, "end_va": 140725093040127, "entry_point": 140725091766288, "filename": "\\Windows\\System32\\msctf.dll", "id": "region_9607", "name": "msctf.dll", "norm_filename": "c:\\windows\\system32\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 140725091762176, "timestamp": "00:02:19.034", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 287817924608, "type": "region", "version": 1 }, "end_va": 287819501567, "entry_point": 0, "filename": null, "id": "region_9608", "name": "pagefile_0x0000004303490000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 287817924608, "timestamp": "00:02:19.038", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20971520, "start_va": 287819563008, "type": "region", "version": 1 }, "end_va": 287840534527, "entry_point": 0, "filename": null, "id": "region_9609", "name": "pagefile_0x0000004303620000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 287819563008, "timestamp": "00:02:19.038", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 287811108864, "type": "region", "version": 1 }, "end_va": 287811112959, "entry_point": 0, "filename": null, "id": "region_9610", "name": "private_0x0000004302e10000", "norm_filename": null, "region_type": "private_memory", "start_va": 287811108864, "timestamp": "00:02:19.042", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 287815892992, "type": "region", "version": 1 }, "end_va": 287815897087, "entry_point": 0, "filename": null, "id": "region_9611", "name": "private_0x00000043032a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 287815892992, "timestamp": "00:02:19.042", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 287815958528, "type": "region", "version": 1 }, "end_va": 287815962623, "entry_point": 287815958528, "filename": "\\Windows\\WindowsShell.Manifest", "id": "region_9612", "name": "windowsshell.manifest", "norm_filename": "c:\\windows\\windowsshell.manifest", "region_type": "memory_mapped_file", "start_va": 287815958528, "timestamp": "00:02:19.042", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 287816024064, "type": "region", "version": 1 }, "end_va": 287816032255, "entry_point": 0, "filename": null, "id": "region_9613", "name": "pagefile_0x00000043032c0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 287816024064, "timestamp": "00:02:19.043", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1376256, "start_va": 287840534528, "type": "region", "version": 1 }, "end_va": 287841910783, "entry_point": 0, "filename": null, "id": "region_9614", "name": "private_0x0000004304a20000", "norm_filename": null, "region_type": "private_memory", "start_va": 287840534528, "timestamp": "00:02:19.047", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 761856, "start_va": 287840534528, "type": "region", "version": 1 }, "end_va": 287841296383, "entry_point": 287840716648, "filename": "\\Windows\\System32\\rpcss.dll", "id": "region_9615", "name": "rpcss.dll", "norm_filename": "c:\\windows\\system32\\rpcss.dll", "region_type": "memory_mapped_file", "start_va": 287840534528, "timestamp": "00:02:19.053", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 287841845248, "type": "region", "version": 1 }, "end_va": 287841910783, "entry_point": 0, "filename": null, "id": "region_9616", "name": "private_0x0000004304b60000", "norm_filename": null, "region_type": "private_memory", "start_va": 287841845248, "timestamp": "00:02:19.054", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 140725068431360, "type": "region", "version": 1 }, "end_va": 140725068472319, "entry_point": 140725068437320, "filename": "\\Windows\\System32\\kernel.appcore.dll", "id": "region_9617", "name": "kernel.appcore.dll", "norm_filename": "c:\\windows\\system32\\kernel.appcore.dll", "region_type": "memory_mapped_file", "start_va": 140725068431360, "timestamp": "00:02:19.055", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 140725085208576, "type": "region", "version": 1 }, "end_va": 140725085249535, "entry_point": 140725085212688, "filename": "\\Windows\\System32\\cryptbase.dll", "id": "region_9618", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\system32\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 140725085208576, "timestamp": "00:02:19.057", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 385024, "start_va": 140725084815360, "type": "region", "version": 1 }, "end_va": 140725085200383, "entry_point": 140725084944032, "filename": "\\Windows\\System32\\bcryptprimitives.dll", "id": "region_9619", "name": "bcryptprimitives.dll", "norm_filename": "c:\\windows\\system32\\bcryptprimitives.dll", "region_type": "memory_mapped_file", "start_va": 140725084815360, "timestamp": "00:02:19.058", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 287815958528, "type": "region", "version": 1 }, "end_va": 287815962623, "entry_point": 0, "filename": null, "id": "region_9620", "name": "pagefile_0x00000043032b0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 287815958528, "timestamp": "00:02:19.064", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 983040, "start_va": 287840534528, "type": "region", "version": 1 }, "end_va": 287841517567, "entry_point": 0, "filename": null, "id": "region_9621", "name": "pagefile_0x0000004304a20000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 287840534528, "timestamp": "00:02:19.064", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 287815958528, "type": "region", "version": 1 }, "end_va": 287815974911, "entry_point": 0, "filename": null, "id": "region_9622", "name": "pagefile_0x00000043032b0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 287815958528, "timestamp": "00:02:19.064", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 28672, "start_va": 287816089600, "type": "region", "version": 1 }, "end_va": 287816118271, "entry_point": 0, "filename": null, "id": "region_9623", "name": "private_0x00000043032d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 287816089600, "timestamp": "00:02:19.065", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 287841910784, "type": "region", "version": 1 }, "end_va": 287842959359, "entry_point": 0, "filename": null, "id": "region_9624", "name": "private_0x0000004304b70000", "norm_filename": null, "region_type": "private_memory", "start_va": 287841910784, "timestamp": "00:02:19.074", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1052672, "start_va": 287842959360, "type": "region", "version": 1 }, "end_va": 287844012031, "entry_point": 287843154460, "filename": "\\Program Files\\Common Files\\wanacry6.malware.exe", "id": "region_9625", "name": "wanacry6.malware.exe", "norm_filename": "c:\\program files\\common files\\wanacry6.malware.exe", "region_type": "memory_mapped_file", "start_va": 287842959360, "timestamp": "00:02:19.078", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 287816155136, "type": "region", "version": 1 }, "end_va": 287816159231, "entry_point": 0, "filename": null, "id": "region_9626", "name": "private_0x00000043032e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 287816155136, "timestamp": "00:02:19.121", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 135168, "start_va": 140725058142208, "type": "region", "version": 1 }, "end_va": 140725058277375, "entry_point": 140725058146560, "filename": "\\Windows\\System32\\dwmapi.dll", "id": "region_9627", "name": "dwmapi.dll", "norm_filename": "c:\\windows\\system32\\dwmapi.dll", "region_type": "memory_mapped_file", "start_va": 140725058142208, "timestamp": "00:02:19.122", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2969600, "start_va": 287842959360, "type": "region", "version": 1 }, "end_va": 287845928959, "entry_point": 287842959360, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_9628", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 287842959360, "timestamp": "00:02:19.126", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 12288, "start_va": 287841517568, "type": "region", "version": 1 }, "end_va": 287841529855, "entry_point": 0, "filename": null, "id": "region_9629", "name": "pagefile_0x0000004304b10000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 287841517568, "timestamp": "00:02:19.131", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 287841517568, "type": "region", "version": 1 }, "end_va": 287841521663, "entry_point": 0, "filename": null, "id": "region_9630", "name": "pagefile_0x0000004304b10000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 287841517568, "timestamp": "00:02:19.136", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 287841583104, "type": "region", "version": 1 }, "end_va": 287841587199, "entry_point": 0, "filename": null, "id": "region_9631", "name": "private_0x0000004304b20000", "norm_filename": null, "region_type": "private_memory", "start_va": 287841583104, "timestamp": "00:02:20.160", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 5185536, "start_va": 287845974016, "type": "region", "version": 1 }, "end_va": 287851159551, "entry_point": 0, "filename": null, "id": "region_9632", "name": "pagefile_0x0000004304f50000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 287845974016, "timestamp": "00:02:20.166", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 15138816, "start_va": 287851216896, "type": "region", "version": 1 }, "end_va": 287866355711, "entry_point": 287851216896, "filename": "\\Windows\\Fonts\\StaticCache.dat", "id": "region_9633", "name": "staticcache.dat", "norm_filename": "c:\\windows\\fonts\\staticcache.dat", "region_type": "memory_mapped_file", "start_va": 287851216896, "timestamp": "00:02:20.166", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 86016, "start_va": 140725025898496, "type": "region", "version": 1 }, "end_va": 140725025984511, "entry_point": 140725025902656, "filename": "\\Windows\\System32\\netapi32.dll", "id": "region_9634", "name": "netapi32.dll", "norm_filename": "c:\\windows\\system32\\netapi32.dll", "region_type": "memory_mapped_file", "start_va": 140725025898496, "timestamp": "00:02:20.174", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 140725072494592, "type": "region", "version": 1 }, "end_va": 140725072543743, "entry_point": 140725072499804, "filename": "\\Windows\\System32\\netutils.dll", "id": "region_9635", "name": "netutils.dll", "norm_filename": "c:\\windows\\system32\\netutils.dll", "region_type": "memory_mapped_file", "start_va": 140725072494592, "timestamp": "00:02:20.176", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 151552, "start_va": 140725073608704, "type": "region", "version": 1 }, "end_va": 140725073760255, "entry_point": 140725073612916, "filename": "\\Windows\\System32\\srvcli.dll", "id": "region_9636", "name": "srvcli.dll", "norm_filename": "c:\\windows\\system32\\srvcli.dll", "region_type": "memory_mapped_file", "start_va": 140725073608704, "timestamp": "00:02:20.177", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 90112, "start_va": 140725025636352, "type": "region", "version": 1 }, "end_va": 140725025726463, "entry_point": 140725025640520, "filename": "\\Windows\\System32\\wkscli.dll", "id": "region_9637", "name": "wkscli.dll", "norm_filename": "c:\\windows\\system32\\wkscli.dll", "region_type": "memory_mapped_file", "start_va": 140725025636352, "timestamp": "00:02:20.178", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 287841648640, "type": "region", "version": 1 }, "end_va": 287841652735, "entry_point": 0, "filename": null, "id": "region_9658", "name": "pagefile_0x0000004304b30000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 287841648640, "timestamp": "00:02:20.269", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 2195456, "start_va": 287866355712, "type": "region", "version": 1 }, "end_va": 287868551167, "entry_point": 0, "filename": null, "id": "region_9659", "name": "pagefile_0x00000043062c0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 287866355712, "timestamp": "00:02:20.269", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 12288, "start_va": 287841648640, "type": "region", "version": 1 }, "end_va": 287841660927, "entry_point": 0, "filename": null, "id": "region_9678", "name": "pagefile_0x0000004304b30000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 287841648640, "timestamp": "00:02:21.072", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 287841714176, "type": "region", "version": 1 }, "end_va": 287841718271, "entry_point": 0, "filename": null, "id": "region_9679", "name": "pagefile_0x0000004304b40000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 287841714176, "timestamp": "00:02:21.072", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 48848896, "start_va": 287868583936, "type": "region", "version": 1 }, "end_va": 287917432831, "entry_point": 287868583936, "filename": "\\Windows\\System32\\imageres.dll", "id": "region_9680", "name": "imageres.dll", "norm_filename": "c:\\windows\\system32\\imageres.dll", "region_type": "memory_mapped_file", "start_va": 287868583936, "timestamp": "00:02:21.073", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4169728, "start_va": 287917473792, "type": "region", "version": 1 }, "end_va": 287921643519, "entry_point": 0, "filename": null, "id": "region_9681", "name": "pagefile_0x0000004309380000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 287917473792, "timestamp": "00:02:21.074", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 278528, "start_va": 287921668096, "type": "region", "version": 1 }, "end_va": 287921946623, "entry_point": 0, "filename": null, "id": "region_9682", "name": "pagefile_0x0000004309780000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 287921668096, "timestamp": "00:02:21.074", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 217088, "start_va": 140725075443712, "type": "region", "version": 1 }, "end_va": 140725075660799, "entry_point": 140725075448792, "filename": "\\Windows\\System32\\rsaenh.dll", "id": "region_9683", "name": "rsaenh.dll", "norm_filename": "c:\\windows\\system32\\rsaenh.dll", "region_type": "memory_mapped_file", "start_va": 140725075443712, "timestamp": "00:02:21.074", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 122880, "start_va": 140725079769088, "type": "region", "version": 1 }, "end_va": 140725079891967, "entry_point": 140725079773640, "filename": "\\Windows\\System32\\cryptsp.dll", "id": "region_9684", "name": "cryptsp.dll", "norm_filename": "c:\\windows\\system32\\cryptsp.dll", "region_type": "memory_mapped_file", "start_va": 140725079769088, "timestamp": "00:02:21.075", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 155648, "start_va": 140725082062848, "type": "region", "version": 1 }, "end_va": 140725082218495, "entry_point": 140725082086248, "filename": "\\Windows\\System32\\bcrypt.dll", "id": "region_9685", "name": "bcrypt.dll", "norm_filename": "c:\\windows\\system32\\bcrypt.dll", "region_type": "memory_mapped_file", "start_va": 140725082062848, "timestamp": "00:02:21.075", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "C:\\PROGRA~1\\COMMON~1\\WANACR~1.EXE", "filename": "c:\\progra~1\\common~1\\wanacr~1.exe", "id": "proc_80", "image_name": "wanacr~1.exe", "monitor_reason": "child_process", "monitored_id": 80, "origin_monitor_id": 79, "ref_parent_process": { "ref_id": "proc_79", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable" ], "ref_process_dump": null, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_9701", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:02:21.351", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 131072, "start_va": 204940312576, "type": "region", "version": 1 }, "end_va": 204940443647, "entry_point": 0, "filename": null, "id": "region_9702", "name": "private_0x0000002fb7650000", "norm_filename": null, "region_type": "private_memory", "start_va": 204940312576, "timestamp": "00:02:21.351", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 61440, "start_va": 204940443648, "type": "region", "version": 1 }, "end_va": 204940505087, "entry_point": 0, "filename": null, "id": "region_9703", "name": "pagefile_0x0000002fb7670000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 204940443648, "timestamp": "00:02:21.351", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4194304, "start_va": 204940509184, "type": "region", "version": 1 }, "end_va": 204944703487, "entry_point": 0, "filename": null, "id": "region_9704", "name": "private_0x0000002fb7680000", "norm_filename": null, "region_type": "private_memory", "start_va": 204940509184, "timestamp": "00:02:21.351", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 204944703488, "type": "region", "version": 1 }, "end_va": 204944719871, "entry_point": 0, "filename": null, "id": "region_9705", "name": "pagefile_0x0000002fb7a80000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 204944703488, "timestamp": "00:02:21.351", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 140698010386432, "type": "region", "version": 1 }, "end_va": 140698010529791, "entry_point": 0, "filename": null, "id": "region_9706", "name": "pagefile_0x00007ff6ceee0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 140698010386432, "timestamp": "00:02:21.351", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140698010570752, "type": "region", "version": 1 }, "end_va": 140698010578943, "entry_point": 0, "filename": null, "id": "region_9707", "name": "private_0x00007ff6cef0d000", "norm_filename": null, "region_type": "private_memory", "start_va": 140698010570752, "timestamp": "00:02:21.351", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 140698010578944, "type": "region", "version": 1 }, "end_va": 140698010583039, "entry_point": 0, "filename": null, "id": "region_9708", "name": "private_0x00007ff6cef0f000", "norm_filename": null, "region_type": "private_memory", "start_va": 140698010578944, "timestamp": "00:02:21.351", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1085440, "start_va": 140698014777344, "type": "region", "version": 1 }, "end_va": 140698015862783, "entry_point": 140698014972444, "filename": "\\PROGRA~1\\COMMON~1\\WANACR~1.EXE", "id": "region_9709", "name": "wanacr~1.exe", "norm_filename": "c:\\progra~1\\common~1\\wanacr~1.exe", "region_type": "memory_mapped_file", "start_va": 140698014777344, "timestamp": "00:02:21.351", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 140725133115392, "type": "region", "version": 1 }, "end_va": 140725134856191, "entry_point": 140725133115392, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_9710", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 140725133115392, "timestamp": "00:02:21.353", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 204944769024, "type": "region", "version": 1 }, "end_va": 204944777215, "entry_point": 0, "filename": null, "id": "region_9711", "name": "pagefile_0x0000002fb7a90000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 204944769024, "timestamp": "00:02:21.354", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 204944834560, "type": "region", "version": 1 }, "end_va": 204944842751, "entry_point": 0, "filename": null, "id": "region_9712", "name": "private_0x0000002fb7aa0000", "norm_filename": null, "region_type": "private_memory", "start_va": 204944834560, "timestamp": "00:02:21.459", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4325376, "start_va": 204944900096, "type": "region", "version": 1 }, "end_va": 204949225471, "entry_point": 0, "filename": null, "id": "region_9713", "name": "private_0x0000002fb7ab0000", "norm_filename": null, "region_type": "private_memory", "start_va": 204944900096, "timestamp": "00:02:21.459", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1282048, "start_va": 140725124988928, "type": "region", "version": 1 }, "end_va": 140725126270975, "entry_point": 140725125009460, "filename": "\\Windows\\System32\\kernel32.dll", "id": "region_9714", "name": "kernel32.dll", "norm_filename": "c:\\windows\\system32\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 140725124988928, "timestamp": "00:02:21.461", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1105920, "start_va": 140725090648064, "type": "region", "version": 1 }, "end_va": 140725091753983, "entry_point": 140725090656928, "filename": "\\Windows\\System32\\KernelBase.dll", "id": "region_9715", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\system32\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 140725090648064, "timestamp": "00:02:21.463", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 204940312576, "type": "region", "version": 1 }, "end_va": 204940378111, "entry_point": 0, "filename": null, "id": "region_9716", "name": "pagefile_0x0000002fb7650000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 204940312576, "timestamp": "00:02:21.477", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 140698009337856, "type": "region", "version": 1 }, "end_va": 140698010386431, "entry_point": 0, "filename": null, "id": "region_9717", "name": "pagefile_0x00007ff6cede0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 140698009337856, "timestamp": "00:02:21.477", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 516096, "start_va": 204949225472, "type": "region", "version": 1 }, "end_va": 204949741567, "entry_point": 204949225472, "filename": "\\Windows\\System32\\locale.nls", "id": "region_9718", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 204949225472, "timestamp": "00:02:21.480", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 36864, "start_va": 140724958920704, "type": "region", "version": 1 }, "end_va": 140724958957567, "entry_point": 140724958924928, "filename": "\\Windows\\System32\\wsock32.dll", "id": "region_9719", "name": "wsock32.dll", "norm_filename": "c:\\windows\\system32\\wsock32.dll", "region_type": "memory_mapped_file", "start_va": 140724958920704, "timestamp": "00:02:21.481", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 140724958855168, "type": "region", "version": 1 }, "end_va": 140724958896127, "entry_point": 140724958859456, "filename": "\\Windows\\System32\\version.dll", "id": "region_9720", "name": "version.dll", "norm_filename": "c:\\windows\\system32\\version.dll", "region_type": "memory_mapped_file", "start_va": 140724958855168, "timestamp": "00:02:21.492", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 126976, "start_va": 140724958724096, "type": "region", "version": 1 }, "end_va": 140724958851071, "entry_point": 140724958733304, "filename": "\\Windows\\System32\\winmm.dll", "id": "region_9721", "name": "winmm.dll", "norm_filename": "c:\\windows\\system32\\winmm.dll", "region_type": "memory_mapped_file", "start_va": 140724958724096, "timestamp": "00:02:21.493", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2465792, "start_va": 140725055651840, "type": "region", "version": 1 }, "end_va": 140725058117631, "entry_point": 140725055670080, "filename": "\\Windows\\WinSxS\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_62475f7becb72503\\comctl32.dll", "id": "region_9722", "name": "comctl32.dll", "norm_filename": "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_62475f7becb72503\\comctl32.dll", "region_type": "memory_mapped_file", "start_va": 140725055651840, "timestamp": "00:02:21.494", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 110592, "start_va": 140724999946240, "type": "region", "version": 1 }, "end_va": 140725000056831, "entry_point": 140724999950416, "filename": "\\Windows\\System32\\mpr.dll", "id": "region_9723", "name": "mpr.dll", "norm_filename": "c:\\windows\\system32\\mpr.dll", "region_type": "memory_mapped_file", "start_va": 140724999946240, "timestamp": "00:02:21.495", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 28672, "start_va": 204940378112, "type": "region", "version": 1 }, "end_va": 204940406783, "entry_point": 0, "filename": null, "id": "region_9724", "name": "private_0x0000002fb7660000", "norm_filename": null, "region_type": "private_memory", "start_va": 204940378112, "timestamp": "00:02:21.496", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2359296, "start_va": 140725005254656, "type": "region", "version": 1 }, "end_va": 140725007613951, "entry_point": 140725005259760, "filename": "\\Windows\\System32\\wininet.dll", "id": "region_9725", "name": "wininet.dll", "norm_filename": "c:\\windows\\system32\\wininet.dll", "region_type": "memory_mapped_file", "start_va": 140725005254656, "timestamp": "00:02:21.496", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 28672, "start_va": 140725103820800, "type": "region", "version": 1 }, "end_va": 140725103849471, "entry_point": 140725103824912, "filename": "\\Windows\\System32\\psapi.dll", "id": "region_9726", "name": "psapi.dll", "norm_filename": "c:\\windows\\system32\\psapi.dll", "region_type": "memory_mapped_file", "start_va": 140725103820800, "timestamp": "00:02:21.506", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 167936, "start_va": 140725016985600, "type": "region", "version": 1 }, "end_va": 140725017153535, "entry_point": 140725017016680, "filename": "\\Windows\\System32\\IPHLPAPI.DLL", "id": "region_9727", "name": "iphlpapi.dll", "norm_filename": "c:\\windows\\system32\\iphlpapi.dll", "region_type": "memory_mapped_file", "start_va": 140725016985600, "timestamp": "00:02:21.507", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 126976, "start_va": 140725076557824, "type": "region", "version": 1 }, "end_va": 140725076684799, "entry_point": 140725076562672, "filename": "\\Windows\\System32\\userenv.dll", "id": "region_9728", "name": "userenv.dll", "norm_filename": "c:\\windows\\system32\\userenv.dll", "region_type": "memory_mapped_file", "start_va": 140725076557824, "timestamp": "00:02:21.508", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1187840, "start_va": 140725066858496, "type": "region", "version": 1 }, "end_va": 140725068046335, "entry_point": 140725066904644, "filename": "\\Windows\\System32\\uxtheme.dll", "id": "region_9729", "name": "uxtheme.dll", "norm_filename": "c:\\windows\\system32\\uxtheme.dll", "region_type": "memory_mapped_file", "start_va": 140725066858496, "timestamp": "00:02:21.510", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1511424, "start_va": 140725093466112, "type": "region", "version": 1 }, "end_va": 140725094977535, "entry_point": 140725093620416, "filename": "\\Windows\\System32\\user32.dll", "id": "region_9730", "name": "user32.dll", "norm_filename": "c:\\windows\\system32\\user32.dll", "region_type": "memory_mapped_file", "start_va": 140725093466112, "timestamp": "00:02:21.511", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1331200, "start_va": 140725129773056, "type": "region", "version": 1 }, "end_va": 140725131104255, "entry_point": 140725129845848, "filename": "\\Windows\\System32\\gdi32.dll", "id": "region_9731", "name": "gdi32.dll", "norm_filename": "c:\\windows\\system32\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 140725129773056, "timestamp": "00:02:21.511", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 630784, "start_va": 140725129117696, "type": "region", "version": 1 }, "end_va": 140725129748479, "entry_point": 140725129122212, "filename": "\\Windows\\System32\\comdlg32.dll", "id": "region_9732", "name": "comdlg32.dll", "norm_filename": "c:\\windows\\system32\\comdlg32.dll", "region_type": "memory_mapped_file", "start_va": 140725129117696, "timestamp": "00:02:21.512", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 675840, "start_va": 140725126299648, "type": "region", "version": 1 }, "end_va": 140725126975487, "entry_point": 140725126303760, "filename": "\\Windows\\System32\\advapi32.dll", "id": "region_9733", "name": "advapi32.dll", "norm_filename": "c:\\windows\\system32\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 140725126299648, "timestamp": "00:02:21.522", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 21032960, "start_va": 140725103951872, "type": "region", "version": 1 }, "end_va": 140725124984831, "entry_point": 140725103956224, "filename": "\\Windows\\System32\\shell32.dll", "id": "region_9734", "name": "shell32.dll", "norm_filename": "c:\\windows\\system32\\shell32.dll", "region_type": "memory_mapped_file", "start_va": 140725103951872, "timestamp": "00:02:21.524", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1531904, "start_va": 140725096546304, "type": "region", "version": 1 }, "end_va": 140725098078207, "entry_point": 140725096550580, "filename": "\\Windows\\System32\\ole32.dll", "id": "region_9735", "name": "ole32.dll", "norm_filename": "c:\\windows\\system32\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 140725096546304, "timestamp": "00:02:21.524", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 749568, "start_va": 140725101002752, "type": "region", "version": 1 }, "end_va": 140725101752319, "entry_point": 140725101007136, "filename": "\\Windows\\System32\\oleaut32.dll", "id": "region_9736", "name": "oleaut32.dll", "norm_filename": "c:\\windows\\system32\\oleaut32.dll", "region_type": "memory_mapped_file", "start_va": 140725101002752, "timestamp": "00:02:21.525", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 360448, "start_va": 140725127020544, "type": "region", "version": 1 }, "end_va": 140725127380991, "entry_point": 140725127024796, "filename": "\\Windows\\System32\\ws2_32.dll", "id": "region_9737", "name": "ws2_32.dll", "norm_filename": "c:\\windows\\system32\\ws2_32.dll", "region_type": "memory_mapped_file", "start_va": 140725127020544, "timestamp": "00:02:21.526", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 684032, "start_va": 140725098577920, "type": "region", "version": 1 }, "end_va": 140725099261951, "entry_point": 140725098588204, "filename": "\\Windows\\System32\\msvcrt.dll", "id": "region_9738", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\system32\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 140725098577920, "timestamp": "00:02:21.527", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 172032, "start_va": 140725043789824, "type": "region", "version": 1 }, "end_va": 140725043961855, "entry_point": 140725043832680, "filename": "\\Windows\\System32\\winmmbase.dll", "id": "region_9739", "name": "winmmbase.dll", "norm_filename": "c:\\windows\\system32\\winmmbase.dll", "region_type": "memory_mapped_file", "start_va": 140725043789824, "timestamp": "00:02:21.538", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1269760, "start_va": 140725127806976, "type": "region", "version": 1 }, "end_va": 140725129076735, "entry_point": 140725127811408, "filename": "\\Windows\\System32\\rpcrt4.dll", "id": "region_9740", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\system32\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 140725127806976, "timestamp": "00:02:21.541", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2785280, "start_va": 140725002436608, "type": "region", "version": 1 }, "end_va": 140725005221887, "entry_point": 140725002493380, "filename": "\\Windows\\System32\\iertutil.dll", "id": "region_9741", "name": "iertutil.dll", "norm_filename": "c:\\windows\\system32\\iertutil.dll", "region_type": "memory_mapped_file", "start_va": 140725002436608, "timestamp": "00:02:21.542", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 36864, "start_va": 140725103886336, "type": "region", "version": 1 }, "end_va": 140725103923199, "entry_point": 140725103891456, "filename": "\\Windows\\System32\\nsi.dll", "id": "region_9742", "name": "nsi.dll", "norm_filename": "c:\\windows\\system32\\nsi.dll", "region_type": "memory_mapped_file", "start_va": 140725103886336, "timestamp": "00:02:21.543", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 140725016920064, "type": "region", "version": 1 }, "end_va": 140725016961023, "entry_point": 140725016924356, "filename": "\\Windows\\System32\\winnsi.dll", "id": "region_9743", "name": "winnsi.dll", "norm_filename": "c:\\windows\\system32\\winnsi.dll", "region_type": "memory_mapped_file", "start_va": 140725016920064, "timestamp": "00:02:21.555", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 81920, "start_va": 140725086453760, "type": "region", "version": 1 }, "end_va": 140725086535679, "entry_point": 140725086468812, "filename": "\\Windows\\System32\\profapi.dll", "id": "region_9744", "name": "profapi.dll", "norm_filename": "c:\\windows\\system32\\profapi.dll", "region_type": "memory_mapped_file", "start_va": 140725086453760, "timestamp": "00:02:21.557", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1929216, "start_va": 140725131149312, "type": "region", "version": 1 }, "end_va": 140725133078527, "entry_point": 140725131157344, "filename": "\\Windows\\System32\\combase.dll", "id": "region_9745", "name": "combase.dll", "norm_filename": "c:\\windows\\system32\\combase.dll", "region_type": "memory_mapped_file", "start_va": 140725131149312, "timestamp": "00:02:21.591", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 331776, "start_va": 140725095038976, "type": "region", "version": 1 }, "end_va": 140725095370751, "entry_point": 140725095043776, "filename": "\\Windows\\System32\\shlwapi.dll", "id": "region_9746", "name": "shlwapi.dll", "norm_filename": "c:\\windows\\system32\\shlwapi.dll", "region_type": "memory_mapped_file", "start_va": 140725095038976, "timestamp": "00:02:21.594", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 356352, "start_va": 140725098184704, "type": "region", "version": 1 }, "end_va": 140725098541055, "entry_point": 140725098194176, "filename": "\\Windows\\System32\\sechost.dll", "id": "region_9747", "name": "sechost.dll", "norm_filename": "c:\\windows\\system32\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 140725098184704, "timestamp": "00:02:21.595", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 303104, "start_va": 140725090320384, "type": "region", "version": 1 }, "end_va": 140725090623487, "entry_point": 140725090325080, "filename": "\\Windows\\System32\\cfgmgr32.dll", "id": "region_9748", "name": "cfgmgr32.dll", "norm_filename": "c:\\windows\\system32\\cfgmgr32.dll", "region_type": "memory_mapped_file", "start_va": 140725090320384, "timestamp": "00:02:21.598", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 155648, "start_va": 140725068103680, "type": "region", "version": 1 }, "end_va": 140725068259327, "entry_point": 140725068109212, "filename": "\\Windows\\System32\\devobj.dll", "id": "region_9749", "name": "devobj.dll", "norm_filename": "c:\\windows\\system32\\devobj.dll", "region_type": "memory_mapped_file", "start_va": 140725068103680, "timestamp": "00:02:21.599", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 659456, "start_va": 140725060108288, "type": "region", "version": 1 }, "end_va": 140725060767743, "entry_point": 140725060112544, "filename": "\\Windows\\System32\\SHCore.dll", "id": "region_9750", "name": "shcore.dll", "norm_filename": "c:\\windows\\system32\\shcore.dll", "region_type": "memory_mapped_file", "start_va": 140725060108288, "timestamp": "00:02:21.610", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1638400, "start_va": 204949749760, "type": "region", "version": 1 }, "end_va": 204951388159, "entry_point": 0, "filename": null, "id": "region_9751", "name": "private_0x0000002fb7f50000", "norm_filename": null, "region_type": "private_memory", "start_va": 204949749760, "timestamp": "00:02:21.613", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 28672, "start_va": 204944900096, "type": "region", "version": 1 }, "end_va": 204944928767, "entry_point": 0, "filename": null, "id": "region_9752", "name": "private_0x0000002fb7ab0000", "norm_filename": null, "region_type": "private_memory", "start_va": 204944900096, "timestamp": "00:02:21.614", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4194304, "start_va": 204945031168, "type": "region", "version": 1 }, "end_va": 204949225471, "entry_point": 0, "filename": null, "id": "region_9753", "name": "private_0x0000002fb7ad0000", "norm_filename": null, "region_type": "private_memory", "start_va": 204945031168, "timestamp": "00:02:21.614", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 212992, "start_va": 204949749760, "type": "region", "version": 1 }, "end_va": 204949962751, "entry_point": 204949753904, "filename": "\\Windows\\System32\\imm32.dll", "id": "region_9754", "name": "imm32.dll", "norm_filename": "c:\\windows\\system32\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 204949749760, "timestamp": "00:02:21.616", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 204951322624, "type": "region", "version": 1 }, "end_va": 204951388159, "entry_point": 0, "filename": null, "id": "region_9755", "name": "private_0x0000002fb80d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 204951322624, "timestamp": "00:02:21.617", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 204951388160, "type": "region", "version": 1 }, "end_va": 204952993791, "entry_point": 0, "filename": null, "id": "region_9756", "name": "pagefile_0x0000002fb80e0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 204951388160, "timestamp": "00:02:21.617", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 212992, "start_va": 140725095563264, "type": "region", "version": 1 }, "end_va": 140725095776255, "entry_point": 140725095567408, "filename": "\\Windows\\System32\\imm32.dll", "id": "region_9757", "name": "imm32.dll", "norm_filename": "c:\\windows\\system32\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 140725095563264, "timestamp": "00:02:21.618", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1277952, "start_va": 140725091762176, "type": "region", "version": 1 }, "end_va": 140725093040127, "entry_point": 140725091766288, "filename": "\\Windows\\System32\\msctf.dll", "id": "region_9758", "name": "msctf.dll", "norm_filename": "c:\\windows\\system32\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 140725091762176, "timestamp": "00:02:21.619", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 204953026560, "type": "region", "version": 1 }, "end_va": 204954603519, "entry_point": 0, "filename": null, "id": "region_9759", "name": "pagefile_0x0000002fb8270000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 204953026560, "timestamp": "00:02:21.621", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20971520, "start_va": 204954664960, "type": "region", "version": 1 }, "end_va": 204975636479, "entry_point": 0, "filename": null, "id": "region_9760", "name": "pagefile_0x0000002fb8400000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 204954664960, "timestamp": "00:02:21.622", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 204944965632, "type": "region", "version": 1 }, "end_va": 204944969727, "entry_point": 0, "filename": null, "id": "region_9762", "name": "private_0x0000002fb7ac0000", "norm_filename": null, "region_type": "private_memory", "start_va": 204944965632, "timestamp": "00:02:21.681", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 204949749760, "type": "region", "version": 1 }, "end_va": 204949753855, "entry_point": 0, "filename": null, "id": "region_9763", "name": "private_0x0000002fb7f50000", "norm_filename": null, "region_type": "private_memory", "start_va": 204949749760, "timestamp": "00:02:21.681", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 204949815296, "type": "region", "version": 1 }, "end_va": 204949819391, "entry_point": 204949815296, "filename": "\\Windows\\WindowsShell.Manifest", "id": "region_9764", "name": "windowsshell.manifest", "norm_filename": "c:\\windows\\windowsshell.manifest", "region_type": "memory_mapped_file", "start_va": 204949815296, "timestamp": "00:02:21.681", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 204949880832, "type": "region", "version": 1 }, "end_va": 204949889023, "entry_point": 0, "filename": null, "id": "region_9765", "name": "pagefile_0x0000002fb7f70000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 204949880832, "timestamp": "00:02:21.682", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1638400, "start_va": 204975636480, "type": "region", "version": 1 }, "end_va": 204977274879, "entry_point": 0, "filename": null, "id": "region_9766", "name": "private_0x0000002fb9800000", "norm_filename": null, "region_type": "private_memory", "start_va": 204975636480, "timestamp": "00:02:21.686", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 761856, "start_va": 204949946368, "type": "region", "version": 1 }, "end_va": 204950708223, "entry_point": 204950128488, "filename": "\\Windows\\System32\\rpcss.dll", "id": "region_9767", "name": "rpcss.dll", "norm_filename": "c:\\windows\\system32\\rpcss.dll", "region_type": "memory_mapped_file", "start_va": 204949946368, "timestamp": "00:02:21.693", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 140725068431360, "type": "region", "version": 1 }, "end_va": 140725068472319, "entry_point": 140725068437320, "filename": "\\Windows\\System32\\kernel.appcore.dll", "id": "region_9768", "name": "kernel.appcore.dll", "norm_filename": "c:\\windows\\system32\\kernel.appcore.dll", "region_type": "memory_mapped_file", "start_va": 140725068431360, "timestamp": "00:02:21.696", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 140725085208576, "type": "region", "version": 1 }, "end_va": 140725085249535, "entry_point": 140725085212688, "filename": "\\Windows\\System32\\cryptbase.dll", "id": "region_9769", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\system32\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 140725085208576, "timestamp": "00:02:21.698", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 385024, "start_va": 140725084815360, "type": "region", "version": 1 }, "end_va": 140725085200383, "entry_point": 140725084944032, "filename": "\\Windows\\System32\\bcryptprimitives.dll", "id": "region_9770", "name": "bcryptprimitives.dll", "norm_filename": "c:\\windows\\system32\\bcryptprimitives.dll", "region_type": "memory_mapped_file", "start_va": 140725084815360, "timestamp": "00:02:21.700", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 204949815296, "type": "region", "version": 1 }, "end_va": 204949819391, "entry_point": 0, "filename": null, "id": "region_9771", "name": "pagefile_0x0000002fb7f60000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 204949815296, "timestamp": "00:02:21.705", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 983040, "start_va": 204949946368, "type": "region", "version": 1 }, "end_va": 204950929407, "entry_point": 0, "filename": null, "id": "region_9772", "name": "pagefile_0x0000002fb7f80000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 204949946368, "timestamp": "00:02:21.706", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 204949815296, "type": "region", "version": 1 }, "end_va": 204949831679, "entry_point": 0, "filename": null, "id": "region_9773", "name": "pagefile_0x0000002fb7f60000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 204949815296, "timestamp": "00:02:21.706", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 28672, "start_va": 204950929408, "type": "region", "version": 1 }, "end_va": 204950958079, "entry_point": 0, "filename": null, "id": "region_9774", "name": "private_0x0000002fb8070000", "norm_filename": null, "region_type": "private_memory", "start_va": 204950929408, "timestamp": "00:02:21.707", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 204975636480, "type": "region", "version": 1 }, "end_va": 204976685055, "entry_point": 0, "filename": null, "id": "region_9775", "name": "private_0x0000002fb9800000", "norm_filename": null, "region_type": "private_memory", "start_va": 204975636480, "timestamp": "00:02:21.713", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 204977209344, "type": "region", "version": 1 }, "end_va": 204977274879, "entry_point": 0, "filename": null, "id": "region_9776", "name": "private_0x0000002fb9980000", "norm_filename": null, "region_type": "private_memory", "start_va": 204977209344, "timestamp": "00:02:21.713", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1052672, "start_va": 204977274880, "type": "region", "version": 1 }, "end_va": 204978327551, "entry_point": 204977469980, "filename": "\\Program Files\\Common Files\\wanacry6.malware.exe", "id": "region_9777", "name": "wanacry6.malware.exe", "norm_filename": "c:\\program files\\common files\\wanacry6.malware.exe", "region_type": "memory_mapped_file", "start_va": 204977274880, "timestamp": "00:02:21.717", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 204950994944, "type": "region", "version": 1 }, "end_va": 204950999039, "entry_point": 0, "filename": null, "id": "region_9778", "name": "private_0x0000002fb8080000", "norm_filename": null, "region_type": "private_memory", "start_va": 204950994944, "timestamp": "00:02:21.749", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 135168, "start_va": 140725058142208, "type": "region", "version": 1 }, "end_va": 140725058277375, "entry_point": 140725058146560, "filename": "\\Windows\\System32\\dwmapi.dll", "id": "region_9779", "name": "dwmapi.dll", "norm_filename": "c:\\windows\\system32\\dwmapi.dll", "region_type": "memory_mapped_file", "start_va": 140725058142208, "timestamp": "00:02:21.750", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2969600, "start_va": 204977274880, "type": "region", "version": 1 }, "end_va": 204980244479, "entry_point": 204977274880, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_9780", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 204977274880, "timestamp": "00:02:21.753", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 12288, "start_va": 204951060480, "type": "region", "version": 1 }, "end_va": 204951072767, "entry_point": 0, "filename": null, "id": "region_9781", "name": "pagefile_0x0000002fb8090000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 204951060480, "timestamp": "00:02:21.758", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 204951060480, "type": "region", "version": 1 }, "end_va": 204951064575, "entry_point": 0, "filename": null, "id": "region_9782", "name": "pagefile_0x0000002fb8090000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 204951060480, "timestamp": "00:02:21.763", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 204951126016, "type": "region", "version": 1 }, "end_va": 204951130111, "entry_point": 0, "filename": null, "id": "region_9783", "name": "private_0x0000002fb80a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 204951126016, "timestamp": "00:02:22.786", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 5185536, "start_va": 204980289536, "type": "region", "version": 1 }, "end_va": 204985475071, "entry_point": 0, "filename": null, "id": "region_9784", "name": "pagefile_0x0000002fb9c70000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 204980289536, "timestamp": "00:02:22.792", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 15138816, "start_va": 204985532416, "type": "region", "version": 1 }, "end_va": 205000671231, "entry_point": 204985532416, "filename": "\\Windows\\Fonts\\StaticCache.dat", "id": "region_9785", "name": "staticcache.dat", "norm_filename": "c:\\windows\\fonts\\staticcache.dat", "region_type": "memory_mapped_file", "start_va": 204985532416, "timestamp": "00:02:22.793", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 86016, "start_va": 140725025898496, "type": "region", "version": 1 }, "end_va": 140725025984511, "entry_point": 140725025902656, "filename": "\\Windows\\System32\\netapi32.dll", "id": "region_9786", "name": "netapi32.dll", "norm_filename": "c:\\windows\\system32\\netapi32.dll", "region_type": "memory_mapped_file", "start_va": 140725025898496, "timestamp": "00:02:22.801", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 140725072494592, "type": "region", "version": 1 }, "end_va": 140725072543743, "entry_point": 140725072499804, "filename": "\\Windows\\System32\\netutils.dll", "id": "region_9787", "name": "netutils.dll", "norm_filename": "c:\\windows\\system32\\netutils.dll", "region_type": "memory_mapped_file", "start_va": 140725072494592, "timestamp": "00:02:22.803", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 151552, "start_va": 140725073608704, "type": "region", "version": 1 }, "end_va": 140725073760255, "entry_point": 140725073612916, "filename": "\\Windows\\System32\\srvcli.dll", "id": "region_9788", "name": "srvcli.dll", "norm_filename": "c:\\windows\\system32\\srvcli.dll", "region_type": "memory_mapped_file", "start_va": 140725073608704, "timestamp": "00:02:22.804", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 90112, "start_va": 140725025636352, "type": "region", "version": 1 }, "end_va": 140725025726463, "entry_point": 140725025640520, "filename": "\\Windows\\System32\\wkscli.dll", "id": "region_9789", "name": "wkscli.dll", "norm_filename": "c:\\windows\\system32\\wkscli.dll", "region_type": "memory_mapped_file", "start_va": 140725025636352, "timestamp": "00:02:22.805", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 204951191552, "type": "region", "version": 1 }, "end_va": 204951195647, "entry_point": 0, "filename": null, "id": "region_9810", "name": "pagefile_0x0000002fb80b0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 204951191552, "timestamp": "00:02:22.888", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 2195456, "start_va": 205000671232, "type": "region", "version": 1 }, "end_va": 205002866687, "entry_point": 0, "filename": null, "id": "region_9811", "name": "pagefile_0x0000002fbafe0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 205000671232, "timestamp": "00:02:22.888", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 12288, "start_va": 204951191552, "type": "region", "version": 1 }, "end_va": 204951203839, "entry_point": 0, "filename": null, "id": "region_9829", "name": "pagefile_0x0000002fb80b0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 204951191552, "timestamp": "00:02:23.688", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 204951257088, "type": "region", "version": 1 }, "end_va": 204951261183, "entry_point": 0, "filename": null, "id": "region_9830", "name": "pagefile_0x0000002fb80c0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 204951257088, "timestamp": "00:02:23.688", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 278528, "start_va": 204976685056, "type": "region", "version": 1 }, "end_va": 204976963583, "entry_point": 0, "filename": null, "id": "region_9831", "name": "pagefile_0x0000002fb9900000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 204976685056, "timestamp": "00:02:23.688", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 48848896, "start_va": 205002899456, "type": "region", "version": 1 }, "end_va": 205051748351, "entry_point": 205002899456, "filename": "\\Windows\\System32\\imageres.dll", "id": "region_9832", "name": "imageres.dll", "norm_filename": "c:\\windows\\system32\\imageres.dll", "region_type": "memory_mapped_file", "start_va": 205002899456, "timestamp": "00:02:23.689", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4169728, "start_va": 205051789312, "type": "region", "version": 1 }, "end_va": 205055959039, "entry_point": 0, "filename": null, "id": "region_9833", "name": "pagefile_0x0000002fbe0a0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 205051789312, "timestamp": "00:02:23.690", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 217088, "start_va": 140725075443712, "type": "region", "version": 1 }, "end_va": 140725075660799, "entry_point": 140725075448792, "filename": "\\Windows\\System32\\rsaenh.dll", "id": "region_9834", "name": "rsaenh.dll", "norm_filename": "c:\\windows\\system32\\rsaenh.dll", "region_type": "memory_mapped_file", "start_va": 140725075443712, "timestamp": "00:02:23.690", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 122880, "start_va": 140725079769088, "type": "region", "version": 1 }, "end_va": 140725079891967, "entry_point": 140725079773640, "filename": "\\Windows\\System32\\cryptsp.dll", "id": "region_9835", "name": "cryptsp.dll", "norm_filename": "c:\\windows\\system32\\cryptsp.dll", "region_type": "memory_mapped_file", "start_va": 140725079769088, "timestamp": "00:02:23.691", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 155648, "start_va": 140725082062848, "type": "region", "version": 1 }, "end_va": 140725082218495, "entry_point": 140725082086248, "filename": "\\Windows\\System32\\bcrypt.dll", "id": "region_9836", "name": "bcrypt.dll", "norm_filename": "c:\\windows\\system32\\bcrypt.dll", "region_type": "memory_mapped_file", "start_va": 140725082062848, "timestamp": "00:02:23.691", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1089536, "start_va": 205055983616, "type": "region", "version": 1 }, "end_va": 205057073151, "entry_point": 0, "filename": null, "id": "region_9837", "name": "private_0x0000002fbe4a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 205055983616, "timestamp": "00:02:23.700", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "C:\\PROGRA~1\\COMMON~1\\WANACR~1.EXE", "filename": "c:\\progra~1\\common~1\\wanacr~1.exe", "id": "proc_81", "image_name": "wanacr~1.exe", "monitor_reason": "child_process", "monitored_id": 81, "origin_monitor_id": 80, "ref_parent_process": { "ref_id": "proc_80", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable" ], "ref_process_dump": null, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_9853", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:02:23.994", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4194304, "start_va": 307090161664, "type": "region", "version": 1 }, "end_va": 307094355967, "entry_point": 0, "filename": null, "id": "region_9854", "name": "private_0x0000004780000000", "norm_filename": null, "region_type": "private_memory", "start_va": 307090161664, "timestamp": "00:02:23.994", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 131072, "start_va": 309236400128, "type": "region", "version": 1 }, "end_va": 309236531199, "entry_point": 0, "filename": null, "id": "region_9855", "name": "private_0x00000047ffed0000", "norm_filename": null, "region_type": "private_memory", "start_va": 309236400128, "timestamp": "00:02:23.994", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 61440, "start_va": 309236531200, "type": "region", "version": 1 }, "end_va": 309236592639, "entry_point": 0, "filename": null, "id": "region_9856", "name": "pagefile_0x00000047ffef0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 309236531200, "timestamp": "00:02:23.994", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 309236596736, "type": "region", "version": 1 }, "end_va": 309236613119, "entry_point": 0, "filename": null, "id": "region_9857", "name": "pagefile_0x00000047fff00000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 309236596736, "timestamp": "00:02:23.994", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 140698010910720, "type": "region", "version": 1 }, "end_va": 140698011054079, "entry_point": 0, "filename": null, "id": "region_9858", "name": "pagefile_0x00007ff6cef60000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 140698010910720, "timestamp": "00:02:23.994", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 140698011082752, "type": "region", "version": 1 }, "end_va": 140698011086847, "entry_point": 0, "filename": null, "id": "region_9859", "name": "private_0x00007ff6cef8a000", "norm_filename": null, "region_type": "private_memory", "start_va": 140698011082752, "timestamp": "00:02:23.994", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140698011099136, "type": "region", "version": 1 }, "end_va": 140698011107327, "entry_point": 0, "filename": null, "id": "region_9860", "name": "private_0x00007ff6cef8e000", "norm_filename": null, "region_type": "private_memory", "start_va": 140698011099136, "timestamp": "00:02:23.994", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1085440, "start_va": 140698014777344, "type": "region", "version": 1 }, "end_va": 140698015862783, "entry_point": 140698014972444, "filename": "\\PROGRA~1\\COMMON~1\\WANACR~1.EXE", "id": "region_9861", "name": "wanacr~1.exe", "norm_filename": "c:\\progra~1\\common~1\\wanacr~1.exe", "region_type": "memory_mapped_file", "start_va": 140698014777344, "timestamp": "00:02:23.994", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 140725133115392, "type": "region", "version": 1 }, "end_va": 140725134856191, "entry_point": 140725133115392, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_9862", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 140725133115392, "timestamp": "00:02:23.995", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 309236662272, "type": "region", "version": 1 }, "end_va": 309236670463, "entry_point": 0, "filename": null, "id": "region_9863", "name": "pagefile_0x00000047fff10000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 309236662272, "timestamp": "00:02:23.996", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 5636096, "start_va": 307094355968, "type": "region", "version": 1 }, "end_va": 307099992063, "entry_point": 0, "filename": null, "id": "region_9865", "name": "private_0x0000004780400000", "norm_filename": null, "region_type": "private_memory", "start_va": 307094355968, "timestamp": "00:02:24.119", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 309236727808, "type": "region", "version": 1 }, "end_va": 309236735999, "entry_point": 0, "filename": null, "id": "region_9866", "name": "private_0x00000047fff20000", "norm_filename": null, "region_type": "private_memory", "start_va": 309236727808, "timestamp": "00:02:24.119", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1282048, "start_va": 140725124988928, "type": "region", "version": 1 }, "end_va": 140725126270975, "entry_point": 140725125009460, "filename": "\\Windows\\System32\\kernel32.dll", "id": "region_9867", "name": "kernel32.dll", "norm_filename": "c:\\windows\\system32\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 140725124988928, "timestamp": "00:02:24.132", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1105920, "start_va": 140725090648064, "type": "region", "version": 1 }, "end_va": 140725091753983, "entry_point": 140725090656928, "filename": "\\Windows\\System32\\KernelBase.dll", "id": "region_9868", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\system32\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 140725090648064, "timestamp": "00:02:24.134", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 307094355968, "type": "region", "version": 1 }, "end_va": 307094421503, "entry_point": 0, "filename": null, "id": "region_9869", "name": "pagefile_0x0000004780400000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 307094355968, "timestamp": "00:02:24.146", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4194304, "start_va": 307095797760, "type": "region", "version": 1 }, "end_va": 307099992063, "entry_point": 0, "filename": null, "id": "region_9870", "name": "private_0x0000004780560000", "norm_filename": null, "region_type": "private_memory", "start_va": 307095797760, "timestamp": "00:02:24.146", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 140698009862144, "type": "region", "version": 1 }, "end_va": 140698010910719, "entry_point": 0, "filename": null, "id": "region_9871", "name": "pagefile_0x00007ff6cee60000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 140698009862144, "timestamp": "00:02:24.146", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 516096, "start_va": 307094421504, "type": "region", "version": 1 }, "end_va": 307094937599, "entry_point": 307094421504, "filename": "\\Windows\\System32\\locale.nls", "id": "region_9872", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 307094421504, "timestamp": "00:02:24.149", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 36864, "start_va": 140724958920704, "type": "region", "version": 1 }, "end_va": 140724958957567, "entry_point": 140724958924928, "filename": "\\Windows\\System32\\wsock32.dll", "id": "region_9873", "name": "wsock32.dll", "norm_filename": "c:\\windows\\system32\\wsock32.dll", "region_type": "memory_mapped_file", "start_va": 140724958920704, "timestamp": "00:02:24.149", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 140724958855168, "type": "region", "version": 1 }, "end_va": 140724958896127, "entry_point": 140724958859456, "filename": "\\Windows\\System32\\version.dll", "id": "region_9874", "name": "version.dll", "norm_filename": "c:\\windows\\system32\\version.dll", "region_type": "memory_mapped_file", "start_va": 140724958855168, "timestamp": "00:02:24.150", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 126976, "start_va": 140724958724096, "type": "region", "version": 1 }, "end_va": 140724958851071, "entry_point": 140724958733304, "filename": "\\Windows\\System32\\winmm.dll", "id": "region_9875", "name": "winmm.dll", "norm_filename": "c:\\windows\\system32\\winmm.dll", "region_type": "memory_mapped_file", "start_va": 140724958724096, "timestamp": "00:02:24.151", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2465792, "start_va": 140725055651840, "type": "region", "version": 1 }, "end_va": 140725058117631, "entry_point": 140725055670080, "filename": "\\Windows\\WinSxS\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_62475f7becb72503\\comctl32.dll", "id": "region_9876", "name": "comctl32.dll", "norm_filename": "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_62475f7becb72503\\comctl32.dll", "region_type": "memory_mapped_file", "start_va": 140725055651840, "timestamp": "00:02:24.162", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 110592, "start_va": 140724999946240, "type": "region", "version": 1 }, "end_va": 140725000056831, "entry_point": 140724999950416, "filename": "\\Windows\\System32\\mpr.dll", "id": "region_9877", "name": "mpr.dll", "norm_filename": "c:\\windows\\system32\\mpr.dll", "region_type": "memory_mapped_file", "start_va": 140724999946240, "timestamp": "00:02:24.163", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 28672, "start_va": 307094945792, "type": "region", "version": 1 }, "end_va": 307094974463, "entry_point": 0, "filename": null, "id": "region_9878", "name": "private_0x0000004780490000", "norm_filename": null, "region_type": "private_memory", "start_va": 307094945792, "timestamp": "00:02:24.164", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2359296, "start_va": 140725005254656, "type": "region", "version": 1 }, "end_va": 140725007613951, "entry_point": 140725005259760, "filename": "\\Windows\\System32\\wininet.dll", "id": "region_9879", "name": "wininet.dll", "norm_filename": "c:\\windows\\system32\\wininet.dll", "region_type": "memory_mapped_file", "start_va": 140725005254656, "timestamp": "00:02:24.164", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 28672, "start_va": 140725103820800, "type": "region", "version": 1 }, "end_va": 140725103849471, "entry_point": 140725103824912, "filename": "\\Windows\\System32\\psapi.dll", "id": "region_9880", "name": "psapi.dll", "norm_filename": "c:\\windows\\system32\\psapi.dll", "region_type": "memory_mapped_file", "start_va": 140725103820800, "timestamp": "00:02:24.165", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 167936, "start_va": 140725016985600, "type": "region", "version": 1 }, "end_va": 140725017153535, "entry_point": 140725017016680, "filename": "\\Windows\\System32\\IPHLPAPI.DLL", "id": "region_9881", "name": "iphlpapi.dll", "norm_filename": "c:\\windows\\system32\\iphlpapi.dll", "region_type": "memory_mapped_file", "start_va": 140725016985600, "timestamp": "00:02:24.166", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 126976, "start_va": 140725076557824, "type": "region", "version": 1 }, "end_va": 140725076684799, "entry_point": 140725076562672, "filename": "\\Windows\\System32\\userenv.dll", "id": "region_9882", "name": "userenv.dll", "norm_filename": "c:\\windows\\system32\\userenv.dll", "region_type": "memory_mapped_file", "start_va": 140725076557824, "timestamp": "00:02:24.167", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1187840, "start_va": 140725066858496, "type": "region", "version": 1 }, "end_va": 140725068046335, "entry_point": 140725066904644, "filename": "\\Windows\\System32\\uxtheme.dll", "id": "region_9883", "name": "uxtheme.dll", "norm_filename": "c:\\windows\\system32\\uxtheme.dll", "region_type": "memory_mapped_file", "start_va": 140725066858496, "timestamp": "00:02:24.178", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1511424, "start_va": 140725093466112, "type": "region", "version": 1 }, "end_va": 140725094977535, "entry_point": 140725093620416, "filename": "\\Windows\\System32\\user32.dll", "id": "region_9884", "name": "user32.dll", "norm_filename": "c:\\windows\\system32\\user32.dll", "region_type": "memory_mapped_file", "start_va": 140725093466112, "timestamp": "00:02:24.179", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1331200, "start_va": 140725129773056, "type": "region", "version": 1 }, "end_va": 140725131104255, "entry_point": 140725129845848, "filename": "\\Windows\\System32\\gdi32.dll", "id": "region_9885", "name": "gdi32.dll", "norm_filename": "c:\\windows\\system32\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 140725129773056, "timestamp": "00:02:24.179", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 630784, "start_va": 140725129117696, "type": "region", "version": 1 }, "end_va": 140725129748479, "entry_point": 140725129122212, "filename": "\\Windows\\System32\\comdlg32.dll", "id": "region_9886", "name": "comdlg32.dll", "norm_filename": "c:\\windows\\system32\\comdlg32.dll", "region_type": "memory_mapped_file", "start_va": 140725129117696, "timestamp": "00:02:24.180", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 675840, "start_va": 140725126299648, "type": "region", "version": 1 }, "end_va": 140725126975487, "entry_point": 140725126303760, "filename": "\\Windows\\System32\\advapi32.dll", "id": "region_9887", "name": "advapi32.dll", "norm_filename": "c:\\windows\\system32\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 140725126299648, "timestamp": "00:02:24.181", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 21032960, "start_va": 140725103951872, "type": "region", "version": 1 }, "end_va": 140725124984831, "entry_point": 140725103956224, "filename": "\\Windows\\System32\\shell32.dll", "id": "region_9888", "name": "shell32.dll", "norm_filename": "c:\\windows\\system32\\shell32.dll", "region_type": "memory_mapped_file", "start_va": 140725103951872, "timestamp": "00:02:24.182", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1531904, "start_va": 140725096546304, "type": "region", "version": 1 }, "end_va": 140725098078207, "entry_point": 140725096550580, "filename": "\\Windows\\System32\\ole32.dll", "id": "region_9889", "name": "ole32.dll", "norm_filename": "c:\\windows\\system32\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 140725096546304, "timestamp": "00:02:24.182", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 749568, "start_va": 140725101002752, "type": "region", "version": 1 }, "end_va": 140725101752319, "entry_point": 140725101007136, "filename": "\\Windows\\System32\\oleaut32.dll", "id": "region_9890", "name": "oleaut32.dll", "norm_filename": "c:\\windows\\system32\\oleaut32.dll", "region_type": "memory_mapped_file", "start_va": 140725101002752, "timestamp": "00:02:24.194", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 360448, "start_va": 140725127020544, "type": "region", "version": 1 }, "end_va": 140725127380991, "entry_point": 140725127024796, "filename": "\\Windows\\System32\\ws2_32.dll", "id": "region_9891", "name": "ws2_32.dll", "norm_filename": "c:\\windows\\system32\\ws2_32.dll", "region_type": "memory_mapped_file", "start_va": 140725127020544, "timestamp": "00:02:24.195", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 684032, "start_va": 140725098577920, "type": "region", "version": 1 }, "end_va": 140725099261951, "entry_point": 140725098588204, "filename": "\\Windows\\System32\\msvcrt.dll", "id": "region_9892", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\system32\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 140725098577920, "timestamp": "00:02:24.196", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 172032, "start_va": 140725043789824, "type": "region", "version": 1 }, "end_va": 140725043961855, "entry_point": 140725043832680, "filename": "\\Windows\\System32\\winmmbase.dll", "id": "region_9893", "name": "winmmbase.dll", "norm_filename": "c:\\windows\\system32\\winmmbase.dll", "region_type": "memory_mapped_file", "start_va": 140725043789824, "timestamp": "00:02:24.197", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1269760, "start_va": 140725127806976, "type": "region", "version": 1 }, "end_va": 140725129076735, "entry_point": 140725127811408, "filename": "\\Windows\\System32\\rpcrt4.dll", "id": "region_9894", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\system32\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 140725127806976, "timestamp": "00:02:24.201", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2785280, "start_va": 140725002436608, "type": "region", "version": 1 }, "end_va": 140725005221887, "entry_point": 140725002493380, "filename": "\\Windows\\System32\\iertutil.dll", "id": "region_9895", "name": "iertutil.dll", "norm_filename": "c:\\windows\\system32\\iertutil.dll", "region_type": "memory_mapped_file", "start_va": 140725002436608, "timestamp": "00:02:24.203", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 36864, "start_va": 140725103886336, "type": "region", "version": 1 }, "end_va": 140725103923199, "entry_point": 140725103891456, "filename": "\\Windows\\System32\\nsi.dll", "id": "region_9896", "name": "nsi.dll", "norm_filename": "c:\\windows\\system32\\nsi.dll", "region_type": "memory_mapped_file", "start_va": 140725103886336, "timestamp": "00:02:24.221", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 140725016920064, "type": "region", "version": 1 }, "end_va": 140725016961023, "entry_point": 140725016924356, "filename": "\\Windows\\System32\\winnsi.dll", "id": "region_9897", "name": "winnsi.dll", "norm_filename": "c:\\windows\\system32\\winnsi.dll", "region_type": "memory_mapped_file", "start_va": 140725016920064, "timestamp": "00:02:24.222", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 81920, "start_va": 140725086453760, "type": "region", "version": 1 }, "end_va": 140725086535679, "entry_point": 140725086468812, "filename": "\\Windows\\System32\\profapi.dll", "id": "region_9898", "name": "profapi.dll", "norm_filename": "c:\\windows\\system32\\profapi.dll", "region_type": "memory_mapped_file", "start_va": 140725086453760, "timestamp": "00:02:24.224", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1929216, "start_va": 140725131149312, "type": "region", "version": 1 }, "end_va": 140725133078527, "entry_point": 140725131157344, "filename": "\\Windows\\System32\\combase.dll", "id": "region_9899", "name": "combase.dll", "norm_filename": "c:\\windows\\system32\\combase.dll", "region_type": "memory_mapped_file", "start_va": 140725131149312, "timestamp": "00:02:24.226", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 331776, "start_va": 140725095038976, "type": "region", "version": 1 }, "end_va": 140725095370751, "entry_point": 140725095043776, "filename": "\\Windows\\System32\\shlwapi.dll", "id": "region_9900", "name": "shlwapi.dll", "norm_filename": "c:\\windows\\system32\\shlwapi.dll", "region_type": "memory_mapped_file", "start_va": 140725095038976, "timestamp": "00:02:24.228", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 356352, "start_va": 140725098184704, "type": "region", "version": 1 }, "end_va": 140725098541055, "entry_point": 140725098194176, "filename": "\\Windows\\System32\\sechost.dll", "id": "region_9901", "name": "sechost.dll", "norm_filename": "c:\\windows\\system32\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 140725098184704, "timestamp": "00:02:24.230", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 303104, "start_va": 140725090320384, "type": "region", "version": 1 }, "end_va": 140725090623487, "entry_point": 140725090325080, "filename": "\\Windows\\System32\\cfgmgr32.dll", "id": "region_9902", "name": "cfgmgr32.dll", "norm_filename": "c:\\windows\\system32\\cfgmgr32.dll", "region_type": "memory_mapped_file", "start_va": 140725090320384, "timestamp": "00:02:24.233", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 155648, "start_va": 140725068103680, "type": "region", "version": 1 }, "end_va": 140725068259327, "entry_point": 140725068109212, "filename": "\\Windows\\System32\\devobj.dll", "id": "region_9903", "name": "devobj.dll", "norm_filename": "c:\\windows\\system32\\devobj.dll", "region_type": "memory_mapped_file", "start_va": 140725068103680, "timestamp": "00:02:24.234", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 659456, "start_va": 140725060108288, "type": "region", "version": 1 }, "end_va": 140725060767743, "entry_point": 140725060112544, "filename": "\\Windows\\System32\\SHCore.dll", "id": "region_9904", "name": "shcore.dll", "norm_filename": "c:\\windows\\system32\\shcore.dll", "region_type": "memory_mapped_file", "start_va": 140725060108288, "timestamp": "00:02:24.245", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1966080, "start_va": 307099992064, "type": "region", "version": 1 }, "end_va": 307101958143, "entry_point": 0, "filename": null, "id": "region_9905", "name": "private_0x0000004780960000", "norm_filename": null, "region_type": "private_memory", "start_va": 307099992064, "timestamp": "00:02:24.250", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 28672, "start_va": 307095011328, "type": "region", "version": 1 }, "end_va": 307095039999, "entry_point": 0, "filename": null, "id": "region_9906", "name": "private_0x00000047804a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 307095011328, "timestamp": "00:02:24.251", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 212992, "start_va": 307095076864, "type": "region", "version": 1 }, "end_va": 307095289855, "entry_point": 307095081008, "filename": "\\Windows\\System32\\imm32.dll", "id": "region_9907", "name": "imm32.dll", "norm_filename": "c:\\windows\\system32\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 307095076864, "timestamp": "00:02:24.254", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 307099992064, "type": "region", "version": 1 }, "end_va": 307101597695, "entry_point": 0, "filename": null, "id": "region_9908", "name": "pagefile_0x0000004780960000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 307099992064, "timestamp": "00:02:24.254", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 307101892608, "type": "region", "version": 1 }, "end_va": 307101958143, "entry_point": 0, "filename": null, "id": "region_9909", "name": "private_0x0000004780b30000", "norm_filename": null, "region_type": "private_memory", "start_va": 307101892608, "timestamp": "00:02:24.254", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 212992, "start_va": 140725095563264, "type": "region", "version": 1 }, "end_va": 140725095776255, "entry_point": 140725095567408, "filename": "\\Windows\\System32\\imm32.dll", "id": "region_9910", "name": "imm32.dll", "norm_filename": "c:\\windows\\system32\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 140725095563264, "timestamp": "00:02:24.255", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1277952, "start_va": 140725091762176, "type": "region", "version": 1 }, "end_va": 140725093040127, "entry_point": 140725091766288, "filename": "\\Windows\\System32\\msctf.dll", "id": "region_9911", "name": "msctf.dll", "norm_filename": "c:\\windows\\system32\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 140725091762176, "timestamp": "00:02:24.256", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 307101958144, "type": "region", "version": 1 }, "end_va": 307103535103, "entry_point": 0, "filename": null, "id": "region_9912", "name": "pagefile_0x0000004780b40000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 307101958144, "timestamp": "00:02:24.259", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20971520, "start_va": 307103596544, "type": "region", "version": 1 }, "end_va": 307124568063, "entry_point": 0, "filename": null, "id": "region_9913", "name": "pagefile_0x0000004780cd0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 307103596544, "timestamp": "00:02:24.259", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 307095076864, "type": "region", "version": 1 }, "end_va": 307095080959, "entry_point": 0, "filename": null, "id": "region_9914", "name": "private_0x00000047804b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 307095076864, "timestamp": "00:02:24.262", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 307095142400, "type": "region", "version": 1 }, "end_va": 307095146495, "entry_point": 0, "filename": null, "id": "region_9915", "name": "private_0x00000047804c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 307095142400, "timestamp": "00:02:24.262", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 307095207936, "type": "region", "version": 1 }, "end_va": 307095212031, "entry_point": 307095207936, "filename": "\\Windows\\WindowsShell.Manifest", "id": "region_9916", "name": "windowsshell.manifest", "norm_filename": "c:\\windows\\windowsshell.manifest", "region_type": "memory_mapped_file", "start_va": 307095207936, "timestamp": "00:02:24.262", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 307095273472, "type": "region", "version": 1 }, "end_va": 307095281663, "entry_point": 0, "filename": null, "id": "region_9917", "name": "pagefile_0x00000047804e0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 307095273472, "timestamp": "00:02:24.262", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1835008, "start_va": 307124568064, "type": "region", "version": 1 }, "end_va": 307126403071, "entry_point": 0, "filename": null, "id": "region_9918", "name": "private_0x00000047820d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 307124568064, "timestamp": "00:02:24.267", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 761856, "start_va": 307124568064, "type": "region", "version": 1 }, "end_va": 307125329919, "entry_point": 307124750184, "filename": "\\Windows\\System32\\rpcss.dll", "id": "region_9919", "name": "rpcss.dll", "norm_filename": "c:\\windows\\system32\\rpcss.dll", "region_type": "memory_mapped_file", "start_va": 307124568064, "timestamp": "00:02:24.273", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 307126337536, "type": "region", "version": 1 }, "end_va": 307126403071, "entry_point": 0, "filename": null, "id": "region_9920", "name": "private_0x0000004782280000", "norm_filename": null, "region_type": "private_memory", "start_va": 307126337536, "timestamp": "00:02:24.273", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 140725068431360, "type": "region", "version": 1 }, "end_va": 140725068472319, "entry_point": 140725068437320, "filename": "\\Windows\\System32\\kernel.appcore.dll", "id": "region_9921", "name": "kernel.appcore.dll", "norm_filename": "c:\\windows\\system32\\kernel.appcore.dll", "region_type": "memory_mapped_file", "start_va": 140725068431360, "timestamp": "00:02:24.275", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 140725085208576, "type": "region", "version": 1 }, "end_va": 140725085249535, "entry_point": 140725085212688, "filename": "\\Windows\\System32\\cryptbase.dll", "id": "region_9922", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\system32\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 140725085208576, "timestamp": "00:02:24.276", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 385024, "start_va": 140725084815360, "type": "region", "version": 1 }, "end_va": 140725085200383, "entry_point": 140725084944032, "filename": "\\Windows\\System32\\bcryptprimitives.dll", "id": "region_9923", "name": "bcryptprimitives.dll", "norm_filename": "c:\\windows\\system32\\bcryptprimitives.dll", "region_type": "memory_mapped_file", "start_va": 140725084815360, "timestamp": "00:02:24.278", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 307095207936, "type": "region", "version": 1 }, "end_va": 307095212031, "entry_point": 0, "filename": null, "id": "region_9924", "name": "pagefile_0x00000047804d0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 307095207936, "timestamp": "00:02:24.288", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 983040, "start_va": 307124568064, "type": "region", "version": 1 }, "end_va": 307125551103, "entry_point": 0, "filename": null, "id": "region_9925", "name": "pagefile_0x00000047820d0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 307124568064, "timestamp": "00:02:24.289", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 307095207936, "type": "region", "version": 1 }, "end_va": 307095224319, "entry_point": 0, "filename": null, "id": "region_9926", "name": "pagefile_0x00000047804d0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 307095207936, "timestamp": "00:02:24.289", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 28672, "start_va": 307095339008, "type": "region", "version": 1 }, "end_va": 307095367679, "entry_point": 0, "filename": null, "id": "region_9927", "name": "private_0x00000047804f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 307095339008, "timestamp": "00:02:24.290", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 307126403072, "type": "region", "version": 1 }, "end_va": 307127451647, "entry_point": 0, "filename": null, "id": "region_9928", "name": "private_0x0000004782290000", "norm_filename": null, "region_type": "private_memory", "start_va": 307126403072, "timestamp": "00:02:24.297", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1052672, "start_va": 307127451648, "type": "region", "version": 1 }, "end_va": 307128504319, "entry_point": 307127646748, "filename": "\\Program Files\\Common Files\\wanacry6.malware.exe", "id": "region_9929", "name": "wanacry6.malware.exe", "norm_filename": "c:\\program files\\common files\\wanacry6.malware.exe", "region_type": "memory_mapped_file", "start_va": 307127451648, "timestamp": "00:02:24.300", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 307095404544, "type": "region", "version": 1 }, "end_va": 307095408639, "entry_point": 0, "filename": null, "id": "region_9930", "name": "private_0x0000004780500000", "norm_filename": null, "region_type": "private_memory", "start_va": 307095404544, "timestamp": "00:02:24.331", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 135168, "start_va": 140725058142208, "type": "region", "version": 1 }, "end_va": 140725058277375, "entry_point": 140725058146560, "filename": "\\Windows\\System32\\dwmapi.dll", "id": "region_9931", "name": "dwmapi.dll", "norm_filename": "c:\\windows\\system32\\dwmapi.dll", "region_type": "memory_mapped_file", "start_va": 140725058142208, "timestamp": "00:02:24.331", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2969600, "start_va": 307127451648, "type": "region", "version": 1 }, "end_va": 307130421247, "entry_point": 307127451648, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_9932", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 307127451648, "timestamp": "00:02:24.334", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 12288, "start_va": 307095470080, "type": "region", "version": 1 }, "end_va": 307095482367, "entry_point": 0, "filename": null, "id": "region_9933", "name": "pagefile_0x0000004780510000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 307095470080, "timestamp": "00:02:24.338", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 307095470080, "type": "region", "version": 1 }, "end_va": 307095474175, "entry_point": 0, "filename": null, "id": "region_9934", "name": "pagefile_0x0000004780510000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 307095470080, "timestamp": "00:02:24.344", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 307095535616, "type": "region", "version": 1 }, "end_va": 307095539711, "entry_point": 0, "filename": null, "id": "region_9935", "name": "private_0x0000004780520000", "norm_filename": null, "region_type": "private_memory", "start_va": 307095535616, "timestamp": "00:02:25.368", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 5185536, "start_va": 307130466304, "type": "region", "version": 1 }, "end_va": 307135651839, "entry_point": 0, "filename": null, "id": "region_9936", "name": "pagefile_0x0000004782670000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 307130466304, "timestamp": "00:02:25.374", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 15138816, "start_va": 307135709184, "type": "region", "version": 1 }, "end_va": 307150847999, "entry_point": 307135709184, "filename": "\\Windows\\Fonts\\StaticCache.dat", "id": "region_9937", "name": "staticcache.dat", "norm_filename": "c:\\windows\\fonts\\staticcache.dat", "region_type": "memory_mapped_file", "start_va": 307135709184, "timestamp": "00:02:25.374", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 86016, "start_va": 140725025898496, "type": "region", "version": 1 }, "end_va": 140725025984511, "entry_point": 140725025902656, "filename": "\\Windows\\System32\\netapi32.dll", "id": "region_9938", "name": "netapi32.dll", "norm_filename": "c:\\windows\\system32\\netapi32.dll", "region_type": "memory_mapped_file", "start_va": 140725025898496, "timestamp": "00:02:25.382", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 140725072494592, "type": "region", "version": 1 }, "end_va": 140725072543743, "entry_point": 140725072499804, "filename": "\\Windows\\System32\\netutils.dll", "id": "region_9939", "name": "netutils.dll", "norm_filename": "c:\\windows\\system32\\netutils.dll", "region_type": "memory_mapped_file", "start_va": 140725072494592, "timestamp": "00:02:25.383", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 151552, "start_va": 140725073608704, "type": "region", "version": 1 }, "end_va": 140725073760255, "entry_point": 140725073612916, "filename": "\\Windows\\System32\\srvcli.dll", "id": "region_9940", "name": "srvcli.dll", "norm_filename": "c:\\windows\\system32\\srvcli.dll", "region_type": "memory_mapped_file", "start_va": 140725073608704, "timestamp": "00:02:25.384", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 90112, "start_va": 140725025636352, "type": "region", "version": 1 }, "end_va": 140725025726463, "entry_point": 140725025640520, "filename": "\\Windows\\System32\\wkscli.dll", "id": "region_9941", "name": "wkscli.dll", "norm_filename": "c:\\windows\\system32\\wkscli.dll", "region_type": "memory_mapped_file", "start_va": 140725025636352, "timestamp": "00:02:25.385", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 307095601152, "type": "region", "version": 1 }, "end_va": 307095605247, "entry_point": 0, "filename": null, "id": "region_9962", "name": "pagefile_0x0000004780530000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 307095601152, "timestamp": "00:02:25.472", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 2195456, "start_va": 307150848000, "type": "region", "version": 1 }, "end_va": 307153043455, "entry_point": 0, "filename": null, "id": "region_9963", "name": "pagefile_0x00000047839e0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 307150848000, "timestamp": "00:02:25.472", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 12288, "start_va": 307095601152, "type": "region", "version": 1 }, "end_va": 307095613439, "entry_point": 0, "filename": null, "id": "region_9982", "name": "pagefile_0x0000004780530000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 307095601152, "timestamp": "00:02:26.209", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 307095666688, "type": "region", "version": 1 }, "end_va": 307095670783, "entry_point": 0, "filename": null, "id": "region_9983", "name": "pagefile_0x0000004780540000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 307095666688, "timestamp": "00:02:26.209", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 278528, "start_va": 307125551104, "type": "region", "version": 1 }, "end_va": 307125829631, "entry_point": 0, "filename": null, "id": "region_9984", "name": "pagefile_0x00000047821c0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 307125551104, "timestamp": "00:02:26.209", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 48848896, "start_va": 307153076224, "type": "region", "version": 1 }, "end_va": 307201925119, "entry_point": 307153076224, "filename": "\\Windows\\System32\\imageres.dll", "id": "region_9985", "name": "imageres.dll", "norm_filename": "c:\\windows\\system32\\imageres.dll", "region_type": "memory_mapped_file", "start_va": 307153076224, "timestamp": "00:02:26.211", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4169728, "start_va": 307201966080, "type": "region", "version": 1 }, "end_va": 307206135807, "entry_point": 0, "filename": null, "id": "region_9986", "name": "pagefile_0x0000004786aa0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 307201966080, "timestamp": "00:02:26.212", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 217088, "start_va": 140725075443712, "type": "region", "version": 1 }, "end_va": 140725075660799, "entry_point": 140725075448792, "filename": "\\Windows\\System32\\rsaenh.dll", "id": "region_9987", "name": "rsaenh.dll", "norm_filename": "c:\\windows\\system32\\rsaenh.dll", "region_type": "memory_mapped_file", "start_va": 140725075443712, "timestamp": "00:02:26.212", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 122880, "start_va": 140725079769088, "type": "region", "version": 1 }, "end_va": 140725079891967, "entry_point": 140725079773640, "filename": "\\Windows\\System32\\cryptsp.dll", "id": "region_9988", "name": "cryptsp.dll", "norm_filename": "c:\\windows\\system32\\cryptsp.dll", "region_type": "memory_mapped_file", "start_va": 140725079769088, "timestamp": "00:02:26.213", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 155648, "start_va": 140725082062848, "type": "region", "version": 1 }, "end_va": 140725082218495, "entry_point": 140725082086248, "filename": "\\Windows\\System32\\bcrypt.dll", "id": "region_9989", "name": "bcrypt.dll", "norm_filename": "c:\\windows\\system32\\bcrypt.dll", "region_type": "memory_mapped_file", "start_va": 140725082062848, "timestamp": "00:02:26.213", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1060864, "start_va": 307206160384, "type": "region", "version": 1 }, "end_va": 307207221247, "entry_point": 0, "filename": null, "id": "region_9990", "name": "private_0x0000004786ea0000", "norm_filename": null, "region_type": "private_memory", "start_va": 307206160384, "timestamp": "00:02:26.221", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "C:\\PROGRA~1\\COMMON~1\\WANACR~1.EXE", "filename": "c:\\progra~1\\common~1\\wanacr~1.exe", "id": "proc_82", "image_name": "wanacr~1.exe", "monitor_reason": "child_process", "monitored_id": 82, "origin_monitor_id": 81, "ref_parent_process": { "ref_id": "proc_81", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable" ], "ref_process_dump": null, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_10006", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:02:26.487", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 131072, "start_va": 725208334336, "type": "region", "version": 1 }, "end_va": 725208465407, "entry_point": 0, "filename": null, "id": "region_10007", "name": "private_0x000000a8d9c90000", "norm_filename": null, "region_type": "private_memory", "start_va": 725208334336, "timestamp": "00:02:26.487", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 61440, "start_va": 725208465408, "type": "region", "version": 1 }, "end_va": 725208526847, "entry_point": 0, "filename": null, "id": "region_10008", "name": "pagefile_0x000000a8d9cb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 725208465408, "timestamp": "00:02:26.487", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4194304, "start_va": 725208530944, "type": "region", "version": 1 }, "end_va": 725212725247, "entry_point": 0, "filename": null, "id": "region_10009", "name": "private_0x000000a8d9cc0000", "norm_filename": null, "region_type": "private_memory", "start_va": 725208530944, "timestamp": "00:02:26.487", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 725212725248, "type": "region", "version": 1 }, "end_va": 725212741631, "entry_point": 0, "filename": null, "id": "region_10010", "name": "pagefile_0x000000a8da0c0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 725212725248, "timestamp": "00:02:26.487", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 140698006126592, "type": "region", "version": 1 }, "end_va": 140698006269951, "entry_point": 0, "filename": null, "id": "region_10011", "name": "pagefile_0x00007ff6cead0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 140698006126592, "timestamp": "00:02:26.487", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 140698006294528, "type": "region", "version": 1 }, "end_va": 140698006298623, "entry_point": 0, "filename": null, "id": "region_10012", "name": "private_0x00007ff6ceaf9000", "norm_filename": null, "region_type": "private_memory", "start_va": 140698006294528, "timestamp": "00:02:26.487", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140698006315008, "type": "region", "version": 1 }, "end_va": 140698006323199, "entry_point": 0, "filename": null, "id": "region_10013", "name": "private_0x00007ff6ceafe000", "norm_filename": null, "region_type": "private_memory", "start_va": 140698006315008, "timestamp": "00:02:26.487", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1085440, "start_va": 140698014777344, "type": "region", "version": 1 }, "end_va": 140698015862783, "entry_point": 140698014972444, "filename": "\\PROGRA~1\\COMMON~1\\WANACR~1.EXE", "id": "region_10014", "name": "wanacr~1.exe", "norm_filename": "c:\\progra~1\\common~1\\wanacr~1.exe", "region_type": "memory_mapped_file", "start_va": 140698014777344, "timestamp": "00:02:26.487", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 140725133115392, "type": "region", "version": 1 }, "end_va": 140725134856191, "entry_point": 140725133115392, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_10015", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 140725133115392, "timestamp": "00:02:26.488", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 725212790784, "type": "region", "version": 1 }, "end_va": 725212798975, "entry_point": 0, "filename": null, "id": "region_10016", "name": "pagefile_0x000000a8da0d0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 725212790784, "timestamp": "00:02:26.490", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 725212856320, "type": "region", "version": 1 }, "end_va": 725212864511, "entry_point": 0, "filename": null, "id": "region_10017", "name": "private_0x000000a8da0e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 725212856320, "timestamp": "00:02:26.613", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4718592, "start_va": 725212921856, "type": "region", "version": 1 }, "end_va": 725217640447, "entry_point": 0, "filename": null, "id": "region_10018", "name": "private_0x000000a8da0f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 725212921856, "timestamp": "00:02:26.613", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1282048, "start_va": 140725124988928, "type": "region", "version": 1 }, "end_va": 140725126270975, "entry_point": 140725125009460, "filename": "\\Windows\\System32\\kernel32.dll", "id": "region_10019", "name": "kernel32.dll", "norm_filename": "c:\\windows\\system32\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 140725124988928, "timestamp": "00:02:26.615", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1105920, "start_va": 140725090648064, "type": "region", "version": 1 }, "end_va": 140725091753983, "entry_point": 140725090656928, "filename": "\\Windows\\System32\\KernelBase.dll", "id": "region_10020", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\system32\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 140725090648064, "timestamp": "00:02:26.625", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 725208334336, "type": "region", "version": 1 }, "end_va": 725208399871, "entry_point": 0, "filename": null, "id": "region_10021", "name": "pagefile_0x000000a8d9c90000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 725208334336, "timestamp": "00:02:26.629", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 140698005078016, "type": "region", "version": 1 }, "end_va": 140698006126591, "entry_point": 0, "filename": null, "id": "region_10022", "name": "pagefile_0x00007ff6ce9d0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 140698005078016, "timestamp": "00:02:26.629", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 516096, "start_va": 725212921856, "type": "region", "version": 1 }, "end_va": 725213437951, "entry_point": 725212921856, "filename": "\\Windows\\System32\\locale.nls", "id": "region_10023", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 725212921856, "timestamp": "00:02:26.632", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4194304, "start_va": 725213446144, "type": "region", "version": 1 }, "end_va": 725217640447, "entry_point": 0, "filename": null, "id": "region_10024", "name": "private_0x000000a8da170000", "norm_filename": null, "region_type": "private_memory", "start_va": 725213446144, "timestamp": "00:02:26.632", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 36864, "start_va": 140724958920704, "type": "region", "version": 1 }, "end_va": 140724958957567, "entry_point": 140724958924928, "filename": "\\Windows\\System32\\wsock32.dll", "id": "region_10025", "name": "wsock32.dll", "norm_filename": "c:\\windows\\system32\\wsock32.dll", "region_type": "memory_mapped_file", "start_va": 140724958920704, "timestamp": "00:02:26.642", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 140724958855168, "type": "region", "version": 1 }, "end_va": 140724958896127, "entry_point": 140724958859456, "filename": "\\Windows\\System32\\version.dll", "id": "region_10026", "name": "version.dll", "norm_filename": "c:\\windows\\system32\\version.dll", "region_type": "memory_mapped_file", "start_va": 140724958855168, "timestamp": "00:02:26.644", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 126976, "start_va": 140724958724096, "type": "region", "version": 1 }, "end_va": 140724958851071, "entry_point": 140724958733304, "filename": "\\Windows\\System32\\winmm.dll", "id": "region_10027", "name": "winmm.dll", "norm_filename": "c:\\windows\\system32\\winmm.dll", "region_type": "memory_mapped_file", "start_va": 140724958724096, "timestamp": "00:02:26.645", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2465792, "start_va": 140725055651840, "type": "region", "version": 1 }, "end_va": 140725058117631, "entry_point": 140725055670080, "filename": "\\Windows\\WinSxS\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_62475f7becb72503\\comctl32.dll", "id": "region_10028", "name": "comctl32.dll", "norm_filename": "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_62475f7becb72503\\comctl32.dll", "region_type": "memory_mapped_file", "start_va": 140725055651840, "timestamp": "00:02:26.646", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 110592, "start_va": 140724999946240, "type": "region", "version": 1 }, "end_va": 140725000056831, "entry_point": 140724999950416, "filename": "\\Windows\\System32\\mpr.dll", "id": "region_10029", "name": "mpr.dll", "norm_filename": "c:\\windows\\system32\\mpr.dll", "region_type": "memory_mapped_file", "start_va": 140724999946240, "timestamp": "00:02:26.658", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 28672, "start_va": 725208399872, "type": "region", "version": 1 }, "end_va": 725208428543, "entry_point": 0, "filename": null, "id": "region_10030", "name": "private_0x000000a8d9ca0000", "norm_filename": null, "region_type": "private_memory", "start_va": 725208399872, "timestamp": "00:02:26.659", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2359296, "start_va": 140725005254656, "type": "region", "version": 1 }, "end_va": 140725007613951, "entry_point": 140725005259760, "filename": "\\Windows\\System32\\wininet.dll", "id": "region_10031", "name": "wininet.dll", "norm_filename": "c:\\windows\\system32\\wininet.dll", "region_type": "memory_mapped_file", "start_va": 140725005254656, "timestamp": "00:02:26.659", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 28672, "start_va": 140725103820800, "type": "region", "version": 1 }, "end_va": 140725103849471, "entry_point": 140725103824912, "filename": "\\Windows\\System32\\psapi.dll", "id": "region_10032", "name": "psapi.dll", "norm_filename": "c:\\windows\\system32\\psapi.dll", "region_type": "memory_mapped_file", "start_va": 140725103820800, "timestamp": "00:02:26.660", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 167936, "start_va": 140725016985600, "type": "region", "version": 1 }, "end_va": 140725017153535, "entry_point": 140725017016680, "filename": "\\Windows\\System32\\IPHLPAPI.DLL", "id": "region_10033", "name": "iphlpapi.dll", "norm_filename": "c:\\windows\\system32\\iphlpapi.dll", "region_type": "memory_mapped_file", "start_va": 140725016985600, "timestamp": "00:02:26.661", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 126976, "start_va": 140725076557824, "type": "region", "version": 1 }, "end_va": 140725076684799, "entry_point": 140725076562672, "filename": "\\Windows\\System32\\userenv.dll", "id": "region_10034", "name": "userenv.dll", "norm_filename": "c:\\windows\\system32\\userenv.dll", "region_type": "memory_mapped_file", "start_va": 140725076557824, "timestamp": "00:02:26.661", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1187840, "start_va": 140725066858496, "type": "region", "version": 1 }, "end_va": 140725068046335, "entry_point": 140725066904644, "filename": "\\Windows\\System32\\uxtheme.dll", "id": "region_10035", "name": "uxtheme.dll", "norm_filename": "c:\\windows\\system32\\uxtheme.dll", "region_type": "memory_mapped_file", "start_va": 140725066858496, "timestamp": "00:02:26.662", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1511424, "start_va": 140725093466112, "type": "region", "version": 1 }, "end_va": 140725094977535, "entry_point": 140725093620416, "filename": "\\Windows\\System32\\user32.dll", "id": "region_10036", "name": "user32.dll", "norm_filename": "c:\\windows\\system32\\user32.dll", "region_type": "memory_mapped_file", "start_va": 140725093466112, "timestamp": "00:02:26.673", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1331200, "start_va": 140725129773056, "type": "region", "version": 1 }, "end_va": 140725131104255, "entry_point": 140725129845848, "filename": "\\Windows\\System32\\gdi32.dll", "id": "region_10037", "name": "gdi32.dll", "norm_filename": "c:\\windows\\system32\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 140725129773056, "timestamp": "00:02:26.674", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 630784, "start_va": 140725129117696, "type": "region", "version": 1 }, "end_va": 140725129748479, "entry_point": 140725129122212, "filename": "\\Windows\\System32\\comdlg32.dll", "id": "region_10038", "name": "comdlg32.dll", "norm_filename": "c:\\windows\\system32\\comdlg32.dll", "region_type": "memory_mapped_file", "start_va": 140725129117696, "timestamp": "00:02:26.675", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 675840, "start_va": 140725126299648, "type": "region", "version": 1 }, "end_va": 140725126975487, "entry_point": 140725126303760, "filename": "\\Windows\\System32\\advapi32.dll", "id": "region_10039", "name": "advapi32.dll", "norm_filename": "c:\\windows\\system32\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 140725126299648, "timestamp": "00:02:26.675", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 21032960, "start_va": 140725103951872, "type": "region", "version": 1 }, "end_va": 140725124984831, "entry_point": 140725103956224, "filename": "\\Windows\\System32\\shell32.dll", "id": "region_10040", "name": "shell32.dll", "norm_filename": "c:\\windows\\system32\\shell32.dll", "region_type": "memory_mapped_file", "start_va": 140725103951872, "timestamp": "00:02:26.676", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1531904, "start_va": 140725096546304, "type": "region", "version": 1 }, "end_va": 140725098078207, "entry_point": 140725096550580, "filename": "\\Windows\\System32\\ole32.dll", "id": "region_10041", "name": "ole32.dll", "norm_filename": "c:\\windows\\system32\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 140725096546304, "timestamp": "00:02:26.677", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 749568, "start_va": 140725101002752, "type": "region", "version": 1 }, "end_va": 140725101752319, "entry_point": 140725101007136, "filename": "\\Windows\\System32\\oleaut32.dll", "id": "region_10042", "name": "oleaut32.dll", "norm_filename": "c:\\windows\\system32\\oleaut32.dll", "region_type": "memory_mapped_file", "start_va": 140725101002752, "timestamp": "00:02:26.678", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 360448, "start_va": 140725127020544, "type": "region", "version": 1 }, "end_va": 140725127380991, "entry_point": 140725127024796, "filename": "\\Windows\\System32\\ws2_32.dll", "id": "region_10043", "name": "ws2_32.dll", "norm_filename": "c:\\windows\\system32\\ws2_32.dll", "region_type": "memory_mapped_file", "start_va": 140725127020544, "timestamp": "00:02:26.689", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 684032, "start_va": 140725098577920, "type": "region", "version": 1 }, "end_va": 140725099261951, "entry_point": 140725098588204, "filename": "\\Windows\\System32\\msvcrt.dll", "id": "region_10044", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\system32\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 140725098577920, "timestamp": "00:02:26.690", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 172032, "start_va": 140725043789824, "type": "region", "version": 1 }, "end_va": 140725043961855, "entry_point": 140725043832680, "filename": "\\Windows\\System32\\winmmbase.dll", "id": "region_10045", "name": "winmmbase.dll", "norm_filename": "c:\\windows\\system32\\winmmbase.dll", "region_type": "memory_mapped_file", "start_va": 140725043789824, "timestamp": "00:02:26.691", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1269760, "start_va": 140725127806976, "type": "region", "version": 1 }, "end_va": 140725129076735, "entry_point": 140725127811408, "filename": "\\Windows\\System32\\rpcrt4.dll", "id": "region_10046", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\system32\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 140725127806976, "timestamp": "00:02:26.694", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2785280, "start_va": 140725002436608, "type": "region", "version": 1 }, "end_va": 140725005221887, "entry_point": 140725002493380, "filename": "\\Windows\\System32\\iertutil.dll", "id": "region_10047", "name": "iertutil.dll", "norm_filename": "c:\\windows\\system32\\iertutil.dll", "region_type": "memory_mapped_file", "start_va": 140725002436608, "timestamp": "00:02:26.711", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 36864, "start_va": 140725103886336, "type": "region", "version": 1 }, "end_va": 140725103923199, "entry_point": 140725103891456, "filename": "\\Windows\\System32\\nsi.dll", "id": "region_10048", "name": "nsi.dll", "norm_filename": "c:\\windows\\system32\\nsi.dll", "region_type": "memory_mapped_file", "start_va": 140725103886336, "timestamp": "00:02:26.713", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 140725016920064, "type": "region", "version": 1 }, "end_va": 140725016961023, "entry_point": 140725016924356, "filename": "\\Windows\\System32\\winnsi.dll", "id": "region_10049", "name": "winnsi.dll", "norm_filename": "c:\\windows\\system32\\winnsi.dll", "region_type": "memory_mapped_file", "start_va": 140725016920064, "timestamp": "00:02:26.714", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 81920, "start_va": 140725086453760, "type": "region", "version": 1 }, "end_va": 140725086535679, "entry_point": 140725086468812, "filename": "\\Windows\\System32\\profapi.dll", "id": "region_10050", "name": "profapi.dll", "norm_filename": "c:\\windows\\system32\\profapi.dll", "region_type": "memory_mapped_file", "start_va": 140725086453760, "timestamp": "00:02:26.715", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1929216, "start_va": 140725131149312, "type": "region", "version": 1 }, "end_va": 140725133078527, "entry_point": 140725131157344, "filename": "\\Windows\\System32\\combase.dll", "id": "region_10051", "name": "combase.dll", "norm_filename": "c:\\windows\\system32\\combase.dll", "region_type": "memory_mapped_file", "start_va": 140725131149312, "timestamp": "00:02:26.718", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 331776, "start_va": 140725095038976, "type": "region", "version": 1 }, "end_va": 140725095370751, "entry_point": 140725095043776, "filename": "\\Windows\\System32\\shlwapi.dll", "id": "region_10052", "name": "shlwapi.dll", "norm_filename": "c:\\windows\\system32\\shlwapi.dll", "region_type": "memory_mapped_file", "start_va": 140725095038976, "timestamp": "00:02:26.720", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 356352, "start_va": 140725098184704, "type": "region", "version": 1 }, "end_va": 140725098541055, "entry_point": 140725098194176, "filename": "\\Windows\\System32\\sechost.dll", "id": "region_10053", "name": "sechost.dll", "norm_filename": "c:\\windows\\system32\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 140725098184704, "timestamp": "00:02:26.721", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 303104, "start_va": 140725090320384, "type": "region", "version": 1 }, "end_va": 140725090623487, "entry_point": 140725090325080, "filename": "\\Windows\\System32\\cfgmgr32.dll", "id": "region_10054", "name": "cfgmgr32.dll", "norm_filename": "c:\\windows\\system32\\cfgmgr32.dll", "region_type": "memory_mapped_file", "start_va": 140725090320384, "timestamp": "00:02:26.724", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 155648, "start_va": 140725068103680, "type": "region", "version": 1 }, "end_va": 140725068259327, "entry_point": 140725068109212, "filename": "\\Windows\\System32\\devobj.dll", "id": "region_10055", "name": "devobj.dll", "norm_filename": "c:\\windows\\system32\\devobj.dll", "region_type": "memory_mapped_file", "start_va": 140725068103680, "timestamp": "00:02:26.725", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 659456, "start_va": 140725060108288, "type": "region", "version": 1 }, "end_va": 140725060767743, "entry_point": 140725060112544, "filename": "\\Windows\\System32\\SHCore.dll", "id": "region_10056", "name": "shcore.dll", "norm_filename": "c:\\windows\\system32\\shcore.dll", "region_type": "memory_mapped_file", "start_va": 140725060108288, "timestamp": "00:02:26.735", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1835008, "start_va": 725217640448, "type": "region", "version": 1 }, "end_va": 725219475455, "entry_point": 0, "filename": null, "id": "region_10057", "name": "private_0x000000a8da570000", "norm_filename": null, "region_type": "private_memory", "start_va": 725217640448, "timestamp": "00:02:26.738", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 28672, "start_va": 725217640448, "type": "region", "version": 1 }, "end_va": 725217669119, "entry_point": 0, "filename": null, "id": "region_10058", "name": "private_0x000000a8da570000", "norm_filename": null, "region_type": "private_memory", "start_va": 725217640448, "timestamp": "00:02:26.739", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 725219409920, "type": "region", "version": 1 }, "end_va": 725219475455, "entry_point": 0, "filename": null, "id": "region_10059", "name": "private_0x000000a8da720000", "norm_filename": null, "region_type": "private_memory", "start_va": 725219409920, "timestamp": "00:02:26.739", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 725217705984, "type": "region", "version": 1 }, "end_va": 725219311615, "entry_point": 0, "filename": null, "id": "region_10060", "name": "pagefile_0x000000a8da580000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 725217705984, "timestamp": "00:02:26.741", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 212992, "start_va": 725219475456, "type": "region", "version": 1 }, "end_va": 725219688447, "entry_point": 725219479600, "filename": "\\Windows\\System32\\imm32.dll", "id": "region_10061", "name": "imm32.dll", "norm_filename": "c:\\windows\\system32\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 725219475456, "timestamp": "00:02:26.741", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 212992, "start_va": 140725095563264, "type": "region", "version": 1 }, "end_va": 140725095776255, "entry_point": 140725095567408, "filename": "\\Windows\\System32\\imm32.dll", "id": "region_10062", "name": "imm32.dll", "norm_filename": "c:\\windows\\system32\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 140725095563264, "timestamp": "00:02:26.742", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1277952, "start_va": 140725091762176, "type": "region", "version": 1 }, "end_va": 140725093040127, "entry_point": 140725091766288, "filename": "\\Windows\\System32\\msctf.dll", "id": "region_10063", "name": "msctf.dll", "norm_filename": "c:\\windows\\system32\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 140725091762176, "timestamp": "00:02:26.743", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 725219475456, "type": "region", "version": 1 }, "end_va": 725221052415, "entry_point": 0, "filename": null, "id": "region_10064", "name": "pagefile_0x000000a8da730000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 725219475456, "timestamp": "00:02:26.745", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20971520, "start_va": 725221113856, "type": "region", "version": 1 }, "end_va": 725242085375, "entry_point": 0, "filename": null, "id": "region_10065", "name": "pagefile_0x000000a8da8c0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 725221113856, "timestamp": "00:02:26.746", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 725219344384, "type": "region", "version": 1 }, "end_va": 725219348479, "entry_point": 0, "filename": null, "id": "region_10066", "name": "private_0x000000a8da710000", "norm_filename": null, "region_type": "private_memory", "start_va": 725219344384, "timestamp": "00:02:26.751", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 725242085376, "type": "region", "version": 1 }, "end_va": 725242089471, "entry_point": 0, "filename": null, "id": "region_10067", "name": "private_0x000000a8dbcc0000", "norm_filename": null, "region_type": "private_memory", "start_va": 725242085376, "timestamp": "00:02:26.751", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 725242150912, "type": "region", "version": 1 }, "end_va": 725242155007, "entry_point": 725242150912, "filename": "\\Windows\\WindowsShell.Manifest", "id": "region_10068", "name": "windowsshell.manifest", "norm_filename": "c:\\windows\\windowsshell.manifest", "region_type": "memory_mapped_file", "start_va": 725242150912, "timestamp": "00:02:26.751", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 725242216448, "type": "region", "version": 1 }, "end_va": 725242224639, "entry_point": 0, "filename": null, "id": "region_10069", "name": "pagefile_0x000000a8dbce0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 725242216448, "timestamp": "00:02:26.751", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1114112, "start_va": 725242281984, "type": "region", "version": 1 }, "end_va": 725243396095, "entry_point": 0, "filename": null, "id": "region_10070", "name": "private_0x000000a8dbcf0000", "norm_filename": null, "region_type": "private_memory", "start_va": 725242281984, "timestamp": "00:02:26.755", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 761856, "start_va": 725242281984, "type": "region", "version": 1 }, "end_va": 725243043839, "entry_point": 725242464104, "filename": "\\Windows\\System32\\rpcss.dll", "id": "region_10071", "name": "rpcss.dll", "norm_filename": "c:\\windows\\system32\\rpcss.dll", "region_type": "memory_mapped_file", "start_va": 725242281984, "timestamp": "00:02:26.761", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 725243330560, "type": "region", "version": 1 }, "end_va": 725243396095, "entry_point": 0, "filename": null, "id": "region_10072", "name": "private_0x000000a8dbdf0000", "norm_filename": null, "region_type": "private_memory", "start_va": 725243330560, "timestamp": "00:02:26.761", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 140725068431360, "type": "region", "version": 1 }, "end_va": 140725068472319, "entry_point": 140725068437320, "filename": "\\Windows\\System32\\kernel.appcore.dll", "id": "region_10073", "name": "kernel.appcore.dll", "norm_filename": "c:\\windows\\system32\\kernel.appcore.dll", "region_type": "memory_mapped_file", "start_va": 140725068431360, "timestamp": "00:02:26.762", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 140725085208576, "type": "region", "version": 1 }, "end_va": 140725085249535, "entry_point": 140725085212688, "filename": "\\Windows\\System32\\cryptbase.dll", "id": "region_10074", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\system32\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 140725085208576, "timestamp": "00:02:26.764", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 385024, "start_va": 140725084815360, "type": "region", "version": 1 }, "end_va": 140725085200383, "entry_point": 140725084944032, "filename": "\\Windows\\System32\\bcryptprimitives.dll", "id": "region_10075", "name": "bcryptprimitives.dll", "norm_filename": "c:\\windows\\system32\\bcryptprimitives.dll", "region_type": "memory_mapped_file", "start_va": 140725084815360, "timestamp": "00:02:26.765", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 725242150912, "type": "region", "version": 1 }, "end_va": 725242155007, "entry_point": 0, "filename": null, "id": "region_10076", "name": "pagefile_0x000000a8dbcd0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 725242150912, "timestamp": "00:02:26.775", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 983040, "start_va": 725242281984, "type": "region", "version": 1 }, "end_va": 725243265023, "entry_point": 0, "filename": null, "id": "region_10077", "name": "pagefile_0x000000a8dbcf0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 725242281984, "timestamp": "00:02:26.775", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 725242150912, "type": "region", "version": 1 }, "end_va": 725242167295, "entry_point": 0, "filename": null, "id": "region_10078", "name": "pagefile_0x000000a8dbcd0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 725242150912, "timestamp": "00:02:26.775", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 28672, "start_va": 725243265024, "type": "region", "version": 1 }, "end_va": 725243293695, "entry_point": 0, "filename": null, "id": "region_10079", "name": "private_0x000000a8dbde0000", "norm_filename": null, "region_type": "private_memory", "start_va": 725243265024, "timestamp": "00:02:26.776", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 725243396096, "type": "region", "version": 1 }, "end_va": 725244444671, "entry_point": 0, "filename": null, "id": "region_10080", "name": "private_0x000000a8dbe00000", "norm_filename": null, "region_type": "private_memory", "start_va": 725243396096, "timestamp": "00:02:26.782", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1052672, "start_va": 725244444672, "type": "region", "version": 1 }, "end_va": 725245497343, "entry_point": 725244639772, "filename": "\\Program Files\\Common Files\\wanacry6.malware.exe", "id": "region_10081", "name": "wanacry6.malware.exe", "norm_filename": "c:\\program files\\common files\\wanacry6.malware.exe", "region_type": "memory_mapped_file", "start_va": 725244444672, "timestamp": "00:02:26.787", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 725244444672, "type": "region", "version": 1 }, "end_va": 725244448767, "entry_point": 0, "filename": null, "id": "region_10082", "name": "private_0x000000a8dbf00000", "norm_filename": null, "region_type": "private_memory", "start_va": 725244444672, "timestamp": "00:02:26.817", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 135168, "start_va": 140725058142208, "type": "region", "version": 1 }, "end_va": 140725058277375, "entry_point": 140725058146560, "filename": "\\Windows\\System32\\dwmapi.dll", "id": "region_10083", "name": "dwmapi.dll", "norm_filename": "c:\\windows\\system32\\dwmapi.dll", "region_type": "memory_mapped_file", "start_va": 140725058142208, "timestamp": "00:02:26.817", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2969600, "start_va": 725244510208, "type": "region", "version": 1 }, "end_va": 725247479807, "entry_point": 725244510208, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_10084", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 725244510208, "timestamp": "00:02:26.819", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 12288, "start_va": 725247524864, "type": "region", "version": 1 }, "end_va": 725247537151, "entry_point": 0, "filename": null, "id": "region_10085", "name": "pagefile_0x000000a8dc1f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 725247524864, "timestamp": "00:02:26.824", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 725247524864, "type": "region", "version": 1 }, "end_va": 725247528959, "entry_point": 0, "filename": null, "id": "region_10086", "name": "pagefile_0x000000a8dc1f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 725247524864, "timestamp": "00:02:26.830", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 725247590400, "type": "region", "version": 1 }, "end_va": 725247594495, "entry_point": 0, "filename": null, "id": "region_10087", "name": "private_0x000000a8dc200000", "norm_filename": null, "region_type": "private_memory", "start_va": 725247590400, "timestamp": "00:02:27.854", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 5185536, "start_va": 725247655936, "type": "region", "version": 1 }, "end_va": 725252841471, "entry_point": 0, "filename": null, "id": "region_10088", "name": "pagefile_0x000000a8dc210000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 725247655936, "timestamp": "00:02:27.860", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 15138816, "start_va": 725252898816, "type": "region", "version": 1 }, "end_va": 725268037631, "entry_point": 725252898816, "filename": "\\Windows\\Fonts\\StaticCache.dat", "id": "region_10089", "name": "staticcache.dat", "norm_filename": "c:\\windows\\fonts\\staticcache.dat", "region_type": "memory_mapped_file", "start_va": 725252898816, "timestamp": "00:02:27.861", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 86016, "start_va": 140725025898496, "type": "region", "version": 1 }, "end_va": 140725025984511, "entry_point": 140725025902656, "filename": "\\Windows\\System32\\netapi32.dll", "id": "region_10090", "name": "netapi32.dll", "norm_filename": "c:\\windows\\system32\\netapi32.dll", "region_type": "memory_mapped_file", "start_va": 140725025898496, "timestamp": "00:02:27.869", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 140725072494592, "type": "region", "version": 1 }, "end_va": 140725072543743, "entry_point": 140725072499804, "filename": "\\Windows\\System32\\netutils.dll", "id": "region_10091", "name": "netutils.dll", "norm_filename": "c:\\windows\\system32\\netutils.dll", "region_type": "memory_mapped_file", "start_va": 140725072494592, "timestamp": "00:02:27.871", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 151552, "start_va": 140725073608704, "type": "region", "version": 1 }, "end_va": 140725073760255, "entry_point": 140725073612916, "filename": "\\Windows\\System32\\srvcli.dll", "id": "region_10092", "name": "srvcli.dll", "norm_filename": "c:\\windows\\system32\\srvcli.dll", "region_type": "memory_mapped_file", "start_va": 140725073608704, "timestamp": "00:02:27.872", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 90112, "start_va": 140725025636352, "type": "region", "version": 1 }, "end_va": 140725025726463, "entry_point": 140725025640520, "filename": "\\Windows\\System32\\wkscli.dll", "id": "region_10093", "name": "wkscli.dll", "norm_filename": "c:\\windows\\system32\\wkscli.dll", "region_type": "memory_mapped_file", "start_va": 140725025636352, "timestamp": "00:02:27.873", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 2195456, "start_va": 725268037632, "type": "region", "version": 1 }, "end_va": 725270233087, "entry_point": 0, "filename": null, "id": "region_10114", "name": "pagefile_0x000000a8dd580000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 725268037632, "timestamp": "00:02:27.951", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 725270265856, "type": "region", "version": 1 }, "end_va": 725270269951, "entry_point": 0, "filename": null, "id": "region_10115", "name": "pagefile_0x000000a8dd7a0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 725270265856, "timestamp": "00:02:27.951", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 48848896, "start_va": 725270265856, "type": "region", "version": 1 }, "end_va": 725319114751, "entry_point": 725270265856, "filename": "\\Windows\\System32\\imageres.dll", "id": "region_10131", "name": "imageres.dll", "norm_filename": "c:\\windows\\system32\\imageres.dll", "region_type": "memory_mapped_file", "start_va": 725270265856, "timestamp": "00:02:28.748", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 12288, "start_va": 725319155712, "type": "region", "version": 1 }, "end_va": 725319167999, "entry_point": 0, "filename": null, "id": "region_10132", "name": "pagefile_0x000000a8e0640000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 725319155712, "timestamp": "00:02:28.750", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 725319221248, "type": "region", "version": 1 }, "end_va": 725319225343, "entry_point": 0, "filename": null, "id": "region_10133", "name": "pagefile_0x000000a8e0650000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 725319221248, "timestamp": "00:02:28.750", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4169728, "start_va": 725319286784, "type": "region", "version": 1 }, "end_va": 725323456511, "entry_point": 0, "filename": null, "id": "region_10134", "name": "pagefile_0x000000a8e0660000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 725319286784, "timestamp": "00:02:28.750", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 278528, "start_va": 725323481088, "type": "region", "version": 1 }, "end_va": 725323759615, "entry_point": 0, "filename": null, "id": "region_10135", "name": "pagefile_0x000000a8e0a60000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 725323481088, "timestamp": "00:02:28.750", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 217088, "start_va": 140725075443712, "type": "region", "version": 1 }, "end_va": 140725075660799, "entry_point": 140725075448792, "filename": "\\Windows\\System32\\rsaenh.dll", "id": "region_10136", "name": "rsaenh.dll", "norm_filename": "c:\\windows\\system32\\rsaenh.dll", "region_type": "memory_mapped_file", "start_va": 140725075443712, "timestamp": "00:02:28.750", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 122880, "start_va": 140725079769088, "type": "region", "version": 1 }, "end_va": 140725079891967, "entry_point": 140725079773640, "filename": "\\Windows\\System32\\cryptsp.dll", "id": "region_10137", "name": "cryptsp.dll", "norm_filename": "c:\\windows\\system32\\cryptsp.dll", "region_type": "memory_mapped_file", "start_va": 140725079769088, "timestamp": "00:02:28.751", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 155648, "start_va": 140725082062848, "type": "region", "version": 1 }, "end_va": 140725082218495, "entry_point": 140725082086248, "filename": "\\Windows\\System32\\bcrypt.dll", "id": "region_10138", "name": "bcrypt.dll", "norm_filename": "c:\\windows\\system32\\bcrypt.dll", "region_type": "memory_mapped_file", "start_va": 140725082062848, "timestamp": "00:02:28.751", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "C:\\PROGRA~1\\COMMON~1\\WANACR~1.EXE", "filename": "c:\\progra~1\\common~1\\wanacr~1.exe", "id": "proc_83", "image_name": "wanacr~1.exe", "monitor_reason": "child_process", "monitored_id": 83, "origin_monitor_id": 82, "ref_parent_process": { "ref_id": "proc_82", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable" ], "ref_process_dump": null, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_10157", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:02:29.154", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 131072, "start_va": 976334290944, "type": "region", "version": 1 }, "end_va": 976334422015, "entry_point": 0, "filename": null, "id": "region_10158", "name": "private_0x000000e3520f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 976334290944, "timestamp": "00:02:29.154", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 61440, "start_va": 976334422016, "type": "region", "version": 1 }, "end_va": 976334483455, "entry_point": 0, "filename": null, "id": "region_10159", "name": "pagefile_0x000000e352110000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 976334422016, "timestamp": "00:02:29.154", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4194304, "start_va": 976334487552, "type": "region", "version": 1 }, "end_va": 976338681855, "entry_point": 0, "filename": null, "id": "region_10160", "name": "private_0x000000e352120000", "norm_filename": null, "region_type": "private_memory", "start_va": 976334487552, "timestamp": "00:02:29.154", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 976338681856, "type": "region", "version": 1 }, "end_va": 976338698239, "entry_point": 0, "filename": null, "id": "region_10161", "name": "pagefile_0x000000e352520000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 976338681856, "timestamp": "00:02:29.154", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 140698001145856, "type": "region", "version": 1 }, "end_va": 140698001289215, "entry_point": 0, "filename": null, "id": "region_10162", "name": "pagefile_0x00007ff6ce610000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 140698001145856, "timestamp": "00:02:29.154", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140698001330176, "type": "region", "version": 1 }, "end_va": 140698001338367, "entry_point": 0, "filename": null, "id": "region_10163", "name": "private_0x00007ff6ce63d000", "norm_filename": null, "region_type": "private_memory", "start_va": 140698001330176, "timestamp": "00:02:29.154", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 140698001338368, "type": "region", "version": 1 }, "end_va": 140698001342463, "entry_point": 0, "filename": null, "id": "region_10164", "name": "private_0x00007ff6ce63f000", "norm_filename": null, "region_type": "private_memory", "start_va": 140698001338368, "timestamp": "00:02:29.154", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1085440, "start_va": 140698014777344, "type": "region", "version": 1 }, "end_va": 140698015862783, "entry_point": 140698014972444, "filename": "\\PROGRA~1\\COMMON~1\\WANACR~1.EXE", "id": "region_10165", "name": "wanacr~1.exe", "norm_filename": "c:\\progra~1\\common~1\\wanacr~1.exe", "region_type": "memory_mapped_file", "start_va": 140698014777344, "timestamp": "00:02:29.154", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 140725133115392, "type": "region", "version": 1 }, "end_va": 140725134856191, "entry_point": 140725133115392, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_10166", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 140725133115392, "timestamp": "00:02:29.155", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 976338747392, "type": "region", "version": 1 }, "end_va": 976338755583, "entry_point": 0, "filename": null, "id": "region_10167", "name": "pagefile_0x000000e352530000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 976338747392, "timestamp": "00:02:29.157", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 976338812928, "type": "region", "version": 1 }, "end_va": 976338821119, "entry_point": 0, "filename": null, "id": "region_10168", "name": "private_0x000000e352540000", "norm_filename": null, "region_type": "private_memory", "start_va": 976338812928, "timestamp": "00:02:29.249", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4325376, "start_va": 976338878464, "type": "region", "version": 1 }, "end_va": 976343203839, "entry_point": 0, "filename": null, "id": "region_10169", "name": "private_0x000000e352550000", "norm_filename": null, "region_type": "private_memory", "start_va": 976338878464, "timestamp": "00:02:29.249", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1282048, "start_va": 140725124988928, "type": "region", "version": 1 }, "end_va": 140725126270975, "entry_point": 140725125009460, "filename": "\\Windows\\System32\\kernel32.dll", "id": "region_10170", "name": "kernel32.dll", "norm_filename": "c:\\windows\\system32\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 140725124988928, "timestamp": "00:02:29.251", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1105920, "start_va": 140725090648064, "type": "region", "version": 1 }, "end_va": 140725091753983, "entry_point": 140725090656928, "filename": "\\Windows\\System32\\KernelBase.dll", "id": "region_10171", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\system32\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 140725090648064, "timestamp": "00:02:29.253", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 976334290944, "type": "region", "version": 1 }, "end_va": 976334356479, "entry_point": 0, "filename": null, "id": "region_10172", "name": "pagefile_0x000000e3520f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 976334290944, "timestamp": "00:02:29.266", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 140698000097280, "type": "region", "version": 1 }, "end_va": 140698001145855, "entry_point": 0, "filename": null, "id": "region_10173", "name": "pagefile_0x00007ff6ce510000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 140698000097280, "timestamp": "00:02:29.266", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 516096, "start_va": 976343203840, "type": "region", "version": 1 }, "end_va": 976343719935, "entry_point": 976343203840, "filename": "\\Windows\\System32\\locale.nls", "id": "region_10174", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 976343203840, "timestamp": "00:02:29.277", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 36864, "start_va": 140724958920704, "type": "region", "version": 1 }, "end_va": 140724958957567, "entry_point": 140724958924928, "filename": "\\Windows\\System32\\wsock32.dll", "id": "region_10175", "name": "wsock32.dll", "norm_filename": "c:\\windows\\system32\\wsock32.dll", "region_type": "memory_mapped_file", "start_va": 140724958920704, "timestamp": "00:02:29.278", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 140724958855168, "type": "region", "version": 1 }, "end_va": 140724958896127, "entry_point": 140724958859456, "filename": "\\Windows\\System32\\version.dll", "id": "region_10176", "name": "version.dll", "norm_filename": "c:\\windows\\system32\\version.dll", "region_type": "memory_mapped_file", "start_va": 140724958855168, "timestamp": "00:02:29.279", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 126976, "start_va": 140724958724096, "type": "region", "version": 1 }, "end_va": 140724958851071, "entry_point": 140724958733304, "filename": "\\Windows\\System32\\winmm.dll", "id": "region_10177", "name": "winmm.dll", "norm_filename": "c:\\windows\\system32\\winmm.dll", "region_type": "memory_mapped_file", "start_va": 140724958724096, "timestamp": "00:02:29.280", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2465792, "start_va": 140725055651840, "type": "region", "version": 1 }, "end_va": 140725058117631, "entry_point": 140725055670080, "filename": "\\Windows\\WinSxS\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_62475f7becb72503\\comctl32.dll", "id": "region_10178", "name": "comctl32.dll", "norm_filename": "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_62475f7becb72503\\comctl32.dll", "region_type": "memory_mapped_file", "start_va": 140725055651840, "timestamp": "00:02:29.281", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 110592, "start_va": 140724999946240, "type": "region", "version": 1 }, "end_va": 140725000056831, "entry_point": 140724999950416, "filename": "\\Windows\\System32\\mpr.dll", "id": "region_10179", "name": "mpr.dll", "norm_filename": "c:\\windows\\system32\\mpr.dll", "region_type": "memory_mapped_file", "start_va": 140724999946240, "timestamp": "00:02:29.282", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 28672, "start_va": 976334356480, "type": "region", "version": 1 }, "end_va": 976334385151, "entry_point": 0, "filename": null, "id": "region_10180", "name": "private_0x000000e352100000", "norm_filename": null, "region_type": "private_memory", "start_va": 976334356480, "timestamp": "00:02:29.283", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2359296, "start_va": 140725005254656, "type": "region", "version": 1 }, "end_va": 140725007613951, "entry_point": 140725005259760, "filename": "\\Windows\\System32\\wininet.dll", "id": "region_10181", "name": "wininet.dll", "norm_filename": "c:\\windows\\system32\\wininet.dll", "region_type": "memory_mapped_file", "start_va": 140725005254656, "timestamp": "00:02:29.283", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 28672, "start_va": 140725103820800, "type": "region", "version": 1 }, "end_va": 140725103849471, "entry_point": 140725103824912, "filename": "\\Windows\\System32\\psapi.dll", "id": "region_10182", "name": "psapi.dll", "norm_filename": "c:\\windows\\system32\\psapi.dll", "region_type": "memory_mapped_file", "start_va": 140725103820800, "timestamp": "00:02:29.284", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 167936, "start_va": 140725016985600, "type": "region", "version": 1 }, "end_va": 140725017153535, "entry_point": 140725017016680, "filename": "\\Windows\\System32\\IPHLPAPI.DLL", "id": "region_10183", "name": "iphlpapi.dll", "norm_filename": "c:\\windows\\system32\\iphlpapi.dll", "region_type": "memory_mapped_file", "start_va": 140725016985600, "timestamp": "00:02:29.293", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 126976, "start_va": 140725076557824, "type": "region", "version": 1 }, "end_va": 140725076684799, "entry_point": 140725076562672, "filename": "\\Windows\\System32\\userenv.dll", "id": "region_10184", "name": "userenv.dll", "norm_filename": "c:\\windows\\system32\\userenv.dll", "region_type": "memory_mapped_file", "start_va": 140725076557824, "timestamp": "00:02:29.295", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1187840, "start_va": 140725066858496, "type": "region", "version": 1 }, "end_va": 140725068046335, "entry_point": 140725066904644, "filename": "\\Windows\\System32\\uxtheme.dll", "id": "region_10185", "name": "uxtheme.dll", "norm_filename": "c:\\windows\\system32\\uxtheme.dll", "region_type": "memory_mapped_file", "start_va": 140725066858496, "timestamp": "00:02:29.296", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1511424, "start_va": 140725093466112, "type": "region", "version": 1 }, "end_va": 140725094977535, "entry_point": 140725093620416, "filename": "\\Windows\\System32\\user32.dll", "id": "region_10186", "name": "user32.dll", "norm_filename": "c:\\windows\\system32\\user32.dll", "region_type": "memory_mapped_file", "start_va": 140725093466112, "timestamp": "00:02:29.297", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1331200, "start_va": 140725129773056, "type": "region", "version": 1 }, "end_va": 140725131104255, "entry_point": 140725129845848, "filename": "\\Windows\\System32\\gdi32.dll", "id": "region_10187", "name": "gdi32.dll", "norm_filename": "c:\\windows\\system32\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 140725129773056, "timestamp": "00:02:29.298", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 630784, "start_va": 140725129117696, "type": "region", "version": 1 }, "end_va": 140725129748479, "entry_point": 140725129122212, "filename": "\\Windows\\System32\\comdlg32.dll", "id": "region_10188", "name": "comdlg32.dll", "norm_filename": "c:\\windows\\system32\\comdlg32.dll", "region_type": "memory_mapped_file", "start_va": 140725129117696, "timestamp": "00:02:29.299", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 675840, "start_va": 140725126299648, "type": "region", "version": 1 }, "end_va": 140725126975487, "entry_point": 140725126303760, "filename": "\\Windows\\System32\\advapi32.dll", "id": "region_10189", "name": "advapi32.dll", "norm_filename": "c:\\windows\\system32\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 140725126299648, "timestamp": "00:02:29.300", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 21032960, "start_va": 140725103951872, "type": "region", "version": 1 }, "end_va": 140725124984831, "entry_point": 140725103956224, "filename": "\\Windows\\System32\\shell32.dll", "id": "region_10190", "name": "shell32.dll", "norm_filename": "c:\\windows\\system32\\shell32.dll", "region_type": "memory_mapped_file", "start_va": 140725103951872, "timestamp": "00:02:29.311", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1531904, "start_va": 140725096546304, "type": "region", "version": 1 }, "end_va": 140725098078207, "entry_point": 140725096550580, "filename": "\\Windows\\System32\\ole32.dll", "id": "region_10191", "name": "ole32.dll", "norm_filename": "c:\\windows\\system32\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 140725096546304, "timestamp": "00:02:29.312", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 749568, "start_va": 140725101002752, "type": "region", "version": 1 }, "end_va": 140725101752319, "entry_point": 140725101007136, "filename": "\\Windows\\System32\\oleaut32.dll", "id": "region_10192", "name": "oleaut32.dll", "norm_filename": "c:\\windows\\system32\\oleaut32.dll", "region_type": "memory_mapped_file", "start_va": 140725101002752, "timestamp": "00:02:29.312", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 360448, "start_va": 140725127020544, "type": "region", "version": 1 }, "end_va": 140725127380991, "entry_point": 140725127024796, "filename": "\\Windows\\System32\\ws2_32.dll", "id": "region_10193", "name": "ws2_32.dll", "norm_filename": "c:\\windows\\system32\\ws2_32.dll", "region_type": "memory_mapped_file", "start_va": 140725127020544, "timestamp": "00:02:29.314", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 684032, "start_va": 140725098577920, "type": "region", "version": 1 }, "end_va": 140725099261951, "entry_point": 140725098588204, "filename": "\\Windows\\System32\\msvcrt.dll", "id": "region_10194", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\system32\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 140725098577920, "timestamp": "00:02:29.314", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 172032, "start_va": 140725043789824, "type": "region", "version": 1 }, "end_va": 140725043961855, "entry_point": 140725043832680, "filename": "\\Windows\\System32\\winmmbase.dll", "id": "region_10195", "name": "winmmbase.dll", "norm_filename": "c:\\windows\\system32\\winmmbase.dll", "region_type": "memory_mapped_file", "start_va": 140725043789824, "timestamp": "00:02:29.325", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1269760, "start_va": 140725127806976, "type": "region", "version": 1 }, "end_va": 140725129076735, "entry_point": 140725127811408, "filename": "\\Windows\\System32\\rpcrt4.dll", "id": "region_10196", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\system32\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 140725127806976, "timestamp": "00:02:29.327", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2785280, "start_va": 140725002436608, "type": "region", "version": 1 }, "end_va": 140725005221887, "entry_point": 140725002493380, "filename": "\\Windows\\System32\\iertutil.dll", "id": "region_10197", "name": "iertutil.dll", "norm_filename": "c:\\windows\\system32\\iertutil.dll", "region_type": "memory_mapped_file", "start_va": 140725002436608, "timestamp": "00:02:29.328", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 36864, "start_va": 140725103886336, "type": "region", "version": 1 }, "end_va": 140725103923199, "entry_point": 140725103891456, "filename": "\\Windows\\System32\\nsi.dll", "id": "region_10198", "name": "nsi.dll", "norm_filename": "c:\\windows\\system32\\nsi.dll", "region_type": "memory_mapped_file", "start_va": 140725103886336, "timestamp": "00:02:29.330", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 140725016920064, "type": "region", "version": 1 }, "end_va": 140725016961023, "entry_point": 140725016924356, "filename": "\\Windows\\System32\\winnsi.dll", "id": "region_10199", "name": "winnsi.dll", "norm_filename": "c:\\windows\\system32\\winnsi.dll", "region_type": "memory_mapped_file", "start_va": 140725016920064, "timestamp": "00:02:29.331", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 81920, "start_va": 140725086453760, "type": "region", "version": 1 }, "end_va": 140725086535679, "entry_point": 140725086468812, "filename": "\\Windows\\System32\\profapi.dll", "id": "region_10200", "name": "profapi.dll", "norm_filename": "c:\\windows\\system32\\profapi.dll", "region_type": "memory_mapped_file", "start_va": 140725086453760, "timestamp": "00:02:29.341", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1929216, "start_va": 140725131149312, "type": "region", "version": 1 }, "end_va": 140725133078527, "entry_point": 140725131157344, "filename": "\\Windows\\System32\\combase.dll", "id": "region_10201", "name": "combase.dll", "norm_filename": "c:\\windows\\system32\\combase.dll", "region_type": "memory_mapped_file", "start_va": 140725131149312, "timestamp": "00:02:29.345", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 331776, "start_va": 140725095038976, "type": "region", "version": 1 }, "end_va": 140725095370751, "entry_point": 140725095043776, "filename": "\\Windows\\System32\\shlwapi.dll", "id": "region_10202", "name": "shlwapi.dll", "norm_filename": "c:\\windows\\system32\\shlwapi.dll", "region_type": "memory_mapped_file", "start_va": 140725095038976, "timestamp": "00:02:29.357", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 356352, "start_va": 140725098184704, "type": "region", "version": 1 }, "end_va": 140725098541055, "entry_point": 140725098194176, "filename": "\\Windows\\System32\\sechost.dll", "id": "region_10203", "name": "sechost.dll", "norm_filename": "c:\\windows\\system32\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 140725098184704, "timestamp": "00:02:29.359", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 303104, "start_va": 140725090320384, "type": "region", "version": 1 }, "end_va": 140725090623487, "entry_point": 140725090325080, "filename": "\\Windows\\System32\\cfgmgr32.dll", "id": "region_10204", "name": "cfgmgr32.dll", "norm_filename": "c:\\windows\\system32\\cfgmgr32.dll", "region_type": "memory_mapped_file", "start_va": 140725090320384, "timestamp": "00:02:29.364", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 155648, "start_va": 140725068103680, "type": "region", "version": 1 }, "end_va": 140725068259327, "entry_point": 140725068109212, "filename": "\\Windows\\System32\\devobj.dll", "id": "region_10205", "name": "devobj.dll", "norm_filename": "c:\\windows\\system32\\devobj.dll", "region_type": "memory_mapped_file", "start_va": 140725068103680, "timestamp": "00:02:29.366", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 659456, "start_va": 140725060108288, "type": "region", "version": 1 }, "end_va": 140725060767743, "entry_point": 140725060112544, "filename": "\\Windows\\System32\\SHCore.dll", "id": "region_10206", "name": "shcore.dll", "norm_filename": "c:\\windows\\system32\\shcore.dll", "region_type": "memory_mapped_file", "start_va": 140725060108288, "timestamp": "00:02:29.375", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 655360, "start_va": 976343728128, "type": "region", "version": 1 }, "end_va": 976344383487, "entry_point": 0, "filename": null, "id": "region_10207", "name": "private_0x000000e3529f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 976343728128, "timestamp": "00:02:29.402", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 28672, "start_va": 976338878464, "type": "region", "version": 1 }, "end_va": 976338907135, "entry_point": 0, "filename": null, "id": "region_10208", "name": "private_0x000000e352550000", "norm_filename": null, "region_type": "private_memory", "start_va": 976338878464, "timestamp": "00:02:29.403", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4194304, "start_va": 976339009536, "type": "region", "version": 1 }, "end_va": 976343203839, "entry_point": 0, "filename": null, "id": "region_10209", "name": "private_0x000000e352570000", "norm_filename": null, "region_type": "private_memory", "start_va": 976339009536, "timestamp": "00:02:29.403", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 212992, "start_va": 976343728128, "type": "region", "version": 1 }, "end_va": 976343941119, "entry_point": 976343732272, "filename": "\\Windows\\System32\\imm32.dll", "id": "region_10210", "name": "imm32.dll", "norm_filename": "c:\\windows\\system32\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 976343728128, "timestamp": "00:02:29.405", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 976344317952, "type": "region", "version": 1 }, "end_va": 976344383487, "entry_point": 0, "filename": null, "id": "region_10211", "name": "private_0x000000e352a80000", "norm_filename": null, "region_type": "private_memory", "start_va": 976344317952, "timestamp": "00:02:29.405", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 976344383488, "type": "region", "version": 1 }, "end_va": 976345989119, "entry_point": 0, "filename": null, "id": "region_10212", "name": "pagefile_0x000000e352a90000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 976344383488, "timestamp": "00:02:29.405", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 212992, "start_va": 140725095563264, "type": "region", "version": 1 }, "end_va": 140725095776255, "entry_point": 140725095567408, "filename": "\\Windows\\System32\\imm32.dll", "id": "region_10213", "name": "imm32.dll", "norm_filename": "c:\\windows\\system32\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 140725095563264, "timestamp": "00:02:29.406", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1277952, "start_va": 140725091762176, "type": "region", "version": 1 }, "end_va": 140725093040127, "entry_point": 140725091766288, "filename": "\\Windows\\System32\\msctf.dll", "id": "region_10214", "name": "msctf.dll", "norm_filename": "c:\\windows\\system32\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 140725091762176, "timestamp": "00:02:29.407", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 976346021888, "type": "region", "version": 1 }, "end_va": 976347598847, "entry_point": 0, "filename": null, "id": "region_10215", "name": "pagefile_0x000000e352c20000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 976346021888, "timestamp": "00:02:29.410", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20971520, "start_va": 976347660288, "type": "region", "version": 1 }, "end_va": 976368631807, "entry_point": 0, "filename": null, "id": "region_10216", "name": "pagefile_0x000000e352db0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 976347660288, "timestamp": "00:02:29.410", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 976338944000, "type": "region", "version": 1 }, "end_va": 976338948095, "entry_point": 0, "filename": null, "id": "region_10217", "name": "private_0x000000e352560000", "norm_filename": null, "region_type": "private_memory", "start_va": 976338944000, "timestamp": "00:02:29.415", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 976343728128, "type": "region", "version": 1 }, "end_va": 976343732223, "entry_point": 0, "filename": null, "id": "region_10218", "name": "private_0x000000e3529f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 976343728128, "timestamp": "00:02:29.415", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 976343793664, "type": "region", "version": 1 }, "end_va": 976343797759, "entry_point": 976343793664, "filename": "\\Windows\\WindowsShell.Manifest", "id": "region_10219", "name": "windowsshell.manifest", "norm_filename": "c:\\windows\\windowsshell.manifest", "region_type": "memory_mapped_file", "start_va": 976343793664, "timestamp": "00:02:29.415", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 976343859200, "type": "region", "version": 1 }, "end_va": 976343867391, "entry_point": 0, "filename": null, "id": "region_10220", "name": "pagefile_0x000000e352a10000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 976343859200, "timestamp": "00:02:29.416", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 589824, "start_va": 976368631808, "type": "region", "version": 1 }, "end_va": 976369221631, "entry_point": 0, "filename": null, "id": "region_10221", "name": "private_0x000000e3541b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 976368631808, "timestamp": "00:02:29.420", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 761856, "start_va": 976369221632, "type": "region", "version": 1 }, "end_va": 976369983487, "entry_point": 976369403752, "filename": "\\Windows\\System32\\rpcss.dll", "id": "region_10222", "name": "rpcss.dll", "norm_filename": "c:\\windows\\system32\\rpcss.dll", "region_type": "memory_mapped_file", "start_va": 976369221632, "timestamp": "00:02:29.426", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 140725068431360, "type": "region", "version": 1 }, "end_va": 140725068472319, "entry_point": 140725068437320, "filename": "\\Windows\\System32\\kernel.appcore.dll", "id": "region_10223", "name": "kernel.appcore.dll", "norm_filename": "c:\\windows\\system32\\kernel.appcore.dll", "region_type": "memory_mapped_file", "start_va": 140725068431360, "timestamp": "00:02:29.428", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 140725085208576, "type": "region", "version": 1 }, "end_va": 140725085249535, "entry_point": 140725085212688, "filename": "\\Windows\\System32\\cryptbase.dll", "id": "region_10224", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\system32\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 140725085208576, "timestamp": "00:02:29.430", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 385024, "start_va": 140725084815360, "type": "region", "version": 1 }, "end_va": 140725085200383, "entry_point": 140725084944032, "filename": "\\Windows\\System32\\bcryptprimitives.dll", "id": "region_10225", "name": "bcryptprimitives.dll", "norm_filename": "c:\\windows\\system32\\bcryptprimitives.dll", "region_type": "memory_mapped_file", "start_va": 140725084815360, "timestamp": "00:02:29.432", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 976343793664, "type": "region", "version": 1 }, "end_va": 976343797759, "entry_point": 0, "filename": null, "id": "region_10226", "name": "pagefile_0x000000e352a00000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 976343793664, "timestamp": "00:02:29.437", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 983040, "start_va": 976369221632, "type": "region", "version": 1 }, "end_va": 976370204671, "entry_point": 0, "filename": null, "id": "region_10227", "name": "pagefile_0x000000e354240000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 976369221632, "timestamp": "00:02:29.437", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 976343793664, "type": "region", "version": 1 }, "end_va": 976343810047, "entry_point": 0, "filename": null, "id": "region_10228", "name": "pagefile_0x000000e352a00000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 976343793664, "timestamp": "00:02:29.437", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 28672, "start_va": 976343924736, "type": "region", "version": 1 }, "end_va": 976343953407, "entry_point": 0, "filename": null, "id": "region_10229", "name": "private_0x000000e352a20000", "norm_filename": null, "region_type": "private_memory", "start_va": 976343924736, "timestamp": "00:02:29.438", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 976370204672, "type": "region", "version": 1 }, "end_va": 976371253247, "entry_point": 0, "filename": null, "id": "region_10230", "name": "private_0x000000e354330000", "norm_filename": null, "region_type": "private_memory", "start_va": 976370204672, "timestamp": "00:02:29.445", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1052672, "start_va": 976371253248, "type": "region", "version": 1 }, "end_va": 976372305919, "entry_point": 976371448348, "filename": "\\Program Files\\Common Files\\wanacry6.malware.exe", "id": "region_10231", "name": "wanacry6.malware.exe", "norm_filename": "c:\\program files\\common files\\wanacry6.malware.exe", "region_type": "memory_mapped_file", "start_va": 976371253248, "timestamp": "00:02:29.448", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 976343990272, "type": "region", "version": 1 }, "end_va": 976343994367, "entry_point": 0, "filename": null, "id": "region_10232", "name": "private_0x000000e352a30000", "norm_filename": null, "region_type": "private_memory", "start_va": 976343990272, "timestamp": "00:02:29.478", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 135168, "start_va": 140725058142208, "type": "region", "version": 1 }, "end_va": 140725058277375, "entry_point": 140725058146560, "filename": "\\Windows\\System32\\dwmapi.dll", "id": "region_10233", "name": "dwmapi.dll", "norm_filename": "c:\\windows\\system32\\dwmapi.dll", "region_type": "memory_mapped_file", "start_va": 140725058142208, "timestamp": "00:02:29.479", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2969600, "start_va": 976371253248, "type": "region", "version": 1 }, "end_va": 976374222847, "entry_point": 976371253248, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_10234", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 976371253248, "timestamp": "00:02:29.482", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 12288, "start_va": 976344055808, "type": "region", "version": 1 }, "end_va": 976344068095, "entry_point": 0, "filename": null, "id": "region_10235", "name": "pagefile_0x000000e352a40000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 976344055808, "timestamp": "00:02:29.486", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 976344055808, "type": "region", "version": 1 }, "end_va": 976344059903, "entry_point": 0, "filename": null, "id": "region_10236", "name": "pagefile_0x000000e352a40000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 976344055808, "timestamp": "00:02:29.492", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 976344121344, "type": "region", "version": 1 }, "end_va": 976344125439, "entry_point": 0, "filename": null, "id": "region_10237", "name": "private_0x000000e352a50000", "norm_filename": null, "region_type": "private_memory", "start_va": 976344121344, "timestamp": "00:02:30.516", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 5185536, "start_va": 976374267904, "type": "region", "version": 1 }, "end_va": 976379453439, "entry_point": 0, "filename": null, "id": "region_10238", "name": "pagefile_0x000000e354710000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 976374267904, "timestamp": "00:02:30.522", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 15138816, "start_va": 976379510784, "type": "region", "version": 1 }, "end_va": 976394649599, "entry_point": 976379510784, "filename": "\\Windows\\Fonts\\StaticCache.dat", "id": "region_10239", "name": "staticcache.dat", "norm_filename": "c:\\windows\\fonts\\staticcache.dat", "region_type": "memory_mapped_file", "start_va": 976379510784, "timestamp": "00:02:30.523", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 86016, "start_va": 140725025898496, "type": "region", "version": 1 }, "end_va": 140725025984511, "entry_point": 140725025902656, "filename": "\\Windows\\System32\\netapi32.dll", "id": "region_10240", "name": "netapi32.dll", "norm_filename": "c:\\windows\\system32\\netapi32.dll", "region_type": "memory_mapped_file", "start_va": 140725025898496, "timestamp": "00:02:30.531", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 140725072494592, "type": "region", "version": 1 }, "end_va": 140725072543743, "entry_point": 140725072499804, "filename": "\\Windows\\System32\\netutils.dll", "id": "region_10241", "name": "netutils.dll", "norm_filename": "c:\\windows\\system32\\netutils.dll", "region_type": "memory_mapped_file", "start_va": 140725072494592, "timestamp": "00:02:30.532", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 151552, "start_va": 140725073608704, "type": "region", "version": 1 }, "end_va": 140725073760255, "entry_point": 140725073612916, "filename": "\\Windows\\System32\\srvcli.dll", "id": "region_10242", "name": "srvcli.dll", "norm_filename": "c:\\windows\\system32\\srvcli.dll", "region_type": "memory_mapped_file", "start_va": 140725073608704, "timestamp": "00:02:30.533", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 90112, "start_va": 140725025636352, "type": "region", "version": 1 }, "end_va": 140725025726463, "entry_point": 140725025640520, "filename": "\\Windows\\System32\\wkscli.dll", "id": "region_10243", "name": "wkscli.dll", "norm_filename": "c:\\windows\\system32\\wkscli.dll", "region_type": "memory_mapped_file", "start_va": 140725025636352, "timestamp": "00:02:30.534", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 976344186880, "type": "region", "version": 1 }, "end_va": 976344190975, "entry_point": 0, "filename": null, "id": "region_10264", "name": "pagefile_0x000000e352a60000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 976344186880, "timestamp": "00:02:30.611", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 2195456, "start_va": 976394649600, "type": "region", "version": 1 }, "end_va": 976396845055, "entry_point": 0, "filename": null, "id": "region_10265", "name": "pagefile_0x000000e355a80000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 976394649600, "timestamp": "00:02:30.611", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 12288, "start_va": 976344186880, "type": "region", "version": 1 }, "end_va": 976344199167, "entry_point": 0, "filename": null, "id": "region_10281", "name": "pagefile_0x000000e352a60000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 976344186880, "timestamp": "00:02:31.449", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 976344252416, "type": "region", "version": 1 }, "end_va": 976344256511, "entry_point": 0, "filename": null, "id": "region_10282", "name": "pagefile_0x000000e352a70000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 976344252416, "timestamp": "00:02:31.449", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 278528, "start_va": 976368631808, "type": "region", "version": 1 }, "end_va": 976368910335, "entry_point": 0, "filename": null, "id": "region_10283", "name": "pagefile_0x000000e3541b0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 976368631808, "timestamp": "00:02:31.449", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 976369156096, "type": "region", "version": 1 }, "end_va": 976369221631, "entry_point": 0, "filename": null, "id": "region_10284", "name": "private_0x000000e354230000", "norm_filename": null, "region_type": "private_memory", "start_va": 976369156096, "timestamp": "00:02:31.449", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 48848896, "start_va": 976396877824, "type": "region", "version": 1 }, "end_va": 976445726719, "entry_point": 976396877824, "filename": "\\Windows\\System32\\imageres.dll", "id": "region_10285", "name": "imageres.dll", "norm_filename": "c:\\windows\\system32\\imageres.dll", "region_type": "memory_mapped_file", "start_va": 976396877824, "timestamp": "00:02:31.450", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4169728, "start_va": 976445767680, "type": "region", "version": 1 }, "end_va": 976449937407, "entry_point": 0, "filename": null, "id": "region_10286", "name": "pagefile_0x000000e358b40000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 976445767680, "timestamp": "00:02:31.451", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 217088, "start_va": 140725075443712, "type": "region", "version": 1 }, "end_va": 140725075660799, "entry_point": 140725075448792, "filename": "\\Windows\\System32\\rsaenh.dll", "id": "region_10287", "name": "rsaenh.dll", "norm_filename": "c:\\windows\\system32\\rsaenh.dll", "region_type": "memory_mapped_file", "start_va": 140725075443712, "timestamp": "00:02:31.451", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 122880, "start_va": 140725079769088, "type": "region", "version": 1 }, "end_va": 140725079891967, "entry_point": 140725079773640, "filename": "\\Windows\\System32\\cryptsp.dll", "id": "region_10288", "name": "cryptsp.dll", "norm_filename": "c:\\windows\\system32\\cryptsp.dll", "region_type": "memory_mapped_file", "start_va": 140725079769088, "timestamp": "00:02:31.451", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 155648, "start_va": 140725082062848, "type": "region", "version": 1 }, "end_va": 140725082218495, "entry_point": 140725082086248, "filename": "\\Windows\\System32\\bcrypt.dll", "id": "region_10289", "name": "bcrypt.dll", "norm_filename": "c:\\windows\\system32\\bcrypt.dll", "region_type": "memory_mapped_file", "start_va": 140725082062848, "timestamp": "00:02:31.452", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1073152, "start_va": 976449961984, "type": "region", "version": 1 }, "end_va": 976451035135, "entry_point": 0, "filename": null, "id": "region_10290", "name": "private_0x000000e358f40000", "norm_filename": null, "region_type": "private_memory", "start_va": 976449961984, "timestamp": "00:02:31.458", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "C:\\PROGRA~1\\COMMON~1\\WANACR~1.EXE", "filename": "c:\\progra~1\\common~1\\wanacr~1.exe", "id": "proc_84", "image_name": "wanacr~1.exe", "monitor_reason": "child_process", "monitored_id": 84, "origin_monitor_id": 83, "ref_parent_process": { "ref_id": "proc_83", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable" ], "ref_process_dump": null, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_10306", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:02:31.762", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 131072, "start_va": 63434194944, "type": "region", "version": 1 }, "end_va": 63434326015, "entry_point": 0, "filename": null, "id": "region_10307", "name": "private_0x0000000ec4f90000", "norm_filename": null, "region_type": "private_memory", "start_va": 63434194944, "timestamp": "00:02:31.762", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 61440, "start_va": 63434326016, "type": "region", "version": 1 }, "end_va": 63434387455, "entry_point": 0, "filename": null, "id": "region_10308", "name": "pagefile_0x0000000ec4fb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 63434326016, "timestamp": "00:02:31.762", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4194304, "start_va": 63434391552, "type": "region", "version": 1 }, "end_va": 63438585855, "entry_point": 0, "filename": null, "id": "region_10309", "name": "private_0x0000000ec4fc0000", "norm_filename": null, "region_type": "private_memory", "start_va": 63434391552, "timestamp": "00:02:31.762", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 63438585856, "type": "region", "version": 1 }, "end_va": 63438602239, "entry_point": 0, "filename": null, "id": "region_10310", "name": "pagefile_0x0000000ec53c0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 63438585856, "timestamp": "00:02:31.762", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 140698001801216, "type": "region", "version": 1 }, "end_va": 140698001944575, "entry_point": 0, "filename": null, "id": "region_10311", "name": "pagefile_0x00007ff6ce6b0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 140698001801216, "timestamp": "00:02:31.762", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 140698001944576, "type": "region", "version": 1 }, "end_va": 140698001948671, "entry_point": 0, "filename": null, "id": "region_10312", "name": "private_0x00007ff6ce6d3000", "norm_filename": null, "region_type": "private_memory", "start_va": 140698001944576, "timestamp": "00:02:31.762", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140698001989632, "type": "region", "version": 1 }, "end_va": 140698001997823, "entry_point": 0, "filename": null, "id": "region_10313", "name": "private_0x00007ff6ce6de000", "norm_filename": null, "region_type": "private_memory", "start_va": 140698001989632, "timestamp": "00:02:31.762", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1085440, "start_va": 140698014777344, "type": "region", "version": 1 }, "end_va": 140698015862783, "entry_point": 140698014972444, "filename": "\\PROGRA~1\\COMMON~1\\WANACR~1.EXE", "id": "region_10314", "name": "wanacr~1.exe", "norm_filename": "c:\\progra~1\\common~1\\wanacr~1.exe", "region_type": "memory_mapped_file", "start_va": 140698014777344, "timestamp": "00:02:31.762", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 140725133115392, "type": "region", "version": 1 }, "end_va": 140725134856191, "entry_point": 140725133115392, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_10315", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 140725133115392, "timestamp": "00:02:31.763", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 63438651392, "type": "region", "version": 1 }, "end_va": 63438659583, "entry_point": 0, "filename": null, "id": "region_10316", "name": "pagefile_0x0000000ec53d0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 63438651392, "timestamp": "00:02:31.764", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 63438716928, "type": "region", "version": 1 }, "end_va": 63438725119, "entry_point": 0, "filename": null, "id": "region_10317", "name": "private_0x0000000ec53e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 63438716928, "timestamp": "00:02:31.842", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 5767168, "start_va": 63438782464, "type": "region", "version": 1 }, "end_va": 63444549631, "entry_point": 0, "filename": null, "id": "region_10318", "name": "private_0x0000000ec53f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 63438782464, "timestamp": "00:02:31.842", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1282048, "start_va": 140725124988928, "type": "region", "version": 1 }, "end_va": 140725126270975, "entry_point": 140725125009460, "filename": "\\Windows\\System32\\kernel32.dll", "id": "region_10319", "name": "kernel32.dll", "norm_filename": "c:\\windows\\system32\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 140725124988928, "timestamp": "00:02:31.844", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1105920, "start_va": 140725090648064, "type": "region", "version": 1 }, "end_va": 140725091753983, "entry_point": 140725090656928, "filename": "\\Windows\\System32\\KernelBase.dll", "id": "region_10320", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\system32\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 140725090648064, "timestamp": "00:02:31.856", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 63434194944, "type": "region", "version": 1 }, "end_va": 63434260479, "entry_point": 0, "filename": null, "id": "region_10321", "name": "pagefile_0x0000000ec4f90000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 63434194944, "timestamp": "00:02:31.859", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 140698000752640, "type": "region", "version": 1 }, "end_va": 140698001801215, "entry_point": 0, "filename": null, "id": "region_10322", "name": "pagefile_0x00007ff6ce5b0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 140698000752640, "timestamp": "00:02:31.859", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 516096, "start_va": 63438782464, "type": "region", "version": 1 }, "end_va": 63439298559, "entry_point": 63438782464, "filename": "\\Windows\\System32\\locale.nls", "id": "region_10323", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 63438782464, "timestamp": "00:02:31.870", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4194304, "start_va": 63440355328, "type": "region", "version": 1 }, "end_va": 63444549631, "entry_point": 0, "filename": null, "id": "region_10324", "name": "private_0x0000000ec5570000", "norm_filename": null, "region_type": "private_memory", "start_va": 63440355328, "timestamp": "00:02:31.871", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 36864, "start_va": 140724958920704, "type": "region", "version": 1 }, "end_va": 140724958957567, "entry_point": 140724958924928, "filename": "\\Windows\\System32\\wsock32.dll", "id": "region_10325", "name": "wsock32.dll", "norm_filename": "c:\\windows\\system32\\wsock32.dll", "region_type": "memory_mapped_file", "start_va": 140724958920704, "timestamp": "00:02:31.871", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 140724958855168, "type": "region", "version": 1 }, "end_va": 140724958896127, "entry_point": 140724958859456, "filename": "\\Windows\\System32\\version.dll", "id": "region_10326", "name": "version.dll", "norm_filename": "c:\\windows\\system32\\version.dll", "region_type": "memory_mapped_file", "start_va": 140724958855168, "timestamp": "00:02:31.872", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 126976, "start_va": 140724958724096, "type": "region", "version": 1 }, "end_va": 140724958851071, "entry_point": 140724958733304, "filename": "\\Windows\\System32\\winmm.dll", "id": "region_10327", "name": "winmm.dll", "norm_filename": "c:\\windows\\system32\\winmm.dll", "region_type": "memory_mapped_file", "start_va": 140724958724096, "timestamp": "00:02:31.873", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2465792, "start_va": 140725055651840, "type": "region", "version": 1 }, "end_va": 140725058117631, "entry_point": 140725055670080, "filename": "\\Windows\\WinSxS\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_62475f7becb72503\\comctl32.dll", "id": "region_10328", "name": "comctl32.dll", "norm_filename": "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_62475f7becb72503\\comctl32.dll", "region_type": "memory_mapped_file", "start_va": 140725055651840, "timestamp": "00:02:31.874", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 110592, "start_va": 140724999946240, "type": "region", "version": 1 }, "end_va": 140725000056831, "entry_point": 140724999950416, "filename": "\\Windows\\System32\\mpr.dll", "id": "region_10329", "name": "mpr.dll", "norm_filename": "c:\\windows\\system32\\mpr.dll", "region_type": "memory_mapped_file", "start_va": 140724999946240, "timestamp": "00:02:31.875", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 28672, "start_va": 63434260480, "type": "region", "version": 1 }, "end_va": 63434289151, "entry_point": 0, "filename": null, "id": "region_10330", "name": "private_0x0000000ec4fa0000", "norm_filename": null, "region_type": "private_memory", "start_va": 63434260480, "timestamp": "00:02:31.885", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2359296, "start_va": 140725005254656, "type": "region", "version": 1 }, "end_va": 140725007613951, "entry_point": 140725005259760, "filename": "\\Windows\\System32\\wininet.dll", "id": "region_10331", "name": "wininet.dll", "norm_filename": "c:\\windows\\system32\\wininet.dll", "region_type": "memory_mapped_file", "start_va": 140725005254656, "timestamp": "00:02:31.886", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 28672, "start_va": 140725103820800, "type": "region", "version": 1 }, "end_va": 140725103849471, "entry_point": 140725103824912, "filename": "\\Windows\\System32\\psapi.dll", "id": "region_10332", "name": "psapi.dll", "norm_filename": "c:\\windows\\system32\\psapi.dll", "region_type": "memory_mapped_file", "start_va": 140725103820800, "timestamp": "00:02:31.887", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 167936, "start_va": 140725016985600, "type": "region", "version": 1 }, "end_va": 140725017153535, "entry_point": 140725017016680, "filename": "\\Windows\\System32\\IPHLPAPI.DLL", "id": "region_10333", "name": "iphlpapi.dll", "norm_filename": "c:\\windows\\system32\\iphlpapi.dll", "region_type": "memory_mapped_file", "start_va": 140725016985600, "timestamp": "00:02:31.887", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 126976, "start_va": 140725076557824, "type": "region", "version": 1 }, "end_va": 140725076684799, "entry_point": 140725076562672, "filename": "\\Windows\\System32\\userenv.dll", "id": "region_10334", "name": "userenv.dll", "norm_filename": "c:\\windows\\system32\\userenv.dll", "region_type": "memory_mapped_file", "start_va": 140725076557824, "timestamp": "00:02:31.888", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1187840, "start_va": 140725066858496, "type": "region", "version": 1 }, "end_va": 140725068046335, "entry_point": 140725066904644, "filename": "\\Windows\\System32\\uxtheme.dll", "id": "region_10335", "name": "uxtheme.dll", "norm_filename": "c:\\windows\\system32\\uxtheme.dll", "region_type": "memory_mapped_file", "start_va": 140725066858496, "timestamp": "00:02:31.889", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1511424, "start_va": 140725093466112, "type": "region", "version": 1 }, "end_va": 140725094977535, "entry_point": 140725093620416, "filename": "\\Windows\\System32\\user32.dll", "id": "region_10336", "name": "user32.dll", "norm_filename": "c:\\windows\\system32\\user32.dll", "region_type": "memory_mapped_file", "start_va": 140725093466112, "timestamp": "00:02:31.890", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1331200, "start_va": 140725129773056, "type": "region", "version": 1 }, "end_va": 140725131104255, "entry_point": 140725129845848, "filename": "\\Windows\\System32\\gdi32.dll", "id": "region_10337", "name": "gdi32.dll", "norm_filename": "c:\\windows\\system32\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 140725129773056, "timestamp": "00:02:31.890", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 630784, "start_va": 140725129117696, "type": "region", "version": 1 }, "end_va": 140725129748479, "entry_point": 140725129122212, "filename": "\\Windows\\System32\\comdlg32.dll", "id": "region_10338", "name": "comdlg32.dll", "norm_filename": "c:\\windows\\system32\\comdlg32.dll", "region_type": "memory_mapped_file", "start_va": 140725129117696, "timestamp": "00:02:31.891", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 675840, "start_va": 140725126299648, "type": "region", "version": 1 }, "end_va": 140725126975487, "entry_point": 140725126303760, "filename": "\\Windows\\System32\\advapi32.dll", "id": "region_10339", "name": "advapi32.dll", "norm_filename": "c:\\windows\\system32\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 140725126299648, "timestamp": "00:02:31.902", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 21032960, "start_va": 140725103951872, "type": "region", "version": 1 }, "end_va": 140725124984831, "entry_point": 140725103956224, "filename": "\\Windows\\System32\\shell32.dll", "id": "region_10340", "name": "shell32.dll", "norm_filename": "c:\\windows\\system32\\shell32.dll", "region_type": "memory_mapped_file", "start_va": 140725103951872, "timestamp": "00:02:31.903", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1531904, "start_va": 140725096546304, "type": "region", "version": 1 }, "end_va": 140725098078207, "entry_point": 140725096550580, "filename": "\\Windows\\System32\\ole32.dll", "id": "region_10341", "name": "ole32.dll", "norm_filename": "c:\\windows\\system32\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 140725096546304, "timestamp": "00:02:31.904", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 749568, "start_va": 140725101002752, "type": "region", "version": 1 }, "end_va": 140725101752319, "entry_point": 140725101007136, "filename": "\\Windows\\System32\\oleaut32.dll", "id": "region_10342", "name": "oleaut32.dll", "norm_filename": "c:\\windows\\system32\\oleaut32.dll", "region_type": "memory_mapped_file", "start_va": 140725101002752, "timestamp": "00:02:31.906", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 360448, "start_va": 140725127020544, "type": "region", "version": 1 }, "end_va": 140725127380991, "entry_point": 140725127024796, "filename": "\\Windows\\System32\\ws2_32.dll", "id": "region_10343", "name": "ws2_32.dll", "norm_filename": "c:\\windows\\system32\\ws2_32.dll", "region_type": "memory_mapped_file", "start_va": 140725127020544, "timestamp": "00:02:31.907", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 684032, "start_va": 140725098577920, "type": "region", "version": 1 }, "end_va": 140725099261951, "entry_point": 140725098588204, "filename": "\\Windows\\System32\\msvcrt.dll", "id": "region_10344", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\system32\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 140725098577920, "timestamp": "00:02:31.917", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 172032, "start_va": 140725043789824, "type": "region", "version": 1 }, "end_va": 140725043961855, "entry_point": 140725043832680, "filename": "\\Windows\\System32\\winmmbase.dll", "id": "region_10345", "name": "winmmbase.dll", "norm_filename": "c:\\windows\\system32\\winmmbase.dll", "region_type": "memory_mapped_file", "start_va": 140725043789824, "timestamp": "00:02:31.918", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1269760, "start_va": 140725127806976, "type": "region", "version": 1 }, "end_va": 140725129076735, "entry_point": 140725127811408, "filename": "\\Windows\\System32\\rpcrt4.dll", "id": "region_10346", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\system32\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 140725127806976, "timestamp": "00:02:31.920", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2785280, "start_va": 140725002436608, "type": "region", "version": 1 }, "end_va": 140725005221887, "entry_point": 140725002493380, "filename": "\\Windows\\System32\\iertutil.dll", "id": "region_10347", "name": "iertutil.dll", "norm_filename": "c:\\windows\\system32\\iertutil.dll", "region_type": "memory_mapped_file", "start_va": 140725002436608, "timestamp": "00:02:31.921", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 36864, "start_va": 140725103886336, "type": "region", "version": 1 }, "end_va": 140725103923199, "entry_point": 140725103891456, "filename": "\\Windows\\System32\\nsi.dll", "id": "region_10348", "name": "nsi.dll", "norm_filename": "c:\\windows\\system32\\nsi.dll", "region_type": "memory_mapped_file", "start_va": 140725103886336, "timestamp": "00:02:31.922", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 140725016920064, "type": "region", "version": 1 }, "end_va": 140725016961023, "entry_point": 140725016924356, "filename": "\\Windows\\System32\\winnsi.dll", "id": "region_10349", "name": "winnsi.dll", "norm_filename": "c:\\windows\\system32\\winnsi.dll", "region_type": "memory_mapped_file", "start_va": 140725016920064, "timestamp": "00:02:31.932", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 81920, "start_va": 140725086453760, "type": "region", "version": 1 }, "end_va": 140725086535679, "entry_point": 140725086468812, "filename": "\\Windows\\System32\\profapi.dll", "id": "region_10350", "name": "profapi.dll", "norm_filename": "c:\\windows\\system32\\profapi.dll", "region_type": "memory_mapped_file", "start_va": 140725086453760, "timestamp": "00:02:31.933", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1929216, "start_va": 140725131149312, "type": "region", "version": 1 }, "end_va": 140725133078527, "entry_point": 140725131157344, "filename": "\\Windows\\System32\\combase.dll", "id": "region_10351", "name": "combase.dll", "norm_filename": "c:\\windows\\system32\\combase.dll", "region_type": "memory_mapped_file", "start_va": 140725131149312, "timestamp": "00:02:31.937", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 331776, "start_va": 140725095038976, "type": "region", "version": 1 }, "end_va": 140725095370751, "entry_point": 140725095043776, "filename": "\\Windows\\System32\\shlwapi.dll", "id": "region_10352", "name": "shlwapi.dll", "norm_filename": "c:\\windows\\system32\\shlwapi.dll", "region_type": "memory_mapped_file", "start_va": 140725095038976, "timestamp": "00:02:31.947", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 356352, "start_va": 140725098184704, "type": "region", "version": 1 }, "end_va": 140725098541055, "entry_point": 140725098194176, "filename": "\\Windows\\System32\\sechost.dll", "id": "region_10353", "name": "sechost.dll", "norm_filename": "c:\\windows\\system32\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 140725098184704, "timestamp": "00:02:31.948", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 303104, "start_va": 140725090320384, "type": "region", "version": 1 }, "end_va": 140725090623487, "entry_point": 140725090325080, "filename": "\\Windows\\System32\\cfgmgr32.dll", "id": "region_10354", "name": "cfgmgr32.dll", "norm_filename": "c:\\windows\\system32\\cfgmgr32.dll", "region_type": "memory_mapped_file", "start_va": 140725090320384, "timestamp": "00:02:31.951", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 155648, "start_va": 140725068103680, "type": "region", "version": 1 }, "end_va": 140725068259327, "entry_point": 140725068109212, "filename": "\\Windows\\System32\\devobj.dll", "id": "region_10355", "name": "devobj.dll", "norm_filename": "c:\\windows\\system32\\devobj.dll", "region_type": "memory_mapped_file", "start_va": 140725068103680, "timestamp": "00:02:31.951", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 659456, "start_va": 140725060108288, "type": "region", "version": 1 }, "end_va": 140725060767743, "entry_point": 140725060112544, "filename": "\\Windows\\System32\\SHCore.dll", "id": "region_10356", "name": "shcore.dll", "norm_filename": "c:\\windows\\system32\\shcore.dll", "region_type": "memory_mapped_file", "start_va": 140725060108288, "timestamp": "00:02:31.969", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 655360, "start_va": 63439306752, "type": "region", "version": 1 }, "end_va": 63439962111, "entry_point": 0, "filename": null, "id": "region_10357", "name": "private_0x0000000ec5470000", "norm_filename": null, "region_type": "private_memory", "start_va": 63439306752, "timestamp": "00:02:31.984", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 28672, "start_va": 63439306752, "type": "region", "version": 1 }, "end_va": 63439335423, "entry_point": 0, "filename": null, "id": "region_10358", "name": "private_0x0000000ec5470000", "norm_filename": null, "region_type": "private_memory", "start_va": 63439306752, "timestamp": "00:02:31.987", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 63439896576, "type": "region", "version": 1 }, "end_va": 63439962111, "entry_point": 0, "filename": null, "id": "region_10359", "name": "private_0x0000000ec5500000", "norm_filename": null, "region_type": "private_memory", "start_va": 63439896576, "timestamp": "00:02:31.987", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 212992, "start_va": 63439372288, "type": "region", "version": 1 }, "end_va": 63439585279, "entry_point": 63439376432, "filename": "\\Windows\\System32\\imm32.dll", "id": "region_10360", "name": "imm32.dll", "norm_filename": "c:\\windows\\system32\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 63439372288, "timestamp": "00:02:31.989", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 63444549632, "type": "region", "version": 1 }, "end_va": 63446155263, "entry_point": 0, "filename": null, "id": "region_10361", "name": "pagefile_0x0000000ec5970000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 63444549632, "timestamp": "00:02:31.989", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 212992, "start_va": 140725095563264, "type": "region", "version": 1 }, "end_va": 140725095776255, "entry_point": 140725095567408, "filename": "\\Windows\\System32\\imm32.dll", "id": "region_10362", "name": "imm32.dll", "norm_filename": "c:\\windows\\system32\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 140725095563264, "timestamp": "00:02:31.990", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1277952, "start_va": 140725091762176, "type": "region", "version": 1 }, "end_va": 140725093040127, "entry_point": 140725091766288, "filename": "\\Windows\\System32\\msctf.dll", "id": "region_10363", "name": "msctf.dll", "norm_filename": "c:\\windows\\system32\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 140725091762176, "timestamp": "00:02:31.991", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 63446188032, "type": "region", "version": 1 }, "end_va": 63447764991, "entry_point": 0, "filename": null, "id": "region_10364", "name": "pagefile_0x0000000ec5b00000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 63446188032, "timestamp": "00:02:31.993", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20971520, "start_va": 63447826432, "type": "region", "version": 1 }, "end_va": 63468797951, "entry_point": 0, "filename": null, "id": "region_10365", "name": "pagefile_0x0000000ec5c90000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 63447826432, "timestamp": "00:02:31.994", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 63439372288, "type": "region", "version": 1 }, "end_va": 63439376383, "entry_point": 0, "filename": null, "id": "region_10366", "name": "private_0x0000000ec5480000", "norm_filename": null, "region_type": "private_memory", "start_va": 63439372288, "timestamp": "00:02:31.997", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 63439437824, "type": "region", "version": 1 }, "end_va": 63439441919, "entry_point": 0, "filename": null, "id": "region_10367", "name": "private_0x0000000ec5490000", "norm_filename": null, "region_type": "private_memory", "start_va": 63439437824, "timestamp": "00:02:31.997", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 63439503360, "type": "region", "version": 1 }, "end_va": 63439507455, "entry_point": 63439503360, "filename": "\\Windows\\WindowsShell.Manifest", "id": "region_10368", "name": "windowsshell.manifest", "norm_filename": "c:\\windows\\windowsshell.manifest", "region_type": "memory_mapped_file", "start_va": 63439503360, "timestamp": "00:02:31.997", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 63439568896, "type": "region", "version": 1 }, "end_va": 63439577087, "entry_point": 0, "filename": null, "id": "region_10369", "name": "pagefile_0x0000000ec54b0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 63439568896, "timestamp": "00:02:31.997", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 720896, "start_va": 63468797952, "type": "region", "version": 1 }, "end_va": 63469518847, "entry_point": 0, "filename": null, "id": "region_10370", "name": "private_0x0000000ec7090000", "norm_filename": null, "region_type": "private_memory", "start_va": 63468797952, "timestamp": "00:02:32.001", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 761856, "start_va": 63469518848, "type": "region", "version": 1 }, "end_va": 63470280703, "entry_point": 63469700968, "filename": "\\Windows\\System32\\rpcss.dll", "id": "region_10371", "name": "rpcss.dll", "norm_filename": "c:\\windows\\system32\\rpcss.dll", "region_type": "memory_mapped_file", "start_va": 63469518848, "timestamp": "00:02:32.007", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 140725068431360, "type": "region", "version": 1 }, "end_va": 140725068472319, "entry_point": 140725068437320, "filename": "\\Windows\\System32\\kernel.appcore.dll", "id": "region_10372", "name": "kernel.appcore.dll", "norm_filename": "c:\\windows\\system32\\kernel.appcore.dll", "region_type": "memory_mapped_file", "start_va": 140725068431360, "timestamp": "00:02:32.008", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 140725085208576, "type": "region", "version": 1 }, "end_va": 140725085249535, "entry_point": 140725085212688, "filename": "\\Windows\\System32\\cryptbase.dll", "id": "region_10373", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\system32\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 140725085208576, "timestamp": "00:02:32.010", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 385024, "start_va": 140725084815360, "type": "region", "version": 1 }, "end_va": 140725085200383, "entry_point": 140725084944032, "filename": "\\Windows\\System32\\bcryptprimitives.dll", "id": "region_10374", "name": "bcryptprimitives.dll", "norm_filename": "c:\\windows\\system32\\bcryptprimitives.dll", "region_type": "memory_mapped_file", "start_va": 140725084815360, "timestamp": "00:02:32.011", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 63439503360, "type": "region", "version": 1 }, "end_va": 63439507455, "entry_point": 0, "filename": null, "id": "region_10375", "name": "pagefile_0x0000000ec54a0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 63439503360, "timestamp": "00:02:32.020", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 983040, "start_va": 63469518848, "type": "region", "version": 1 }, "end_va": 63470501887, "entry_point": 0, "filename": null, "id": "region_10376", "name": "pagefile_0x0000000ec7140000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 63469518848, "timestamp": "00:02:32.020", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 63439503360, "type": "region", "version": 1 }, "end_va": 63439519743, "entry_point": 0, "filename": null, "id": "region_10377", "name": "pagefile_0x0000000ec54a0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 63439503360, "timestamp": "00:02:32.020", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 28672, "start_va": 63439634432, "type": "region", "version": 1 }, "end_va": 63439663103, "entry_point": 0, "filename": null, "id": "region_10378", "name": "private_0x0000000ec54c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 63439634432, "timestamp": "00:02:32.021", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 63470501888, "type": "region", "version": 1 }, "end_va": 63471550463, "entry_point": 0, "filename": null, "id": "region_10379", "name": "private_0x0000000ec7230000", "norm_filename": null, "region_type": "private_memory", "start_va": 63470501888, "timestamp": "00:02:32.046", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1052672, "start_va": 63471550464, "type": "region", "version": 1 }, "end_va": 63472603135, "entry_point": 63471745564, "filename": "\\Program Files\\Common Files\\wanacry6.malware.exe", "id": "region_10380", "name": "wanacry6.malware.exe", "norm_filename": "c:\\program files\\common files\\wanacry6.malware.exe", "region_type": "memory_mapped_file", "start_va": 63471550464, "timestamp": "00:02:32.048", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 63439699968, "type": "region", "version": 1 }, "end_va": 63439704063, "entry_point": 0, "filename": null, "id": "region_10381", "name": "private_0x0000000ec54d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 63439699968, "timestamp": "00:02:32.077", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 135168, "start_va": 140725058142208, "type": "region", "version": 1 }, "end_va": 140725058277375, "entry_point": 140725058146560, "filename": "\\Windows\\System32\\dwmapi.dll", "id": "region_10382", "name": "dwmapi.dll", "norm_filename": "c:\\windows\\system32\\dwmapi.dll", "region_type": "memory_mapped_file", "start_va": 140725058142208, "timestamp": "00:02:32.078", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2969600, "start_va": 63471550464, "type": "region", "version": 1 }, "end_va": 63474520063, "entry_point": 63471550464, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_10383", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 63471550464, "timestamp": "00:02:32.080", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 12288, "start_va": 63439765504, "type": "region", "version": 1 }, "end_va": 63439777791, "entry_point": 0, "filename": null, "id": "region_10384", "name": "pagefile_0x0000000ec54e0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 63439765504, "timestamp": "00:02:32.084", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 63439765504, "type": "region", "version": 1 }, "end_va": 63439769599, "entry_point": 0, "filename": null, "id": "region_10385", "name": "pagefile_0x0000000ec54e0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 63439765504, "timestamp": "00:02:32.089", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 63439831040, "type": "region", "version": 1 }, "end_va": 63439835135, "entry_point": 0, "filename": null, "id": "region_10386", "name": "private_0x0000000ec54f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 63439831040, "timestamp": "00:02:33.112", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 5185536, "start_va": 63474565120, "type": "region", "version": 1 }, "end_va": 63479750655, "entry_point": 0, "filename": null, "id": "region_10387", "name": "pagefile_0x0000000ec7610000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 63474565120, "timestamp": "00:02:33.118", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 15138816, "start_va": 63479808000, "type": "region", "version": 1 }, "end_va": 63494946815, "entry_point": 63479808000, "filename": "\\Windows\\Fonts\\StaticCache.dat", "id": "region_10388", "name": "staticcache.dat", "norm_filename": "c:\\windows\\fonts\\staticcache.dat", "region_type": "memory_mapped_file", "start_va": 63479808000, "timestamp": "00:02:33.119", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 86016, "start_va": 140725025898496, "type": "region", "version": 1 }, "end_va": 140725025984511, "entry_point": 140725025902656, "filename": "\\Windows\\System32\\netapi32.dll", "id": "region_10389", "name": "netapi32.dll", "norm_filename": "c:\\windows\\system32\\netapi32.dll", "region_type": "memory_mapped_file", "start_va": 140725025898496, "timestamp": "00:02:33.126", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 140725072494592, "type": "region", "version": 1 }, "end_va": 140725072543743, "entry_point": 140725072499804, "filename": "\\Windows\\System32\\netutils.dll", "id": "region_10390", "name": "netutils.dll", "norm_filename": "c:\\windows\\system32\\netutils.dll", "region_type": "memory_mapped_file", "start_va": 140725072494592, "timestamp": "00:02:33.128", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 151552, "start_va": 140725073608704, "type": "region", "version": 1 }, "end_va": 140725073760255, "entry_point": 140725073612916, "filename": "\\Windows\\System32\\srvcli.dll", "id": "region_10391", "name": "srvcli.dll", "norm_filename": "c:\\windows\\system32\\srvcli.dll", "region_type": "memory_mapped_file", "start_va": 140725073608704, "timestamp": "00:02:33.129", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 90112, "start_va": 140725025636352, "type": "region", "version": 1 }, "end_va": 140725025726463, "entry_point": 140725025640520, "filename": "\\Windows\\System32\\wkscli.dll", "id": "region_10392", "name": "wkscli.dll", "norm_filename": "c:\\windows\\system32\\wkscli.dll", "region_type": "memory_mapped_file", "start_va": 140725025636352, "timestamp": "00:02:33.130", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 63439962112, "type": "region", "version": 1 }, "end_va": 63439966207, "entry_point": 0, "filename": null, "id": "region_10413", "name": "pagefile_0x0000000ec5510000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 63439962112, "timestamp": "00:02:33.211", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 2195456, "start_va": 63494946816, "type": "region", "version": 1 }, "end_va": 63497142271, "entry_point": 0, "filename": null, "id": "region_10414", "name": "pagefile_0x0000000ec8980000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 63494946816, "timestamp": "00:02:33.211", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 12288, "start_va": 63439962112, "type": "region", "version": 1 }, "end_va": 63439974399, "entry_point": 0, "filename": null, "id": "region_10431", "name": "pagefile_0x0000000ec5510000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 63439962112, "timestamp": "00:02:33.979", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 63440027648, "type": "region", "version": 1 }, "end_va": 63440031743, "entry_point": 0, "filename": null, "id": "region_10432", "name": "pagefile_0x0000000ec5520000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 63440027648, "timestamp": "00:02:33.979", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 278528, "start_va": 63468797952, "type": "region", "version": 1 }, "end_va": 63469076479, "entry_point": 0, "filename": null, "id": "region_10433", "name": "pagefile_0x0000000ec7090000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 63468797952, "timestamp": "00:02:33.979", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 63469453312, "type": "region", "version": 1 }, "end_va": 63469518847, "entry_point": 0, "filename": null, "id": "region_10434", "name": "private_0x0000000ec7130000", "norm_filename": null, "region_type": "private_memory", "start_va": 63469453312, "timestamp": "00:02:33.979", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 48848896, "start_va": 63497175040, "type": "region", "version": 1 }, "end_va": 63546023935, "entry_point": 63497175040, "filename": "\\Windows\\System32\\imageres.dll", "id": "region_10435", "name": "imageres.dll", "norm_filename": "c:\\windows\\system32\\imageres.dll", "region_type": "memory_mapped_file", "start_va": 63497175040, "timestamp": "00:02:33.981", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4169728, "start_va": 63546064896, "type": "region", "version": 1 }, "end_va": 63550234623, "entry_point": 0, "filename": null, "id": "region_10436", "name": "pagefile_0x0000000ecba40000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 63546064896, "timestamp": "00:02:33.982", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 217088, "start_va": 140725075443712, "type": "region", "version": 1 }, "end_va": 140725075660799, "entry_point": 140725075448792, "filename": "\\Windows\\System32\\rsaenh.dll", "id": "region_10437", "name": "rsaenh.dll", "norm_filename": "c:\\windows\\system32\\rsaenh.dll", "region_type": "memory_mapped_file", "start_va": 140725075443712, "timestamp": "00:02:33.982", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 122880, "start_va": 140725079769088, "type": "region", "version": 1 }, "end_va": 140725079891967, "entry_point": 140725079773640, "filename": "\\Windows\\System32\\cryptsp.dll", "id": "region_10438", "name": "cryptsp.dll", "norm_filename": "c:\\windows\\system32\\cryptsp.dll", "region_type": "memory_mapped_file", "start_va": 140725079769088, "timestamp": "00:02:33.983", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 155648, "start_va": 140725082062848, "type": "region", "version": 1 }, "end_va": 140725082218495, "entry_point": 140725082086248, "filename": "\\Windows\\System32\\bcrypt.dll", "id": "region_10439", "name": "bcrypt.dll", "norm_filename": "c:\\windows\\system32\\bcrypt.dll", "region_type": "memory_mapped_file", "start_va": 140725082062848, "timestamp": "00:02:33.984", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1093632, "start_va": 63550259200, "type": "region", "version": 1 }, "end_va": 63551352831, "entry_point": 0, "filename": null, "id": "region_10440", "name": "private_0x0000000ecbe40000", "norm_filename": null, "region_type": "private_memory", "start_va": 63550259200, "timestamp": "00:02:33.991", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "C:\\PROGRA~1\\COMMON~1\\WANACR~1.EXE", "filename": "c:\\progra~1\\common~1\\wanacr~1.exe", "id": "proc_85", "image_name": "wanacr~1.exe", "monitor_reason": "child_process", "monitored_id": 85, "origin_monitor_id": 84, "ref_parent_process": { "ref_id": "proc_84", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable" ], "ref_process_dump": null, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_10456", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:02:34.292", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 131072, "start_va": 872541323264, "type": "region", "version": 1 }, "end_va": 872541454335, "entry_point": 0, "filename": null, "id": "region_10457", "name": "private_0x000000cb27840000", "norm_filename": null, "region_type": "private_memory", "start_va": 872541323264, "timestamp": "00:02:34.292", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 61440, "start_va": 872541454336, "type": "region", "version": 1 }, "end_va": 872541515775, "entry_point": 0, "filename": null, "id": "region_10458", "name": "pagefile_0x000000cb27860000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 872541454336, "timestamp": "00:02:34.292", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4194304, "start_va": 872541519872, "type": "region", "version": 1 }, "end_va": 872545714175, "entry_point": 0, "filename": null, "id": "region_10459", "name": "private_0x000000cb27870000", "norm_filename": null, "region_type": "private_memory", "start_va": 872541519872, "timestamp": "00:02:34.292", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 872545714176, "type": "region", "version": 1 }, "end_va": 872545730559, "entry_point": 0, "filename": null, "id": "region_10460", "name": "pagefile_0x000000cb27c70000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 872545714176, "timestamp": "00:02:34.292", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 140698014449664, "type": "region", "version": 1 }, "end_va": 140698014593023, "entry_point": 0, "filename": null, "id": "region_10461", "name": "pagefile_0x00007ff6cf2c0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 140698014449664, "timestamp": "00:02:34.292", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140698014629888, "type": "region", "version": 1 }, "end_va": 140698014638079, "entry_point": 0, "filename": null, "id": "region_10462", "name": "private_0x00007ff6cf2ec000", "norm_filename": null, "region_type": "private_memory", "start_va": 140698014629888, "timestamp": "00:02:34.292", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 140698014638080, "type": "region", "version": 1 }, "end_va": 140698014642175, "entry_point": 0, "filename": null, "id": "region_10463", "name": "private_0x00007ff6cf2ee000", "norm_filename": null, "region_type": "private_memory", "start_va": 140698014638080, "timestamp": "00:02:34.292", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1085440, "start_va": 140698014777344, "type": "region", "version": 1 }, "end_va": 140698015862783, "entry_point": 140698014972444, "filename": "\\PROGRA~1\\COMMON~1\\WANACR~1.EXE", "id": "region_10464", "name": "wanacr~1.exe", "norm_filename": "c:\\progra~1\\common~1\\wanacr~1.exe", "region_type": "memory_mapped_file", "start_va": 140698014777344, "timestamp": "00:02:34.292", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 140725133115392, "type": "region", "version": 1 }, "end_va": 140725134856191, "entry_point": 140725133115392, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_10465", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 140725133115392, "timestamp": "00:02:34.294", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 872545779712, "type": "region", "version": 1 }, "end_va": 872545787903, "entry_point": 0, "filename": null, "id": "region_10466", "name": "pagefile_0x000000cb27c80000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 872545779712, "timestamp": "00:02:34.295", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 872545845248, "type": "region", "version": 1 }, "end_va": 872545853439, "entry_point": 0, "filename": null, "id": "region_10467", "name": "private_0x000000cb27c90000", "norm_filename": null, "region_type": "private_memory", "start_va": 872545845248, "timestamp": "00:02:34.386", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 5832704, "start_va": 872545910784, "type": "region", "version": 1 }, "end_va": 872551743487, "entry_point": 0, "filename": null, "id": "region_10468", "name": "private_0x000000cb27ca0000", "norm_filename": null, "region_type": "private_memory", "start_va": 872545910784, "timestamp": "00:02:34.386", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1282048, "start_va": 140725124988928, "type": "region", "version": 1 }, "end_va": 140725126270975, "entry_point": 140725125009460, "filename": "\\Windows\\System32\\kernel32.dll", "id": "region_10469", "name": "kernel32.dll", "norm_filename": "c:\\windows\\system32\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 140725124988928, "timestamp": "00:02:34.389", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1105920, "start_va": 140725090648064, "type": "region", "version": 1 }, "end_va": 140725091753983, "entry_point": 140725090656928, "filename": "\\Windows\\System32\\KernelBase.dll", "id": "region_10470", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\system32\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 140725090648064, "timestamp": "00:02:34.399", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 872541323264, "type": "region", "version": 1 }, "end_va": 872541388799, "entry_point": 0, "filename": null, "id": "region_10471", "name": "pagefile_0x000000cb27840000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 872541323264, "timestamp": "00:02:34.404", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 140698013401088, "type": "region", "version": 1 }, "end_va": 140698014449663, "entry_point": 0, "filename": null, "id": "region_10472", "name": "pagefile_0x00007ff6cf1c0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 140698013401088, "timestamp": "00:02:34.404", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 516096, "start_va": 872545910784, "type": "region", "version": 1 }, "end_va": 872546426879, "entry_point": 872545910784, "filename": "\\Windows\\System32\\locale.nls", "id": "region_10473", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 872545910784, "timestamp": "00:02:34.415", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4194304, "start_va": 872547549184, "type": "region", "version": 1 }, "end_va": 872551743487, "entry_point": 0, "filename": null, "id": "region_10474", "name": "private_0x000000cb27e30000", "norm_filename": null, "region_type": "private_memory", "start_va": 872547549184, "timestamp": "00:02:34.416", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 36864, "start_va": 140724958920704, "type": "region", "version": 1 }, "end_va": 140724958957567, "entry_point": 140724958924928, "filename": "\\Windows\\System32\\wsock32.dll", "id": "region_10475", "name": "wsock32.dll", "norm_filename": "c:\\windows\\system32\\wsock32.dll", "region_type": "memory_mapped_file", "start_va": 140724958920704, "timestamp": "00:02:34.417", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 140724958855168, "type": "region", "version": 1 }, "end_va": 140724958896127, "entry_point": 140724958859456, "filename": "\\Windows\\System32\\version.dll", "id": "region_10476", "name": "version.dll", "norm_filename": "c:\\windows\\system32\\version.dll", "region_type": "memory_mapped_file", "start_va": 140724958855168, "timestamp": "00:02:34.419", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 126976, "start_va": 140724958724096, "type": "region", "version": 1 }, "end_va": 140724958851071, "entry_point": 140724958733304, "filename": "\\Windows\\System32\\winmm.dll", "id": "region_10477", "name": "winmm.dll", "norm_filename": "c:\\windows\\system32\\winmm.dll", "region_type": "memory_mapped_file", "start_va": 140724958724096, "timestamp": "00:02:34.420", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2465792, "start_va": 140725055651840, "type": "region", "version": 1 }, "end_va": 140725058117631, "entry_point": 140725055670080, "filename": "\\Windows\\WinSxS\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_62475f7becb72503\\comctl32.dll", "id": "region_10478", "name": "comctl32.dll", "norm_filename": "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_62475f7becb72503\\comctl32.dll", "region_type": "memory_mapped_file", "start_va": 140725055651840, "timestamp": "00:02:34.421", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 110592, "start_va": 140724999946240, "type": "region", "version": 1 }, "end_va": 140725000056831, "entry_point": 140724999950416, "filename": "\\Windows\\System32\\mpr.dll", "id": "region_10479", "name": "mpr.dll", "norm_filename": "c:\\windows\\system32\\mpr.dll", "region_type": "memory_mapped_file", "start_va": 140724999946240, "timestamp": "00:02:34.432", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 28672, "start_va": 872541388800, "type": "region", "version": 1 }, "end_va": 872541417471, "entry_point": 0, "filename": null, "id": "region_10480", "name": "private_0x000000cb27850000", "norm_filename": null, "region_type": "private_memory", "start_va": 872541388800, "timestamp": "00:02:34.433", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2359296, "start_va": 140725005254656, "type": "region", "version": 1 }, "end_va": 140725007613951, "entry_point": 140725005259760, "filename": "\\Windows\\System32\\wininet.dll", "id": "region_10481", "name": "wininet.dll", "norm_filename": "c:\\windows\\system32\\wininet.dll", "region_type": "memory_mapped_file", "start_va": 140725005254656, "timestamp": "00:02:34.433", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 28672, "start_va": 140725103820800, "type": "region", "version": 1 }, "end_va": 140725103849471, "entry_point": 140725103824912, "filename": "\\Windows\\System32\\psapi.dll", "id": "region_10482", "name": "psapi.dll", "norm_filename": "c:\\windows\\system32\\psapi.dll", "region_type": "memory_mapped_file", "start_va": 140725103820800, "timestamp": "00:02:34.434", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 167936, "start_va": 140725016985600, "type": "region", "version": 1 }, "end_va": 140725017153535, "entry_point": 140725017016680, "filename": "\\Windows\\System32\\IPHLPAPI.DLL", "id": "region_10483", "name": "iphlpapi.dll", "norm_filename": "c:\\windows\\system32\\iphlpapi.dll", "region_type": "memory_mapped_file", "start_va": 140725016985600, "timestamp": "00:02:34.435", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 126976, "start_va": 140725076557824, "type": "region", "version": 1 }, "end_va": 140725076684799, "entry_point": 140725076562672, "filename": "\\Windows\\System32\\userenv.dll", "id": "region_10484", "name": "userenv.dll", "norm_filename": "c:\\windows\\system32\\userenv.dll", "region_type": "memory_mapped_file", "start_va": 140725076557824, "timestamp": "00:02:34.437", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1187840, "start_va": 140725066858496, "type": "region", "version": 1 }, "end_va": 140725068046335, "entry_point": 140725066904644, "filename": "\\Windows\\System32\\uxtheme.dll", "id": "region_10485", "name": "uxtheme.dll", "norm_filename": "c:\\windows\\system32\\uxtheme.dll", "region_type": "memory_mapped_file", "start_va": 140725066858496, "timestamp": "00:02:34.448", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1511424, "start_va": 140725093466112, "type": "region", "version": 1 }, "end_va": 140725094977535, "entry_point": 140725093620416, "filename": "\\Windows\\System32\\user32.dll", "id": "region_10486", "name": "user32.dll", "norm_filename": "c:\\windows\\system32\\user32.dll", "region_type": "memory_mapped_file", "start_va": 140725093466112, "timestamp": "00:02:34.450", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1331200, "start_va": 140725129773056, "type": "region", "version": 1 }, "end_va": 140725131104255, "entry_point": 140725129845848, "filename": "\\Windows\\System32\\gdi32.dll", "id": "region_10487", "name": "gdi32.dll", "norm_filename": "c:\\windows\\system32\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 140725129773056, "timestamp": "00:02:34.450", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 630784, "start_va": 140725129117696, "type": "region", "version": 1 }, "end_va": 140725129748479, "entry_point": 140725129122212, "filename": "\\Windows\\System32\\comdlg32.dll", "id": "region_10488", "name": "comdlg32.dll", "norm_filename": "c:\\windows\\system32\\comdlg32.dll", "region_type": "memory_mapped_file", "start_va": 140725129117696, "timestamp": "00:02:34.451", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 675840, "start_va": 140725126299648, "type": "region", "version": 1 }, "end_va": 140725126975487, "entry_point": 140725126303760, "filename": "\\Windows\\System32\\advapi32.dll", "id": "region_10489", "name": "advapi32.dll", "norm_filename": "c:\\windows\\system32\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 140725126299648, "timestamp": "00:02:34.452", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 21032960, "start_va": 140725103951872, "type": "region", "version": 1 }, "end_va": 140725124984831, "entry_point": 140725103956224, "filename": "\\Windows\\System32\\shell32.dll", "id": "region_10490", "name": "shell32.dll", "norm_filename": "c:\\windows\\system32\\shell32.dll", "region_type": "memory_mapped_file", "start_va": 140725103951872, "timestamp": "00:02:34.453", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1531904, "start_va": 140725096546304, "type": "region", "version": 1 }, "end_va": 140725098078207, "entry_point": 140725096550580, "filename": "\\Windows\\System32\\ole32.dll", "id": "region_10491", "name": "ole32.dll", "norm_filename": "c:\\windows\\system32\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 140725096546304, "timestamp": "00:02:34.463", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 749568, "start_va": 140725101002752, "type": "region", "version": 1 }, "end_va": 140725101752319, "entry_point": 140725101007136, "filename": "\\Windows\\System32\\oleaut32.dll", "id": "region_10492", "name": "oleaut32.dll", "norm_filename": "c:\\windows\\system32\\oleaut32.dll", "region_type": "memory_mapped_file", "start_va": 140725101002752, "timestamp": "00:02:34.464", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 360448, "start_va": 140725127020544, "type": "region", "version": 1 }, "end_va": 140725127380991, "entry_point": 140725127024796, "filename": "\\Windows\\System32\\ws2_32.dll", "id": "region_10493", "name": "ws2_32.dll", "norm_filename": "c:\\windows\\system32\\ws2_32.dll", "region_type": "memory_mapped_file", "start_va": 140725127020544, "timestamp": "00:02:34.465", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 684032, "start_va": 140725098577920, "type": "region", "version": 1 }, "end_va": 140725099261951, "entry_point": 140725098588204, "filename": "\\Windows\\System32\\msvcrt.dll", "id": "region_10494", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\system32\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 140725098577920, "timestamp": "00:02:34.467", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 172032, "start_va": 140725043789824, "type": "region", "version": 1 }, "end_va": 140725043961855, "entry_point": 140725043832680, "filename": "\\Windows\\System32\\winmmbase.dll", "id": "region_10495", "name": "winmmbase.dll", "norm_filename": "c:\\windows\\system32\\winmmbase.dll", "region_type": "memory_mapped_file", "start_va": 140725043789824, "timestamp": "00:02:34.468", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1269760, "start_va": 140725127806976, "type": "region", "version": 1 }, "end_va": 140725129076735, "entry_point": 140725127811408, "filename": "\\Windows\\System32\\rpcrt4.dll", "id": "region_10496", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\system32\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 140725127806976, "timestamp": "00:02:34.478", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2785280, "start_va": 140725002436608, "type": "region", "version": 1 }, "end_va": 140725005221887, "entry_point": 140725002493380, "filename": "\\Windows\\System32\\iertutil.dll", "id": "region_10497", "name": "iertutil.dll", "norm_filename": "c:\\windows\\system32\\iertutil.dll", "region_type": "memory_mapped_file", "start_va": 140725002436608, "timestamp": "00:02:34.480", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 36864, "start_va": 140725103886336, "type": "region", "version": 1 }, "end_va": 140725103923199, "entry_point": 140725103891456, "filename": "\\Windows\\System32\\nsi.dll", "id": "region_10498", "name": "nsi.dll", "norm_filename": "c:\\windows\\system32\\nsi.dll", "region_type": "memory_mapped_file", "start_va": 140725103886336, "timestamp": "00:02:34.482", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 140725016920064, "type": "region", "version": 1 }, "end_va": 140725016961023, "entry_point": 140725016924356, "filename": "\\Windows\\System32\\winnsi.dll", "id": "region_10499", "name": "winnsi.dll", "norm_filename": "c:\\windows\\system32\\winnsi.dll", "region_type": "memory_mapped_file", "start_va": 140725016920064, "timestamp": "00:02:34.483", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 81920, "start_va": 140725086453760, "type": "region", "version": 1 }, "end_va": 140725086535679, "entry_point": 140725086468812, "filename": "\\Windows\\System32\\profapi.dll", "id": "region_10500", "name": "profapi.dll", "norm_filename": "c:\\windows\\system32\\profapi.dll", "region_type": "memory_mapped_file", "start_va": 140725086453760, "timestamp": "00:02:34.484", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1929216, "start_va": 140725131149312, "type": "region", "version": 1 }, "end_va": 140725133078527, "entry_point": 140725131157344, "filename": "\\Windows\\System32\\combase.dll", "id": "region_10501", "name": "combase.dll", "norm_filename": "c:\\windows\\system32\\combase.dll", "region_type": "memory_mapped_file", "start_va": 140725131149312, "timestamp": "00:02:34.498", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 331776, "start_va": 140725095038976, "type": "region", "version": 1 }, "end_va": 140725095370751, "entry_point": 140725095043776, "filename": "\\Windows\\System32\\shlwapi.dll", "id": "region_10502", "name": "shlwapi.dll", "norm_filename": "c:\\windows\\system32\\shlwapi.dll", "region_type": "memory_mapped_file", "start_va": 140725095038976, "timestamp": "00:02:34.512", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 356352, "start_va": 140725098184704, "type": "region", "version": 1 }, "end_va": 140725098541055, "entry_point": 140725098194176, "filename": "\\Windows\\System32\\sechost.dll", "id": "region_10503", "name": "sechost.dll", "norm_filename": "c:\\windows\\system32\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 140725098184704, "timestamp": "00:02:34.514", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 303104, "start_va": 140725090320384, "type": "region", "version": 1 }, "end_va": 140725090623487, "entry_point": 140725090325080, "filename": "\\Windows\\System32\\cfgmgr32.dll", "id": "region_10504", "name": "cfgmgr32.dll", "norm_filename": "c:\\windows\\system32\\cfgmgr32.dll", "region_type": "memory_mapped_file", "start_va": 140725090320384, "timestamp": "00:02:34.520", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 155648, "start_va": 140725068103680, "type": "region", "version": 1 }, "end_va": 140725068259327, "entry_point": 140725068109212, "filename": "\\Windows\\System32\\devobj.dll", "id": "region_10505", "name": "devobj.dll", "norm_filename": "c:\\windows\\system32\\devobj.dll", "region_type": "memory_mapped_file", "start_va": 140725068103680, "timestamp": "00:02:34.521", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 659456, "start_va": 140725060108288, "type": "region", "version": 1 }, "end_va": 140725060767743, "entry_point": 140725060112544, "filename": "\\Windows\\System32\\SHCore.dll", "id": "region_10506", "name": "shcore.dll", "norm_filename": "c:\\windows\\system32\\shcore.dll", "region_type": "memory_mapped_file", "start_va": 140725060108288, "timestamp": "00:02:34.556", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 872546435072, "type": "region", "version": 1 }, "end_va": 872546500607, "entry_point": 0, "filename": null, "id": "region_10507", "name": "private_0x000000cb27d20000", "norm_filename": null, "region_type": "private_memory", "start_va": 872546435072, "timestamp": "00:02:34.561", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 28672, "start_va": 872546500608, "type": "region", "version": 1 }, "end_va": 872546529279, "entry_point": 0, "filename": null, "id": "region_10508", "name": "private_0x000000cb27d30000", "norm_filename": null, "region_type": "private_memory", "start_va": 872546500608, "timestamp": "00:02:34.562", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 212992, "start_va": 872546566144, "type": "region", "version": 1 }, "end_va": 872546779135, "entry_point": 872546570288, "filename": "\\Windows\\System32\\imm32.dll", "id": "region_10509", "name": "imm32.dll", "norm_filename": "c:\\windows\\system32\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 872546566144, "timestamp": "00:02:34.564", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 872551743488, "type": "region", "version": 1 }, "end_va": 872553349119, "entry_point": 0, "filename": null, "id": "region_10510", "name": "pagefile_0x000000cb28230000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 872551743488, "timestamp": "00:02:34.565", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 212992, "start_va": 140725095563264, "type": "region", "version": 1 }, "end_va": 140725095776255, "entry_point": 140725095567408, "filename": "\\Windows\\System32\\imm32.dll", "id": "region_10511", "name": "imm32.dll", "norm_filename": "c:\\windows\\system32\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 140725095563264, "timestamp": "00:02:34.566", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1277952, "start_va": 140725091762176, "type": "region", "version": 1 }, "end_va": 140725093040127, "entry_point": 140725091766288, "filename": "\\Windows\\System32\\msctf.dll", "id": "region_10512", "name": "msctf.dll", "norm_filename": "c:\\windows\\system32\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 140725091762176, "timestamp": "00:02:34.567", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 872553381888, "type": "region", "version": 1 }, "end_va": 872554958847, "entry_point": 0, "filename": null, "id": "region_10513", "name": "pagefile_0x000000cb283c0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 872553381888, "timestamp": "00:02:34.570", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20971520, "start_va": 872555020288, "type": "region", "version": 1 }, "end_va": 872575991807, "entry_point": 0, "filename": null, "id": "region_10514", "name": "pagefile_0x000000cb28550000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 872555020288, "timestamp": "00:02:34.570", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 872546566144, "type": "region", "version": 1 }, "end_va": 872546570239, "entry_point": 0, "filename": null, "id": "region_10515", "name": "private_0x000000cb27d40000", "norm_filename": null, "region_type": "private_memory", "start_va": 872546566144, "timestamp": "00:02:34.575", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 872546631680, "type": "region", "version": 1 }, "end_va": 872546635775, "entry_point": 0, "filename": null, "id": "region_10516", "name": "private_0x000000cb27d50000", "norm_filename": null, "region_type": "private_memory", "start_va": 872546631680, "timestamp": "00:02:34.575", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 872546697216, "type": "region", "version": 1 }, "end_va": 872546701311, "entry_point": 872546697216, "filename": "\\Windows\\WindowsShell.Manifest", "id": "region_10517", "name": "windowsshell.manifest", "norm_filename": "c:\\windows\\windowsshell.manifest", "region_type": "memory_mapped_file", "start_va": 872546697216, "timestamp": "00:02:34.575", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 872546762752, "type": "region", "version": 1 }, "end_va": 872546770943, "entry_point": 0, "filename": null, "id": "region_10518", "name": "pagefile_0x000000cb27d70000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 872546762752, "timestamp": "00:02:34.576", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1769472, "start_va": 872575991808, "type": "region", "version": 1 }, "end_va": 872577761279, "entry_point": 0, "filename": null, "id": "region_10519", "name": "private_0x000000cb29950000", "norm_filename": null, "region_type": "private_memory", "start_va": 872575991808, "timestamp": "00:02:34.580", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 761856, "start_va": 872575991808, "type": "region", "version": 1 }, "end_va": 872576753663, "entry_point": 872576173928, "filename": "\\Windows\\System32\\rpcss.dll", "id": "region_10520", "name": "rpcss.dll", "norm_filename": "c:\\windows\\system32\\rpcss.dll", "region_type": "memory_mapped_file", "start_va": 872575991808, "timestamp": "00:02:34.585", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 872577695744, "type": "region", "version": 1 }, "end_va": 872577761279, "entry_point": 0, "filename": null, "id": "region_10521", "name": "private_0x000000cb29af0000", "norm_filename": null, "region_type": "private_memory", "start_va": 872577695744, "timestamp": "00:02:34.586", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 140725068431360, "type": "region", "version": 1 }, "end_va": 140725068472319, "entry_point": 140725068437320, "filename": "\\Windows\\System32\\kernel.appcore.dll", "id": "region_10522", "name": "kernel.appcore.dll", "norm_filename": "c:\\windows\\system32\\kernel.appcore.dll", "region_type": "memory_mapped_file", "start_va": 140725068431360, "timestamp": "00:02:34.588", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 140725085208576, "type": "region", "version": 1 }, "end_va": 140725085249535, "entry_point": 140725085212688, "filename": "\\Windows\\System32\\cryptbase.dll", "id": "region_10523", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\system32\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 140725085208576, "timestamp": "00:02:34.590", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 385024, "start_va": 140725084815360, "type": "region", "version": 1 }, "end_va": 140725085200383, "entry_point": 140725084944032, "filename": "\\Windows\\System32\\bcryptprimitives.dll", "id": "region_10524", "name": "bcryptprimitives.dll", "norm_filename": "c:\\windows\\system32\\bcryptprimitives.dll", "region_type": "memory_mapped_file", "start_va": 140725084815360, "timestamp": "00:02:34.591", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 872546697216, "type": "region", "version": 1 }, "end_va": 872546701311, "entry_point": 0, "filename": null, "id": "region_10525", "name": "pagefile_0x000000cb27d60000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 872546697216, "timestamp": "00:02:34.596", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 983040, "start_va": 872575991808, "type": "region", "version": 1 }, "end_va": 872576974847, "entry_point": 0, "filename": null, "id": "region_10526", "name": "pagefile_0x000000cb29950000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 872575991808, "timestamp": "00:02:34.597", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 872546697216, "type": "region", "version": 1 }, "end_va": 872546713599, "entry_point": 0, "filename": null, "id": "region_10527", "name": "pagefile_0x000000cb27d60000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 872546697216, "timestamp": "00:02:34.597", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 28672, "start_va": 872546828288, "type": "region", "version": 1 }, "end_va": 872546856959, "entry_point": 0, "filename": null, "id": "region_10528", "name": "private_0x000000cb27d80000", "norm_filename": null, "region_type": "private_memory", "start_va": 872546828288, "timestamp": "00:02:34.598", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 872577761280, "type": "region", "version": 1 }, "end_va": 872578809855, "entry_point": 0, "filename": null, "id": "region_10529", "name": "private_0x000000cb29b00000", "norm_filename": null, "region_type": "private_memory", "start_va": 872577761280, "timestamp": "00:02:34.606", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1052672, "start_va": 872578809856, "type": "region", "version": 1 }, "end_va": 872579862527, "entry_point": 872579004956, "filename": "\\Program Files\\Common Files\\wanacry6.malware.exe", "id": "region_10530", "name": "wanacry6.malware.exe", "norm_filename": "c:\\program files\\common files\\wanacry6.malware.exe", "region_type": "memory_mapped_file", "start_va": 872578809856, "timestamp": "00:02:34.609", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 872546893824, "type": "region", "version": 1 }, "end_va": 872546897919, "entry_point": 0, "filename": null, "id": "region_10531", "name": "private_0x000000cb27d90000", "norm_filename": null, "region_type": "private_memory", "start_va": 872546893824, "timestamp": "00:02:34.686", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 135168, "start_va": 140725058142208, "type": "region", "version": 1 }, "end_va": 140725058277375, "entry_point": 140725058146560, "filename": "\\Windows\\System32\\dwmapi.dll", "id": "region_10532", "name": "dwmapi.dll", "norm_filename": "c:\\windows\\system32\\dwmapi.dll", "region_type": "memory_mapped_file", "start_va": 140725058142208, "timestamp": "00:02:34.687", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2969600, "start_va": 872578809856, "type": "region", "version": 1 }, "end_va": 872581779455, "entry_point": 872578809856, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_10533", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 872578809856, "timestamp": "00:02:34.690", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 12288, "start_va": 872546959360, "type": "region", "version": 1 }, "end_va": 872546971647, "entry_point": 0, "filename": null, "id": "region_10534", "name": "pagefile_0x000000cb27da0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 872546959360, "timestamp": "00:02:34.695", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 872546959360, "type": "region", "version": 1 }, "end_va": 872546963455, "entry_point": 0, "filename": null, "id": "region_10535", "name": "pagefile_0x000000cb27da0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 872546959360, "timestamp": "00:02:34.701", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 872547024896, "type": "region", "version": 1 }, "end_va": 872547028991, "entry_point": 0, "filename": null, "id": "region_10536", "name": "private_0x000000cb27db0000", "norm_filename": null, "region_type": "private_memory", "start_va": 872547024896, "timestamp": "00:02:35.724", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 5185536, "start_va": 872581824512, "type": "region", "version": 1 }, "end_va": 872587010047, "entry_point": 0, "filename": null, "id": "region_10537", "name": "pagefile_0x000000cb29ee0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 872581824512, "timestamp": "00:02:35.731", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 15138816, "start_va": 872587067392, "type": "region", "version": 1 }, "end_va": 872602206207, "entry_point": 872587067392, "filename": "\\Windows\\Fonts\\StaticCache.dat", "id": "region_10538", "name": "staticcache.dat", "norm_filename": "c:\\windows\\fonts\\staticcache.dat", "region_type": "memory_mapped_file", "start_va": 872587067392, "timestamp": "00:02:35.731", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 86016, "start_va": 140725025898496, "type": "region", "version": 1 }, "end_va": 140725025984511, "entry_point": 140725025902656, "filename": "\\Windows\\System32\\netapi32.dll", "id": "region_10539", "name": "netapi32.dll", "norm_filename": "c:\\windows\\system32\\netapi32.dll", "region_type": "memory_mapped_file", "start_va": 140725025898496, "timestamp": "00:02:35.848", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 140725072494592, "type": "region", "version": 1 }, "end_va": 140725072543743, "entry_point": 140725072499804, "filename": "\\Windows\\System32\\netutils.dll", "id": "region_10540", "name": "netutils.dll", "norm_filename": "c:\\windows\\system32\\netutils.dll", "region_type": "memory_mapped_file", "start_va": 140725072494592, "timestamp": "00:02:35.850", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 151552, "start_va": 140725073608704, "type": "region", "version": 1 }, "end_va": 140725073760255, "entry_point": 140725073612916, "filename": "\\Windows\\System32\\srvcli.dll", "id": "region_10541", "name": "srvcli.dll", "norm_filename": "c:\\windows\\system32\\srvcli.dll", "region_type": "memory_mapped_file", "start_va": 140725073608704, "timestamp": "00:02:35.851", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 90112, "start_va": 140725025636352, "type": "region", "version": 1 }, "end_va": 140725025726463, "entry_point": 140725025640520, "filename": "\\Windows\\System32\\wkscli.dll", "id": "region_10542", "name": "wkscli.dll", "norm_filename": "c:\\windows\\system32\\wkscli.dll", "region_type": "memory_mapped_file", "start_va": 140725025636352, "timestamp": "00:02:35.851", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 872547090432, "type": "region", "version": 1 }, "end_va": 872547094527, "entry_point": 0, "filename": null, "id": "region_10563", "name": "pagefile_0x000000cb27dc0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 872547090432, "timestamp": "00:02:35.938", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 2195456, "start_va": 872602206208, "type": "region", "version": 1 }, "end_va": 872604401663, "entry_point": 0, "filename": null, "id": "region_10564", "name": "pagefile_0x000000cb2b250000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 872602206208, "timestamp": "00:02:35.938", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 12288, "start_va": 872547090432, "type": "region", "version": 1 }, "end_va": 872547102719, "entry_point": 0, "filename": null, "id": "region_10565", "name": "pagefile_0x000000cb27dc0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 872547090432, "timestamp": "00:02:40.591", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 872547155968, "type": "region", "version": 1 }, "end_va": 872547160063, "entry_point": 0, "filename": null, "id": "region_10566", "name": "pagefile_0x000000cb27dd0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 872547155968, "timestamp": "00:02:40.591", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 278528, "start_va": 872547221504, "type": "region", "version": 1 }, "end_va": 872547500031, "entry_point": 0, "filename": null, "id": "region_10567", "name": "pagefile_0x000000cb27de0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 872547221504, "timestamp": "00:02:40.591", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 48848896, "start_va": 872604434432, "type": "region", "version": 1 }, "end_va": 872653283327, "entry_point": 872604434432, "filename": "\\Windows\\System32\\imageres.dll", "id": "region_10568", "name": "imageres.dll", "norm_filename": "c:\\windows\\system32\\imageres.dll", "region_type": "memory_mapped_file", "start_va": 872604434432, "timestamp": "00:02:40.592", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4169728, "start_va": 872653324288, "type": "region", "version": 1 }, "end_va": 872657494015, "entry_point": 0, "filename": null, "id": "region_10569", "name": "pagefile_0x000000cb2e310000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 872653324288, "timestamp": "00:02:41.933", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 217088, "start_va": 140725075443712, "type": "region", "version": 1 }, "end_va": 140725075660799, "entry_point": 140725075448792, "filename": "\\Windows\\System32\\rsaenh.dll", "id": "region_10570", "name": "rsaenh.dll", "norm_filename": "c:\\windows\\system32\\rsaenh.dll", "region_type": "memory_mapped_file", "start_va": 140725075443712, "timestamp": "00:02:41.933", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 122880, "start_va": 140725079769088, "type": "region", "version": 1 }, "end_va": 140725079891967, "entry_point": 140725079773640, "filename": "\\Windows\\System32\\cryptsp.dll", "id": "region_10571", "name": "cryptsp.dll", "norm_filename": "c:\\windows\\system32\\cryptsp.dll", "region_type": "memory_mapped_file", "start_va": 140725079769088, "timestamp": "00:02:41.968", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 155648, "start_va": 140725082062848, "type": "region", "version": 1 }, "end_va": 140725082218495, "entry_point": 140725082086248, "filename": "\\Windows\\System32\\bcrypt.dll", "id": "region_10572", "name": "bcrypt.dll", "norm_filename": "c:\\windows\\system32\\bcrypt.dll", "region_type": "memory_mapped_file", "start_va": 140725082062848, "timestamp": "00:02:41.979", "type": "region", "version": 1 } ], "terminate_reason": "timeout", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "C:\\Windows\\system32\\sppsvc.exe", "filename": "c:\\windows\\system32\\sppsvc.exe", "id": "proc_86", "image_name": "sppsvc.exe", "monitor_reason": "child_process", "monitored_id": 86, "origin_monitor_id": 39, "ref_parent_process": { "ref_id": "proc_39", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable" ], "ref_process_dump": null, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_10862", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:03:35.469", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 131072, "start_va": 39706951680, "type": "region", "version": 1 }, "end_va": 39707082751, "entry_point": 0, "filename": null, "id": "region_10863", "name": "private_0x000000093eb80000", "norm_filename": null, "region_type": "private_memory", "start_va": 39706951680, "timestamp": "00:03:35.469", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 61440, "start_va": 39707082752, "type": "region", "version": 1 }, "end_va": 39707144191, "entry_point": 0, "filename": null, "id": "region_10864", "name": "pagefile_0x000000093eba0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 39707082752, "timestamp": "00:03:35.469", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 39707148288, "type": "region", "version": 1 }, "end_va": 39707672575, "entry_point": 0, "filename": null, "id": "region_10865", "name": "private_0x000000093ebb0000", "norm_filename": null, "region_type": "private_memory", "start_va": 39707148288, "timestamp": "00:03:35.469", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 140696779030528, "type": "region", "version": 1 }, "end_va": 140696779173887, "entry_point": 0, "filename": null, "id": "region_10866", "name": "pagefile_0x00007ff685890000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 140696779030528, "timestamp": "00:03:35.469", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 140696779182080, "type": "region", "version": 1 }, "end_va": 140696779186175, "entry_point": 0, "filename": null, "id": "region_10867", "name": "private_0x00007ff6858b5000", "norm_filename": null, "region_type": "private_memory", "start_va": 140696779182080, "timestamp": "00:03:35.469", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140696779218944, "type": "region", "version": 1 }, "end_va": 140696779227135, "entry_point": 0, "filename": null, "id": "region_10868", "name": "private_0x00007ff6858be000", "norm_filename": null, "region_type": "private_memory", "start_va": 140696779218944, "timestamp": "00:03:35.469", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 6316032, "start_va": 140696789909504, "type": "region", "version": 1 }, "end_va": 140696796225535, "entry_point": 140696789909504, "filename": "\\Windows\\System32\\sppsvc.exe", "id": "region_10869", "name": "sppsvc.exe", "norm_filename": "c:\\windows\\system32\\sppsvc.exe", "region_type": "memory_mapped_file", "start_va": 140696789909504, "timestamp": "00:03:35.470", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 140725133115392, "type": "region", "version": 1 }, "end_va": 140725134856191, "entry_point": 140725133115392, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_10870", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 140725133115392, "timestamp": "00:03:35.479", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 39709376512, "type": "region", "version": 1 }, "end_va": 39710425087, "entry_point": 0, "filename": null, "id": "region_10871", "name": "private_0x000000093edd0000", "norm_filename": null, "region_type": "private_memory", "start_va": 39709376512, "timestamp": "00:03:35.510", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1105920, "start_va": 140725090648064, "type": "region", "version": 1 }, "end_va": 140725091753983, "entry_point": 140725090656928, "filename": "\\Windows\\System32\\KernelBase.dll", "id": "region_10872", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\system32\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 140725090648064, "timestamp": "00:03:35.510", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1282048, "start_va": 140725124988928, "type": "region", "version": 1 }, "end_va": 140725126270975, "entry_point": 140725125009460, "filename": "\\Windows\\System32\\kernel32.dll", "id": "region_10873", "name": "kernel32.dll", "norm_filename": "c:\\windows\\system32\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 140725124988928, "timestamp": "00:03:35.511", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 39706951680, "type": "region", "version": 1 }, "end_va": 39707017215, "entry_point": 0, "filename": null, "id": "region_10874", "name": "pagefile_0x000000093eb80000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 39706951680, "timestamp": "00:03:35.512", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 140696777981952, "type": "region", "version": 1 }, "end_va": 140696779030527, "entry_point": 0, "filename": null, "id": "region_10875", "name": "pagefile_0x00007ff685790000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 140696777981952, "timestamp": "00:03:35.512", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 516096, "start_va": 39707672576, "type": "region", "version": 1 }, "end_va": 39708188671, "entry_point": 39707672576, "filename": "\\Windows\\System32\\locale.nls", "id": "region_10876", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 39707672576, "timestamp": "00:03:35.516", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 675840, "start_va": 140725126299648, "type": "region", "version": 1 }, "end_va": 140725126975487, "entry_point": 140725126303760, "filename": "\\Windows\\System32\\advapi32.dll", "id": "region_10877", "name": "advapi32.dll", "norm_filename": "c:\\windows\\system32\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 140725126299648, "timestamp": "00:03:35.516", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 684032, "start_va": 140725098577920, "type": "region", "version": 1 }, "end_va": 140725099261951, "entry_point": 140725098588204, "filename": "\\Windows\\System32\\msvcrt.dll", "id": "region_10878", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\system32\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 140725098577920, "timestamp": "00:03:35.518", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1269760, "start_va": 140725127806976, "type": "region", "version": 1 }, "end_va": 140725129076735, "entry_point": 140725127811408, "filename": "\\Windows\\System32\\rpcrt4.dll", "id": "region_10879", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\system32\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 140725127806976, "timestamp": "00:03:35.520", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1929216, "start_va": 140725088026624, "type": "region", "version": 1 }, "end_va": 140725089955839, "entry_point": 140725088030884, "filename": "\\Windows\\System32\\crypt32.dll", "id": "region_10880", "name": "crypt32.dll", "norm_filename": "c:\\windows\\system32\\crypt32.dll", "region_type": "memory_mapped_file", "start_va": 140725088026624, "timestamp": "00:03:35.541", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 28672, "start_va": 39707017216, "type": "region", "version": 1 }, "end_va": 39707045887, "entry_point": 0, "filename": null, "id": "region_10881", "name": "private_0x000000093eb90000", "norm_filename": null, "region_type": "private_memory", "start_va": 39707017216, "timestamp": "00:03:35.543", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 155648, "start_va": 140725082062848, "type": "region", "version": 1 }, "end_va": 140725082218495, "entry_point": 140725082086248, "filename": "\\Windows\\System32\\bcrypt.dll", "id": "region_10882", "name": "bcrypt.dll", "norm_filename": "c:\\windows\\system32\\bcrypt.dll", "region_type": "memory_mapped_file", "start_va": 140725082062848, "timestamp": "00:03:35.543", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 135168, "start_va": 140724888928256, "type": "region", "version": 1 }, "end_va": 140724889063423, "entry_point": 140724888928256, "filename": "\\Windows\\System32\\cryptxml.dll", "id": "region_10883", "name": "cryptxml.dll", "norm_filename": "c:\\windows\\system32\\cryptxml.dll", "region_type": "memory_mapped_file", "start_va": 140724888928256, "timestamp": "00:03:35.568", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1531904, "start_va": 140725096546304, "type": "region", "version": 1 }, "end_va": 140725098078207, "entry_point": 140725096550580, "filename": "\\Windows\\System32\\ole32.dll", "id": "region_10884", "name": "ole32.dll", "norm_filename": "c:\\windows\\system32\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 140725096546304, "timestamp": "00:03:35.582", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 749568, "start_va": 140725101002752, "type": "region", "version": 1 }, "end_va": 140725101752319, "entry_point": 140725101007136, "filename": "\\Windows\\System32\\oleaut32.dll", "id": "region_10885", "name": "oleaut32.dll", "norm_filename": "c:\\windows\\system32\\oleaut32.dll", "region_type": "memory_mapped_file", "start_va": 140725101002752, "timestamp": "00:03:35.584", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 229376, "start_va": 140725031206912, "type": "region", "version": 1 }, "end_va": 140725031436287, "entry_point": 140725031211060, "filename": "\\Windows\\System32\\xmllite.dll", "id": "region_10886", "name": "xmllite.dll", "norm_filename": "c:\\windows\\system32\\xmllite.dll", "region_type": "memory_mapped_file", "start_va": 140725031206912, "timestamp": "00:03:35.590", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 356352, "start_va": 140725098184704, "type": "region", "version": 1 }, "end_va": 140725098541055, "entry_point": 140725098194176, "filename": "\\Windows\\System32\\sechost.dll", "id": "region_10887", "name": "sechost.dll", "norm_filename": "c:\\windows\\system32\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 140725098184704, "timestamp": "00:03:35.593", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 73728, "start_va": 140725087174656, "type": "region", "version": 1 }, "end_va": 140725087248383, "entry_point": 140725087178996, "filename": "\\Windows\\System32\\msasn1.dll", "id": "region_10888", "name": "msasn1.dll", "norm_filename": "c:\\windows\\system32\\msasn1.dll", "region_type": "memory_mapped_file", "start_va": 140725087174656, "timestamp": "00:03:35.605", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1458176, "start_va": 140724894433280, "type": "region", "version": 1 }, "end_va": 140724895891455, "entry_point": 140724894437392, "filename": "\\Windows\\System32\\webservices.dll", "id": "region_10889", "name": "webservices.dll", "norm_filename": "c:\\windows\\system32\\webservices.dll", "region_type": "memory_mapped_file", "start_va": 140724894433280, "timestamp": "00:03:35.608", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1929216, "start_va": 140725131149312, "type": "region", "version": 1 }, "end_va": 140725133078527, "entry_point": 140725131157344, "filename": "\\Windows\\System32\\combase.dll", "id": "region_10890", "name": "combase.dll", "norm_filename": "c:\\windows\\system32\\combase.dll", "region_type": "memory_mapped_file", "start_va": 140725131149312, "timestamp": "00:03:35.611", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1331200, "start_va": 140725129773056, "type": "region", "version": 1 }, "end_va": 140725131104255, "entry_point": 140725129845848, "filename": "\\Windows\\System32\\gdi32.dll", "id": "region_10891", "name": "gdi32.dll", "norm_filename": "c:\\windows\\system32\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 140725129773056, "timestamp": "00:03:35.613", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1511424, "start_va": 140725093466112, "type": "region", "version": 1 }, "end_va": 140725094977535, "entry_point": 140725093620416, "filename": "\\Windows\\System32\\user32.dll", "id": "region_10892", "name": "user32.dll", "norm_filename": "c:\\windows\\system32\\user32.dll", "region_type": "memory_mapped_file", "start_va": 140725093466112, "timestamp": "00:03:35.616", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1900544, "start_va": 39710425088, "type": "region", "version": 1 }, "end_va": 39712325631, "entry_point": 0, "filename": null, "id": "region_10893", "name": "private_0x000000093eed0000", "norm_filename": null, "region_type": "private_memory", "start_va": 39710425088, "timestamp": "00:03:35.622", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 28672, "start_va": 39708196864, "type": "region", "version": 1 }, "end_va": 39708225535, "entry_point": 0, "filename": null, "id": "region_10894", "name": "private_0x000000093ecb0000", "norm_filename": null, "region_type": "private_memory", "start_va": 39708196864, "timestamp": "00:03:35.623", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 786432, "start_va": 39708262400, "type": "region", "version": 1 }, "end_va": 39709048831, "entry_point": 0, "filename": null, "id": "region_10895", "name": "pagefile_0x000000093ecc0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 39708262400, "timestamp": "00:03:35.629", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 39710425088, "type": "region", "version": 1 }, "end_va": 39712030719, "entry_point": 0, "filename": null, "id": "region_10896", "name": "pagefile_0x000000093eed0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 39710425088, "timestamp": "00:03:35.629", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 39712260096, "type": "region", "version": 1 }, "end_va": 39712325631, "entry_point": 0, "filename": null, "id": "region_10897", "name": "private_0x000000093f090000", "norm_filename": null, "region_type": "private_memory", "start_va": 39712260096, "timestamp": "00:03:35.629", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 39712325632, "type": "region", "version": 1 }, "end_va": 39713902591, "entry_point": 0, "filename": null, "id": "region_10898", "name": "pagefile_0x000000093f0a0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 39712325632, "timestamp": "00:03:35.629", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 12288, "start_va": 39709048832, "type": "region", "version": 1 }, "end_va": 39709061119, "entry_point": 0, "filename": null, "id": "region_10899", "name": "pagefile_0x000000093ed80000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 39709048832, "timestamp": "00:03:35.632", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 39709114368, "type": "region", "version": 1 }, "end_va": 39709118463, "entry_point": 0, "filename": null, "id": "region_10900", "name": "pagefile_0x000000093ed90000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 39709114368, "timestamp": "00:03:35.632", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 39709179904, "type": "region", "version": 1 }, "end_va": 39709183999, "entry_point": 0, "filename": null, "id": "region_10901", "name": "private_0x000000093eda0000", "norm_filename": null, "region_type": "private_memory", "start_va": 39709179904, "timestamp": "00:03:35.632", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 39709245440, "type": "region", "version": 1 }, "end_va": 39709249535, "entry_point": 0, "filename": null, "id": "region_10902", "name": "private_0x000000093edb0000", "norm_filename": null, "region_type": "private_memory", "start_va": 39709245440, "timestamp": "00:03:35.632", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4169728, "start_va": 39713964032, "type": "region", "version": 1 }, "end_va": 39718133759, "entry_point": 0, "filename": null, "id": "region_10903", "name": "pagefile_0x000000093f230000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 39713964032, "timestamp": "00:03:35.632", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 65536, "start_va": 39709310976, "type": "region", "version": 1 }, "end_va": 39709376511, "entry_point": 0, "filename": null, "id": "region_10904", "name": "private_0x000000093edc0000", "norm_filename": null, "region_type": "private_memory", "start_va": 39709310976, "timestamp": "00:03:35.639", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 761856, "start_va": 39718158336, "type": "region", "version": 1 }, "end_va": 39718920191, "entry_point": 39718340456, "filename": "\\Windows\\System32\\rpcss.dll", "id": "region_10905", "name": "rpcss.dll", "norm_filename": "c:\\windows\\system32\\rpcss.dll", "region_type": "memory_mapped_file", "start_va": 39718158336, "timestamp": "00:03:35.750", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 140725068431360, "type": "region", "version": 1 }, "end_va": 140725068472319, "entry_point": 140725068437320, "filename": "\\Windows\\System32\\kernel.appcore.dll", "id": "region_10906", "name": "kernel.appcore.dll", "norm_filename": "c:\\windows\\system32\\kernel.appcore.dll", "region_type": "memory_mapped_file", "start_va": 140725068431360, "timestamp": "00:03:35.753", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 140725085208576, "type": "region", "version": 1 }, "end_va": 140725085249535, "entry_point": 140725085212688, "filename": "\\Windows\\System32\\cryptbase.dll", "id": "region_10907", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\system32\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 140725085208576, "timestamp": "00:03:35.764", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 385024, "start_va": 140725084815360, "type": "region", "version": 1 }, "end_va": 140725085200383, "entry_point": 140725084944032, "filename": "\\Windows\\System32\\bcryptprimitives.dll", "id": "region_10908", "name": "bcryptprimitives.dll", "norm_filename": "c:\\windows\\system32\\bcryptprimitives.dll", "region_type": "memory_mapped_file", "start_va": 140725084815360, "timestamp": "00:03:35.767", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 39718158336, "type": "region", "version": 1 }, "end_va": 39718682623, "entry_point": 0, "filename": null, "id": "region_10909", "name": "private_0x000000093f630000", "norm_filename": null, "region_type": "private_memory", "start_va": 39718158336, "timestamp": "00:03:35.855", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 39718682624, "type": "region", "version": 1 }, "end_va": 39719206911, "entry_point": 0, "filename": null, "id": "region_10910", "name": "private_0x000000093f6b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 39718682624, "timestamp": "00:03:35.855", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140696779202560, "type": "region", "version": 1 }, "end_va": 140696779210751, "entry_point": 0, "filename": null, "id": "region_10911", "name": "private_0x00007ff6858ba000", "norm_filename": null, "region_type": "private_memory", "start_va": 140696779202560, "timestamp": "00:03:35.855", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140696779210752, "type": "region", "version": 1 }, "end_va": 140696779218943, "entry_point": 0, "filename": null, "id": "region_10912", "name": "private_0x00007ff6858bc000", "norm_filename": null, "region_type": "private_memory", "start_va": 140696779210752, "timestamp": "00:03:35.855", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 39719206912, "type": "region", "version": 1 }, "end_va": 39720255487, "entry_point": 0, "filename": null, "id": "region_10913", "name": "private_0x000000093f730000", "norm_filename": null, "region_type": "private_memory", "start_va": 39719206912, "timestamp": "00:03:35.857", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 122880, "start_va": 140725079769088, "type": "region", "version": 1 }, "end_va": 140725079891967, "entry_point": 140725079773640, "filename": "\\Windows\\System32\\cryptsp.dll", "id": "region_10914", "name": "cryptsp.dll", "norm_filename": "c:\\windows\\system32\\cryptsp.dll", "region_type": "memory_mapped_file", "start_va": 140725079769088, "timestamp": "00:03:35.870", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 217088, "start_va": 140725075443712, "type": "region", "version": 1 }, "end_va": 140725075660799, "entry_point": 140725075448792, "filename": "\\Windows\\System32\\rsaenh.dll", "id": "region_10915", "name": "rsaenh.dll", "norm_filename": "c:\\windows\\system32\\rsaenh.dll", "region_type": "memory_mapped_file", "start_va": 140725075443712, "timestamp": "00:03:35.873", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2969600, "start_va": 39720255488, "type": "region", "version": 1 }, "end_va": 39723225087, "entry_point": 39720255488, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_10916", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 39720255488, "timestamp": "00:03:35.875", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 253952, "start_va": 140724885782528, "type": "region", "version": 1 }, "end_va": 140724886036479, "entry_point": 140724885782528, "filename": "\\Windows\\System32\\sppwinob.dll", "id": "region_10960", "name": "sppwinob.dll", "norm_filename": "c:\\windows\\system32\\sppwinob.dll", "region_type": "memory_mapped_file", "start_va": 140724885782528, "timestamp": "00:03:38.590", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 86016, "start_va": 140725025898496, "type": "region", "version": 1 }, "end_va": 140725025984511, "entry_point": 140725025902656, "filename": "\\Windows\\System32\\netapi32.dll", "id": "region_10961", "name": "netapi32.dll", "norm_filename": "c:\\windows\\system32\\netapi32.dll", "region_type": "memory_mapped_file", "start_va": 140725025898496, "timestamp": "00:03:38.682", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 140725072494592, "type": "region", "version": 1 }, "end_va": 140725072543743, "entry_point": 140725072499804, "filename": "\\Windows\\System32\\netutils.dll", "id": "region_10962", "name": "netutils.dll", "norm_filename": "c:\\windows\\system32\\netutils.dll", "region_type": "memory_mapped_file", "start_va": 140725072494592, "timestamp": "00:03:38.690", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 151552, "start_va": 140725073608704, "type": "region", "version": 1 }, "end_va": 140725073760255, "entry_point": 140725073612916, "filename": "\\Windows\\System32\\srvcli.dll", "id": "region_10963", "name": "srvcli.dll", "norm_filename": "c:\\windows\\system32\\srvcli.dll", "region_type": "memory_mapped_file", "start_va": 140725073608704, "timestamp": "00:03:38.723", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 90112, "start_va": 140725025636352, "type": "region", "version": 1 }, "end_va": 140725025726463, "entry_point": 140725025640520, "filename": "\\Windows\\System32\\wkscli.dll", "id": "region_10964", "name": "wkscli.dll", "norm_filename": "c:\\windows\\system32\\wkscli.dll", "region_type": "memory_mapped_file", "start_va": 140725025636352, "timestamp": "00:03:38.746", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 36864, "start_va": 140725025570816, "type": "region", "version": 1 }, "end_va": 140725025607679, "entry_point": 140725025574956, "filename": "\\Windows\\System32\\dsrole.dll", "id": "region_10965", "name": "dsrole.dll", "norm_filename": "c:\\windows\\system32\\dsrole.dll", "region_type": "memory_mapped_file", "start_va": 140725025570816, "timestamp": "00:03:38.752", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 65536, "start_va": 39712063488, "type": "region", "version": 1 }, "end_va": 39712129023, "entry_point": 0, "filename": null, "id": "region_10966", "name": "private_0x000000093f060000", "norm_filename": null, "region_type": "private_memory", "start_va": 39712063488, "timestamp": "00:03:38.819", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 39723270144, "type": "region", "version": 1 }, "end_va": 39724318719, "entry_point": 0, "filename": null, "id": "region_10967", "name": "private_0x000000093fb10000", "norm_filename": null, "region_type": "private_memory", "start_va": 39723270144, "timestamp": "00:03:38.859", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1433600, "start_va": 140724884340736, "type": "region", "version": 1 }, "end_va": 140724885774335, "entry_point": 140724884340736, "filename": "\\Windows\\System32\\sppobjs.dll", "id": "region_10968", "name": "sppobjs.dll", "norm_filename": "c:\\windows\\system32\\sppobjs.dll", "region_type": "memory_mapped_file", "start_va": 140724884340736, "timestamp": "00:03:38.924", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 65536, "start_va": 39712129024, "type": "region", "version": 1 }, "end_va": 39712194559, "entry_point": 0, "filename": null, "id": "region_10969", "name": "private_0x000000093f070000", "norm_filename": null, "region_type": "private_memory", "start_va": 39712129024, "timestamp": "00:03:39.055", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 39724318720, "type": "region", "version": 1 }, "end_va": 39724843007, "entry_point": 0, "filename": null, "id": "region_10970", "name": "private_0x000000093fc10000", "norm_filename": null, "region_type": "private_memory", "start_va": 39724318720, "timestamp": "00:03:39.542", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 39724843008, "type": "region", "version": 1 }, "end_va": 39725367295, "entry_point": 0, "filename": null, "id": "region_10971", "name": "private_0x000000093fc90000", "norm_filename": null, "region_type": "private_memory", "start_va": 39724843008, "timestamp": "00:03:39.542", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 39725367296, "type": "region", "version": 1 }, "end_va": 39726415871, "entry_point": 0, "filename": null, "id": "region_10972", "name": "private_0x000000093fd10000", "norm_filename": null, "region_type": "private_memory", "start_va": 39725367296, "timestamp": "00:03:39.542", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140696779186176, "type": "region", "version": 1 }, "end_va": 140696779194367, "entry_point": 0, "filename": null, "id": "region_10973", "name": "private_0x00007ff6858b6000", "norm_filename": null, "region_type": "private_memory", "start_va": 140696779186176, "timestamp": "00:03:39.542", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140696779194368, "type": "region", "version": 1 }, "end_va": 140696779202559, "entry_point": 0, "filename": null, "id": "region_10974", "name": "private_0x00007ff6858b8000", "norm_filename": null, "region_type": "private_memory", "start_va": 140696779194368, "timestamp": "00:03:39.542", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 2097152, "start_va": 39726415872, "type": "region", "version": 1 }, "end_va": 39728513023, "entry_point": 0, "filename": null, "id": "region_10975", "name": "private_0x000000093fe10000", "norm_filename": null, "region_type": "private_memory", "start_va": 39726415872, "timestamp": "00:03:39.800", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1081344, "start_va": 39728513024, "type": "region", "version": 1 }, "end_va": 39729594367, "entry_point": 0, "filename": null, "id": "region_10976", "name": "private_0x0000000940010000", "norm_filename": null, "region_type": "private_memory", "start_va": 39728513024, "timestamp": "00:03:41.208", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1064960, "start_va": 39729627136, "type": "region", "version": 1 }, "end_va": 39730692095, "entry_point": 0, "filename": null, "id": "region_10977", "name": "private_0x0000000940120000", "norm_filename": null, "region_type": "private_memory", "start_va": 39729627136, "timestamp": "00:03:41.211", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 73728, "start_va": 140724920123392, "type": "region", "version": 1 }, "end_va": 140724920197119, "entry_point": 140724920166392, "filename": "\\Windows\\System32\\wwapi.dll", "id": "region_10978", "name": "wwapi.dll", "norm_filename": "c:\\windows\\system32\\wwapi.dll", "region_type": "memory_mapped_file", "start_va": 140724920123392, "timestamp": "00:03:41.301", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 39712194560, "type": "region", "version": 1 }, "end_va": 39712198655, "entry_point": 0, "filename": null, "id": "region_10980", "name": "pagefile_0x000000093f080000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 39712194560, "timestamp": "00:04:11.910", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 671744, "start_va": 140725095825408, "type": "region", "version": 1 }, "end_va": 140725096497151, "entry_point": 140725095829872, "filename": "\\Windows\\System32\\clbcatq.dll", "id": "region_10981", "name": "clbcatq.dll", "norm_filename": "c:\\windows\\system32\\clbcatq.dll", "region_type": "memory_mapped_file", "start_va": 140725095825408, "timestamp": "00:04:11.912", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 39728513024, "type": "region", "version": 1 }, "end_va": 39728517119, "entry_point": 0, "filename": null, "id": "region_10982", "name": "pagefile_0x0000000940010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 39728513024, "timestamp": "00:04:11.915", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1691648, "start_va": 140725023735808, "type": "region", "version": 1 }, "end_va": 140725025427455, "entry_point": 140725023740764, "filename": "\\Windows\\System32\\taskschd.dll", "id": "region_10983", "name": "taskschd.dll", "norm_filename": "c:\\windows\\system32\\taskschd.dll", "region_type": "memory_mapped_file", "start_va": 140725023735808, "timestamp": "00:04:11.923", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 176128, "start_va": 140725084618752, "type": "region", "version": 1 }, "end_va": 140725084794879, "entry_point": 140725084624016, "filename": "\\Windows\\System32\\sspicli.dll", "id": "region_10984", "name": "sspicli.dll", "norm_filename": "c:\\windows\\system32\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 140725084618752, "timestamp": "00:04:11.967", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 39728578560, "type": "region", "version": 1 }, "end_va": 39728586751, "entry_point": 0, "filename": null, "id": "region_10989", "name": "pagefile_0x0000000940020000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 39728578560, "timestamp": "00:04:12.439", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4194304, "start_va": 39728644096, "type": "region", "version": 1 }, "end_va": 39732838399, "entry_point": 0, "filename": null, "id": "region_10990", "name": "private_0x0000000940030000", "norm_filename": null, "region_type": "private_memory", "start_va": 39728644096, "timestamp": "00:04:12.450", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 } ], "remarks": { "critical": [ { "comment": "Privileged kernel code was executed during the analysis. Refer to the kernel analysis section on the left for further details.", "id": 2, "type": "remark", "version": 1 } ], "non_critical": [ { "comment": "The maximum number of dumps was reached during the analysis. Some memory dumps may be missing in the reports. You can increase the limit in the configuration.", "id": 2048, "type": "remark", "version": 1 }, { "comment": "The dump total size limit was reached during the analysis. Some memory dump may be missing in the reports. You can increase the limit in the configuration.", "id": 512, "type": "remark", "version": 1 }, { "comment": "The operating system was rebooted during the analysis.", "id": 128, "type": "remark", "version": 1 } ], "type": "remarks", "version": 1 }, "sample_details": { "filename": "wanacry6.malware.exe", "id": 17425, "md5_hash": "d78bfdd6242361aa09a0e730ae9dc49a", "sample_type": "windows_exe_(x86-64)", "sha1_hash": "5e301e5ee7ce8840bf9003df1f3d5cf3679f5753", "sha256_hash": "bc885443e29b027d5f307e2f3d36e70ba650d608604aeeea7e748c6dc948a8a6", "size": 1050112, "type": "sample_details", "version": 1 }, "screenshots": [ { "screenshot_archive_path": "screenshots/screenshot_0.png", "size": 814297, "thumbnail_archive_path": "screenshots/thumbnail_0.png", "timestamp": "00:00:00.000", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_13158.png", "size": 543075, "thumbnail_archive_path": "screenshots/thumbnail_13158.png", "timestamp": "00:00:13.158", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_15294.png", "size": 809933, "thumbnail_archive_path": "screenshots/thumbnail_15294.png", "timestamp": "00:00:15.294", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_22953.png", "size": 810830, "thumbnail_archive_path": "screenshots/thumbnail_22953.png", "timestamp": "00:00:22.953", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_23978.png", "size": 801412, "thumbnail_archive_path": "screenshots/thumbnail_23978.png", "timestamp": "00:00:23.978", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_33744.png", "size": 791184, "thumbnail_archive_path": "screenshots/thumbnail_33744.png", "timestamp": "00:00:33.744", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_35533.png", "size": 801464, "thumbnail_archive_path": "screenshots/thumbnail_35533.png", "timestamp": "00:00:35.533", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_36544.png", "size": 555691, "thumbnail_archive_path": "screenshots/thumbnail_36544.png", "timestamp": "00:00:36.544", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_37541.png", "size": 802650, "thumbnail_archive_path": "screenshots/thumbnail_37541.png", "timestamp": "00:00:37.541", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_38802.png", "size": 854872, "thumbnail_archive_path": "screenshots/thumbnail_38802.png", "timestamp": "00:00:38.802", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_41571.png", "size": 553745, "thumbnail_archive_path": "screenshots/thumbnail_41571.png", "timestamp": "00:00:41.571", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_42575.png", "size": 801704, "thumbnail_archive_path": "screenshots/thumbnail_42575.png", "timestamp": "00:00:42.575", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_43872.png", "size": 824314, "thumbnail_archive_path": "screenshots/thumbnail_43872.png", "timestamp": "00:00:43.872", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_46593.png", "size": 554120, "thumbnail_archive_path": "screenshots/thumbnail_46593.png", "timestamp": "00:00:46.593", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_48935.png", "size": 842612, "thumbnail_archive_path": "screenshots/thumbnail_48935.png", "timestamp": "00:00:48.935", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_50612.png", "size": 801663, "thumbnail_archive_path": "screenshots/thumbnail_50612.png", "timestamp": "00:00:50.612", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_51616.png", "size": 553634, "thumbnail_archive_path": "screenshots/thumbnail_51616.png", "timestamp": "00:00:51.616", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_52623.png", "size": 802450, "thumbnail_archive_path": "screenshots/thumbnail_52623.png", "timestamp": "00:00:52.623", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_53624.png", "size": 731580, "thumbnail_archive_path": "screenshots/thumbnail_53624.png", "timestamp": "00:00:53.624", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_54640.png", "size": 8693, "thumbnail_archive_path": "screenshots/thumbnail_54640.png", "timestamp": "00:00:54.640", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_69567.png", "size": 3848, "thumbnail_archive_path": "screenshots/thumbnail_69567.png", "timestamp": "00:01:09.567", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_78194.png", "size": 16244, "thumbnail_archive_path": "screenshots/thumbnail_78194.png", "timestamp": "00:01:18.194", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_91616.png", "size": 730257, "thumbnail_archive_path": "screenshots/thumbnail_91616.png", "timestamp": "00:01:31.616", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_92621.png", "size": 803277, "thumbnail_archive_path": "screenshots/thumbnail_92621.png", "timestamp": "00:01:32.621", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_103794.png", "size": 799350, "thumbnail_archive_path": "screenshots/thumbnail_103794.png", "timestamp": "00:01:43.794", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_104916.png", "size": 804224, "thumbnail_archive_path": "screenshots/thumbnail_104916.png", "timestamp": "00:01:44.916", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_107959.png", "size": 577702, "thumbnail_archive_path": "screenshots/thumbnail_107959.png", "timestamp": "00:01:47.959", "type": "screenshot", "version": 1 } ], "type": "summary", "version": 1, "vm_and_analyzer_details": { "adobe_acrobat_reader_version": "not_installed", "analyzer_build_date": "2017-08-08 10:23", "analyzer_version": "2.1.0", "chrome_version": "58.0.3029.110", "firefox_version": "25.0", "flash_version": "11.2.202.228", "internet_explorer_version": "11.0.9600.16384", "java_version": "7.0.510", "microsoft_excel_version": "not_installed", "microsoft_office_version": "not_installed", "microsoft_power_point_version": "not_installed", "microsoft_project_version": "not_installed", "microsoft_publisher_version": "not_installed", "microsoft_visio_version": "not_installed", "microsoft_word_version": "not_installed", "silverlight_version": "not_installed", "type": "vm_and_analyzer_details", "version": 1, "vm_architecture": "x86_64-bit", "vm_kernel_version": "6.3.9600.16404_(fd3d00d2-8edc-4527-bb92-2bcc0509d285)", "vm_name": null, "vm_os": "windows_8.1" }, "vti": { "type": "vti", "version": 1, "vti_built_in_rules_version": "2.6", "vti_rule_matches": [ { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_anti_analysis", "category_desc": "Anti Analysis", "operation": "_detect_debugger", "operation_desc": "Try to detect debugger", "ref_gfncalls": [ { "ref_id": "gfn_62", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_detect_debugger_by_api", "technique_desc": "Check via API \"IsDebuggerPresent\".", "technique_path": "built_in._anti_analysis._detect_debugger.vmray_detect_debugger_by_api", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_process", "category_desc": "Process", "operation": "_create_process_with_hidden_window", "operation_desc": "Create process with hidden window", "ref_gfncalls": [ { "ref_id": "gfn_89", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_create_process_with_hidden_window", "technique_desc": "The process \"C:\\Windows\\system32\\cmd.exe /c schtasks /create /sc onlogon /tn 3123635631 /rl highest /tr C:\\PROGRA~1\\COMMON~1\\WANACR~1.EXE\" starts with hidden window.", "technique_path": "built_in._process._create_process_with_hidden_window.vmray_create_process_with_hidden_window", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_anti_analysis", "category_desc": "Anti Analysis", "operation": "_dynamic_api_usage", "operation_desc": "Dynamic API usage", "ref_gfncalls": [ { "ref_id": "gfn_199", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_dynamic_api_usage_by_api", "technique_desc": "Resolve above average number of APIs.", "technique_path": "built_in._anti_analysis._dynamic_api_usage.vmray_dynamic_api_usage_by_api", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_process", "category_desc": "Process", "operation": "_create_process_with_hidden_window", "operation_desc": "Create process with hidden window", "ref_gfncalls": [ { "ref_id": "gfn_3059", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_create_process_with_hidden_window", "technique_desc": "The process \"C:\\Windows\\system32\\cmd.exe /C title 4180649|vssadmin.exe Delete Shadows /All /Quiet\" starts with hidden window.", "technique_path": "built_in._process._create_process_with_hidden_window.vmray_create_process_with_hidden_window", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_os", "category_desc": "OS", "operation": "_disable_system_tool", "operation_desc": "Disable system tool", "ref_gfncalls": [ { "ref_id": "gfn_3060", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 3, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_disable_startup_repair", "technique_desc": "Disable startup repair by executing \"C:\\Windows\\system32\\cmd.exe /C title 9538298|bcdedit /set {default} recoveryenabled No\".", "technique_path": "built_in._os._disable_system_tool.vmray_disable_startup_repair", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_process", "category_desc": "Process", "operation": "_create_process_with_hidden_window", "operation_desc": "Create process with hidden window", "ref_gfncalls": [ { "ref_id": "gfn_3060", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_create_process_with_hidden_window", "technique_desc": "The process \"C:\\Windows\\system32\\cmd.exe /C title 9538298|bcdedit /set {default} recoveryenabled No\" starts with hidden window.", "technique_path": "built_in._process._create_process_with_hidden_window.vmray_create_process_with_hidden_window", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_os", "category_desc": "OS", "operation": "_disable_system_tool", "operation_desc": "Disable system tool", "ref_gfncalls": [ { "ref_id": "gfn_3061", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 3, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_disable_startup_repair", "technique_desc": "Disable startup repair by executing \"C:\\Windows\\system32\\cmd.exe /C title 8997147|bcdedit /set {default} bootstatuspolicy ignoreallfailures\".", "technique_path": "built_in._os._disable_system_tool.vmray_disable_startup_repair", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_process", "category_desc": "Process", "operation": "_create_process_with_hidden_window", "operation_desc": "Create process with hidden window", "ref_gfncalls": [ { "ref_id": "gfn_3061", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_create_process_with_hidden_window", "technique_desc": "The process \"C:\\Windows\\system32\\cmd.exe /C title 8997147|bcdedit /set {default} bootstatuspolicy ignoreallfailures\" starts with hidden window.", "technique_path": "built_in._process._create_process_with_hidden_window.vmray_create_process_with_hidden_window", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Windows\\System32\\spp\\store\\2.0\\data.dat.tmp", "hashes": [ { "md5_hash": "ec1abca3d8d1cf4cb5fe6cff5b19930c", "sha1_hash": "88ae788f97ffe0a67b4665d931a459491a875297", "sha256_hash": "047b76c8fc87787b5328077ccf0c68c3682be1d481376b46af55d7790c61c8cf", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\windows\\system32\\spp\\store\\2.0\\data.dat.tmp", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_os_dir", "operation_desc": "Modify operating system directory", "ref_gfncalls": [ { "ref_id": "gfn_5459", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_windows_dir_by_file", "technique_desc": "Modify \"c:\\windows\\system32\\spp\\store\\2.0\\data.dat.tmp\".", "technique_path": "built_in._file_system._modify_os_dir.vmray_modify_windows_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Windows\\System32\\spp\\store\\2.0\\data.dat.bak", "hashes": [ { "md5_hash": "ec1abca3d8d1cf4cb5fe6cff5b19930c", "sha1_hash": "88ae788f97ffe0a67b4665d931a459491a875297", "sha256_hash": "047b76c8fc87787b5328077ccf0c68c3682be1d481376b46af55d7790c61c8cf", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\windows\\system32\\spp\\store\\2.0\\data.dat.bak", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Windows\\System32\\spp\\store\\2.0\\data.dat.tmp", "hashes": [ { "md5_hash": "ec1abca3d8d1cf4cb5fe6cff5b19930c", "sha1_hash": "88ae788f97ffe0a67b4665d931a459491a875297", "sha256_hash": "047b76c8fc87787b5328077ccf0c68c3682be1d481376b46af55d7790c61c8cf", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\windows\\system32\\spp\\store\\2.0\\data.dat.tmp", "operations": [ "access" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_os_dir", "operation_desc": "Modify operating system directory", "ref_gfncalls": [ { "ref_id": "gfn_5460", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_windows_dir_by_file", "technique_desc": "Modify \"c:\\windows\\system32\\spp\\store\\2.0\\data.dat.bak\".", "technique_path": "built_in._file_system._modify_os_dir.vmray_modify_windows_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Windows\\System32\\spp\\store\\2.0\\data.dat", "hashes": [ { "md5_hash": "ec1abca3d8d1cf4cb5fe6cff5b19930c", "sha1_hash": "88ae788f97ffe0a67b4665d931a459491a875297", "sha256_hash": "047b76c8fc87787b5328077ccf0c68c3682be1d481376b46af55d7790c61c8cf", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\windows\\system32\\spp\\store\\2.0\\data.dat", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Windows\\System32\\spp\\store\\2.0\\data.dat.bak", "hashes": [ { "md5_hash": "ec1abca3d8d1cf4cb5fe6cff5b19930c", "sha1_hash": "88ae788f97ffe0a67b4665d931a459491a875297", "sha256_hash": "047b76c8fc87787b5328077ccf0c68c3682be1d481376b46af55d7790c61c8cf", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\windows\\system32\\spp\\store\\2.0\\data.dat.bak", "operations": [ "access" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_os_dir", "operation_desc": "Modify operating system directory", "ref_gfncalls": [ { "ref_id": "gfn_5461", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_windows_dir_by_file", "technique_desc": "Modify \"c:\\windows\\system32\\spp\\store\\2.0\\data.dat\".", "technique_path": "built_in._file_system._modify_os_dir.vmray_modify_windows_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_create_many_files", "operation_desc": "Create many files", "ref_gfncalls": [], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_create_many_files", "technique_desc": "Create above average number of files.", "technique_path": "built_in._file_system._create_many_files.vmray_create_many_files", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_encrypt_user_files", "operation_desc": "Encrypt content of user files", "ref_gfncalls": [], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_encrypt_user_files", "technique_desc": "Encrypt the content of multiple user files. This is an indicator for ransomware.", "technique_path": "built_in._file_system._encrypt_user_files.vmray_encrypt_user_files", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_kernel", "category_desc": "Kernel", "operation": "_kernelcode_execution", "operation_desc": "Execute code with kernel privileges", "ref_gfncalls": [], "rule_score": 3, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_kernelcode_execution", "technique_desc": "Execute code with kernel privileges.", "technique_path": "built_in._kernel._kernelcode_execution.vmray_kernelcode_execution", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_device", "category_desc": "Device", "operation": "_write_mbr", "operation_desc": "Write master boot record (MBR)", "ref_gfncalls": [], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_write_mbr_by_ginformation", "technique_desc": "Write 512 bytes to master boot record (MBR).", "technique_path": "built_in._device._write_mbr.vmray_write_mbr_by_ginformation", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_handle_with_malicious_files", "operation_desc": "Handle with malicious files", "ref_gfncalls": [], "rule_score": 4, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_handle_with_malicious_files", "technique_desc": "File \"c:\\progra~1\\common~1\\wanacry6.malware.exe\" is a known malicious file.", "technique_path": "built_in._file_system._handle_with_malicious_files.vmray_handle_with_malicious_files", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_network", "category_desc": "Network", "operation": "_download_data", "operation_desc": "Download data", "ref_gfncalls": [ { "ref_id": "gfn_3067", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_download_data_http_request", "technique_desc": "Url \"blockchain.info/tobtc?currency=USD&value=1500\".", "technique_path": "built_in._network._download_data.vmray_download_data_http_request", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_network", "category_desc": "Network", "operation": "_establish_http_connection", "operation_desc": "Connect to HTTP server", "ref_gfncalls": [ { "ref_id": "gfn_3067", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "establish_http_connection", "technique_desc": "Remote address \"blockchain.info/tobtc?currency=USD&value=1500\".", "technique_path": "built_in._network._establish_http_connection.establish_http_connection", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_persistence", "category_desc": "Persistence", "operation": "_install_service", "operation_desc": "Install system service", "ref_gfncalls": [], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_install_service_by_cmdline", "technique_desc": "Install service \"3123635631\" by using the sc.exe utility.", "technique_path": "built_in._persistence._install_service.vmray_install_service_by_cmdline", "type": "vti_rule_match", "version": 1 } ], "vti_rule_type": "Default (PE, ...)", "vti_score": 100 }, "yara": { "apply_yara": true, "apply_yara_on_created_files": true, "apply_yara_on_modified_files": true, "apply_yara_on_pcap_file": true, "apply_yara_on_process_dumps": true, "apply_yara_on_sample_files": true, "match_count": 0, "matches": [], "ruleset_count": 7, "type": "yara", "version": 1 } }